Why can't we have a computer like Amiga?

[Samurai_Crow]

Quote:

Originally Posted by Mrs Beanbag

How will that help me? I don't want null pointers to crash the entire system in the released version, either.


Well of course you can explicitly check for nulls and out-of-ranges in your own code (debug or release) but i don't think you understand my point... the system is still not protected from code not written that way. I'm thinking about a CPU architecture in which these kinds of errors simply can't happen.

Great... now we have to reintroduce the JavaSparc processor that never caught on in the first place because the performance sucked worse than running Java Bytecode under a VM. Incidently, we keep running into the sandbox requirement, why not just use the sandbox instead of memory protection? That's how the XBox 360 does it: It forces everybody to write code in C#.NET and use their runtimes to disallow the possibility of it not being written a particular way.

[Mrs Beanbag]

Quote:

Originally Posted by meynaf

Oh i could have several options as well : flat with no protection, flat with protection, paged. Why not ?

i don't know why you are saying this.

Quote:

Well, do you really think that a configuration option to turn off memory protection (obviously on by default) would make the platform unpopular ?

Not necessarily. I think a system with no security at all would be unpopular, i think a system where it was switchable would be pointless.

Quote:

I didn't like it because it was too complicated.
I prefer to be able to run programs in the same way for both options ; they don't know if they run in protected mode or not and they don't have to.

But you won't be able to switch between the two modes without a reboot, and you wouldn't be able to run some things in one mode and some things in the other.

Quote:

Perhaps you have to test and debug your code before you make a release

of course I do you cheeky imp, but you can never test absolutely every possible way your code might run! we've been through this already.

There are companies who have a policy not to use version n.0 of any software because they know it will be unstable until n.1. The first release is really the last stage of testing, simply because *you don't know what users are going to try doing until you give it to the users*. There might be bugs that only manifest in very rare circumstances you never thought of, and the only way to discover them is through thousands of user-hours of real world use. Sometimes they are not easily reproducible even when you do know about them. Sometimes they only happen with certain hardware configurations that the user happened to have, or with certain OS-level settings. We get bug reports like, it crashed when a Chinese person tried to save a file with a Chinese filename. Or it crashes only after 12 hours of continuous usage. Or it crashed when there was an R in the month and it was a blue moon and Venus was in conjunction with Mercury. Automatic tests can't find these things, and neither can we programmers.

Quote:

Originally Posted by Samurai_Crow

Great... now we have to reintroduce the JavaSparc processor that never caught on in the first place because the performance sucked worse than running Java Bytecode under a VM.

Well i was thinking of something rather simpler than that... and don't get me started on Java.

Quote:

Incidently, we keep running into the sandbox requirement, why not just use the sandbox instead of memory protection? That's how the XBox 360 does it: It forces everybody to write code in C#.NET and use their runtimes to disallow the possibility of it not being written a particular way.

Well, quite, but the idea of forcing all users to write in a particular high-level language really doesn't appeal to me.

[meynaf]

Quote:

Originally Posted by Mrs Beanbag

Not necessarily. I think a system with no security at all would be unpopular, i think a system where it was switchable would be pointless.

It is the ability to do bare metal banging. It is not pointless, or if it is, just don't use it. After all, how many features in windows are pointless for most users ?

Quote:

Originally Posted by Mrs Beanbag

But you won't be able to switch between the two modes without a reboot, and you wouldn't be able to run some things in one mode and some things in the other.

And ? It's no problem for me. Most programs won't care, only low-level system ones - and they could eventually adapt.

Quote:

Originally Posted by Mrs Beanbag

of course I do you cheeky imp, but you can never test absolutely every possible way your code might run! we've been through this already.

There are companies who have a policy not to use version n.0 of any software because they know it will be unstable until n.1. The first release is really the last stage of testing, simply because *you don't know what users are going to try doing until you give it to the users*. There might be bugs that only manifest in very rare circumstances you never thought of, and the only way to discover them is through thousands of user-hours of real world use. Sometimes they are not easily reproducible even when you do know about them. Sometimes they only happen with certain hardware configurations that the user happened to have, or with certain OS-level settings. We get bug reports like, it crashed when a Chinese person tried to save a file with a Chinese filename. Or it crashes only after 12 hours of continuous usage. Or it crashed when there was an R in the month and it was a blue moon and Venus was in conjunction with Mercury. Automatic tests can't find these things, and neither can we programmers.

