Sabrina has bought a new Amiga!

[Panthro]

It's worth pointing out that Linux has TCP/IP built into the kernel, too (for performance reasons).

yeah and it's worth pointing out that Linux has it's security issues as a result :lol:  not to mention that the information it sends over a network on a terminal setup.....

Look I'm not gunna say the AmigaOne hardware has custom chips but I am not gunna say that "if an OS changes owners it's no-longer thae same OS" or "if it is overhauled :lol: " or if "the hardware is out sourced"

I wish that our Amiga's still had cutting edge CUSTOM chips but thats not realistic..... however OS4 is and thats how (depending on results) I am going to upgrade...

like I said yeah the AmigaOne is more generic but it IS the closest thing to a real Amiga as it is the only one (at this stage fingers crossed) that will run the real AmigaOS!!


-now flame on AmigaOs clone users. :admonish:  [edit]<--sorry I was moody[edit]

[Argo]

Windows seems to be more pseudo multi user. A nice modular design would be nice. Oh, and getting rid of asumptions about the user.

[Argo]

I wish that our Amiga's still had cutting edge CUSTOM chips but thats not realistic.....

It could be done in another way. Like using off the shelf chips in a new unique and original way. Instead of variations of the standard PC board design.

[weirdami]

by Argo on 2004/5/2 0:03:01

I wish that our Amiga's still had cutting edge CUSTOM chips but thats not realistic.....

It could be done in another way. Like using off the shelf chips in a new unique and original way. Instead of variations of the standard PC board design.  

That's one thing that confuses and worries me. Is every computer nowadays an IBM PC clone? (Macintosh included.) The IBM model was off-the-shelf-parts with a special BIOS dealy to make it all work together. Is every computer that uses OTS parts cosidered an IBM, or is it the BIOS dealy that makes it an IBM? All the new Macintoshes are OTS, right? They have all the same ports and slots as Windows boxes, so what's keeping them from being IBM's? Linux boxes are pretty much Windows boxes, sans Windows (IBM's), right? And don't you need an IBM type box to put an AmigaOne card into? How then is AmigaOne not just a peripheral for an IBM?

:-?  :huh:

[macto]

There are many things which distinguish computers which are made from off the shelf parts.

The processor is one component which differs.  The A1 and Mac are based on the PowerPC, while "IBM" computers use Pentiums.  (Life is more complicated than that, but let's not worry about that.)  If you tried to feed a program for a Pentium to a PowerPC, or vica-versa, the computer would see a stream of random instructions and illegal instructions.  The OS has ways of identifying their own programs, so that normally won't happen.

But other bits and pieces differ too.  The easiest to explain is the firmware.  This is usually called the ROM BIOS or ROM.  You'll note that both the Amiga and Macintosh use the same processor (the 68k in the past and the PowerPC today), so programs should not look like streams of random instructions.  But programs may run code which is stored in the ROM.  But the ROM is different on both platforms, so running the program on the wrong platform would result in random ROM calls.  The OS has ways of identifying its own programs, so that normally won't happen.

Of course some of the details can be glossed over, which is what happens with OSes like Linux.  Now you can run a Linux program on either an Amiga or a Macintosh because Linux programs don't make ROM calls.  They make kernel calls (in effect, the kernel replaces the ROM).  The kernel also covers up the many minor differences in Amiga and Macintosh hardware, such as which video card or disk controller you are using.  Of course you will need a different kernel for each platform, but none of the other software has to be changed.

But the processor is a big difference, and Linux cannot cover that up in the conventional way.  Instead, it allows developers to recompile programs so that they will run on any processor, may that be the Pentium, 68k, or PowerPC.  These programs have to be written more carefully because there are a lot of low level details which Linux cannot cover up, but it can still be done.  It is only thanks to the devotion of many developers that this kind of "trickery" is possible.  Most companies try to avoid it, which is why many operating systems are only available for one or two processors.

Hopefully that didn't over simplify things to the point of inaccuracy, but I hope I convinced you that these are very different machines even if the design philosophy is similar in a few ways.

[seer]

Just woke up.. I might not be able to explain what I mean.. Sometimes English is harder then I want it to be..

Actually, because Windows is a Multi User OS is the reason it has so many security problem.

Are you serious? Windows is designed to be used by multiple people, but it most definately does not utilize independent user accounts. The fact that any program can access any file has nothing to do with it?

Programs mostly get the same permission a user has. If a hacker has admmin rights the program he has taken control of has admin rights.. WinXP's "Run As" feature is a good example for this.

What I ment is that because Windows is a Multi User OS it has security holes in it. Either by design flaw or by oversight.

