i i'm going to do talk about ten bucks application for gonna i did pretty much the same talk already you know major safety of the pen and that one that's the other talk which might be more interesting and that's panel with this but anyway we have made little bit of the resistance gonna major so that's and you stuff sandbox applications for brno so let me first introduce a we are so i'm gonna paddling and i one of the guys to behind system the project and actually have to more people that that's kind of us and that you cut and if of course everybody here actually we're pretty much and we all work together and system you project system the is a little bit like it used to be just a minute system but grew a little bit and that's perspective what supposed to be a nowadays this little bit like the basic building block to build an operating system problem so brings a lot of components are probably not too interesting for deaf a test on france but it does cover lot of ground that is relevant for the desktop then going back to the actual topic this is about the actual applications we think linux needs a strong way how we can do access and we believe that much of how that's implementing needs to live in the lower levels of the stack because we believe that the concepts the basic building blocks but use there should be kernel things rather than just something that is created user space right so the isa nation for example for the extra sent boxing part is something we believe is to be in the lowest level which kernel object and not just something that is boulder to boulder top and not part of the actual so only general goal of the system the project it that we want you know or in the more general case linux do we the modern general-purpose alas we believe that acts on absolutely crucial part of it i mean nobody use an operating system for the purpose of using an operating system people use an operating system because they have to do to achieve something that actually interesting for them so how do you choose that because you run some apps the do what you want on the rating system and hands operating system is just the thing that should be there and work for the apps and the apps environment is actually the most important thing we probably have enough so if i talk about by the way i know is be very far to give any is just with that is sure not that's the down if you have any questions totally interrupt me right away i would tell you prefer this becomes more of a discussion and just me talking stuff so you have any questions totally drop me i love that so we are talking about apps what actually a wraps so from our perspective from the coming from the lower levels of the stack apps or sandbox use applications ship in a single file crap no privileges for execution which table a P R S and reliability reliable testability so take this apart sandbox to use application so this is about use applications first of all so it's not about i don't know running apache on my server because that a service that will really only talking here in the centre that's of use application meeting firefox mean game all these sent boxed mean that there is isolation of the have towards operating system so that what we have does cannot be exploited and the attack as cannot get access to the rest of the operating systems of so that nothing from the operating system leaks into the apple in the other way around to that nothing from the apply to the right ship in a single file or at the something then we are really interested in so that it becomes easy handling apps because right now on linux have so usually ship in our P M or something like that and they distribute file all over the place in the file system this is not the i don't think that particular useful or friendly way to do what we want is that people can considered have and something like and could attach to it to tell you know right so that's just one file and that's all you need and we'll just work other operating systems that's have little bit something like that for example macros you have these you have folders and that case that's or would you feels a little bit like a file isn't but we actually wanna go for one at in one no privileges articulation which is very important after all this is about user stuff right so users stuff should not require privileges of all of the operating system to run this is systematically different from anything like R P M that existed before because and R P and to install an R P and you need system privileges and in because R P M's also powerful you can like there's no way to distinguish and an R P M well them and package for the matter that interferes was the closest with the operating system and are him that actually really just a matter so it is absolutely crucial event no privileges for the installation for the activation and then the next thing is stable at arts which i think is probably the most complex thing of them all we in linux are keeping stable at arts i mean there are different api surround and some of better than others like for example currently you know it's usually pretty good it's not perfect but it's pretty like you have a chance of being able to run stuff that was written against the currently pi for from the nineties and will still work on the current linux kernels not everything will the best channel gonna has not been as good with that like i don't know a can on one applications don't work on three that a lot of reasons for the for that and i think it's a good thing that is that way that we can make a T I but it is a substantial problem for sub pop members if they if they wanna one right that application they don't wanna constantly be caught in that cycle that we have that is really fast and updating right so we need some say it to do need to do something about that and reliable testability means them well let's darla most a stable areas for us it also means that the differences between the best distribution or minimise because currently the distributions all to in mass of ways for example one of them my favourite examples this is there's on the door and