[kkowalczyk]

It's actually very false.

"Security" is an invisible quality, by which I mean it cannot be easily observed and because of that it cannot be easily compared and because of that is not going to drive adoption.

This is in contrast to visible qualities: price, performance, availability of the source code and its licensing terms, size of the ecosystem (number of applications for the OS, number of books, articles, conferences, programmers who know how to program for it) etc.

How exactly will you demonstrate that Ethos is more secure than, say, OpenBSD?

[Aqueous]

I think it's more about the possibility of guarantees.

OpenBSD has un-typed IO. Typed IO gives you guarantees that un-typed IO can never give you. For starters, a number that doesn't validate properly as an Int, for instance, will simply not be able to pass through, potentially stopping if not Heartbleed then bugs like Heartbleed.

Don't you think companies and other interests would like stronger guarantees, especially when they're running applications that protect information that hackers and foreign governments and other companies would love to see?

[vidarh]

Until it becomes difficult to work with and is perceived by someone as slowing them down, at which point someone will come up with the bright idea of typing the io channel to a suitable type for layering an untyped stream over.

[JonSolworth]

This is the reason why we believe the Tao--the way--is essential to an OS. It is the programming paradigms and use, combined with OS semantics, which is the genius of UNIX.

[Dewie]

Where does the IO typing come from? Is it some programming language? The website says that it uses C for kernel and Go for user space, neither of which are known for having advanced typing systems.

[andrewflnr]

I think they're talking about OS-provided interprocess IO, which is mostly language-independent.

[dkarapetyan]

I don't think number of applications is a big deal when it comes to stuff like this. As long as it has a secure network stack and implementations of various servers for core internet infrastructure it's good enough for me. Now if you were talking about consumer grade operating systems then it would matter.

[Rusky]

Agreed- a new, more secure OS will need other good qualities to actually market itself on.

One idea that could improve both security and the ecosystem would be a capability based design. Separating components through standard protocols/interfaces could enable something like current mobile permissions to be backed by different implementations (including virtualized/sandboxed ones), in some cases swapped out by users like commands in a shell pipeline.

I haven't seen much work in this direction; does anybody think this would or wouldn't work?

[sept]

Some related work here:

http://sandstorm.io http://kentonv.github.io/capnproto/ http://plash.beasts.org/powerbox.html http://css.csail.mit.edu/mylar/ https://www.meteor.com

For web-based service pipelines under user control:

http://pfraze.github.io

[andrewflnr]

It's not always invisible when your computer or phone gets pwn'd and your email account starts sending spam, or your identity gets stolen. I think as the world becomes more technically literate, and insecure systems proliferate, security will become more and more visible. I would at least expect it to be the next competitive battlefield once usability starts settling down (as everyone figures out what does and doesn't work).

[dllthomas]

It can be partially observed by looking at the amount people in-the-know (the developers, insurance underwriters, auditors, ...) are willing to bet on the security.

[jeffdavis]

"How exactly will you demonstrate that Ethos is more secure than, say, OpenBSD?"

Demonstration is not the only means by which someone can be convinced.

Consensus among experts that the fundamental building blocks offer a superior security model will convince a lot of people (directly or indirectly).

[macrael]

The reason security will drive the adoption of a new OS is that little else will drive people away the current ones. In a future where our current architecture is being constantly exploited, then security will finally matter enough to drive us to something new.

[vidarh]

Here's why I don't agree. This is a real conversation I had with someone about Heart Bleed:

N: So will I have to change all my passwords?

ME: Yes, you should.

N: That's a lot of work.

ME: Yes, but if you don't someone is likely to break into at least some of your accounts. At least make sure you've changed the password to your mail account, and set up two factor auth [very simplified explanation of what two factor auth involved], and check that all accounts you care about use that mail account for password recovery.

N: I'm not sure if I can be bothered.

This is a relatively technically experienced user.

It fits with other experience I've had, that security is perceived as a hassle until it's too late and then users do the bare minimum, even in the face of ongoing threats.

Corporate users might help drive adoption, but only if the cost and hassle is limited enough, and the damage of not going there is high enough.

[JonSolworth]

The future will tell about Ethos' success. But I think the earlier adopters will be the tech savvy community that wants security & privacy and buys into Ethos' programming model.