Linked by Thom Holwerda on Fri 18th Aug 2006 20:31 UTC, submitted by Kian Duffy
BeOS & Derivatives Haiku, the open-source BeOS replacement project, turns five years old today. Founded in August 2001 as OpenBeOS with the intention of replacing BeOS due to the lack of action by the then-ailing Be, Haiku has seen five years of change in the BeOS market but continues to progress.
Thread beginning with comment 153761
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: "Open source" desktop
by JonathanBThompson on Fri 18th Aug 2006 21:55 UTC in reply to ""Open source" desktop"
JonathanBThompson
Member since:
2006-05-26

It's not network-enabled at the moment (they're busy on writing a new network stack) so in all honesty, that's what makes it "secure" is because you can't get online!

Reality-check: Haiku, even once it is completed to release 1.0, will have as much security as Windows 95 did when it shipped: the only question will be whether or not the network applications have security holes, just like anywhere else. The BeOS API doesn't even have support for multi-user and permissions that restrict things to root, since everything runs as root (or baron, as the case may be).

So, Haiku is "Secure" as long as it isn't hooked up to a net connection, and as secure as the physical access is restricted. BeOS was never intended to be a "secure" OS and release 1.0 of Haiku will replicate that to a large degree.

Reply Parent Score: 4

RE[2]: "Open source" desktop
by fepede on Fri 18th Aug 2006 22:36 in reply to "RE: "Open source" desktop"
fepede Member since:
2005-11-14

The BeOS API doesn't even have support for multi-user and permissions that restrict things to root, since everything runs as root (or baron, as the case may be).

Hum, that sounds really bad.

Isn't it better to change the api now than being in trouble later ?

I realize that it would mean to redesign a lot of the system, but i think that it is worth the effort.

An OS without user separation capabilities is not to be taken in consideration nowadays.

Reply Parent Score: 2

RE[3]: "Open source" desktop
by CPUGuy on Sat 19th Aug 2006 04:21 in reply to "RE[2]: "Open source" desktop"
CPUGuy Member since:
2005-07-06

They are going for compatability with R5 so as to have all those apps that have already been written.

Also, the system supports mutli-user, it's just not implemented in the UI very much (not much beyond who owns my files, namely, Baron), and not in the API.

Reply Parent Score: 1

RE[2]: "Open source" desktop
by mphipps on Mon 21st Aug 2006 01:10 in reply to "RE: "Open source" desktop"
mphipps Member since:
2006-08-21

Johnathan -

Actually, R1 should be significantly better than Win95 for security. Win95 shipped with a bunch of services either on by default or easily turned on and very insecure (i.e. disk sharing). BeOS R5, for example, ships with all ports closed by default. We should, as well.

Unless there is a bug in the networking stack (and there probably will be, at least at first), no one should be able to remotely gain access to your machine. I certainly don't know of anyone doing so with BeOS. That's not a bad security record.

Having said that, we come to the physical access issue. I would argue that ANY OS that doesn't encrypt the hard drive doesn't have any sort of protection against physical access; if you can get the hard drive out, the machine is compromised. :-D But beyond that, with BeOS R5 and Haiku R1, yes, if you walk up to the machine and turn it on, you have root-like access. That is not unreasonable for a single user type machine. The filesystem does indeed support multiple users, with permissions. There just isn't a secure user switching mechanism.

Finally (replying to someone else), there is little in the API that would need to change to support multi-user, so no, it isn't necessary to make that change right now.

Reply Parent Score: 1