Good programmers are careful. They know that if something _can_ go wrong, then something _will_ go wrong.
Arrange so that you verify all data and input that comes from the outside, no matter how stupid it looks like.
You DO know what users are going to do : it's "everything". Never rule out something because it looks insane, as fools are so ingenious.
Never copy something to a buffer without checking its size.
Always check return values, even if you think the callee will never return an error.
If you do things well, if unplanned bad things happen, the user will get a friendly error message - not a random crash and it's a lot easier to debug.
And by doing so you will remove many, many problems.
Btw. there was a smiley in my comment, don't take me too serious

[Mrs Beanbag]

Quote:

Originally Posted by meynaf

It is the ability to do bare metal banging. It is not pointless, or if it is, just don't use it.

it's pointless on a PC because each PC has a different metal... but i suppose for something Amiga-like maybe not so pointless. Nevertheless, the idea of any user being able to turn it off, and then still be able to go about their daily internet usage gives me the chills.

If you really want direct hardware access, you CAN write Kernel modules (on Linux), but you seem not to be interested in that.

Quote:

And ? It's no problem for me. Most programs won't care, only low-level system ones - and they could eventually adapt.

It is quite inconvenient to have to reboot, while you are in the middle of running other things, just to run one program that requires Kernel mode for 5 seconds.

Quote:

Good programmers are careful. They know that if something _can_ go wrong, then something _will_ go wrong.

You don't need to lecture me on careful coding... but when you inherited your codebase from someone else, or you're working in a team that includes relative novices, or if you're dealing with APIs that have various strange ways (such as structures that manage the lifetimes of the objects you pass to them, so you can never be sure if a pointer still points to something or not...) it gets difficult.

I'd really like to replace some of our dependencies with home-rolled alternatives but you know, time and budget constraints. But you can blame the programmer all you want, nobody wants a piece of software that they need to use to be able to take out their entire system by accident. However badly programmed it is, for whatever reason, it shouldn't be able to do that.

[daxb]

@kolla:
I`m also interested in how an amiga system could be "hacked" that is connected to the internet. Would you like to explain it a bit more detailed, please? What are the requirements (special or any kinde of tcp/ip stack, with or without acitvated protections like firewalls, browser/ftp client/irc/..., with or without javascript, pipe:, ...)? What can you do if for example a firewall is active? If you are in what kind of access do you have and to what (read/write access to everything or only some stuff, start executables/scripts)? If you are able to format can you bypass a format protection (I`ve it active on my 3.1 system)? I guess there is more but alas I don`t know. Would be very kind if you could tell me.

Maybe someone is interested in an experiment of documented live hacking scenario. If I hadn`t a very bad analog inet connection I would give it a go. About 10 years ago we (me and a linux user) tried that over irc but the hacker couldn`t get access because his amiga os knowledge wasn`t good.

[meynaf]

Quote:

Originally Posted by Mrs Beanbag

it's pointless on a PC because each PC has a different metal... but i suppose for something Amiga-like maybe not so pointless. Nevertheless, the idea of any user being able to turn it off, and then still be able to go about their daily internet usage gives me the chills.

If you really want direct hardware access, you CAN write Kernel modules (on Linux), but you seem not to be interested in that.

I'm not interested in accessing the peecee's overly complicated hardware.
This is one of the reasons i wish to have an amiga-like machine.

I do not fear doing my daily internet usage on a system without memory protection. Because i know what it takes to do a takeover.

Quote:

Originally Posted by Mrs Beanbag

It is quite inconvenient to have to reboot, while you are in the middle of running other things, just to run one program that requires Kernel mode for 5 seconds.

Sure but the average user will not have to, and the metal-banger runs in this mode permanently

Quote:

Originally Posted by Mrs Beanbag

You don't need to lecture me on careful coding... but when you inherited your codebase from someone else, or you're working in a team that includes relative novices, or if you're dealing with APIs that have various strange ways (such as structures that manage the lifetimes of the objects you pass to them, so you can never be sure if a pointer still points to something or not...) it gets difficult.

I'd really like to replace some of our dependencies with home-rolled alternatives but you know, time and budget constraints.

Then advertise your software as "beware, this software crashes often"

Quote:

Originally Posted by Mrs Beanbag

But you can blame the programmer all you want, nobody wants a piece of software that they need to use to be able to take out their entire system by accident. However badly programmed it is, for whatever reason, it shouldn't be able to do that.

Many bugs, actually, don't do that. I've seen the choice "suspend/reboot" many more times than i've seen the guru.

You do not need to use badly written software, sorry. There should always be an alternative. And if not, well, they do not crash at the random that much (actually on the pc they do, for a mysterious reason).

