My MINIX Nightmare

The beginning of a new year always feels kind of weird. Maybe it's that I wasn't done with the last year, but something usually feels off to me, like it shouldn't be 2018 yet.

I've been messing around and reading about Minix, trying to understand how filesystems work. Don't ask me why. I was thinking I could do something achievable but useful like try adding FAT or ext3/4 support to Minix. Well, at the moment, I'd be really proud of even getting Minix's ext2 driver to work correctly.

So, obviously, you can't just jump in to the Minix source code and automatically know your way around, or how to begin going about adding a filesystem. But like I've learned through anything I've ever done, just spend enough time with something and it can become natural, even if it makes no sense at first.

Reading through the Minix documentation and source code alongside Operating Systems: Design and Implementation is a really cool experience anyways. Minix is an operating system designed from the start to be used for teaching. It's dedicated to a simple-as-possible approach, and is filled with clear, straightforward documentation. Through extensive comments and READMEs, the authors fully describe each piece of code and decision they've made. And there's so much to be learned when you can see, for example, the code for mount, with its giant conditional allowing for more than one partition to be mounted at root (/). I didn't know that was possible! Not that I'll ever use that.

So yeah, I find operating systems interesting because you can feel the human element of the authors coming out of the code. And it's just amazing that it all actually works.

Recently, Minix's file layout has been re-organized, and many utilities have been brought over from NetBSD including its package manager. So, Minix is no longer just for experiments and education, but also a system where you can use many tools already available for standard Linux.

Speaking of Linux, I don't care right now that Minix is a "micro-kernel" and Linux is "monolithic". Minix is designed in a way that allows its drivers, like the filesystem, to be run as processes in userspace, instead of in kernel space. If that doesn't mean much to you, well it doesn't mean much to me either. The only consequence of this that I've noticed is that even low-level filesystem code is able to include standard C headers like string.h and unistd.h, instead of using their own lower-level versions of these libraries. I'm just using Minix to learn about operating systems, and for anyone that wants to do that, I recommend it.

After the new year came, I kept seeing new articles about some kind of bug in Intel CPUs. I'm not a security person — I don't take it too seriously because I think computers in general are taken way too seriously. If you're worried about someone finding something out about you, don't enter that info in a computer — just like how you wouldn't write it in a notebook, I dunno. But yeah, we don't have a choice these days, with doctor's records, banks, education, everything completely in the digital realm. So digital security becomes important, and we're making it up as we go along, as an afterthought to the actual functionality that we get out of computers. As a web developer and all-around Linux geek, I had watched random vulnerabilities come up like the Heartbleed bug in 2014, with mild interest.

This new vulnerability was interesting because the fixes (which are only able to mitigate parts of the problem) required big changes in most operating systems that run on an Intel CPU, and all the drama that unfolded. The OpenBSD developers, security experts, found bitter satisfaction in the failure of this particular security-through-obscurity style NDA used with the major operating systems developers, in a message titled 'Meltdown, aka "Dear Intel, you suck"'. According to the OpenBSD developers, Intel sucks not because of their small flaw in CPU design, rather what they did to fix it. They approached a few major OS developers, excluding OpenBSD and many others, about this flaw that requires changes to the operating system. Under an NDA, everyone agreed to make this public somewhere around January 9, 2018, once all the fixes were in place. Before that date, some savvy journalists started reporting on telling commits in the Linux kernel, and with a snowball effect, security nerds everywhere deduced the full situation: that there's a weird hardware bug in Intel's CPUs. This led to widespread knowledge of this vulnerability a week before, for example, Ubuntu's patches were all ready. Did that cause more damage than if Intel had just told the whole world publicly, at once? Who knows. The OpenBSD developer asks sarcastically, "Aren't we all glad that this was under embargo and strongly believe in the future value of embargoes?" And any die-hard proprietary software fanatic (do those exist?) could just use this as another of their few reasons not to develop in the open. I don't really have any answers, just the facts.

By the way, Minix isn't vulnerable to the Meltdown issue, because of some of its features I don't care about that I mentioned earlier.

So, it's been entertaining, but applying patches like this always feels so unsatisfying. "Not that I *really* care, but my system is 'secure' now, right?" What about all the other security vulnerabilities that haven't been discovered publicly yet? Or the countless known vulnerabilities in any of the many layers of hardware and software on the servers, desktops, and laptops that I use, that aren't just completely up to date? I also kept thinking in the back of my mind.. didn't I read something in November or December about a secret processor that runs alongside every Intel CPU, in some kind of ultra-privileged mode, or "ring"? If that were true... what good would an operating system patch be? I feel like I watched a YouTube video of some talk about this, but couldn't find anything related in my browser history.

I went back to Minix, browsing through their mailing list reading about Minix's lack of amd64 and SMP support, and saw a new post called "minix the most used OS in the world". This sounded like a joke, and similar to the beginning of the title of a debate I mentioned earlier — there was a post to the mailing list in 1992 titled "LINUX is obsolete". Actually, the new post refreshed my memory, and I looked up some articles about Minix and Intel, leading to: MINIX — The most popular OS in the world, thanks to Intel, which describes the Intel Management Engine, the source of my MINIX nightmare. The full description of a secret processor running on most of our computers, running Minix (thanks, no doubt, to its lax choice of open licensing — free as in do-whatever-you-want), with access to everything in the main CPU, and a web server. Mystery solved!

Always willing to jump at an opportunity, the Free Software Foundation uses the Spectre/Meltdown issue to remind us that these patches are nice but there are already ways to get data out of Intel's computers using the Intel Management Engine. So, again.. deeply unsatisfying, and I take comfort in the fact that I don't really care who knows what about me. I just hope my bank account doesn't get hacked cause my new annual lease agreement just arrived — my rent is going up by like $120 next month. WHAT THE HELL.