There is a thread at Amiga World that covers this IRRC, I'll see if I can find it.. (About Amiga OS and multi user accounts)

That and because everything is integrated in the system (Mediaplayer, IExplorer, TCP/IP stack etc etc..)

So? It doesn't matter if a tool is built into the OS or not. What matters is what permissions it has. IE, MediaPlayer, and Outlook are insecure because even though the executables are located outside the Windows folder, they frequently poke around the system folders and write config information into the monolithic registry, which is just wrong. It's worth pointing out that Linux has TCP/IP built into the kernel, too (for performance reasons).

Offcourse it pokes around system folders, it needs system resources.. Not even M$ is stupid enough not to write the same code over and over and over again, so all it's programs use code storred in other programs/dll's..

For instance Outlook can't access webmail for instance if you deinstall Outlook Express (Sure, OE isn't a system resource but apperently is used as such)

If any of these tools has a security bug it can be used to exploit the entire system because they use the same resources. Yes, it may be a big design flaw in Windows, but I'm not so sure if Linux doesn't have similar issues.

We don't hear much about all security issues in Amiga OS do we ? is that because

There are none.
AmigaOS is to small to be noticed or hacked.

If Amiga OS was only given a single user loggin and the desktop could be locked that would be pretty much good enough.. If it doesn't have all the Windows Multi User features then that's fine.. That leaves file security, but most normal home users don't really care about that stuff..

[Lando]

chris wrote:

tangletown wrote:
Pegasos? Wonder what made Schwartz choose to support the Blues instead of the Reds.

I don't think that's the case at all.  If anything it's a dig at the Pegasos having an identity crisis.  What is it?  It isn't an Amiga, it isn't a Linux box, or is it a Linux box?  It isn't an amiga, at least, not technically.

I think it was picked because you can get a few more laughs out of it, though #308 could almost apply to the AmigaOne.

Forgot to add... I suspect there will be some AmigaOne related material once Sabrina gets bored with the Peg :-)

Chris

Or, more likely, she'll stick her Amiga in the closet and forget about it when she starts using the Peg and realises just how damn good they and MorphOS really are :-)

[Waccoon]

Panthro:  I wish that our Amiga's still had cutting edge CUSTOM chips but thats not realistic....

Of course it is.  They can use what PCs use.  Why do you think game consoles are using the same graphics processors as PCs?  Don't you think that chips like the R350, which have their own RAM and programming languages (like vertex and pixel shaders), can be considered "custom" chips?  What about chipsets with hard drive controllers that run on their own busses instead of clogging the PCI bus?  What about the Audigy soundcard with full hardware acceleration?  Is something only custom becuase it is made in-house, even if, architectually, it is similar to the GPUs made by companies that specialize in making co-processors?

There's also something to be said for following standards.  A true "custom" chipset wouldn't run with a PCI or PCI-X bus.  That limits your upgrade options.  If it uses PCI, what makes it different from what the PCs use?  If there's one thing the PC war should have tought us, is that open hardware is not always architectually supirior, but gives the most options.  Overlooking form factor, the only architectual difference between a PC and a Mac is the firmware and CPU.

Seer:  What I ment is that because Windows is a Multi User OS it has security holes in it. Either by design flaw or by oversight.

Nobody says you HAVE to use it as a multiuser system.  Are you saying that all OSes that have user accounts are insecure?  Are you saying that all systems should be single-client systems?  If applications have to handle security on their own, will it make a difference if the OS is single or multiuser?

Programs mostly get the same permission a user has

That's not a problem with user accounts, that's a problem with how the system uses them, and what files are put in which accounts.

Offcourse it pokes around system folders, it needs system resources.. Not even M$ is stupid enough not to write the same code over and over and over again, so all it's programs use code storred in other programs/dll's.

I suppose if you're used the the Windows way of doing things, which is to dump everything into the System32 folder, or put everything in a single, huge registry, that makes a lot of sense.  Then again, the Amiga does the same things with the C folder, the S folder, the Libs folder...  just dump all your files wherever you want, because the system doesn't care!  Maybe if programs kept their custom DLLs and config files local to their own containing folders, things wouldn't be so messed up.  Funny how people complain about DLL hell, but they have no beef with Linux dependency issues or Amiga library conflicts.  Every system has this problem, and nobody seems interested in working on something better.  User accounts only solve part of the problem.  Using them exclusively to ensure a secure system is madness.

