CHAOS
About the distribution[main] [about] [initd] [certaintyd] [tyd] [networking] [howto] [credits]



What is CHAOS?


    CHAOS is a CD or PXE based Linux and openMosix cluster distribution. The CHAOS distribution fits on a single business card sized CDROM. This tiny disc will boot any i586 class PC (that supports CD or PXE booting), into a working openMosix node, without disturbing (or even touching) the contents of any local hard disk. Ideal for large-scale adhoc clusters, once booted, CHAOS runs from memory allowing the CD to be used on the next node (and allowing for automated rebooting into the host OS). CHAOS aims to be the fastest, most compact, secure and straight-forward openMosix cluster platform available.

CHAOS is the supercomputer for your wallet.



Where can I download the latest version of CHAOS?


    CHAOS is available from the primary site http://itsecurity.mq.edu.au/chaos/isos/   The current release version is CHAOS-1.5. There are no mirror sites for CHAOS.

NB: CHAOS is moving to midnightcode.org .. stay tuned ..



So, what does CHAOS stand for?


    CHAOS is a word that ends in "OS". We found it on dict.org by using regular expressions one day when we were looking for cool names for the distribution. CHAOS could also be considered an acronym for "Check it out dude!", "Hmmephnuhermuph!", "Ah, sweeeet." OS.



Why does CHAOS exist?


    The IT Security group are expected to provide advice on fit-for-purpose security (including cryptographic) solutions within the organisation. This function of risk management, often turns out to be an expectation that the IT Security group will provide demonstrable proof that an unsuitable security solution is really, truly, unsuitable (after all, who's best practice does best practice really reflect?).



What inspired you to build it?


    Inspired by the power of grid computing without code reauthoring, we set about building an adhoc openMosix cluster environment; taking advantage of the night-time power-cycles that are left unused by hundreds of desktop PCs. Exploiting this massive capacity, we will effectively leverage our capabilities through existing infrastructure assets. Alternatively, I guess you could say that we've stolen someone else's PC ROI ;-)

    What inspires continued development is the value-add that the broader openMosix community has come to take from CHAOS - the opportunity to expand small dedicated clusters, securely, into the broader enterprise and public networks.



But, why create another openMosix cluster distribution?


    The focus of our work is not the distribution, rather, it is the work that is to be done on the cluster itself. All of the openMosix distributions that we checked out were either clumsy or bloated. PlumpOS had the right idea, but it was still too big to fit on a business card CDROM, too manual to allow for wide distribution, and lacked some of the more gracious security features that have been added to CHAOS.

    CHAOS is a business tool, designed to remove the low level technical complexity from dynamic cluster deployment, by providing a secure and stable platform that can be readily deployed using existing network management technologies, in any organisation, anywhere in the world.



What features does CHAOS have over other distributions?


    For only $99.95 .. $9.95 .. $nuthin! .. you too can have;
  • Live CD or PXE; runs from ram after loading from media - nil installation!
  • 6Mbyte OS footprint; fits on a business card
  • Feature packed Linux Kernel (2.4.26) - incl. mmap and mremap patches
  • Latest openMosix software (kernel 2.4.26-20040706, user tools 0.3.6-2)
  • Heterogeneous distribution support (ClusterKnoppix and Quantian)
  • Support for high resolution consoles (1280x1024 - that's crazy)!
  • Automatic IP configuration; boot with DHCP/BOOTP/RARP or manually
  • 3DES encrypted network communications; IPSEC - fully meshed!
  • Stateful packet filtering; only 80/TCP 500/UDP and ESP network accessible in IPSEC mode
  • Custom INIT binary; fast, zombie-free, clear (color coded), and inflexible! ;-)
  • World first Terrence-n-Phillip daemon (autodiscovery like you've never seen before)!
  • New Terrence-n-Phillip helper daemon "get-m", means keyless clusters!
  • Supports most i586/PCI hardware (apple schmapple)


What's changed since the last release version?


