English Amiga Board


Go Back   English Amiga Board > Main > Amiga scene

 
 
Thread Tools
Old 18 March 2015, 22:34   #1
matthey
Banned
 
Join Date: Jan 2010
Location: Kansas
Posts: 1,284
Amiga security compared to other OS

Quote:
Originally Posted by kolla View Post
Yeah, but explain to me why in this time and age I would want to play this old game Quake on an Amiga when I can play it in higher resolution and higher speed on my phone, or just about any other device I own.
Some 3D is not performance intensive and the hardware acceleration speeds up software which can take advantage of it. The Amiga ends up with more and faster software overall with 3D. The big downside to bringing better 3D to the 68k Amiga is that many users don't have 3D hardware (neither planned for any FPGA 68k hardware) but a 68k Warp3D Radeon driver would help to increase the number of 68k 3D users. If we polled the number of 68k AmigaOS UAE users, Mediator users, Prometheus users, GRex users, CVision/BVision users and Cybervision 64/3D users, what percentage of active 68k Amiga users do you think they would be?

Quote:
Originally Posted by kolla View Post
I would focus on getting an up to date networking architecture already!
I agree that networking support is more important to more 68k AmigaOS users. Amiga 1200 and 600 users can network with their PCMCIA slots. Some new FPGA boards and accelerators will have ethernet. Networking through USB is working for more people now also. While the current networking software is old, it works well enough in most cases. Yeah, it would be nice if Olaf updated RoadShow more (it is the newest Amiga stack) and it became standard (and really should be a permanent part of instead of just licensed) on AmigaOS 3 and AmigaOS 4. This would take some investment again.

It would be good if USB was standard across AmigaOS 3 and 4 also. Poseiden works well but the MorphOS input.device with MorphOS ISA extended I/O commands snuck in and is being used. It's interesting that AROS chose the AmigaOS 4 ISA for their "trial" extended I/O command (there is only 1 so far). The new input.device allows for USB use without booting off the HD. This new input.device is more stable for me than the AmigaOS one although it is not very well optimized, at least the original. New Kickstarts (including ROMs) with USB support in the boot menu (booting off USB media also), large hard drive support and bug fixes would make AmigaOS 3 much better for the upgraded old hardware and for new FPGA hardware. There would be less problems if back porting and fixing the low level AmigaOS modules first and then work up to the high level modules.

Quote:
Originally Posted by kolla View Post
And I would focus on "how can we build a modern platfom, yet retain the user experience of Amiga".
The tricky part is security. We can't have an Amiga which pops up annoying password requesters every 5 minutes like Unix systems. Most of the time it's still the same user at the terminal. The tougher question is for AmigaOS 4 which needs to be more secure and multi-user with 64 bits, SMP, memory protection and resource tracking to compete in professional higher end computing. AmigaOS classic 68k could be improved in some of these areas but it doesn't need them as much for low end computing and devices where being efficient, responsive and low cost is also very important. AmigaOS classic could be upgraded to where AmigaOS 4 is now (but with legacy custom chip support and a little less bloat) but AmigaOS 4 may end up breaking compatibility and nobody liking the results after upgrading it to be modern and competitive for the classes. I prefer the classic route for the masses which is easier. I know how nice a classic Amiga with 68060@75MHz is and I know it would mostly scale up. An FPGA that is matching the performance of my 68060 in FPGA at 100MHz has to be designed like a 1GHz+ hard CPU internally. I believe even a low end 68k ASIC could compete with the Raspberry Pi in performance and give a nice upgraded Amiga experience with modern I/O hardware. Maybe it's as crazy of an idea as anything on the Amiga after the failure of Hyperion but then there are Natami threads with 300,000+ hits. Maybe we just need to wake up all the middle aged ex-Amiga users by bringing back cheap fun computing without the hassles.
matthey is offline  
AdSense AdSense  
Old 19 March 2015, 06:16   #2
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
What UNIX do you have experience with? Do we see OSX users complain about password prompts showing up every 5 minutes? AmigaOS in any of its current incarnations are dead end systems, they just don't hold up against anything - if any of them gain enough popularity to atract malware of any type, they are most easy target ever!

And sorry, I only see OS4 as a marginal upgrade from 3.x, it is really just a rehash of the same old same old, now on PowerPC.
kolla is offline  
Old 19 March 2015, 08:11   #3
matthey
Banned
 
Join Date: Jan 2010
Location: Kansas
Posts: 1,284
Quote:
Originally Posted by kolla View Post
What UNIX do you have experience with? Do we see OSX users complain about password prompts showing up every 5 minutes? AmigaOS in any of its current incarnations are dead end systems, they just don't hold up against anything - if any of them gain enough popularity to atract malware of any type, they are most easy target ever!
I installed Cinnamon Mint Linux on an old PC to try it out. It's supposed to be one of the easiest to use Unix descendants. Users who only browse the web might be happy but I tried to setup SMB and do some programming. It's sudo this and sudo that enter password again and again. I could probably read a bookshelf worth of texts and maybe be able to get something done but the Amiga is way easier and I can do power user stuff in 1/10 of the time. Sure, the Amiga needs to get better at security, maybe up to what WindowsXP was. It was not annoying and secure enough but M$ antiquated it for "security" reasons.