row systems insist directly called use a lib X like which is something where you're supposed to put internal binaries at least that's how most people understand it and this directory only exists like that of the door and row and nowhere else what is that well a to make there's a lot of things but they with it know what do use all the mug like that i mean all the make and stuff like mark home and things like that like the com the and things like that i wouldn't blame all make for that i do planned route for that right at that i mean we don't follow the gonna world all anyway i mean if we did than everything would and then use the local right i don't know it is i think because this is recorded we probably should if we have discussions to that with the with the anyway i think it's a i personally blame more room for door and browse that it's in the fedora packaging policy that should be you right also it i mean it that's kind of cool about this thing out because then we are to blame we as the door but other than everybody else but anyway this is that's a speciality we got this house came into existence at the speciality of the door and well and it makes things difficult because depending on how which operating system you compiled stuff for sixty to be light out that way and this gets worse and worse and worse i mean for example some them distributions you system the others use up and it's kind of things many of this we will never be able to do however we need to think more about unifying the A B A V I you're operating system and we need to make sure that we somehow even with we are incapable of all with guaranteeing our main supportive at i am to be stable we need to stop somehow make it possible to relatively easily run all that with the labia reliable testability that means what is absolutely i'm horrible for third party application mentors who want to write software for linux is that's because there are so many distributions and because there are so many different ways to run them because they you always have a different set of our cans and so on it is incredibly difficult to actually systematically test a software against that right because i mean linux kind of provide the same at eyes and all the distribution regardless of you run then you know if you run ribbon to if you run so door organ two whatnot they don't have the same at the eyes however if you actually want to test against that and it's not sufficient that they provide the same in the eyes you need to also know that the work exactly the same and it is it like a test metric explodes by if you multiply that by the and different distributions and the different versions of the distributions and the different architectures and things like that which is like for project like firefox they can still do that for a couple of distributions but as soon as us you only all this little application developer and you wanna know that your stuff works how you should you ever i mean it would basically require you to install any fedora version you wanna test again with many every woodworking and then you testing yourself so we need to do something that to make testability easy a like reducing variables and the whole equation so this of course means we need to ask yourself what the purpose of R P M's and that's and well we wanna cheap all that rbms and that is already mentioned that something is installed only by road eleven a common name space mentor at have i can have access to all kinds of mentor at art because they're basically unrestricted and they have this huge task metrics so we don't wanna get rid of our cans adapts or anything like that right we saying they're really useful things but then not useful for actually packaging set up use that because they have way too much power so what the way we see it is rbm that's fine that's how you build you operating system but it's not what you actually then run on top of that operating system that's a different for one that does not have to deal with all the problems about that's that so so our teams that's a primarily focused around distributions a single provide able to test out of programs this is something about but then strands they can R P M's because they have so many so many i'm dependency specifications for example would you expect that the name space of the dependencies expressed in the R P M's or something all of the unified name space right like if somebody depends on a library by the name look for something then you need to maybe make sure knock in that this lip foo mead exactly one library not another one however lip food that is very generic name so everybody might a have something different that even if they have the same like the end of the name they might have it in the different avi so are can that's a fine but the and apply that that's only one when they're in and how to manage the and i a name space and provide every single R P M with you as soon as you depart from that and you have multiple but then as in the game not everything coming from for door and then our peons at the and that's a really strange things because the name space clashes so that's on the other hand should be the opposite of that right we want people to have many sources on the and we want to make sure that you know there can be multiple providers of that people can compile there and just provide them on their website things like that and we want to allow them that this can be untrusted code because this is like the next thing if you have a distribution the makes then you do trust the distribution to a certain level and then expect from the distribution that it will actually take the code from the various applications look at them figure out that they're the codas okay didn't do anything evil will package it from you so that you don't have to trust every single act developer and you can instead of just trust the distribution of the whole as soon as we go to the apps model where we wanna have lots of energy and this becomes much more of a problem because suddenly if you get everything directly from them and that you have to press every single one of