    Since CHAOS 0.7, CHAOS 1.5 has had the following improvements made;
  • Simplified boot options are very user oriented ("n1" to start a new cluster, "j1" to join a cluster)
  • 5.8Mbyte ISO; down from the previous 8.1Mbyte ISO (30% size reduction)
  • ACPI support;
    • Advanced Computer Power Interface allows graceful node shutdown on power events
  • GET-M support;
    • tiny new daemon that works like sonar to detect nodes and add them to /var/run/get-m.info
  • SETI@home support;
    • a single boot option to run a host as a dedicated diskless SETI@home node
  • SSH support;
    • each node generates a uniqe key pair, shared by tyd for passwordless root ssh
    • default users are included - u/p; [user/default 1.0] and [root/default 2]
  • HTTPD goes massive;
    • option to start an http admin interface (HTTPD=2)
    • gracefully reboot nodes remotely with http://[node]/admin/reboot.cgi
    • default user is included - u/p; [operator/wellsandlake]
    • web content authored to better support more browsers
  • INIT goes massive;
    • improved boot performance (system boots and finds a cluster faster than a CD eject)
    • implemented correct run level facilities
    • implemented virtual terminals 1-4, and one key reboot for lock down mode
    • improved network detection; kernel configured interface is now passed to tyd
    • improved CDROM support, no system-wide seeking, and ejecting CHAOS media only
    • improved power support, shutdown (RL0) shuts down and reboot (RL6) reboots
    • implemented provision for user generated start/stop script; /etc/rc.local
    • implemented comprehensive boot-prompt option support
  • TYD goes massive;
    • automatically pre-shares all public keys for passwordless root ssh
    • reading /var/run/get-m.info, tyd automatically pre-fills the "-m" paramater
    • improved support for modern VMware versions (v4.0.1 -> v4.5.2)
    • improved support for coLinux via CosMos
  • Other changes;
    • implemented buffered syslog (use logread to read log entries)
    • added CHAOS specific /etc/services
    • added CHAOS specific /etc/protocols
    • added reasonable /etc/profile for shell users
    • added sample /etc/rc.local for third party start/stop option
    • added more shell utils (vi, more, etc) for shell users
    • up to ver 1.1, CHAOS did not have the mmap and mremap patches, CHAOS-1.2+ does
    • added rough PCMCIA support, and then made some improvements
    • added invalid TCP packet filtering
    • added filtered packet logging for improved security/auditing
  • Updated old packages - software currently included;
    • acpid-1.0.3, busybox-1.00-pre10, chaos-utils-1.5, dhcp-3.0.1rc13, freeswan-2.05, glibc-2.3.2, gmp-4.1.2, iptables-1.2.9, linux-2.4.26, ncurses-5.4, openmosix-2.4.26-20040706, openmosix-tools-0.3.6-2, openssh-3.8.1p1, openssl-0.9.7d, pcmcia-cs-3.2.7, readline-4.3, setiathome-3.08, tftp-hpa-0.36, thttpd-2.25b, tyd-1.5, web-content-1.5, zlib-1.2.1
  • All source code is now published online; http://itsecurity.mq.edu.au/chaos/source/

    Since CHAOS 0.7, CHAOS 1.5 has had the following negative changes made;
  • All security assessment tools have been removed, to be added to a tiny USB add-on image
  • Certaintyd, while still included, is no longer activated on any boot option.


Where are the screen shots?


    We have produced an action-page of CHAOS screen shots online, right here!



Where can I get the CHAOS Wallet that I heard about?


    A small, reserved, page has been established to pay homage to the masterfully-crafted, CHAOS Wallet.



Who are the authors?


    Other than the thousands of open source developers who have contributed software to this distribution; FIAT, 8o88yD1g1t4L and Gobbledok are just three guys who were prepared to work outside of their regular office hours, to make something a little bit special.



Who uses your software?


    CHAOS has been downloaded more than twelve thousand times across dozens of countries, world-wide. It has been retrieved by academic, research, commercial, industrial, government and millitary organisations all over the world.



Is any version of CHAOS ITSEC or Common Criteria certified?


    No. But, we would be happy to do what we could to assist someone who may wish to attempt to gain ITSEC/Common Critera certification, on this distribution.

    Future releases of CHAOS are planned to include dynamic clustering via typically deployed secure gateways. This technology will be implemented in a manner that will allow organisations to deploy dynamic, ad-hoc SSI clusters, compliant to any existing ISO 17799:2003 policy structure.



And your source code is .. ?


    Available online at http://itsecurity.mq.edu.au/chaos/source/, and GPL. Note, though, that CHAOS is not maintained by the Mosix, openMosix or Linux Kernel development groups; Please do not harrass these people with your CHAOS problems - d'ey are likely to send da'boyz 'round t'break y'legs.