|
Post by Kevin McAleavey on Jul 1, 2011 3:49:22 GMT -5
It's been mighty quiet around here since we got our 2011 release out to everyone. I see that lots of folks still drop by here almost daily and am curious about seeing so few questions or comments. Just wanted to be sure that everyone's happy and also point out that our 2012 consumer version will likely go into testing somewhere around late August or early September for anyone who'd like to participate in our next release cycle and collective brainstorm on where we take KNOS next.
Just wanted to say thanks again everyone and we appreciate your thoughts!
|
|
|
Post by pharrisire on Jul 1, 2011 14:59:01 GMT -5
Hi Kevin, No problems here, just hanging on till I get a couple of 32G sticks (one each for 32 and 64). The two 8's I got weren't so hot. I'd love to replace the lappy's old 30G hard drive with a 256G (or better)SSD but the price has to come WAYYYY down first. Would the "Make bootable KNOS USB" in System Tools work for a SSD?
|
|
|
Post by Kevin McAleavey on Jul 1, 2011 15:11:17 GMT -5
Hi Kevin, No problems here, just hanging on till I get a couple of 32G sticks (one each for 32 and 64). The two 8's I got weren't so hot. I'd love to replace the lappy's old 30G hard drive with a 256G (or better)SSD but the price has to come WAYYYY down first. Would the "Make bootable KNOS USB" in System Tools work for a SSD? Hi there! You'll be pleased to know that we can indeed go safely onto a hard disk with all the protection you'd expect. The only caveat is that dual-booting is not an option with the generic KNOS, it has to have the entire drive. This choice on our part is because GRUB and other dual-boot stuff can be erratic and we're planning to come up with our own later this year. The same proggie that makes the stick can be tricked into writing to a hard disk or SSD. It's just a little bit tricky on many machines because you have to determine the correct name for the drive from BIOS and it varies from machine to machine. But yes, it CAN be done. For the win, all of our copies of KNOS on this end run from hard disk - that was always the original intent for corporate use and OEM's. What's amusing is that on modern machines, it only shaves a few seconds off from the bootup time from a stick. But it's nice to have all that extra space to keep files on. If you want to know the "secret," you know the email address. :)
|
|
|
Post by pharrisire on Jul 1, 2011 15:21:17 GMT -5
On its way!!!!!
|
|
|
Post by tarnak on Jul 1, 2011 19:30:45 GMT -5
Hi Kevin,
I appreciate the release I was given. It is just that I have been busy beta testing other software, and have not got around to burning the ISO DVD.
I hope to give it a tryout, soon.
|
|
|
Post by Kevin McAleavey on Jul 1, 2011 20:11:36 GMT -5
pharrisire ... answer sent a little while ago. tarnak ... no problem! Just making sure that nobody's unhappy.
|
|
|
Post by rustleg on Oct 26, 2011 9:25:35 GMT -5
...<snip> Hi there! You'll be pleased to know that we can indeed go safely onto a hard disk with all the protection you'd expect. The only caveat is that dual-booting is not an option with the generic KNOS, it has to have the entire drive. This choice on our part is because GRUB and other dual-boot stuff can be erratic and we're planning to come up with our own later this year. ...<snip> I'd like to use this on hard disk but at present I use a multi-boot system from Terabyte Unlimited www.terabyteunlimited.com/bootit-bare-metal.htmThis enables me to put many primary partitions on a drive and it fiddles the bootloading so that the OS is presented with 4 primaries of your choice. In view of your comment above can I assume this would not allow me to add KNOS as one of these OS's?