them and that's a lot of cost now so this is a problem but it's a problem then we can deal with technical solutions by making sure as mentioned with the sandbox thing that even if you don't trust that and then are so much that whatever you can do with the system isn't too bad actually break so apps and the key feature that they have isolated from the surrounding those west and are and you the private data for security reasons for a pi stability reasons testability reasons building we and that's an exception with extensions so the isolation from surrounding los it's like the key thing here we want to make sure that if you install again that game does not can access the address book and if you install i don't know it what rather it should not get access to your friends list on the on the with pitch and these things like that this it's like this is something that we did not have a it never had on a non unix it's isolation all the ads between them that you run on the same user id on unix classically access control is exclusively a user right as soon as you have some code that runs it as you use the get access to everything you have and that it's just i mean is a little bit of a so it's about that the reason for that is a security reasons but also as mentioned we wanna isolating from the from them so running O S what api stability reasons right because i'm currently if you have packages software you see the and I P R A S R P M's if you if you see the entirety are operating system and that is a bad thing right you need to make sure that that's the at actually only see that was a P R is the jeans table and the and then supportable but do not see anything else and do not end up pulling in blinds dependencies that you cannot see like for example this the problem think about G stream alright this tree might has a stable api if you application pulled that in that's totally fine but you create a lot of problems but because i just you meant based around a plug ins so these individual plug-ins are content like eyes of G stream of so you would think that wouldn't mind and that wouldn't be a problem however ultimately these plug ins will pull in other libraries and those i and we have position that they do not have any stable that yet very frequently like for example i usually so anyway this means we need to somehow isolate the operating system so that the not some dirty code running on the operating system can you can to the at and not some stuff you don't want from the at and you get to the house the colours thank X exceptions for that which are extensions like stuff that really extends existing software for example can i'm shelley have javascript extend for that is very different thing because it will actually it must a be able to run in the same sandbox and same context as gonna shell itself so which means securities is very important but there are some exceptions where we actually kind of take benefit all that secure so i already mentioned that we want on level oscillation we want this isolation that we need for reasons of api stability testability and am security we want that on the kernel that why do we want to work on level first and foremost for the security reasons because decreases a complex thing where there's so many different things like ice a linux and capabilities and blah it stuff that people shouldn't think about it stuff that i guess leaks into quite a few so subsystems i don't know it's a lot this process man was use them and all these kind of things if we ever do isolation excuse them in user space and have user base components to this then there's no way how this can be integrated with all that stuff that we really don't wanna care about but need to have so for us it's really important that everything that is enforced is kernel estimation and this is all the something we one was no apps solution we want something that is three is community based so we want something but is not bound to one single at store but it's something that people can set up their own after this that want to and is men diagnostic so that not only i don't know it it's not supposed to be something that where at had set up a naps don't nobody else can take benefit of that it's supposed to be something where everybody can send a napster and people can even i have not around so it's supposed to be something that truly free and the way how linux itself so this is so for a little bit about this other do one and recharge about security about them free nice about a couple of other things the next part of the slide focuses mostly on how we think we can get that we have been working on a couple of things already we group everything that we wanna do than nine steps it's a lot of work is likely to happen tomorrow or something like that but we have a lot of things already encode another couple of things we have like sort about and have plans about but until we have the full thing the egg how but we think is actually necessary to make linux i'm strive as an echo system because quite frankly it's and possibly hard to write good at the linux simply because you can distribute them so any questions to this point you got to thirty drop me if you have questions that's question the microphone mike i don't know it's like it's casey and maybe it is if i have like one machine shower by Q people so like it would be very nice or write it installs it's a two people in the same itching would i just all insane a like a right so i mean it is our mission and like a part of our mission statement is that use like a should be able to install these apps without requiring privileges but that does not mean that that's the only way how outside still so far example administrator could just drop something into the system and every user so it's just about that we want to allow users to do this with our break fine from that minutes but administrative if you any application use just the single file what about shared libraries that's a good question will probably come to that later though that is available no anyway i mean so far it's just about the mission statement why we believe this is