English Amiga Board


Go Back   English Amiga Board > Main > Amiga scene

 
 
Thread Tools
Old 01 August 2015, 14:00   #141
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Btw, somewhere I have a keylogger a friend wrote. It logs to ram, survives warmboots, and can dump the log to file, trigger code on certain words etc.
kolla is offline  
AdSense AdSense  
Old 01 August 2015, 14:04   #142
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
That's basically what we've got... Kernel code runs without memory protection, afterall it has to manage the memory protection for everything else. "User mode" is exactly this kind of sandbox. Now if only you could run code in Kernel mode ad-hoc...
My idea was rather to have a single, isolated "user mode" for a single app.


Quote:
Originally Posted by Mrs Beanbag View Post
i'm never 100% sure of anything.
Right, the fact you're paranoid doesn't mean they're not after you


Quote:
Originally Posted by Mrs Beanbag View Post
I have cookies turned off, with exceptions (obviously Twitter is an exception or it would not work). Scripts are not supposed to be able to access cookies from other sites. If i ever have to enable cookies to get some site to work, i always set it "allow for session" and remove the exception when i'm done. I'm about as careful as i think i can be with cookies. I have no idea how somebody's blog post could find out my Twitter handle.
Perhaps your Twitter handle was easy to guess, or available somewhere you're left it.
Going to Twitter is looking for trouble anyway if you ask me


Quote:
Originally Posted by Mrs Beanbag View Post
round in circles... you don't know what code is doing, if you didn't write it, or if you haven't read and understood the source code. you have to trust it.
Ok but a site isn't directly running code on your machine. Some machine code has to sneak in, and that's not easy - and does not depend on memory protection at all.


Quote:
Originally Posted by Mrs Beanbag View Post
Memory protection is not online security. It is offline security. If something does get through the firewalls &c, then it has another challenge ahead of it.
What protection do you have in your home, knowing that someone might lockpick your keyhole and enter ?
Why not having in real life what we have in computers ?


Quote:
Originally Posted by Mrs Beanbag View Post
because it was written for idiots, by idiots. yeah, some of the things i have come up against make me suspect that a lot of their code is very bad.
Even though it was written for idiots, contrary to popular belief it has not been written by idiots.
Ok, some parts are real stupid, because driven by stupid marketing needs. But nevertheless, the miracle with it, is that it can work at all, and this, my friend, requires real good programmers.
meynaf is offline  
Old 01 August 2015, 14:06   #143
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by kolla View Post
Btw, somewhere I have a keylogger a friend wrote. It logs to ram, survives warmboots, and can dump the log to file, trigger code on certain words etc.
Oh good. I'm sure gonna run it


EDIT: I have connected MiamiDx thru WinUae's uaenet.device. Come and hack me

Last edited by meynaf; 01 August 2015 at 14:12.
meynaf is offline  
Old 01 August 2015, 14:17   #144
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by meynaf View Post
My idea was rather to have a single, isolated "user mode" for a single app.
sandboxing individual apps might also be a good idea, i've thought about it...

Quote:
Ok but a site isn't directly running code on your machine. Some machine code has to sneak in, and that's not easy - and does not depend on memory protection at all.
i'm not talking about sites, i'm talking about code you explicitly run. if you didn't write it, you don't know how it works. you don't know what bugs it has. if it is network code it might have exploits. or maybe it just trashes your system when it breaks one day and you lose valuable data.

also memory protection can help against attacks, for instance making the stack non-executable helps against buffer overruns.

Quote:
Why not having in real life what we have in computers ?
Because this is a terrible analogy.
Mrs Beanbag is offline  
Old 01 August 2015, 14:35   #145
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
i'm not talking about sites, i'm talking about code you explicitly run. if you didn't write it, you don't know how it works. you don't know what bugs it has. if it is network code it might have exploits. or maybe it just trashes your system when it breaks one day and you lose valuable data.
Code you explicitly run can always do wrong things, even if it has to call APIs for this. As I said many times, once the code executes it's too late.


Quote:
Originally Posted by Mrs Beanbag View Post
also memory protection can help against attacks, for instance making the stack non-executable helps against buffer overruns.
It can help, but a better way would be to stop misusing the stack when programming


Quote:
Originally Posted by Mrs Beanbag View Post
Because this is a terrible analogy.
How so ?
meynaf is offline  
Old 01 August 2015, 14:37   #146
Thorham
Computer Nerd

Thorham's Avatar
 
Join Date: Sep 2007
Location: Rotterdam/Netherlands
Age: 41
Posts: 2,972
Quote:
Originally Posted by Samurai_Crow View Post
@Thorham
Mostly memory protected environments protect against dodgy drivers and libraries. Internal error detection is mostly done with managed code under .NET and such.
Managed code is a nice idea for 68k during development. Something where you can run code managed or natively. Permanently managed seems a bit much, though.

Even better would be an assembler that optionally adds code to check memory access and stack usage. Only during development, of course.

Quote:
Originally Posted by meynaf View Post
I never said that memory protection wasn't useful as a development tool, actually quite the opposite.
What i'm saying is that we should have the freedom to enable or disable it at will.
I can agree with that.

