"Security" is an invisible quality, by which I mean it cannot be easily observed and because of that it cannot be easily compared and because of that is not going to drive adoption.
This is in contrast to visible qualities: price, performance, availability of the source code and its licensing terms, size of the ecosystem (number of applications for the OS, number of books, articles, conferences, programmers who know how to program for it) etc.
How exactly will you demonstrate that Ethos is more secure than, say, OpenBSD?
I think it's more about the possibility of guarantees.
OpenBSD has un-typed IO. Typed IO gives you guarantees that un-typed IO can never give you. For starters, a number that doesn't validate properly as an Int, for instance, will simply not be able to pass through, potentially stopping if not Heartbleed then bugs like Heartbleed.
Don't you think companies and other interests would like stronger guarantees, especially when they're running applications that protect information that hackers and foreign governments and other companies would love to see?
Until it becomes difficult to work with and is perceived by someone as slowing them down, at which point someone will come up with the bright idea of typing the io channel to a suitable type for layering an untyped stream over.
This is the reason why we believe the Tao--the way--is essential to an OS. It is the programming paradigms and use, combined with OS semantics, which is the genius of UNIX.
Where does the IO typing come from? Is it some programming language? The website says that it uses C for kernel and Go for user space, neither of which are known for having advanced typing systems.
I don't think number of applications is a big deal when it comes to stuff like this. As long as it has a secure network stack and implementations of various servers for core internet infrastructure it's good enough for me. Now if you were talking about consumer grade operating systems then it would matter.
Agreed- a new, more secure OS will need other good qualities to actually market itself on.
One idea that could improve both security and the ecosystem would be a capability based design. Separating components through standard protocols/interfaces could enable something like current mobile permissions to be backed by different implementations (including virtualized/sandboxed ones), in some cases swapped out by users like commands in a shell pipeline.
I haven't seen much work in this direction; does anybody think this would or wouldn't work?
It's not always invisible when your computer or phone gets pwn'd and your email account starts sending spam, or your identity gets stolen. I think as the world becomes more technically literate, and insecure systems proliferate, security will become more and more visible. I would at least expect it to be the next competitive battlefield once usability starts settling down (as everyone figures out what does and doesn't work).
It can be partially observed by looking at the amount people in-the-know (the developers, insurance underwriters, auditors, ...) are willing to bet on the security.
The reason security will drive the adoption of a new OS is that little else will drive people away the current ones. In a future where our current architecture is being constantly exploited, then security will finally matter enough to drive us to something new.
Here's why I don't agree. This is a real conversation I had with someone about Heart Bleed:
N: So will I have to change all my passwords?
ME: Yes, you should.
N: That's a lot of work.
ME: Yes, but if you don't someone is likely to break into at least some of your accounts. At least make sure you've changed the password to your mail account, and set up two factor auth [very simplified explanation of what two factor auth involved], and check that all accounts you care about use that mail account for password recovery.
N: I'm not sure if I can be bothered.
This is a relatively technically experienced user.
It fits with other experience I've had, that security is perceived as a hassle until it's too late and then users do the bare minimum, even in the face of ongoing threats.
Corporate users might help drive adoption, but only if the cost and hassle is limited enough, and the damage of not going there is high enough.
The future will tell about Ethos' success. But I think the earlier adopters will be the tech savvy community that wants security & privacy and buys into Ethos' programming model.
This is probably going to be an unpopular position, but I think it's also important to keep in mind all the arguably beneficial things that insecure and "open not by design, but by neglect/accident/unintent" systems have brought us. Homebrew software on gaming consoles; "jailbreaking" and "rooting" phones; various other hardware/software hacks; leaks of information that have provided important information to the public (including, most ironically, the Snowden/NSA stuff.)
Would living in a world where events like Heartbleed will occasionally occur, but one where we still have the relative freedom to modify, examine, and generally "hack" our software and hardware in ways the original creators didn't approve of, be better than one of "absolute security" and highly restricted, locked-down devices controlled by corporations (and possibly the government)? I think the whole security situation has reached a point where people have to really start thinking about the tradeoffs that are happening, and realise that all this technology - as much as it can protect against external attacks and defend the users - can also be just as easily employed by others to oppress them. Once again, the infamous Ben Franklin quote comes to mind.
You raise an interesting point. However, we believe that the difficulty of securing systems makes the world less private and less free, especially as we outsource everything to third parties. A strong software base would allow us to reclaim the high ground, and empower the individual.
>The need which will drive new OS adoption is security.
Yet Microsoft XP/7/8 are arguably the most insecure operation systems, and the BSD flavors are arguably the most secure, yet have the lowest adoption rate.
People don't care about security they care about usability and simplicity.
But this is at odds with your previous observation, that BSDs have low adoption. They are vastly more simple than typical linux distros, a fact that linux users complain about when trying out a BSD system.
But security is a policy, it's something dynamic. Not static, that's why the OpenBSD moto is a silly as it gets.
Of course design matters, a system designed from groun-up to be secure but even a Linux server with properly configured kernel patchets (grsec), process accounting, iptables, IDS, etc. Can be virtually impenetrable. Same goes for OpenBSD.
Secure operating systems are not new. IIRC Vax/VMS was build from ground-up with security in mind and was deployed by the military. Then exploits security issues started popping up.
Regardless as to wether or not Ethos is the next widespread OS, that line rings very true.