necessary and how what we think that's all should be providing the nine steps a bit about the technical implementation of things but anyway i don't see any for the question so let's just proceed with the technical stuff there is one way okay minimal mobile applications come in a client server the version of all the usually internally and the just is a is a gift that scene out so we stopped things or what we only focusing on single a single focus so this is explicitly about use that's right use that's meaning apps of the use themselves like the end user himself plays around was it's not about so i think much of that stuff that we had designing here will ultimately be useful on the service well but this clearly out of focus for the stuff that we collapse here okay thank you okay but nine steps that's all the questions right now right okay so the first one that we currently working on this is make E D that's work i can us is approach that is kind i have been working on together with donny american great crop couple of other it's a the part of the class people system for this it to the crown the us i hope you all know is like this i can see this really basics thing how process can talk to each other since this is about processes talking to each other we believe it is absolutely essential that this core component is aware of sent boxing meaning that because we need to limit what apps can talk to we need to have the send boxing right in the i see so for us because we again want all these things to be enforced by the kernel it is absolutely essential that we make at once where katie was work where the other thing is because we believe that the katie basically was in general is like a really nice way how communication out and of the sandbox can work so it is far as important that's if we want to it katie less or do that's to be do single i'm interface in and out of the sandbox you need to be capable of actually exchanging large amounts of data with that because i mean it suppose with the one and only thing i don't know that sandbox the need to be really good and cover all use cases that we need from the now he was classically is not useful for exchanging substantial data it's focused and that is in the resume some statement only in control data right short message call which will parameters if we wanna make it like the single thing then we should be able you do also use it for exchanging things like J peg file document file or anything else so for us this meant if we wanna have to be device the central i think we need to get sex sixty thing first that sent boxing things like that the current state of katie that's is that we have a lot of carrot and it kind of works but we have not like it's part of the system you project like the user space part of the system the kernel space part is kind in a repository we're not far from actually making a work altogether what basically the last missing made a missing sync for us this is that we actually port system the in its entirety to the U I P i just that katie bells and that's this but and provide which is basically i mean it that something so difficult it's just a lot of work like moving from one like that we hope that this that we have something really presentable like putting up an entire system was and look at less and by the end of the year you have submitted to talk to linux company you about katie us so and i better have something presentable by then so that's my way to get push on that so that we actually have something so much about katie but it's a huge project it's going to be awesome because it's we finally get a really good i can see you know linux that is far that is provide everything we ever wanted from sent boxing to the broadcasting to activation that was step one step two is we want this accent porpoise build only next negative second see goods become abilities so i depending in like if you if you ever that was the lower levels of stacking them that then the next name is basis second see good together but it is something you might have run into suffice to say these are very generic tool that the kernel it provides for isolating and then men do like that bows than any kind of what the what them a certain set of programs can see but also in what they can do and well these are completely generic we need to make them very specific for somewhere for the axes case just like that if you use linux the name space second figured it abilities you can build anything out of it you can secure service and whatnot but to actually match the don't absent boxes and we need to use it one very special way of course name spaces and stuff like that this also like to look at that stuff which where they name spacing is built in from day one right now couple of things about this i'm really interesting like for example was a single stuff we want that every act runs inside of a C group so that it we can put results limits on them so that know how can bring down the system but this has a lot of interesting effects of beyond that as well because it suddenly allows us to manage runtime apps in a way that only androids and mitra when these kind of things could for example and that we give the foreground at the boost in terms of us if you know and we can even like the background have gets them like a medals for time accuracy and we could even freeze the background apps this has been done in minutes before for things like memo had something like that but with this model if we if we have the definition of apps and we suddenly have all these options open where we can make use of define some things the net effect of all of that is a separate it that's a little bit more robust but primarily about them how management so and in the field little bit nice of the foreground up gets more secure right so second per se M sandbox as we have the part of this is actually is something that john cost in the past we've for those two but you a little bit disappointed with the results we believe what is essential for this actually that we get a strict a file reich specification for this i mentioned this before was a lib X thing if