Quote:
Originally Posted by kolla View Post
And sorry, I only see OS4 as a marginal upgrade from 3.x, it is really just a rehash of the same old same old, now on PowerPC.
AmigaOS 4 is at least a more complete and modern OS. AmigaOS 3 can hold it's own due to the fact that it is modular but needs add-ons. AmigaOS modularity, shared "pure" code libraries and pre-emptive multitasking are great features the Amiga has had from the beginning and which have helped it age well.
matthey is offline  
Old 19 March 2015, 13:16   #4
Hewitson
Registered User
Hewitson's Avatar
 
Join Date: Feb 2007
Location: Melbourne, Australia
Age: 35
Posts: 2,235
Quote:
Originally Posted by matthey View Post
I installed Cinnamon Mint Linux on an old PC to try it out. It's supposed to be one of the easiest to use Unix descendants. Users who only browse the web might be happy but I tried to setup SMB and do some programming. It's sudo this and sudo that enter password again and again.
Well that's your fault for not configuring sudo correctly. Don't blame your own inexperience on the software.

Quote:
Originally Posted by matthey
Sure, the Amiga needs to get better at security, maybe up to what WindowsXP was.
Wtf? How many Amigas have been infected by viruses/malware from web sites, emails, documents, etc? Zero. How many XP machines have been? Millions.

Last edited by Hewitson; 19 March 2015 at 13:21.
Hewitson is offline  
Old 19 March 2015, 14:53   #5
britelite
Registered User
 
Join Date: Feb 2010
Location: Espoo / Finland
Posts: 278
Quote:
Originally Posted by Hewitson View Post
Wtf? How many Amigas have been infected by viruses/malware from web sites, emails, documents, etc? Zero.
It's only a case of security by obscurity, if Amiga was a mainstream platform the situation would be different.
britelite is offline  
Old 20 March 2015, 23:56   #6
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Indeed, let us talk about Amiga systems from a black hat's point of view. How easy us it to run any given binary and access all data (disk and RAM) on Amiga systems? I'm not sure how capable browsers on Amiga is with JavaScript, but I would totally expect a JavaScript to have full access to entire system. And then there is abusing datatype aware programs to inject commands, trick users into running scripts etc that literally takes over the entire system.

Multiuser does not mean multiple people using one computer, it means multiple layers of security, where different "users" (owners of processes) have different access to resources such as memory, storage and everything. Without this in place, a system should not really be exposed to Internet.
kolla is offline  
Old 21 March 2015, 15:23   #7
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 254
Quote:
Originally Posted by kolla View Post
Indeed, let us talk about Amiga systems from a black hat's point of view. How easy us it to run any given binary and access all data (disk and RAM) on Amiga systems? I'm not sure how capable browsers on Amiga is with JavaScript, but I would totally expect a JavaScript to have full access to entire system. And then there is abusing datatype aware programs to inject commands, trick users into running scripts etc that literally takes over the entire system.
Amiga OS is wide open in every security aspect. Windows XP can be hacked using unpatched exploits while Amiga OS can't even be patched.

Quote:
Multiuser does not mean multiple people using one computer, it means multiple layers of security, where different "users" (owners of processes) have different access to resources such as memory, storage and everything. Without this in place, a system should not really be exposed to Internet.
Care to explain why this is required for security?
Megol is offline  
Old 21 March 2015, 15:49   #8
daxb
Registered User
 
Join Date: Oct 2009
Location: Germany
Posts: 1,751
Until now there is no need to make amiga secure. The main problem would be browsers but first people must start attacking Amiga computer. Else there isn`t motivation to make it more secure. Probably this won`t happen.

Multiuser is something I never needed or liked in any way. At least for a home computer system where normaly only one person is using it. If I use it I want always the full access (or as much as possible) to it. Changing between different secure layers like on unix is just annoying.
daxb is offline  
Old 22 March 2015, 03:13   #9
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
So for you it is no problem that any script your browser runs has full access to all your hardware?
kolla is offline  
Old 22 March 2015, 15:31   #10
daxb
Registered User
 
Join Date: Oct 2009
Location: Germany
Posts: 1,751
If people starting "attacking" my Amiga then I would care, of course. "Unfortunately", it seems nobody is interested in Amiga as a target. How many have the skills (Amiga becomes more and more unknown)? It is similar to make your house secure but nobody wants to catch something.