For example, there should be more layers of security than just a root account and user account.  Sure, if you get a virus, your system is (theoretically) safe, but you can kiss all your personal files goodbye.  That's why I really don't think Linux will be able to celebrate its advantages over Windows for very long.  Run a browser that allows the execution of code (like ActiveX), and you'll be swarmed with problems.  Developers need to think about that when trying to bring Linux to the desktop market, because in the desktop market, people don't know how plugins and stuff works.  The browser can modify any file in your own user account.  I was under the impression that the system files weren't as important as your work files, because at least the system can be restored.

All it takes is for a company to release a browser "better" than Mozilla or Konqueror, and it will be mass hysteria.  Don't think for a second that Mozilla can't be bettered by someone.  Mozilla and FireFox have plenty of problems nobody talks about, that drive people of all sorts up the wall.

Sure, OE isn't a system resource but apperently is used as such

Well, then they shouldn't do that!  Install a 3rd-party e-mail program, like every other OS.  Nobody says you HAVE to use Microsoft's APIs.  You should just be glad you can get rid of OE in the first place.

That leaves file security, but most normal home users don't really care about that stuff.

Nobody cares... until something goes wrong.  I should tell you some stories about fixing other people's computers.  Many of them think I'm some kind of genius just because I can kill their pop-ups, and they are very surprised when I tell them how spamware and spyware works -- and what little the OS does to protect them.

Nobody thought OS security was a big deal decades ago because servers were purpose-built machines and every application was hand-picked by a sysadmin, and the only people who used them were employees in the same building.  Hacking attempts were unthinkable -- on mainframes!  In fact, I've heard plenty of stories about mainframes that didn't have any security whatsoever just because it was thought to be such a rare thing for someone to dial into a server with a 300 baud modem.  A friend of my sister did that once, only to find out that this multi-million dollar company had no authorization system on their mainframe.  He didn't get in legal troule, but he got chewed out by the sysadmin in realtime.  That was almost funny.  :-)

If any of these tools has a security bug it can be used to exploit the entire system because they use the same resources. Yes, it may be a big design flaw in Windows, but I'm not so sure if Linux doesn't have similar issues.

UNIX, in general, has been widely criticized for it's lack of security.  I never realized how simple the UNIX security sytem is until I started reading books about it.  Nobody really bothers to be better than UNIX, only competitive.  There's no point to making a new OS architecture unless you intend to fix a given set of problems with an older design.  Why anyone would want to waste time making a client-only machine like OS4 is beyond me.  You could probably replace millions of lines of UNIX code just by making a few simple design decisions in your new OS.  I thought that was what AmigaOS was about -- doing really complex stuff with a lean, efficient machine.

AmigaOS is to small to be noticed or hacked.

Security through obscurity is an ancient argument.  I suppose if you're like me, you fully believe that OS4 will never get enough sales, so security will never be an issue.  No wonder the Amiga never evolves and Windows still rules the earth.  The more I learn about interface design, the more I realize that Microsoft is a monopoly because many of their competitors are just plain incompetent.  Seriously.

OS3 also has no native network support, no native web browser, no native e-mail, no native chat...  you don't have to worry about security if you don't do anything that involves tranmitting information to and from unknown systems.  What if you want to let familiy members use your computer?  Do you want them to poke around your bookmarks, or do you expect each application to handle security on its own, and do so inconsistently?  Sounds like a lot of work for the developers because the OS guys didn't spend some time working on a proper quarantine system.  Just like Windows.

Do you want AmigaOS to be better than Windows and UNIX, or not?  Praising a client-only architecture is not going to help.

[Computolio]

    I like how she needs help to put a friggin' ATX board in a case. You know, 'cause she's a girl and all.

[weirdami]

Does Eric Schwartz have an account on here? Maybe he can come and clarify things for us. Or, do we really want clarification? Maybe he's leading us somewhere with the story and we should just wait until the end.

[Dan]

Computolio wrote:

    I like how she needs help to put a friggin' ATX board in a case. You know, 'cause she's a girl and all.

Maybe she has been a closet mac-user all these years :-)

[Psy]

I was under the impression that the system files weren't as important as your work files, because at least the system can be restored.

Yes but data is easy to backup yet without the system protected it could go offline and most servers run 24/7 and if they go down then testing and upgrading can't be scheduled for their mirror and what if the mirror crashes before you can get the main server backup?  

System drives are more important as the system being online depends on them, the user can always backup data and should religiously.  If the files are important make redundant copies and keep all of them updated.

 

 OS3 also has no native network support, no native web browser, no native e-mail, no native chat... you don't have to worry about security if you don't do anything that involves tranmitting information to and from unknown systems. What if you want to let familiy members use your computer? Do you want them to poke around your bookmarks, or do you expect each application to handle security on its own, and do so inconsistently? Sounds like a lot of work for the developers because the OS guys didn't spend some time working on a proper quarantine system. Just like Windows.