|
|
|
Post by Kevin McAleavey on Oct 28, 2011 1:42:04 GMT -5
I'd like to use this on hard disk but at present I use a multi-boot system from Terabyte Unlimited www.terabyteunlimited.com/bootit-bare-metal.htmThis enables me to put many primary partitions on a drive and it fiddles the bootloading so that the OS is presented with 4 primaries of your choice. In view of your comment above can I assume this would not allow me to add KNOS as one of these OS's? I'm fairly sure that it wouldn't be successful as a result of the way we designed the "installer" for USB sticks. It wants to live on the primary partition on a stick so that it can also create SECURE swap space (we won't use other swap space and our file system is not compatible with Linux) on the remaining portion, and if the stick is larger than 8GB, then another partition/slice is created for "storage" space. In our design, there is no access to the main partition other than read-only and the swap space is "invisible." Thus KNOS would want to eat three partitions and in the land of Billy, four's the limit. In OUR operating system, you can have up to 128 partitions, not that any sane person would ever want to do that. Heh. For its own protection though, KNOS really doesn't want roommates. We even designed our filesystem so that not only Windows can't play with it, but normally Linux can't either without some major gyrations. Some customers have taken the ISO straight into a VM as a "guest" and it works there like it would from a DVD but much faster. But it's limited because swap isn't created and if you run yourself out of memory, poof! Unexpected reboot since we don't believe in blue screens. Thus we really recommend that the stock version of KNOS be put onto a USB stick as the absolutely sanest way to have it safe and fast if running it from a puck is too slow for your taste. We *do* have customers however that have done KNOS to hard drive (all of our machines here run KNOS from a hard disk) but it requires either some fancy dancing with a manual install or a custom build by us for that purpose and a dedicated hard disk is the preferred way to go at this time. We ARE planning to provide a BSD-installer build this coming year which will allow that but it's not ready for prime time as yet and I'm loathe to do the Klingon programmer thing and letting it "escape leaving a trail of blood behind it." Given that Microsoft has a nasty tendency of trashing GRUB and other partitioning schemes when it's reloaded, I haven't been in a hurry to toss that out there to the unsuspecting, but on a specific custom build we can do anything the customer is willing to pay for if that helps to explain. We're INCREDIBLY flexible when it comes to custom stuff when somebody pays us to make them a custom. That's what we're really here for and we don't ever say "no" when we see a check waving in our face for the work involved. :) With terabyte's thing, as long as you can rotate those partitions so that KNOS thinks that it's installing to your "first slice" then it might be possible. But given that your toy is a complete unknown to me, I'd be VERY careful about trying it since KNOS talks to BIOS as to what's what and refuses to believe whatever the "boot partition" claims the world to be.
|
|
|
Post by rustleg on Oct 31, 2011 14:11:49 GMT -5
Thanks for your detailed reply. I'm attracted to the idea of running KNOS from a hard disk as a working system. Currently I use a separate OS for banking multibooted via Terabyte's Bootit program, which gives me a reasonably secure way of doing this although I'm now planning to switch to using KNOS off the DVD purely for banking. A first question - rather theoretical (paranoid thinking) - what possibility is there that malware could come in via another system being run from the hard disc and infect the BIOS so that when KNOS boots from the DVD it uses an infected BIOS. I realise that the chance of someone trying to specifically target this system in that way is extremely small, but I note that there is no hardware write-protect on the BIOS which would prevent a program flashing the chip (why don't motherboard manufacturer's provide this?). Coming to running on a hard disk, first I would say I am a consumer with no business case for plying you with cash to write a special system. I'm wondering how feasible it would be to try this: 1. remove all hard drives except one and install KNOS on this. (What level of expertise or knowledge would I require? I have installed various Linuces fiddling with fstab, etc (!) but in no way an expert. Or maybe I should wait for the BSD installer version). 2. reintroduce a second hard drive, install Bootit and get it to boot into KNOS - assuming it recognises the partition as bootable, which it may not. 3. Add other OS's on the second (and other) drives and also data partitions. Would KNOS be aware of these partitions and be able to write to them? I don't really understand the security model of KNOS and so maybe I'm negating the security model this way, but if I do want to play with multibooting it seems to me that I couldn't do better than make KNOS my working system in this less secure environment. If this is way too complex for me to try to achieve without knowing enough about BSD or KNOS please don't hestitate to put me off trying. Maybe I should just try PCBSD instead for my less secure BSD (hoping you're going to tell me it's ok or rubbish )
