[Grml] J'ai l'inux nom de code Canterbury

Thomas Köhler jean-luc at picard.franken.de
Fri Sep 27 08:28:13 CEST 2013


Hello,

First thing: I did learn some French at school, but that was two
decades ago. I might completely misunderstand everything here. It
might even be that this whole thing is an April's fool that went
wrong (in regards to the calendar, that is). Just a few random
thoughts from my side follow anyway.

chris21.roux at free.fr wrote:
> Le projet "J'ai l'inux" vise à proposer une distribution Linux
> capable de filter les contenus notamment pornographiques, pour
> une utilisation à l'école.

If I understand this correctly, you want to filter out
pornographic material at school, and the target is to create a
linux distribution for this application.

> Pour filtrer les contenus, il est nécessaire d'intervenir à
> l'intérieur du système pour intercepter les contenus à filtrer
> (on ne peut pas intervenir au niveau des trames réseau car à ce
> niveau les contenus ne sont pas interpétables).

If I understand this correctly, you thing you can only do this on
the system itself, because you think it's not possible to
intervene at the network layer.
Well, actually, it is. If you connect your systems to the
internet via a firewall, you can block everything you want. You
can also install a transparent proxy, and your proxy may well be
able to filter content. You could use junkbuster for this.

> J'ai pensé à utiliser des machines virtuelles pour déléguer à
> chaque machine virtuelle une portion spécifique du système à
> assurer.

Of course you can use virtual machines for what you want to
achieve, but it seems unnecessary here.

> Cette idée est née d'un poisson d'avril (April's fool joke) qui
> annonçait le projet Canterbury, visant à réunir le meilleur de
> 5 distributions Linux dans une nouvelle distribution.

So your idea is born from an April's fool joke, but in the end,
it looks like one itself.

> En tant que chrétien, je suis très sensible aux poissons
> d'avril qui ont pour objectif de se moquer des chrétiens.

For this sentence, I needed google's translate in order to
possibly make sense of it, but then I quite don't. "As a
Christian, I am very sensitive to April's fool jokes which aim to
make fun of Christians."
Well, as a Christian I don't see how this "5 Linux distributions
now become one in the Canterbury project" aims to make fun of
Christians. Furthermore, there are quite a few possible
explainations on how the "April's fool jokes" emerged, but none
of the ones I know particularly targets at Christians. You might
to choose to explain this sentence again (in English) so that I
might have a chance to really understand what you wanted to say.

> J'ai donc choisi ces 5 distributions et j'ai fait un prototype
> de test 64 bits:
> - Archlinux pour l'interface homme-machine et la virtualisation
> - Gentoo pour la compilation
> - Grml pour les entrées-sorties
> - Open-Suse pour les applications
> - Debian pour les applications 32 bits et la modélisation

So you use 5 distributions in order to do 5 different jobs in one
single project.
I believe this is an April's fool joke just because it seems so
stupid to select 5 different methods of administrating your
systems (all those distributions use their own toolset for
configuration, apart from Grml and Debian, as Grml is built on
top of Debian) just in order to use all of them in one single
project.

> L'idée sous-jacente à ce projet, c'est un module noyau à
> développer qui permettra de router les appels système vers
> chaque distribution en fonction du type d'appel système et du
> rôle de chaque distribution dans le système.

If I understand this correctly, you want to route systems calls
to each distribution dependend on the role of the distribution in
your project. Somehow, that doesn't make any sense to me.

> Le pattern MVCA (Modèle= données, Vue=ihm, Controleur=noyau,
> Action=application) est utilisé entre Archlinux, Grml et
> OpenSuse.
> 
> Le filtrage de contenu s'effectue entre les applications et les
> vues grâce au module noyau qui intercepte les données à filtrer
> et les dirige vers un filtreur hors noyau. Le filtreur applique
> des outils sur les données pour décider si elles seront
> autorisées ou non.

Seems you also want to create a kernel module to decide what to
intercept when. I don't see how this should be necessary.

> Pour développer le filtreur, un nouveau langage, Pmal, est à
> créer. On a besoin d'un nouveau langage qui doit être capable
> de faire évoluer ses programmes sans avoir à les interrompre.
> Ce langage sera basé sur du typage fort, pour assurer la
> sécurité du système. J'ai imaginé un langage de glue pour faire
> ça.

For the filter, you seem to want to create a new language (which
you call Pmal) that should be able to intercept what a program
does without actually disturbing the program. Sounds like "let's
reinvent something like strace, but add the possibility to change
the system calls' return values on the fly". That's actually
something every virtualisation does in some way or another, but
not for filtering content, but for intercepting and filtering
hardware access. I still think it's better to use junkbuster and
friends.

[language specification ideas deleted]
> De plus, bien que fortement typé, ce langage pourra être
> exécuté par du javascript,

If you want to run a language in javascript, you usually aim at
running the stuff on the browser end. You should be aware,
however, that at the browser end, the USER is in control and can
modify your stuff however HE sees fit, especially circumventing
any blocking or filtering that happens on that level.

In the end of the day, I still think I didn't understand what you
really want to achieve (no wonder, as I didn't use French in 20
years), but if I understood any of your intentions correctly, I
just would think twice if there isn't an easier way to achieve
your goals.

Bye,

Thomas

-- 
 Thomas Köhler       Email:       jean-luc at picard.franken.de
     <><             WWW:              http://gott-gehabt.de
                     IRC: tkoehler       Freenode: thkoehler
                     PGP public key available from Homepage!


More information about the Grml mailing list