OSNews

It's not network-enabled at the moment (they're busy on writing a new network stack) so in all honesty, that's what makes it "secure" is because you can't get online!

Reality-check: Haiku, even once it is completed to release 1.0, will have as much security as Windows 95 did when it shipped: the only question will be whether or not the network applications have security holes, just like anywhere else. The BeOS API doesn't even have support for multi-user and permissions that restrict things to root, since everything runs as root (or baron, as the case may be).

So, Haiku is "Secure" as long as it isn't hooked up to a net connection, and as secure as the physical access is restricted. BeOS was never intended to be a "secure" OS and release 1.0 of Haiku will replicate that to a large degree.

The BeOS API doesn't even have support for multi-user and permissions that restrict things to root, since everything runs as root (or baron, as the case may be).

Hum, that sounds really bad.

Isn't it better to change the api now than being in trouble later ?

I realize that it would mean to redesign a lot of the system, but i think that it is worth the effort.

An OS without user separation capabilities is not to be taken in consideration nowadays.

They are going for compatability with R5 so as to have all those apps that have already been written.

Also, the system supports mutli-user, it's just not implemented in the UI very much (not much beyond who owns my files, namely, Baron), and not in the API.

Johnathan -

Actually, R1 should be significantly better than Win95 for security. Win95 shipped with a bunch of services either on by default or easily turned on and very insecure (i.e. disk sharing). BeOS R5, for example, ships with all ports closed by default. We should, as well.

Unless there is a bug in the networking stack (and there probably will be, at least at first), no one should be able to remotely gain access to your machine. I certainly don't know of anyone doing so with BeOS. That's not a bad security record.

Having said that, we come to the physical access issue. I would argue that ANY OS that doesn't encrypt the hard drive doesn't have any sort of protection against physical access; if you can get the hard drive out, the machine is compromised. :-D But beyond that, with BeOS R5 and Haiku R1, yes, if you walk up to the machine and turn it on, you have root-like access. That is not unreasonable for a single user type machine. The filesystem does indeed support multiple users, with permissions. There just isn't a secure user switching mechanism.

Finally (replying to someone else), there is little in the API that would need to change to support multi-user, so no, it isn't necessary to make that change right now.

> Haiku is the best bet. More "Free" than the other guys. Not stuck in the 70ies. No major security problems. No "OSS fundies" clowns to ruin the fun. APIs are solid. Only good stuff.


Ok. I'll bite.

Excuse me for a moment while I don my "open-minded" cap... there! :-)

OK. I'm listening

Show me what Haiku can do for me that my current OS (CentOS 4.3, aka RHEL4) can't. Show me that it can also do all of the things that I need my desktop operating system to do.

I'll definitely need a browser on the order of Firefox. Email client on the order of Thunderbird (with spam filtering!) And an office suite that handles MS formats as well as OO. I wouldn't want to give up Quake4 and Doom 3.

I definitely want 3D accelleration for my NVidia 6800GT. And I'll need to print to my Samsung 1710 laser printer which currently uses samsung's Linux GDI drivers.

I'd want package management to be clean, on the order of what I have with apt and synaptic.

I need to be able to develop with Ruby on Rails and Turbogears (a python framework). I need java for my RADRails IDE.

NFS connectivity with the rest of my network would be a plus. Being able to mount whatever remote filesystem is native to Haiku on my Linux boxes would also be OK.

Non-support for Macromedia Flash would be a *big* plus. ;-)

Oh, and I'd like the OS to be *fun*. :-)

I've not followed Haiku, so I don't know, for sure, what Haiku can do and what it can't.

I do know that to be the "best bet", Haiku is going to have to be able to answer "yes, we can do that" to most of these kinds of questions.

A Windows or Mac user might have slightly different questions. But they'd have the same kinds of questions as I do.

A "bet" involves the future, not the present. I believe the original comment was saying that Haiku has the best possible future for the open source operating systems out there. You're comparing it with present solutions which is not what (I believe) he was saying.

I'm not really comparing it to anything. I'm asking questions about how good a fit it would be for my needs.

Perhaps, though, I should be asking *when* it will likely be able to do these things.

Oh, and based on other posts in this thread, I'll add "solid security model" to my list of must-haves. I was just taking that as a given before.

>Perhaps, though, I should be asking *when* it will likely be able to do these things.

Now, that's the hard part... being a mostly-volunteer-based project, it really can't be defined.

>Oh, and based on other posts in this thread, I'll add "solid security model" to my list of must-haves. I was just taking that as a given before.

Hrm - well that's scheduled for Haiku R2, Haiku R1 will be mostly a milestone - and will not really have multi-user support - and will very much be like Mac OS Classic, or Windows 9x in that regard.

Edited 2006-08-18 22:57

Are you joking? oh..i see you've not followed Haiku

>I'll definitely need a browser on the order of Firefox.

Yes, that will be a reality: http://flickr.com/photos/umccullough/129587567

>Email client on the order of Thunderbird (with spam filtering!)

The natively written mail client is probably going to ship with Haiku - but there's also Thunderbird if needed.

>And an office suite that handles MS formats as well as OO.