Quote:

Originally Posted by daxb

Maybe someone is interested in an experiment of documented live hacking scenario. If I hadn`t a very bad analog inet connection I would give it a go. About 10 years ago we (me and a linux user) tried that over irc but the hacker couldn`t get access because his amiga os knowledge wasn`t good.

I'm ready for that. When you want.

[Mrs Beanbag]

Quote:

Originally Posted by meynaf

I do not fear doing my daily internet usage on a system without memory protection. Because i know what it takes to do a takeover.

i do... because however difficult it may be, there are people who think it is worth the effort, and there is too much at stake -- maybe not on an Amiga, but on a "modern" and popular system ("PC-like" or otherwise) with significant resources.

Quote:

Then advertise your software as "beware, this software crashes often"

ha, well, it doesn't crash nearly as much now, thanks to me. because i am the best programmer in the world.

Quote:

Many bugs, actually, don't do that. I've seen the choice "suspend/reboot" many more times than i've seen the guru.

well the behaviour of bugs can be quite random, one day it will be "suspend/reboot", another it will be guru. And on that 1 time out of a million it will be, invalidate your filesystem.

Quote:

You do not need to use badly written software, sorry. There should always be an alternative.

the alternatives are also badly written... if not worse... there is no perfect, bug-free software on modern computers. By which i mean software that does modern tasks, which are often very complex tasks. And sometimes there are not alternatives. Try finding an alternative driver for a particular piece of hardware, or an alternative program for reading and writing some popular but proprietary file format.

Or maybe the alternative exists and is very stable... but is just so awful to use that you'd rather just put up with the occasional crash.

i remembered an example of an Amiga software that crashed pretty hard in unforeseen circumstances. ProTracker 4 Beta 2 had a Y2K bug. Well i know it was still a Beta version, but it would have taken several years to find this out. Bad programming? I hesitate to rush to judgement. Foolish assumptions, certainly; very easy to make.

[robinsonb5]

Quote:

Originally Posted by daxb

I`m also interested in how an amiga system could be "hacked" that is connected to the internet.

I forget the details now but I remember a similar argument on... it might have been the Amiga Format mailing list a long time ago about how the Amiga couldn't be compromised merely by viewing an email (this would have been in Melissa's day). Someone insisted that, yes, actually it could. Needless to say his argument was dismissed out of hand, so eventually he proved the point by posting a message that exploited YAM and APIPE: (I think) to open up a console window containing the word "Owned" when it was viewed!

[meynaf]

Quote:

Originally Posted by Mrs Beanbag

i do... because however difficult it may be, there are people who think it is worth the effort, and there is too much at stake -- maybe not on an Amiga, but on a "modern" and popular system ("PC-like" or otherwise) with significant resources.

Remember we're speaking about an amiga-like machine here.

Quote:

Originally Posted by Mrs Beanbag

well the behaviour of bugs can be quite random, one day it will be "suspend/reboot", another it will be guru. And on that 1 time out of a million it will be, invalidate your filesystem.

Then it'll invalidate the file system. Big deal, a few tens of seconds later it's back.

Quote:

Originally Posted by Mrs Beanbag

the alternatives are also badly written... if not worse... there is no perfect, bug-free software on modern computers. By which i mean software that does modern tasks, which are often very complex tasks. And sometimes there are not alternatives. Try finding an alternative driver for a particular piece of hardware, or an alternative program for reading and writing some popular but proprietary file format.

Or maybe the alternative exists and is very stable... but is just so awful to use that you'd rather just put up with the occasional crash.

i remembered an example of an Amiga software that crashed pretty hard in unforeseen circumstances. ProTracker 4 Beta 2 had a Y2K bug. Well i know it was still a Beta version, but it would have taken several years to find this out. Bad programming? I hesitate to rush to judgement. Foolish assumptions, certainly; very easy to make.

Well, ok. Sometimes we have to use bad software. Let's just flag it as "buggy" and sandbox it...

Do not feel safe, however. Some day a BSOD might prove you that you weren't as protected as you thought.

[meynaf]

Quote:

Originally Posted by robinsonb5

I forget the details now but I remember a similar argument on... it might have been the Amiga Format mailing list a long time ago about how the Amiga couldn't be compromised merely by viewing an email (this would have been in Melissa's day). Someone insisted that, yes, actually it could. Needless to say his argument was dismissed out of hand, so eventually he proved the point by posting a message that exploited YAM and APIPE: (I think) to open up a console window containing the word "Owned" when it was viewed!

I want to see that.

[Mrs Beanbag]

Quote:

Originally Posted by meynaf

Remember we're speaking about an amiga-like machine here.

Yes, amiga-like, but presumably with much faster CPU and modern amounts of RAM and hard drive?

