If the answer is YES, your hope would be fullfilled in Haiku R1 as developer’s goal – at least at Haiku 32bit – its binary compatibility and its feature list completed fully that way … as its tartget to became Haiku R1 as it was BeOS R5, but run on modern hardware too.
Its target is binary compatibility.not more.
The 64bit version is an interesting part related to simple compatibility : it is beyond now on BeOS R5 due to its kernel, but fits to modern HW requirement.
Anyway, anything else would come after R1 … unless
you open your editor – write the necessary code and share for review
open your vault – and send the appropriate amount of money to Haiku Inc. to be able to hire a secondary contractor to work on your favorite feature(s) …
That’s it.
IT was communicated many times.
Disputing, day-dreaming about ANY new features won’t do gettting closer to your “needs” or expectastions toward Haiku to integrate it soon.
If we have no
knowledge and / or talent for writing a code that enables wishful features
or
a galant pocket to support ANY new feature(s)
it is just WHINNING and that we should stop - to not losing face.
Or just write it into one of the wishful day-dreaming thread of this forum.
There are some -
I don’t see any problem on people doing wishlists on a forum. I also think and many may agree with me that multiuser support and R1 milestone are orthogonal.
I can came with a full multiuser support but reviewers may reject it because it is a feature not fitting with project philosophy. Or whatever non-technical reason.
Code (and money) contribution is important, but that sort of things need to be agreed before.
PS: I will try to bring some features to the project but multiuser wont be any of them
What Haiku needs is a password to boot to the OS and that’s it.
The Haiku system is small and it is possible to have different system installations in separate partitions for each user. It is also possible to have a partition for shared files.
Haiku also requires a root access password so that no user can delete or open another user’s partition.
Regarding this topic, multiuser has its use cases, and of course in families with kids. Filling a home with PC’s is by no means logical (unless maybe if someone is a collector of various kinds of hardware). Houses being smaller, it makes it harder to have the policy “1 PC per person”. There is also the price issue too. Not everyone can afford to buy a computer for each person in the household.
Just an idea: what I’m doing right now is to have an external USB 3.0 drive with the OS and the docs. Mainly, I could go building a PC without internal drives. As I’m on AMD, no thunderbolt, only USB 3.2 at most, but those who use intel could just plug the OS disk with their own files and boot the PC through thunderbolt and get quite a good performance. Unplug the drive and other users could have their own drives with their OSes, software and files. This might work for some use cases too, though not for gaming I presume.
Then there would be the issue of PC use time slots…
Obviously, for parental control, the parents should lock the drives and the OS features on their kids’ drives.
Side note: I did this with a Haiku drive that failed and corrupted the files and the OS, but it seems that I was plugging an USB 3.0 drive with UASP on an USB 2.0 hub, and that might have been the problem?
Yeah, this is the right choice for shared PC, especially if data stored in external maybe network drive. It can be an USB attached drive on the router.
This way you can always reinstall Haiku on USB or an SD card in USB dongle reader.
If the installed version became corrupt, delete that partition.
From the Haiku boot (installer) partition you could recreate it.
And if you create a copy of that partiton - so, create a backup image – using dd command … you can re-create the secondary partition using the backup image, so your settings would be reproducable as well.
That’s cheaper solution so not needed to buy a whole computer for everyone.
However I assume in more countries there are government or civilian programs where used or even new computers can be applied / obtained for big families or families with economical difficulties.
PC is personal, and Haiku is for generally desktop , personal usage as I was lectured often here
Also there are really small computers even such you can put onto a back of a flat TV or monitor with standard VESA stuff. If storageis still concern.
It will be more useful once Haiku ARM versions became installable images.
I respect your reasons above - I just put in line my reasons that might enlight that is the multiuser access is so important or not.
For example I had to reinstall one OS recently as I forgot the password with I could get in. Now there’s no password, and I’m happier with it. I don’t need frustration anymore.
I do not have such secrets actually that require a password that can become annoying in some cases - especially if you forgot it and there’s no backdoor or revival prepared.
I hate the multiuser.
A convenient and perfect system for me would be to leave the whole system free for anyone to use. But at the same time I would prefer that it be made comfortable and easy to encrypt and protect only the files that we would like to make inaccessible and protect, even, make them invisible, that is to say that they disappear from the system as if they did not exist, and were visible only if you enter somewhere a name of the owner and a password, then folders and files or even applications appear that otherwise would be as if they did not exist in the system … it would be a sort of multi-user, but without the differentiated sessions, only encryption and obfuscation of files visible only to those who own it.
Obviously a general protection not necessarily armored also to protect system files from the hands of inexperienced users, could be useful, also to prohibit the installation or deletion of applications, if you do not want to give this possibility to common users to do so.
That’s pretty much multiuser if you ask me. Only that you don’t call it such.
