View Single Post
Old 30 July 2015, 21:14   #92
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Originally Posted by meynaf View Post
Beware of the embedded that can be hacked. They're not as simple as they look ; usually they hide some kind of complex operating system (often a hacked linux, like android). They're rarely simple pic boards.
well automotive CPUs can certainly be quite beefy, but if you think Amigas can't be hacked because of their simplicity, if i were a gambler i'd be willing to put money against it. Anything that has an IP address can probably be hacked.

So consoles of the 80's with their cartridges are a lot more secure than todays consoles
simply because they are so limited in what they can do, and have no non-volatile storage, only a small amount of RAM and ROM.

I'm not against activating protections against bloatware...
not every large project is necessarily bloatware. It is only natural that the size and complexity of software projects is going to increase.

In theory one can do what he wants on his machine. But this is so complex that it's only theory. Honestly writing an OS on x86 (or arm, or any risc cpu) is more masochism than programmation (author of said TempleOS has been diagnosed as schizophrenic).
Linux is open source... if you don't want to write an entire OS, you can at least write kernel modules and drivers.

Putting protection at the machine's level doesn't really protect - once you run an executable it's too late, it CAN do bad things.
Asking the user "are you sure you clicked here ?" isn't very smart.
Even if a program's rights are limited, it will simply not work if the privileges it asks are not granted, and count on the users to give these - as they just want to see what the program does.
So "security" at the OS level is just an illusion. There is no security.
if a program i don't know what it does asks for root privileges, i will certainly not be authorising it... if a game asks "can i write to your MBR?"... nope... what did you say about problem between keyboard and chair?

Security is only as strong as the user... well, ok, at least then maybe we can blame the user! But maybe you are assuming only one kind of security model is possible. We have to use our imaginations.

Note that buffer overflow attacks don't work on a system without memory protection (because the address the program is located isn't constant).
it doesn't need to be, even with protection...
Amiga's ROM functions are always at fixed addresses anyway, and if you write to $4 you can nuke entire OS.

Of course we could implement very minimal memory protection, which only protects memory and doesn't remap it.

Last edited by Mrs Beanbag; 30 July 2015 at 21:23.
Mrs Beanbag is offline  
Page generated in 0.04082 seconds with 10 queries