I agree, MorphOS and AOS4 is great for running old amiga code but so is UAE.  Neither has given me any reason not to just stick BeOS, QNX or even RiscOS.  

Of course I do hope they will evolve into a real OS.  

[Waccoon]

Yes but data is easy to backup yet without the system protected it could go offline and most servers run 24/7 and if they go down then testing and upgrading can't be scheduled for their mirror and what if the mirror crashes before you can get the main server backup?

What I mean is, most people who praise UNIX/Linux security fail to mention that only the system is safe.  If you get a rouge program on your system (through an ActiveX control, a bug in JavaVM, or a virus through an e-mail client), than you can kiss all your personal files goodbye.  The system files are secured, nothing in your user account is.

System Restore, backups, and journaled filesystems can only be so effective.

...most servers...

No offense, but I wish people would stop thinking in terms of servers.  Servers are still very much purpose-built machines made and maintained by people who know what they are doing, and where most tools and apps are designed for throughput, and thus must be installed at a low level and trusted to not do stupid things to the system.  Home users are in a situation where they often have to install software they can't fully trust, they can sacrifice a lot of performance for ease of use, apps and tools rarely need low-level access (except maybe for games), and the machines are not really designed to work 24/7, either for technical or economical reasons.

The technology is the same, but they are used very differently.  The future of desktop computing has little to do with technology, it has to do with the quality of interfaces.

Slap KDE or whatever you want on top, but it won't help bring UNIX to the desktop until people rethink their coding practices.  MacOS X has given us a good example of what to do, at least as a start.  Like I said, I find it amazing that Linux people still complain about DLL hell, while they themselves have to deal with dependency problems.  Same thing!

[DanDude]

*headsmack*  :-o

Aww, geez!!  Pegasos!!! *groan*

[macto]

What I mean is, most people who praise UNIX/Linux security fail to mention that only the system is safe.  If you get a rouge program on your system (through an ActiveX control, a bug in JavaVM, or a virus through an e-mail client), than you can kiss all your personal files goodbye.

As far as I know, there is no ActiveX support in Linux and most email clients treat attachments responsibly (ie. the only way you can execute something is by saving it to disk then executing it yourself).  As for "only the system is safe," I would argue that the system can be comprimised by a bug or sloppy security practices.

No offense, but I wish people would stop thinking in terms of servers.

Unfortunately, the definition of server gets rather vague.  While there are computers which are clearly designated as servers, and there are systems which don't serve anything, many computers are somewhere in between.  Particularly in the world of Unix, but this is even true in the world of Windows and traditional versions of Mac OS where personal file sharing is available with very little effort.

Like I said, I find it amazing that Linux people still complain about DLL hell, while they themselves have to deal with dependency problems.  Same thing!

Same consequences, but not the same thing.  Unix users have to deal with conflicts between programs, not just shared libraries.

[Psy]

What I mean is, most people who praise UNIX/Linux security fail to mention that only the system is safe. If you get a rouge program on your system (through an ActiveX control, a bug in JavaVM, or a virus through an e-mail client), than you can kiss all your personal files goodbye. The system files are secured, nothing in your user account is.

You know that if a hacker gains access to system files they can do far more damage then if they get access to data files.  I know of some Windows users that due to the weakness of Windows security of devices they got huge longdistance bills via hackers taking control of their regular modem via their hispeed internet connection.

System Restore, backups, and journaled filesystems can only be so effective.

Backups are 100% effective they just take time to restore the system but if you regularly backup you'll always be fine.  

My Dad use to work for AT&T and their solution was automated daily backup and these protected aginst system&hardware failure plus hacker attacks. Even when a employee silinced a alarm to a bad rectifier that caused the entire AT&T network to come crashing down, the backups where there to bring the system back.  The only time I heard AT&T backup system failed was when a harddrive went through a security xray machine when it was UPSed to the site with the down eqipment.  

No offense, but I wish people would stop thinking in terms of servers. Servers are still very much purpose-built machines made and maintained by people who know what they are doing, and where most tools and apps are designed for throughput, and thus must be installed at a low level and trusted to not do stupid things to the system. Home users are in a situation where they often have to install software they can't fully trust, they can sacrifice a lot of performance for ease of use, apps and tools rarely need low-level access (except maybe for games), and the machines are not really designed to work 24/7, either for technical or economical reasons.

Yes but most home users don't think about security until it is too late.  Most home users don't even backup and until users learn the basics of being sys admins there is no point kicking them into *nix as even if today you got more people to use *nix odds are most users will only run under root and leave *nix open for all kinds of attacks.