we want to make this happen that these send boxes can work on every machine then we need to make sure that the decision machines do not no and all sorts things and different directories all the time but we also need to kind of give the and developer and idea how he himself was supposed to places data so that it does not clash with his operating system or any other operating system that followed these guidelines this is a complex thing because there's already and then F H S round which is tries to standardise how the entirety of unix works for this at stuff we probably need to reinvest get that you get that and that topic and focus exclusively on what acts use that sun lit apps what they need this is not a job for necessary so much from brno and sell but it is actually job for the entirety of the minutes well that they actually accept that the differences on minimised and that fedora stops doing that something's we got back second and some yep and that this is something very important that we currently all distributions actually take you know and acted differently right if you if you have a you know money want to and will not use the backs of if you have the same good on for dora it will use look back second that's a big problem because it's on the average thing is looks differently so while i sing that them the distributions need to fix the issue it is there's also something for can on to do like you know the release team or somewhere like that have to define exactly how the finals all located i have placed how the avionics look on the a different operating system is going to be top of course we don't have anything like a certification system where you could actually for these kind of things but it's still it's of major importance that this is clearly community can communicated to the to the distributions that they stopped doing that and saying if they wanna have something that is compatible what is with you know right you know needs to document this is how you package it and you don't targeted anyway else and if you don't acted that way then you out of the game and you have no compatibility with what we that so it's something to fix for the distributions but they need to do it according to the recommendations and then top language that you know needs to use the whole thing by the way if you have any further questions that question but that's the mikes coming but once we and needs basis and this E groups a would it be possible to enforce and find a higher he by and my name spaces so when i speak of nice basis you this usually applies to filesystem name spaces but name space design and they sent to isolate sings big thing they cannot be used in for anything right and also it's a different thing like for example what the apple inside of the container does is relatively relevant like they have more freedom than operating system has because the apps are not at i operating system however is so it's them we will not be able to enforce much i mean i'm sure that the operating board of going home could supply tool that can linda the operating system make sure that a big part of the right up writing i am the bright if you guys could even and provided tool that you can run on a nap to make sure that at does not put something in a place where would clash with what operating system with like but some boxes not really to for there is the question chance use sorry i didn't get the question i was wondering what usable at a distribution not just to do knowledge well might make sense but i don't think that really matters too much for the F stuff because i in the libraries all the it's a good question actually but well you do you do read the file see but i mean it's a so what kind of thing is that is that there that this is about using traps right and i highlighted the cover that once already so it is not essential like that the stuff that is required only prudent stuff reason why the old distribution still have that split off it's not necessarily navy either the apps need so it's not of that but maybe there's a little bit of chicken we hope you have to the some of tools could probably simply we need we don't is late to absolutely and stuff yep okay so i think it's a problem but i don't think it that okay any best i'm assuming that the new strict fell hard specifications something that we all want but has there just be not planner just get everybody like at ian X F C E in a moment at the end and so you say all together and to say okay let's came out the specs here "'cause" it seems like it sort of a pipe dream we don't have a plan about where to go with it i just get everybody on the same page you know you know what they say about committees and standards i'm not sure that will work that way i don't know we should get the right people involved absolutely i don't think we should get everybody involved because then you get all should i mean if you as soon as he'd like for example if you if you include on the but are people they will fight for the backside anything to the other with hated so actually a lot i got like ten minutes of the right okay so let's you we can have discussions about all this later on so let me i'm still it but that step to let that go for the other seven steps in the next ten minutes the next thing is that it but we want something called portals and portal to something that the time or something we came up with a to access than and brussels early this year it's supposed to be something how apps can interface with each other without having to know about each other it's a something that's probably going to maybe based on top of katie but it's a very interesting technology so it's basically something that is focus it that is based on an idea from android where they call that a what intense of course intense and what windows called contract right and these things are these i think the really interesting things and because they basically or a way how you can isolate apps from from the rest of the operating system without having that concept of security isolation you can be visible that's so to give an example what a portal i'm