Or maybe we could argue about what "amiga-like" actually means? Those are always fun.

Quote:

Well, ok. Sometimes we have to use bad software. Let's just flag it as "buggy" and sandbox it...

Do not feel safe, however. Some day a BSOD might prove you that you weren't as protected as you thought.

Big deal, a few tens of seconds later it's back?

BSOD, or "Kernel Panic" as Linux calls it, indicates a bug in the OS, rather than in user software. Of course it's possible and they do happen, and Linus Torvalds turns into Incredible Hulk. I had a fairly reproducible one on a computer last year, something to do with the USB subsystem, the same software ran fine on a different PC though. Too many different hardware combinations...

[kolla]

Quote:

Originally Posted by meynaf

I want to see that.

There was an escape sequence exploit that affected most MUI apps (I don't recall which mui class that was the culprit), including YAM, and one would typically use APIPE: for execution of commands.

[NorthWay]

Quote:

Originally Posted by meynaf

It doesn't have to. It's none of its business.

If you _really_ believe that, then you can only be happy with the original Amiga - as beautiful as it is - with all its uglyness.

This feels like deja vu as in the Tanenbaum and Torvalds exchanges.
I'll do my best not to give any more replies in this thread.

[idrougge]

Quote:

Originally Posted by Samurai_Crow

Gunnar von Boehn is a hardware designer who advocates Oberon 2 style managed code over MMU based memory protected environments. He is designing the softcore for the Vampire 2 accelerator.

In that case, he is more of a hardware designer than a programmer, but never mind that. Let the programmer implement designs as necessary. MMU or managed code is question for Meynaf and von Boehn, not for me as a user. It's when Meynaf's approach to security makes my life as a user one of straddling a tightrope that he and his ilk should be removed from systems design.

I don't know about you guys, but what I want from a modern Amiga-like system is not something which must be used in an RF shielded cage with no internet connection. Sometimes, solving the problem is not the solution, but some problems can't be solved like a Gordian knot either.

[Mrs Beanbag]

you know what, i have been having a think, and i believe it is possible to give Maynaf what he wants without putting anybody else at risk.

we shouldn't have a checkbox somewhere to turn off memory protection, in case anyone is tempted to click it, because "give the user all the privileges" sounds like quite an appealing option. But if it could be done with, for instance, some modification to a startup sequence, the elite user will be able to do it, but the average user won't.

I have in mind a kind of multi-layered operating system, where the bottom layer is very small, but not like a microkernel, more like an extensible kernel, so you "build up" an effectively monolithic kernel by stacking the layers on top of each other during the boot process.

I might investigate Raspberry Pi actually, maybe i could write this...

Quote:

Originally Posted by NorthWay

This feels like deja vu as in the Tanenbaum and Torvalds exchanges.

Reminds me actually of this argument...
https://lkml.org/lkml/2012/12/23/75

[meynaf]

Quote:

Originally Posted by Mrs Beanbag

Yes, amiga-like, but presumably with much faster CPU and modern amounts of RAM and hard drive?

Or maybe we could argue about what "amiga-like" actually means? Those are always fun.

Amiga-like is for me something that offers the advantages the Amiga had.
Of course with more horsepower inside.

Quote:

Originally Posted by Mrs Beanbag

Big deal, a few tens of seconds later it's back?

BSOD, or "Kernel Panic" as Linux calls it, indicates a bug in the OS, rather than in user software. Of course it's possible and they do happen, and Linus Torvalds turns into Incredible Hulk. I had a fairly reproducible one on a computer last year, something to do with the USB subsystem, the same software ran fine on a different PC though. Too many different hardware combinations...

Tens of seconds later it's back. But it was totally unexpected (unlike a crash on the amiga) so you didn't save a few things... and as your computer's memory is completely locked up, you can't even scan it for lost data...

Quote:

Originally Posted by kolla

There was an escape sequence exploit that affected most MUI apps (I don't recall which mui class that was the culprit), including YAM, and one would typically use APIPE: for execution of commands.

Yup. There WAS an escape sequence. But what i'm asking is something that would work today.

Quote:

Originally Posted by NorthWay

If you _really_ believe that, then you can only be happy with the original Amiga - as beautiful as it is - with all its uglyness.

Be happy with your pc with all its ugliness as well.

Quote:

Originally Posted by NorthWay

This feels like deja vu as in the Tanenbaum and Torvalds exchanges.
I'll do my best not to give any more replies in this thread.

Good idea.