|
|
|
Post by Kevin McAleavey on Oct 31, 2011 19:23:42 GMT -5
A first question - rather theoretical (paranoid thinking) - what possibility is there that malware could come in via another system being run from the hard disc and infect the BIOS so that when KNOS boots from the DVD it uses an infected BIOS. I realise that the chance of someone trying to specifically target this system in that way is extremely small, but I note that there is no hardware write-protect on the BIOS which would prevent a program flashing the chip (why don't motherboard manufacturer's provide this?) Dunno if you know my history in the antimalware business (look up BOClean if you didn't) but infecting an operating system from BIOS isn't all that easy. What's normally done is that Windows code is stuffed into spare space in there with the objective being survival rather than infecting BIOS itself. There are so many variations in BIOS and so many versions that actually infecting the hardware itself is extremely difficult and not practical. However, storing a file at a location past the end of the configuration has been done by a number of "viruses" and every time, it's Windows API code that's simply read in during Windows boot. That's why it's an issue. They'd have to write KNOS/BSD code in there for that to occur. But wait ... there's more (as the TV announcers say) ... unlike Windows, KNOS doesn't load BIOS code. The only thing we do as we're booting is riffle through BIOS looking for the addresses of hardware on the computer's motherboard. Location information ONLY. Once we know that at address "X" there is a device, we go and probe the physical device itself to determine what it is and then load our own hardware drivers for it independent of what BIOS claims. So were they to infect a hardware device in BIOS, we'd still be using our own code to set it up from the unchangeable media we boot from. So with KNOS, even this isn't a concern. Same holds true for something FAR more popular than leaving parrot droppings in BIOS: All of that HUGE amount of silicon sitting out on your video card in "GPU space" ... infections there work the same way - loading Windows API code into Windows. When KNOS hits the video card, we zero out all memory there just like we do in RAM. KNOS likes a nice, clean, aligned memory space so we don't have to fear tripping over something on the floor and crashing hard on something mysterious and sticky. As things are currently designed, we don't have a partition "adder" since we didn't have much faith in the idea of installing KNOS onto a hard drive in previous releases. Our intent was to deliver a bootable DVD until we were satisfied that KNOS would be thoroughly safe to use on a writable media such as a USB thumb drive. Once we were certain that it was truly safe to do so, we provided that means for booting up much faster from a USB stick in the current KNOS 8 version. Ideally, this would be the way to go. If you go to Applications, System Tools on the menu up top, you'll notice a feature in the list marked "Make bootable KNOS USB" there. You need a minimum 4GB stick and 8GB is even better since that will make a secure swap space so you will never run out of memory no matter how much you have running. If you go above an 8GB sized stick or a dedicated hard disk, then you end up with personal storage space all on one convenient portable medium. This is the method we recommend at this time tho'. That all said, KNOS will want an ENTIRE drive for itself since we didn't design it to work with other partitions on the same drive. So if you want to put ONE drive in there and have KNOS install to it, that'll work. That's how we do it on our own machines here. It works. The problem in having other drives and other partitions is that KNOS will get confused and can likely go and install itself to the wrong place. One drive won't present that problem as long as KNOS has *all* of it ... Plugging in other drives at a later time should present no problem at all other than of course setting up your system to choose the correct drive to boot from. The way KNOS is designed, it CANNOT write to your other drives, but it will be able to READ from them. This will keep you safe and was part of our design to ensure that "air gap" of security. In a custom build, we CAN allow writes to other drives but didn't do so in our public version. So yes, you can do what you want ... if you have specific questions and cautions before doing so, drop me an email at support@knosproject.com and I'll be happy to walk you through it in detail. I encourage any doubters to go ahead and try the BSD's themselves ... it can be a more cantankerous thing than Linux as far as obscure things to tweak and more configuration files to have to setup than governments have people to do it. Heh. As for KNOS, we did all that already and all you have to do is click ... nothing else! But as to security, it's all designed in and you can't break anything in KNOS ... as to other stuff, well ... you seem to have a healthy caution there.
|
|