On the other hand I don`t know how open amiga systems are. Which ways could an attacker go and to what he has access. When I`m online and in front of my Amiga would I notice accesses?
daxb is offline  
Old 22 March 2015, 17:28   #11
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
http://arxiv.org/pdf/1502.07373v2.pdf

Quote:
Abstract
We present the first micro-architectural side-channel attack which runs entirely in the browser. In contrast to other works in this genre, this attack does not require the attacker to install any software on the victim’s machine – to facilitate the attack, the victim needs only to browse to an untrusted webpage with attacker-controlled content. This makes the attack model highly scalable and extremely relevant and practical to today’s web, especially since most desktop browsers currently accessing the Internet are vulnerable to this attack. Our attack, which is an extension of the last-level cache attacks of Yarom et al. [23], allows a remote adversary recover information belonging to other processes, other users and even other virtual machines running on the same physical host as the victim web browser. We describe the fundamentals behind our attack, evaluate its performance using a high bandwidth covert channel and finally use it to construct a system-wide mouse/network activity logger. Defending against this attack is possible, but the required counter-measures can exact an impractical cost on other benign uses of the web browser and of the computer.
Nothing is safe.

I run Linux at home and at work and i don't get bothered by having to enter my password all the time, only when installing software. Which is how it should be. I can develop and compile stuff fine in my home directory, of course. But even on Windows it is recommended to have a separate admin account and not use it all the time, because malicious software can install itself without permission. Forcing users to enter a password before software can access system folders is a Very Good Idea no matter how annoying you might find it.
Mrs Beanbag is offline  
Old 22 March 2015, 21:10   #12
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Why is "multiuser" required for security - because it Is a proven and well known concept that has been in use for decades with success, it is used in all relevant computer systems today. Anyone have any alternative security concepts? I doubt it.

The context of this discussion was all those who want to make Amiga popular and sort of mainstream again, and I argue that this can never happen unless the OS is radically changed. Noone would _want_ to see any Amiga system reach the kind of popularity that it may atract exploiters. On the other hand, if a new OS is built, based largely on "the Amiga experience" (as seen from user's point of view, not coders/programmers), with a solid and secure foundation, then yes, maybe it would have a chance at becoming popular. However, Apple are pretty much already selling everything anything Amiga could hope to accomplish.

Last edited by TCD; 22 March 2015 at 23:43. Reason: Back-to-back posts merged.
kolla is offline  
Old 22 March 2015, 23:14   #13
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
i would like to see an AmigaOS with memory protection, not so much for security as for preventing crashes and associated loss of data that can occur. As an ASM programmer i live in fear of accidentally writing to the wrong address and crashing my whole system, possibly corrupting disks &c. Although as many people have pointed out, it would be difficult to ensure complete backwards-compatibility.

but i don't imagine it will ever be popular.
Mrs Beanbag is offline  
Old 22 March 2015, 23:40   #14
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 254
Quote:
Originally Posted by kolla View Post
So for you it is no problem that any script your browser runs has full access to all your hardware?
I guess that was directed to me?

If so that have nothing to do with multi user support.

Quote:
Originally Posted by kolla View Post
Why is "multiuser" required for security - because it Is a proven and well known concept that has been in use for decades with success, it is used in all relevant computer systems today. Anyone have any alternative security concepts? I doubt it.
You still haven't explained _how_ it is relevant.

Last edited by TCD; 22 March 2015 at 23:43. Reason: Back-to-back posts merged.
Megol is offline  
Old 22 March 2015, 23:55   #15
Vot
Registered User

 
Join Date: Aug 2012
Location: Australia
Posts: 646
Amiga security compared to other OS

Quote:
Originally Posted by Mrs Beanbag View Post
i would like to see an AmigaOS with memory protection, not so much for security as for preventing crashes and associated loss of data that can occur. As an ASM programmer i live in fear of accidentally writing to the wrong address and crashing my whole system, possibly corrupting disks &c. Although as many people have pointed out, it would be difficult to ensure complete backwards-compatibility.

but i don't imagine it will ever be popular.

Considering out of the whole amiga population two people and goat have a mmu. I doubt it will.

Last edited by Vot; 23 March 2015 at 02:02.
Vot is offline  
Old 23 March 2015, 14:45   #16
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 254
I remember some discussion in the early days of AROS that some protection could be done by making everything readable to everyone while protecting memory against unauthorized writes. IIRC the first 3DO OS used such a design.

