18 March 2015, 21:34 | #1 | ||
Banned
Join Date: Jan 2010
Location: Kansas
Posts: 1,284
|
Amiga security compared to other OS
Quote:
Quote:
It would be good if USB was standard across AmigaOS 3 and 4 also. Poseiden works well but the MorphOS input.device with MorphOS ISA extended I/O commands snuck in and is being used. It's interesting that AROS chose the AmigaOS 4 ISA for their "trial" extended I/O command (there is only 1 so far). The new input.device allows for USB use without booting off the HD. This new input.device is more stable for me than the AmigaOS one although it is not very well optimized, at least the original. New Kickstarts (including ROMs) with USB support in the boot menu (booting off USB media also), large hard drive support and bug fixes would make AmigaOS 3 much better for the upgraded old hardware and for new FPGA hardware. There would be less problems if back porting and fixing the low level AmigaOS modules first and then work up to the high level modules. The tricky part is security. We can't have an Amiga which pops up annoying password requesters every 5 minutes like Unix systems. Most of the time it's still the same user at the terminal. The tougher question is for AmigaOS 4 which needs to be more secure and multi-user with 64 bits, SMP, memory protection and resource tracking to compete in professional higher end computing. AmigaOS classic 68k could be improved in some of these areas but it doesn't need them as much for low end computing and devices where being efficient, responsive and low cost is also very important. AmigaOS classic could be upgraded to where AmigaOS 4 is now (but with legacy custom chip support and a little less bloat) but AmigaOS 4 may end up breaking compatibility and nobody liking the results after upgrading it to be modern and competitive for the classes. I prefer the classic route for the masses which is easier. I know how nice a classic Amiga with 68060@75MHz is and I know it would mostly scale up. An FPGA that is matching the performance of my 68060 in FPGA at 100MHz has to be designed like a 1GHz+ hard CPU internally. I believe even a low end 68k ASIC could compete with the Raspberry Pi in performance and give a nice upgraded Amiga experience with modern I/O hardware. Maybe it's as crazy of an idea as anything on the Amiga after the failure of Hyperion but then there are Natami threads with 300,000+ hits. Maybe we just need to wake up all the middle aged ex-Amiga users by bringing back cheap fun computing without the hassles. |
||
19 March 2015, 05:16 | #2 |
Banned
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 1,893
|
What UNIX do you have experience with? Do we see OSX users complain about password prompts showing up every 5 minutes? AmigaOS in any of its current incarnations are dead end systems, they just don't hold up against anything - if any of them gain enough popularity to atract malware of any type, they are most easy target ever!
And sorry, I only see OS4 as a marginal upgrade from 3.x, it is really just a rehash of the same old same old, now on PowerPC. |
19 March 2015, 07:11 | #3 | |
Banned
Join Date: Jan 2010
Location: Kansas
Posts: 1,284
|
Quote:
AmigaOS 4 is at least a more complete and modern OS. AmigaOS 3 can hold it's own due to the fact that it is modular but needs add-ons. AmigaOS modularity, shared "pure" code libraries and pre-emptive multitasking are great features the Amiga has had from the beginning and which have helped it age well. |
|
19 March 2015, 12:16 | #4 | ||
Registered User
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 41
Posts: 3,772
|
Quote:
Quote:
Last edited by Hewitson; 19 March 2015 at 12:21. |
||
19 March 2015, 13:53 | #5 |
Registered User
Join Date: Feb 2010
Location: Espoo / Finland
Posts: 818
|
|
20 March 2015, 22:56 | #6 |
Banned
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 1,893
|
Indeed, let us talk about Amiga systems from a black hat's point of view. How easy us it to run any given binary and access all data (disk and RAM) on Amiga systems? I'm not sure how capable browsers on Amiga is with JavaScript, but I would totally expect a JavaScript to have full access to entire system. And then there is abusing datatype aware programs to inject commands, trick users into running scripts etc that literally takes over the entire system.
Multiuser does not mean multiple people using one computer, it means multiple layers of security, where different "users" (owners of processes) have different access to resources such as memory, storage and everything. Without this in place, a system should not really be exposed to Internet. |
21 March 2015, 14:23 | #7 | ||
Registered User
Join Date: May 2014
Location: inside the emulator
Posts: 377
|
Quote:
Quote:
|
||
21 March 2015, 14:49 | #8 |
Registered User
Join Date: Oct 2009
Location: Germany
Posts: 3,303
|
Until now there is no need to make amiga secure. The main problem would be browsers but first people must start attacking Amiga computer. Else there isn`t motivation to make it more secure. Probably this won`t happen.
Multiuser is something I never needed or liked in any way. At least for a home computer system where normaly only one person is using it. If I use it I want always the full access (or as much as possible) to it. Changing between different secure layers like on unix is just annoying. |
22 March 2015, 02:13 | #9 |
Banned
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 1,893
|
So for you it is no problem that any script your browser runs has full access to all your hardware?
|
22 March 2015, 14:31 | #10 |
Registered User
Join Date: Oct 2009
Location: Germany
Posts: 3,303
|
If people starting "attacking" my Amiga then I would care, of course. "Unfortunately", it seems nobody is interested in Amiga as a target. How many have the skills (Amiga becomes more and more unknown)? It is similar to make your house secure but nobody wants to catch something.