Quote:

Originally Posted by idrougge

In that case, he is more of a hardware designer than a programmer, but never mind that. Let the programmer implement designs as necessary. MMU or managed code is question for Meynaf and von Boehn, not for me as a user. It's when Meynaf's approach to security makes my life as a user one of straddling a tightrope that he and his ilk should be removed from systems design.

I don't know about you guys, but what I want from a modern Amiga-like system is not something which must be used in an RF shielded cage with no internet connection. Sometimes, solving the problem is not the solution, but some problems can't be solved like a Gordian knot either.

But, WTF, when will you understand that i don't want to FORCE anyone in adopting a system without memory protection ??!

Quote:

Originally Posted by Mrs Beanbag

you know what, i have been having a think, and i believe it is possible to give Maynaf what he wants without putting anybody else at risk.

we shouldn't have a checkbox somewhere to turn off memory protection, in case anyone is tempted to click it, because "give the user all the privileges" sounds like quite an appealing option. But if it could be done with, for instance, some modification to a startup sequence, the elite user will be able to do it, but the average user won't.

I have in mind a kind of multi-layered operating system, where the bottom layer is very small, but not like a microkernel, more like an extensible kernel, so you "build up" an effectively monolithic kernel by stacking the layers on top of each other during the boot process.

Could be made this way. Could also be located in some config file.
Could as well be a special version of the kernel which i don't give to cowards and ignorants

Quote:

Originally Posted by Mrs Beanbag

I might investigate Raspberry Pi actually, maybe i could write this...

You wouldn't be alone.

[kolla]

There is μCLinux for that, no memory protection, enjoy.

[meynaf]

Quote:

Originally Posted by kolla

There is μCLinux for that, no memory protection, enjoy.

What ? No memory protection ? This should be forbidden

[Mrs Beanbag]

Quote:

Originally Posted by meynaf

Amiga-like is for me something that offers the advantages the Amiga had.
Of course with more horsepower inside.

but more horsepower means more powerful applications will also be developed. These will naturally be more complex. Yes they will! And that doesn't mean bloat!

Allow me to give a specific example... if you have, for instance, some table to look up some strings. If it is only a few strings, you can just scan through the list in a linear way and it won't be too slow. But if you have thousands, tens of thousands of strings... because there is more memory, and more hard disk space, and bigger files that people are creating. The faster CPU can only compensate so much, but it is worth implementing instead some kind of binary search tree - and maybe it would be better if you could make sure it was well-balanced (red black tree, for instance). Or maybe you choose instead some kind of hash map. This makes the code better performing with large sets of data, but it also means more code, and more complex code, which is more difficult to ensure there are no bugs. Especially in tree structures with nodes on the heap.

Sometimes you just want to do something that an old Amiga can't realistically do. Lately i've been implementing boolean operations on 3 dimensional solids. Getting this to run accurately enough in reasonable time involves data structure acrobatics, there are so many different concepts involved. I even had to hand-roll a bignum class. It seems pretty stable now, but i can't be entirely sure some weird combination of shapes won't crash it. It'll get even more complex when i optimise it.

Quote:

Tens of seconds later it's back. But it was totally unexpected (unlike a crash on the amiga) so you didn't save a few things... and as your computer's memory is completely locked up, you can't even scan it for lost data...

yeah it would be unexpected... it would also be the Kernel's fault, so i'd expect it to get fixed. If it is a user-mode app that is no longer maintained, tough luck.

The scariest crash i've ever made my Amiga do, by the way (while developing in asm), it caused a Guru, and when it reset it came up "Insert volume DH0 in any drive"! And it wouldn't go away on reset, i had to switch off at the mains! I was having kittens at this point, but thankfully no permanent damage was done... but i had to power off for some time, amazingly the fault even survived the first power cycle.

Quote:

Yup. There WAS an escape sequence. But what i'm asking is something that would work today.

it proves one thing though, that the Amiga's simplicity doesn't guarantee it can't be hacked.

Quote:

Could be made this way. Could also be located in some config file.
Could as well be a special version of the kernel which i don't give to cowards and ignorants

well you could just install only Level 1 of the Kernel. But that would not be the default install. Or perhaps provided for embedded systems use.

Quote:

Originally Posted by meynaf

What ? No memory protection ? This should be forbidden

I think the point is, that no-one would market it for general home consumer use, like the Amiga was back in its own day.

[vxm]

Quote:

Originally Posted by meynaf

But, WTF, when will you understand that i don't want to FORCE anyone in adopting a system without memory protection ??!

That is not the issue.
What matters is that you are the devil's advocate because you practice proselytism.
I am sure that your light switches are still not powered by an MMU and therefore without memory protection.