Oooh, while researching Proxy ARP for a transparent firewalls, I found out that the BSDs these days can do Ethernet bridging in-kernel. man brconfig, if you want more details.
Here's a handy writeup on using it to configure OpenBSD as a filtering bridge:
http://www.openlysecure.org/openbsd/how-to/invisible_firewall.html
You can use it to bridge across any number of interfaces, in effect creating an Ethernet switch. But don't try to do this with too many ports - x86 architectures don't tend to have the IO backplane bandwidth of dedicated switch hardware!
According to the man pages, NetBSD 1.6.1 doesn't actually let you use packet filtering, but OpenBSD does. OpenBSD is a good choice for a firewall anyway, since security folks like it and have tended to pump it full of useful packet filtering options.
So does anyone know a nice supplier of small computers that can run OpenBSD and have two or more Ethernet interfaces, a cool enough CPU to not need a fan, and a flash disk that can be made readonly in hardware? A packet filter is, by definition, a single point of failure in a system, so I'd like it to be a maintenance-free device. Particularly since, lacking an actual IP address, it can't easily be contacted to check its status all that often...
Everyone has their own favourite supplier of rack mount kit, but these folks have stood me well over the past few years, so I thought I'd reward them with a plug:
Fairchild Industrial Computers and Internet Servers
You see, as both a computer nerd and a machinery nerd, one place that sells ruggedised industrial PCs (both embedded and touch-panel) as well as rack mounting machines is a bit of a boon.
And it so happens that, coming from an industrial computing background, their rack mount kit is rather solidly built. The cases have enough fans in that they make a noise not unlike a jet fighter taking off, but in a data centre, having a louder rack than everyone else is a positive status symbol. And it means they keep those CPUs and HDDs cool, with cooling capacity to spare if a fan or two fail, which is quite important when you're putting 1U machines in on top of each other - there's a lot of heat generation per unit volume.
Read more »
Spurred by a thread on comp.os.research, I've been reading up on the Synthesis OS design.
Wiki page about Synthesis
The original thesis
This looks like good work, insipring for ARGON; with HYDROGEN explicitly exposing runtime code generation primitives, like any good FORTH system, and the CHROME metaprogramming stuff is based around run time code generation.
I'd hoped to look at how to optimise the system using runtime generation for common stuff - but I expected to have to experiment later; luckily, this fine fellow has blazed a trail for me!
However, I can't help but feel this is more of a programming language issue than an operating systems issue. The author has written an OS in assembly language, and implemented much of it by generating specialised code on the fly rather than jumping to the general code that then has to analyse its dynamic context every time it's executed to decide which control path to take, and having to load data indirectly rather than having it as an immedate value. Surely this stuff should be generalised into a way of optimising all code, rather than just being used in an operating system? I don't see the fundamental technique as being particularly bound to operating systems - lots of applications could benefit from it.
For ARGON, I'd like to use the metaprogramming facilities I've already planned for CHROME to build a toolkit that makes runtime specialisation optimisation easier. Maybe even look into making it happen automatically, although I suspect that the tradeoff involved may require human intervention at heart. A lot of the benefits could be had anyway by just compiling the code in a custom environment containing the constants, which will be constant-propogated and constant-folded and the used as immediate values - but I think those cunning executable data structures need more thinking about...
Since I'm always rethinking parts of it faster than I can write them up, ARGON lurks to a great extent inside my own head, with the Web site lagging behind a little. This just helps to make it all the more confusing for interested folks, so I've bitten the bullet and produced a shoddy diagram showing how all the services can fit together on a single running node.
http://www.argon.org.uk/argon-node.png.
Here, we see how the HYDROGEN hardware abstraction layer is used by various components to support WOLFRAM, for in-cluster management of shared state; MERCURY, for inter-cluster and in-cluster communication and FLUORINE for interoperability with other network protocols. These act as interfaces to the entity handler user code - your application - invoking your entities to handle incoming network requests, and providing an API for your code to make outgoing network requests.
I've shown how real-time user tasks will be executed by the HELIUM scheduler in response to timers or incoming signals, and how they interact with local hardware to perform their work.
And I've shown how the NEON user interface subsystem uses the human interface hardware APIs provided by HYDROGEN to proxy between the user and the CARBON directory (for browsing) and MERCURY to then interact with entities to request that they provide code for a user interface front end, which is then executed locally by CHROME in order to provide a responsive user experience for accessing remote resources.
Hopefully, this will make my rantings make a lot more sense to people...
I've been thinking about log structured transactional filesystems again, and I think I've come up with something potentially useful for making POSIX-style file systems as well as for the TUNGSTEN object store.
Read more »
Computing | alaric | 
Mon 6th Dec 2004 6:36 pm | 
Comments (2) 
Subscribe