On the other hand I don`t know how open amiga systems are. Which ways could an attacker go and to what he has access. When I`m online and in front of my Amiga would I notice accesses? |
22 March 2015, 16:28 | #11 | |
Glastonbridge Software
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,243
|
http://arxiv.org/pdf/1502.07373v2.pdf
Quote:
I run Linux at home and at work and i don't get bothered by having to enter my password all the time, only when installing software. Which is how it should be. I can develop and compile stuff fine in my home directory, of course. But even on Windows it is recommended to have a separate admin account and not use it all the time, because malicious software can install itself without permission. Forcing users to enter a password before software can access system folders is a Very Good Idea no matter how annoying you might find it. |
|
22 March 2015, 20:10 | #12 |
Banned
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 1,893
|
Why is "multiuser" required for security - because it Is a proven and well known concept that has been in use for decades with success, it is used in all relevant computer systems today. Anyone have any alternative security concepts? I doubt it.
The context of this discussion was all those who want to make Amiga popular and sort of mainstream again, and I argue that this can never happen unless the OS is radically changed. Noone would _want_ to see any Amiga system reach the kind of popularity that it may atract exploiters. On the other hand, if a new OS is built, based largely on "the Amiga experience" (as seen from user's point of view, not coders/programmers), with a solid and secure foundation, then yes, maybe it would have a chance at becoming popular. However, Apple are pretty much already selling everything anything Amiga could hope to accomplish. Last edited by TCD; 22 March 2015 at 22:43. Reason: Back-to-back posts merged. |
22 March 2015, 22:14 | #13 |
Glastonbridge Software
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,243
|
i would like to see an AmigaOS with memory protection, not so much for security as for preventing crashes and associated loss of data that can occur. As an ASM programmer i live in fear of accidentally writing to the wrong address and crashing my whole system, possibly corrupting disks &c. Although as many people have pointed out, it would be difficult to ensure complete backwards-compatibility.
but i don't imagine it will ever be popular. |
22 March 2015, 22:40 | #14 | |
Registered User
Join Date: May 2014
Location: inside the emulator
Posts: 377
|
Quote:
If so that have nothing to do with multi user support. You still haven't explained _how_ it is relevant. Last edited by TCD; 22 March 2015 at 22:43. Reason: Back-to-back posts merged. |
|
22 March 2015, 22:55 | #15 | |
Registered User
Join Date: Aug 2012
Location: Australia
Posts: 651
|
Amiga security compared to other OS
Quote:
Considering out of the whole amiga population two people and goat have a mmu. I doubt it will. Last edited by Vot; 23 March 2015 at 01:02. |
|
23 March 2015, 13:45 | #16 |
Registered User
Join Date: May 2014
Location: inside the emulator
Posts: 377
|
I remember some discussion in the early days of AROS that some protection could be done by making everything readable to everyone while protecting memory against unauthorized writes. IIRC the first 3DO OS used such a design.
And of course while such a system would be protected it wouldn't be secure - read access allows for a lot of problems. |
23 March 2015, 13:52 | #17 | |
Registered User
Join Date: Jun 2010
Location: PL?
Posts: 2,742
|
True: http://www.ddrdetective.com/row-hammer/
Quote:
|
|
23 March 2015, 17:05 | #18 | ||
Banned
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 1,893
|
Quote:
Quote:
Do you know other models for implementing general security in Operating Systems? If so, I am very intested. All systems running OS4, MorphOS and a vast majority of those running AROS, have systems with MMU, as do most amiga models with 68060, 68040 and even 68030 CPUs, as very few boards were sold with EC CPUs and many rely on the MMU to operate. Last edited by TCD; 23 March 2015 at 17:11. Reason: Back-to-back posts merged. |
||
23 March 2015, 19:36 | #19 | ||
Registered User
Join Date: May 2014
Location: inside the emulator
Posts: 377
|
Quote:
But you seem to think this kind of division have anything to do with multi-user support. Multi-user support in it self is the support of several users, not anything to do with either protection _or_ security. Do you agree with that? Otherwise this discussion can't lead anywhere. Quote:
|
||
23 March 2015, 19:45 | #20 | |
Registered User
Join Date: Nov 2006
Location: Amigaville
Age: 46
Posts: 3,334
|
Quote:
In reality - useless - most users just click 'Yes' and allow everything and anything to install. (it's only really good as a fail safe for people who know how to use a computer and accidently download something bad). A little knowledge is a dangerous thing Sandboxing an OS (or preferably the user) would be ideal |
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Breathless security codes | Supamax | request.Other | 9 | 09 October 2009 07:11 |
SNES EyeOfTheBeholder compared to Amiga's port | jharrison | Retrogaming General Discussion | 12 | 01 December 2008 22:06 |
How fast is WINUAE compared to a real amiga? | mrbob2 | Retrogaming General Discussion | 13 | 14 November 2008 23:14 |
My Amiga was a security system | DigitalQuirk | Nostalgia & memories | 3 | 17 April 2008 17:39 |
Why are Amiga games the most cheat menu hacked compared to other systems? | extentofmysin | Retrogaming General Discussion | 13 | 06 September 2006 20:16 |
|
|