OO.o - evil evil - there are people still interested in porting this, I suspect it will happen, but may be a while.

>I wouldn't want to give up Quake4 and Doom 3.

If they're ported, you won't have to - Haiku has already been shown to run QIII: http://flickr.com/photos/johndrinkwater/144108950/

>I definitely want 3D accelleration for my NVidia 6800GT.

I believe BeOS/Haiku is the only OS with an open-source 3d nVidia driver as advanced as it is. It's certainly not the level of the closed-source DRI-based drivers, but what can you expect without commercial support?

>And I'll need to print to my Samsung 1710 laser printer which currently uses samsung's Linux GDI drivers.

I know nothing about this - but the printer driver support in Haiku is pretty modular.

>I'd want package management to be clean, on the order of what I have with apt and synaptic.

Who needs "package management"? This won't be Linux.

>I need to be able to develop with Ruby on Rails and Turbogears (a python framework).

Ruby and Python already exist for BeOS/Haiku

>I need java for my RADRails IDE.

Unfortunately, the Java port is on hold - but should resume again when Haiku comes to fruition.

>NFS connectivity with the rest of my network would be a plus. Being able to mount whatever remote filesystem is native to Haiku on my Linux boxes would also be OK.

Haiku has modular filesystem support. If someone writes a new filesystem add-on, Haiku can use it. I suspect NFS, ext2/3, etc. will come about in time. If someone takes the OpenBFS code and ports it to Linux,then you could read/write BFS also!

>Non-support for Macromedia Flash would be a *big* plus. ;-)

Non-support? I'm pretty sure that already exists (as in, no support for Flash).

>Oh, and I'd like the OS to be *fun*. :-)

YES!

>I do know that to be the "best bet", Haiku is going to have to be able to answer "yes, we can do that" to most of these kinds of questions.

I suspect the answer to most of your questions is "Yes we can do that" and in several cases: "Yes we already do that"

OK So as of right now, the answers to my questions would be:

Firefox: Yes.
Thunderbird: Yes.
OpenOffice: No.
Quake4, Doom3: No.
Nvidia 3d: Probably not up to what I would need?
Printer: Probably no.
Package management: No. (How can an OS do without package management?!)
Ruby on Rails/Turbogears: Probably.
Java: No.
Network filesystem: No.
Flash: No. (And let's hope it stays that way!)
Fun: YES!
Security: No.

Is that a reasonable summation?

Edited 2006-08-18 23:10

Sure - sounds reasonable. But right now Haiku is also pre-alpha - so hey - whatever

But please explain to me the exact purpose of "package management" ? - i'm not sure I follow how that's a requirement for an OS.

I'm pretty sure when I unzip an app and it "just runs" - that it is very much sufficient to get the job done.

Actually, please don't answer this - I think i see where this discussion is going, and I suspect it's pointless to even discuss at this point for Haiku.

Edited 2006-08-18 23:20

Responses in italics:

Firefox: Yes.
Thunderbird: Yes.
OpenOffice: No.
Quake4, Doom3: No. -->You're talking proprietary software, and for that the rare (2 out of 4?) exceptions of high-end games that have been ported to both Windows and Linux. You might as well go the 'Does it have Photoshop?'-route; Mac users would like that.
Nvidia 3d: Probably not up to what I would need? -->if the most advanced OSS version doesn't cut it...then no? I don't know why you'd want more than 30 FPS with your Quake ports though
Printer: Probably no.
Package management: No. (How can an OS do without package management?!) -->Can you download binary packages of software you come across on the internet for Linux, regardless of version you're running? Actually, Haiku/BeOS has www.bebits.com, which beats most package managers hands down. Granted, for the dead links you'll have to crossreference to www.bezip.de but most Linux package managers lack the overview+interface Bebits has. A lot of package managers still have problems with dependencies still, Haiku/BeOS doesn't.
Ruby on Rails/Turbogears: Probably. -->If turbogears consists of interpreted ruby/python, you might get lucky
Java: No. -->Actually, it can't be ported atm because of a number of lacking features. They're hoping to implement those for RC2. But yeah, no Java.
Network filesystem: No. -->actually, yes! http://www.bebits.com/app/1021
Flash: No. (And let's hope it stays that way!) -->does Flash 4.1015 count? ;-)
Fun: YES! -->To be honest, I'd say this is where Haiku will succeed where Linux didn't, but that's just my trolly opinion.
Security: No. [i]-->security through obscurity! There are less exploits/virusses known for BeOS than Linux :-)

[i]Edited 2006-08-19 10:38

Not based on xwindows so your hardware wont work unless it's new.

So the fact that Haiku already supports antique video chipsets such as Tseng Labs ET-series, Cirrus Logic, ATi Rage, nVidia Riva, and 3dfx hardware doesn't count? Indeed, because its not using X11, you're more likely to have graphics cards NOT work because they're new.

Luposian:

Best head to #haiku - several of us have discussed recent problems building Haiku - and I myself ran into some similar problems last night. OSNews comments are most certainly not the right place for that type of conversation

Since we've merged the networking branch, you need to have the latest GCC release (on BeBits or from our repository) to compile Haiku.
While you're at it, you should also update jam, as that has also seen some changes.