should be doing that say you have an act and that have like it's an e-mail have any and you want to be able to send a picture that you just took over to another machine on traditional linux this would mean that this email i would have to have access to the camera device and then would take picture from the camera device and attach it to the email and centre the way our that's a big a big but quite a bit of a security problem because you don't really want to give access to the camera to email program so the idea of portals and intense on and right is to always have that's related to different send boxes and require interactivity between those two things so the idea in that case is that if you have an e-mail application you wanna send a date pick picture over what happened is that the email a program goes to systems as i would like to have a picture here please help me this system and says okay then goes and she's checks which programs could actually provide a picture it could be like the gallery you have thing of could be actually the camera to then the camera tool would be activated or the gal review and you would select you take a picture that i see interactivity which has this nice effect that ultimately the you was the didn't wanna now that you would say why do my camera application actually get started there was no reason for the simple press can't one okay so in a way there's a security question hidden behind this interactivity so that you only grant access to the camera indirectly and always hasn't activity but use that so that if that action was not supposed to take place you will say can so maybe a little bit confused but not allow it is wonderful technology because it's one way about integration of that's right because if you sent an email and you get the camera application running you get the same everywhere you can replicate running is always but it's also the security technology saying that that's also the security technologies like a something about their other cases for portals for example just think about open office currently open office needs to be able to access your home directory and all other directory so that you can open a file at any one of them but it really sucks because open offices a gigantic piece of code and you don't really wanna give it access to everything that could ever like you and we spoke like you private banking data like you firefox cash and whatnot so ways portal to console the problem again because the open office would just tell the operating system haiti so i'm living the sandbox and i would like to have a file please give me one and then the application in the operating system would again interactively you something out of the sandbox look for the file and we try to back to sandbox and the sample together but it would only get access to that specific file would not have seen any other file of the operating system so it's the portal some things about be very generic how the security transition there is hidden each wine between behind user interactivity instead of having questions like last week it usually ask them like should this ad get access to this device you just do the action but because requirement activity the usable make the decision just at the side of it without actually so so the portal select or something that you know i'm really to care about of that's nothing something not nothing the castle come from system decided things from the lower level this can happen basic you know number for a i mean just as compressed file system with multiple petitions will back file so the idea for us as we wanted to have this after one image at all but also wanna have a only but we want to make sure that everything's on the kernel levels idea then is that applications are actually shipped and in a single file that is look back mounted with a couple of petitions in them that will include everything like and real files that the application means that money applications executed will be merged according to very specific rules with the A P I file that the and the at shell be able to access and so that it basically the nazis a real operating system that is a real filesystem rightly that is emerge version of what it it's itself ship plus everything that has been white listed as a and system if you are from outside so i'm going through the little bit five because they're like less than five minute left number five as an extended search five logic and you live in friends this is something and we really need if you if we have these apps and the contents of the apps are not a viable in the normal system and study you get this problems that let's say gonna know shall should be able to enumerate all the apps that are installed at means that needs to look for the best of files then something you have the problem well it's not sufficient anymore to look into user share applications for the best of file because suddenly that's not well all the and that's the file will be they will be inside of these a single file look back mounted simple filesystem thank you so the net result of that is we really would like to see the search pathologic extended so that do that is capable of automatically finding these things also in the apps instead of just use okay this applies not only to finding after the price to quite a few other things like looking for i can looking for music files using for whatever scenes and this kind of thing then the next thing is a sample to where display manager this is real important us because X eleven this is this gigantic saying if you as soon as you get access to X eleven to the so that you can do anything with that you can talk to read applications fake input other picketing the kind of thing if we wanna have sandbox applications this means that second really be acts that is in the makes that the good thing is whale and has been designed already in a way so that applications can never ever access the input and output of other applications that always you only that and by for nothing else so that is point six point seven the something we still need to discuss was ryan it's D com means