And of course while such a system would be protected it wouldn't be secure - read access allows for a lot of problems.
Megol is offline  
Old 23 March 2015, 14:52   #17
pandy71
Registered User
 
Join Date: Jun 2010
Location: PL
Posts: 1,546
Quote:
Originally Posted by Mrs Beanbag View Post
Nothing is safe.
True: http://www.ddrdetective.com/row-hammer/

Quote:
What is Row Hammer?
In the quest to get memories smaller and faster memory vendors have had to make trade offs. One of these is very small physical geometries. These small geometries put memory cells very close together and as such one memory cell’s charge can leak into an adjacent one causing a bit flip. It has come to the attention of the industry that this is indeed happening under certain conditions. Very simply the problem occurs when the memory controller under command of the software causes an ACTIVATE command to a single row address repetitively. If the physically adjacent rows have not been ACTIVATED or Refreshed recently the charge from the over ACTIVATED row leaks into the dormant adjacent rows and causes a bit to flip. This failure mechanism has been coined ‘Row Hammer’ as a row of memory cells are being ‘hammered’ with ACTIVATE commands. Once this failure occurs a Refresh command from the Memory Controller solidifies the error into the memory cell. Current understanding is that the charge leakage does not damage the physical the memory cell which makes repeated memory tests to try to find the failing device useless.
Btw this problem is known from at least 2003...
pandy71 is offline  
Old 23 March 2015, 18:05   #18
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Quote:
Originally Posted by Megol View Post
I guess that was directed to me?

If so that have nothing to do with multi user support.
No, was aimed at daxb. And yes, it does.

Quote:
You still haven't explained _how_ it is relevant.
I would rathet have you explain how it is not relevant - the model of having many "users" and "groups" to create layers of access to gain security in operating systems is way old now and used in just about all OSes. Software that is exposed to Internet and has a port it listens to, should run in its own "user space" with limited access to the rest of the system. This is what all system users and groups are for on *ix and WinNT - in case there is a way to exploit the software from remote, damage is limited by the software not having wide access, some sort of local superuser exploit is also needed for that. Likewise, the person operating the system should protect him/her self from having the system compromized, by not giving super user access to mundane applications that have no use for that kind of access.

Do you know other models for implementing general security in Operating Systems? If so, I am very intested.

Quote:
Originally Posted by Vot View Post
Considering out of the whole amiga population two people and goat have a mmu. I doubt it will.
All systems running OS4, MorphOS and a vast majority of those running AROS, have systems with MMU, as do most amiga models with 68060, 68040 and even 68030 CPUs, as very few boards were sold with EC CPUs and many rely on the MMU to operate.

Last edited by TCD; 23 March 2015 at 18:11. Reason: Back-to-back posts merged.
kolla is offline  
Old 23 March 2015, 20:36   #19
Megol
Registered User

Megol's Avatar
 
Join Date: May 2014
Location: inside the emulator
Posts: 254
Quote:
Originally Posted by kolla View Post
No, was aimed at daxb. And yes, it does.

I would rathet have you explain how it is not relevant - the model of having many "users" and "groups" to create layers of access to gain security in operating systems is way old now and used in just about all OSes. Software that is exposed to Internet and has a port it listens to, should run in its own "user space" with limited access to the rest of the system. This is what all system users and groups are for on *ix and WinNT - in case there is a way to exploit the software from remote, damage is limited by the software not having wide access, some sort of local superuser exploit is also needed for that. Likewise, the person operating the system should protect him/her self from having the system compromized, by not giving super user access to mundane applications that have no use for that kind of access.
User space/kernel space is one kind of division. Allowing different processes (Unix term) accessing different things is another.
But you seem to think this kind of division have anything to do with multi-user support. Multi-user support in it self is the support of several users, not anything to do with either protection _or_ security.

Do you agree with that? Otherwise this discussion can't lead anywhere.

Quote:
Do you know other models for implementing general security in Operating Systems? If so, I am very intested.
I do, yes. Among those are capabilities.
Megol is offline  
Old 23 March 2015, 20:45   #20
Paul_s
needs more ice cream

Paul_s's Avatar
 
Join Date: Nov 2006
Location: Amigaville
Age: 39
Posts: 3,162
Quote:
Originally Posted by Mrs Beanbag View Post
Forcing users to enter a password before software can access system folders is a Very Good Idea no matter how annoying you might find it.
In principle a very good idea.

In reality - useless - most users just click 'Yes' and allow everything and anything to install. (it's only really good as a fail safe for people who know how to use a computer and accidently download something bad).


A little knowledge is a dangerous thing

Sandboxing an OS (or preferably the user) would be ideal
Paul_s is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Breathless security codes Supamax request.Other 9 09 October 2009 08:11
SNES EyeOfTheBeholder compared to Amiga's port jharrison Retrogaming General Discussion 12 01 December 2008 23:06
How fast is WINUAE compared to a real amiga? mrbob2 Retrogaming General Discussion 13 15 November 2008 00:14
My Amiga was a security system DigitalQuirk Nostalgia & memories 3 17 April 2008 18:39
Why are Amiga games the most cheat menu hacked compared to other systems? extentofmysin Retrogaming General Discussion 13 06 September 2006 21:16

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 00:05.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Page generated in 0.44931 seconds with 11 queries