There we have it
But seriously, maybe the Haiku project could come up with a way to implement a lightweight multiuser concept in a new way without just copying what Unix or Windows does. Similar to what was done with package management.
The project doesnt develop anything, the developers do. So instead of talking about what is multiuser and what is not, why dont we try to came up with new ideas? I tought this is the reason why this topic exists.
Yes, I know that, I just assumed that would be clear. And it wasn’t the point anyway.
Designing and Implementing systems stuff like that is way above my comfort zone (and skill level) and I always freely admit that. That’s why I’m curious what “the developers” would come up with in the case of multi-user support (or something similar).
While I see some reasons where multiuser capability could help with the security / stability of the system, I also think that for a correct implementation many things would need to be rewritten. Or we would end up with something that “sort of works”, but needs a lot of kludges to work, and that would impose those kludges on the “normal” way of working.
For now, my humble opinion would be that we need to work in the plumbing ( hardware support, drivers, etc ) and some flagship apps, and when that is working 90% ok-ish for a single user, this and other ideas can be rediscussed. Much of the necessary things will end up being created on the way, due to being necessary for other parts of the system.
I really like this idea.
I often thought already that I’d like to hide some files on my computer.
I never use disk encryption because most of the files are really not worth the additional loading times and CPU load for encryption/decryption,but a few with sensible private information are.
At the interface level I imagine a menu on the right mouse button and on the windows of the file browser, a menu and submenu menu “private files” with “hide with password”, “encrypt and decrypt” add or remove files , etc etc … this could also apply to icon applications
My reasoning is that I don’t need to lock down everything on my system, but probably a folder or two or just some file to access it from time to time …
Theoretically it would also be possible to block the settings folder of applications such as for the web browser and more apps setting, and when this “has no private use” it goes to a “Generic-public” settings folder
Always with the same reasoning, that there are far fewer times when I need to have a private and reserved use, and many more times I make a generic use of it and I have nothing to hide.
Above all, if I can’t have that damned session password every time I log into the computer, I’d be happy.
Well in case multi-user supported in your system it has a security perspective and 2 well-distinctive concept, definition that must be fullfilled :
authentication – to identify yourself toward the system
and the system is upon that able to authorize you
to do that – and only that – that you were granted by
authorization – so user groups, file and directory permissions, file shares,
hardware and software resources usage, services
availability (e.g. parental control is applicable or not)
As Haiku POSIX compatible : authorization must be existed, but possibly actually passive. I mean as all install happens as priviliged user and after one user used it is always generic user in all installs, but priviliged.
Issue “id” command in Terminal to ensure.
I did sometimes but honestly I forgot - even the user name. It was not really important for me - I was just curious. The only thing I emember the user account was member some different user groups.
As in case authentication developped in new level or you establish port some network authentication into Haiku you can have your wished password authentication.
Or even biometric if you have such hw in your machine.
I would prefer rather some object or hardware.
It is very cumbersome to live without some finger(s) or eyeball(s)
(I may watched too much movies about beometric authentication and what happens owners who use it and get in trouble when someone would take over their system ;)) )
Put the encryption and data safety management in the application. A unencrypted multiuser system is a simple bootable USB drive away from insecurity. Application level user data encryption and segregation comes with no additional system overhead and with memory sandboxes is about as safe as you can really make it.
Drive level encryption and login features are obviously nice as well. Iirc most PC bios/EFI/UEFI already offer this level of security.
The big issue with Multi-user it that’s it entire existence is tied to the idea of a central processing mainframe with terminals. It also doesn;t really do much for security in reality.
Haiku probably needs
A permission model, with password secured files for system settings etc.
API for application developers to use encryption for application data storage etc.
API memory protection/sandboxing.
Most of what a “multi user” system would offer, personalized settings per user, could be accomplished with app server implementating user profiles. But a mainframe kernel level multiuser system is a lot of overhead with little benefits
If it’s not encrypted on disk, and the bios/efi isn’t password protected etc, then it’s not secure if I can yank the HDD and just raid the vault so to speak.
Multi-User is a security model that doesn’t address any real attack vectors. Stolen laptops probably account for most real word data theft outside of online user hacking.
I’d say the only use-case for multi-user, is user vs root separation. This provides a small barrier against the user accidentally destroying the system, or against an online attack. I also like the idea of more explicit permissions or sandboxing. Allowing every application to have access to the entire filesystem and all USB devices, with no way to disable access, is not good for security.
As for offline security - where other people have physical access to your PC - there is only one solution and that is full disk encryption. Anything less is a joke.
Also about parental controls, just… don’t. You think your kid might destroy the OS installation? Good! He or she is just one step away from becoming a power user. Do not prevent that! If you need your PC for work, buy a second SSD. They really aren’t that expensive.
I have no idea where the idea of “parental control is for preventing kids destroying the OS” comes from
I know several parents using it and never preserving the OS is the use case.