need like the considerations needs to be and be able to understand send boxing meaning that it needs to be able to access control on the napkin and you get access to the keys it should get to and nothing else number eight it system for building apps and profile is the that's kind of related that's a simple building out of course is not sufficient to justifying this we also need to be P getting a tools to develop is to actually make building these apps easily i think ultimately with system that we defined it's relatively easy to do minimal ports of existing have like open office into the scheme because inside of the name space container that i mentioned earlier everything looks like a real operating system except one that is very minimal so they do not have to make many changes they only have to make many changes in of that's about security and portal something like that you anyway how we think that the that the compatibility situation should be handled is with these called profiles profile to basically something if you have to dora it would implement i profile called you know and maybe one profile called L is be and that's about it and application would specify exactly one profile that's developed for the profile would basically a superset of libraries or D bus interfaces and about a couple of other things that need to exist so the idea spending that if somebody writes an application you can pick one of these profiles and has freedom i they can chase a okay i wanna focus on the gnomes we don't be or that's a relatively you then he has to deal with the fact that you has to rely on the gnomes capabilities to make stable api some kittens and this table and or you can say i don't care about them gonna i care about that is be only i don't trust again about because the break api all the time then you can do that of course you will not be able to get access to the economic the eyes that way but you can still include them in as an image because after all the image includes pretty much something that looks like a real operating system so this gives basically developers the option like how much do they trust upstream how often do they expect that they want to update application and the deal is basically it's like firefox they're constantly updated they would like i mean and five releases and you really is every three months or so if i correctly on so there could but basically say we always check the news you know and always we can use gonna profile and then they do than everything will work on the other hands i have no time anymore but there is games and stuff like that games usually of written once released immediately then there's maybe one update and that's it so they would focus on a different profile like that'd be profile they would get less integration would have to rely less on the on the stability guarantees by the operating system winner but we get something out of the door there's my last slide have stores this completely out of for before system the we have stores of course as soon as we have that of course the last they have between all these nine step there's lot of other things this box just supposed to give you a little bit of an overview what we working on as mentioned we're kind of it was a katie that stuff and we work was see group of things like that and try to make session system you working which will give us a definition of the but this is still a lot of stuff and i have to do anyways thank you very much for your time if you have any further questions maybe we have time for one question no so or one of his like you can ask one question otherwise that's do something outside so you are lucky one so she studies i'm sorry she or one liabilities into supplements that's a good a question shepherds is bundle libraries the distribution people they tape on the libraries for those it and don't know the details about this is basically firefox and all these things they tend to ship as shed light like a couple of shared libraries that we otherwise a part of the operating system was there i'm application and distribution people to be hide that application developers always do that but is think they're absolutely rights i think that actually are and we need to technically solve the problem so i think ultimately this means we need to support bundled libraries however we need to deal with the fact that they saw they suck for security reasons but i saying that the best way to deal with security series that by security technology so that's again something where the send boxing is relevant right if you want to allow firefox to ship is own S L library and you need to make sure that whatever happens and inside of firefox now we can get out of the and you need to be tightly sandbox right but i think ultimately there is really strong we my firefox doesn't model things it's a testability thing it's about they want exactly that version that they know with the A P I and the bug fixes i know instead of something that is it's about that somebody else but i don't know which is the up and so this idea this is that stuff as opposed to provide support about the libraries and i don't think there's any way around that how much is bundled and how much assisted by the operating system is something you decide what profiles if you think i was be profile with very low level and you have to should and problem or if you pick we can own profile you have to ship but alas but i don't think that's the way around hunting at least the the middle ground a framework it's well timers a profile so you're supposed to promote but i don't know if you if you wanna new version of G stream or you have to bundle everything that's not products operating system profile and you have more about there is no possibility that you know if an operating system doesn't have some very popular third party like you've been everybody has to bundle their own copy of that we pretty like green instead of using show and then they should talk to the operating system vendor maybe ship the library okay anyway this was already one question more than i promise so anyway single but i'm if you i