Cluster computing and multi-processor systems will definitly play an important role in the future and maybe it's really sufficient as a niche (this also depends on how microsoft and linux will react). I also like the idea of allowing a computer to be used by several users simultaniously, after all most office work (spead-sheet, serving, etc) doesn't really challenge todays systems anyways.Brendan wrote:Almost everywhere I go there's a LAN with N computers, where a single application can only use the resources of one of those computers while the remaining N-1 computers spend most of their time idle. Another annoyance is that each computer is only used by one user at a time, despite the hardware being capable of handling multiple video cards, multiple keyboards, etc. A typical office with 10 computers could be reduced to 5 computers (2 users per computer) while increasing performance and providing additional features.
Ok, this should work pretty well. For some reason I just didn't think of using public-key encryption for the signatures to ensure that that the module/server has not been tampered with..AR wrote:I meant actual code signatures (private/public key pairs), code signatures are difficult to forge, and any modification after the signing corrupts the signature (Same sort of thing used in SSL), so it is used to verify authenticity. To pre-empt malicious software, B is the only way to go but if anyone has a better idea then I'd like to hear it.
I think the main problem with approach A is not that developers have to give their code away, but that you'll have to check it for bugs, which can mean a lot of work if it's a big server. Maybe there's the possibility of a compromise between A and B:
- You provide a message board dedicated to 3rd party servers which users can use to exchange their experiences with a module
- A dev has to be member of the board and must have posted at least 20 messages (you should also chech their quality..)
- Once a dev has finished writing a server, he signes it with an own signature and sends it together with his board member ID and login to you
- You add his signature and some header information (serverID, release date, version, etc) of the server to the next kernel release
- A user that wants to install a module has now some information to estimate whether the dev can be trusted (number of posts by the dev, number of modules by the dev, feedback in the forum)
- If a server is bug prone or even malicious, the feedback in the forum will be very bad
- You should then exclude the server from the signature list in the next release and warn the dev that he'll be kicked if this happends too often
The advantage over approach A is that it's much harder for a stranger to release a malicous server because he usually won't have to reputation needed.
regards,
gaf
My $0.02.