Quote:
Originally Posted by meynaf View Post
So you have an editor to do things graphically and not only code, right ?
Yes. You can use the editor for placing things that are static into the 3D space (there's a 2D mode as well, never used it), and code for things that change (such as those randomly spawning monsters). You also use code for game mechanics. Or you could do everything with code. It's up to the programmer, really.
Thorham is offline  
Old 01 August 2015, 15:24   #147
kolla
Registered User
kolla's Avatar
 
Join Date: Nov 2007
Location: Trondheim, Norway
Posts: 767
Quote:
Originally Posted by meynaf View Post
No, you could not. Too bad my A1200 no longer works. An online appointment with you trying to hack me would have been FUN.
Yes, good old fashion core wars, it's been a while

Quote:
Besides, you did not answer the question of "what would you do exactly" - which could be rephrased as "how would you do that" (but i don't expect a precise reply either).
In a targeted attack, the method depends on the target - there are many ways HOW to steal your data, but it all typically begins with installing malicious code that contacts me (my system) to pick up tasks and deliver data.

Quote:
I'm not using torrent software. Also you can not snatch any keyfile off me without scanning my dirs - and this doesn't go inconspicuous.
Well, running "assign" requires no disk access, and most people have dir cache on, listing only filenames is a breeze with close to no disk access required.

Quote:
About IRC, i can perhaps type something starting with "/kick"
You wouldn't know you were trolled. And when you finally do, you wouldn't know why. And at last, kicking the troller is pointless, the troller is decoy, remember?

Quote:
All you need is an exploit of some sort. Unfortunately it's everywhere the case. And you're not gonna get it.
Maybe, maybe not

Quote:
You can sandbox on the Amiga as well.
Maybe we have different understandings of sandboxing?

Quote:
I could type "su" then guess your "1234" (or your birthdate) root password and type "rm -rf /".
Hm, no, your user is not privileged to run su, or do privilege escalation.

Quote:
Might not work on yourself but might work on many people, and memory protection won't help.
Those "many people" are unlikely to just give you some account. Of course you may resort to brute force ssh attack and be lucky, but you still have a long way to go. My systems don't let any user in with merely a password.

The idea, of course, is to have a service (remote login) available, and still be fairly safe.

Quote:
On the other hand, no remote login at all available on my A1200.
Yeah, it is quite boring like that. It does however have a TCP stack, and certain software may look up records in DNS and be confused about what they receive. Also, you may browse on sites (friendly amiga sites) which may or may not have html crafted to exploit features in friendly amiga browsers that have not seen updates in 10+ years. And then magic may happen.

Quote:
Not all of them. But all have memory protection.
Now imagine of they didn't.

Quote:
Are you gonna buy tanks to protect your home ? If not, why ?
My servers are like little fortresses sure. Tanks are expensive, memory protection is free and gives the system features I enjoy and me control that I want and need.

Quote:
What is about memory protection that i'm against ? Simple : it can not be disabled.
And you want to disable it because...?

Quote:
But, good boy, i'm not saying YOU have to live without, ok ?
So what is about memory protection that you don't even want the possibility of it being facultative ? I'm not forcing you to disable it, ok ?
It would be forcing people to deal with a pointless and confusing option. It would complicate the operating system a lot, a whole range of compromises would had to be made to even make disabling of memory protection possible. Many system tools would simply only work in one of the two modes...

If I am a software developer for a system that may run with virtual private memory space, or with shared common memory space... hmm, why would I want to write software for the latter?
kolla is offline  
Old 01 August 2015, 15:55   #148
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by meynaf View Post
Code you explicitly run can always do wrong things, even if it has to call APIs for this. As I said many times, once the code executes it's too late.
yes you have said it many times, and it was wrong just as many times. Code can execute in a system with memory protection... but as soon as it tries to do anything such as writing to protected memory - boom! Segmentation fault. Process terminate. No harm done.

Quote:
It can help, but a better way would be to stop misusing the stack when programming
Well this is true, but how do you prevent someone from doing so?

Quote:
How so ?
Because i'm not constantly inviting strangers into my own home off the street all day. If i were, i would certainly want some internal security. A better analogy would be a guest house or inn, or maybe living above a shop. Customers come in, maybe i refuse to serve them if they look a bit dodgy... maybe i have a doorman, maybe i have a list of people who are banned. But i'd still want a lockable door between my own rooms and the guest area, where the customers - or websites - can stay a while.

Actually customers is not such a good analogy, either. It may not likely be the customers who do the damage. But maybe some of them have fleas... fleas with lasers controlled by the evil laser-flea overlord.

Quote:
Originally Posted by kolla View Post
If I am a software developer for a system that may run with virtual private memory space, or with shared common memory space... hmm, why would I want to write software for the latter?
One bug we recently fixed in a client's (Windows) code was that it required to run from an admin account. Of course it didn't really need to at all, but it was storing its config files in the application directory. Windows users are of course used to only using an admin account, and approving of everything that asks for permissions. There must be a parable about this involving wolves, i'm sure.

Last edited by Mrs Beanbag; 01 August 2015 at 16:01.
Mrs Beanbag is offline  
Old 01 August 2015, 16:04   #149
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by kolla View Post
In a targeted attack, the method depends on the target - there are many ways HOW to steal your data, but it all typically begins with installing malicious code that contacts me (my system) to pick up tasks and deliver data.
Right, it begins by... installing code. And you simply can't !


Quote:
Originally Posted by kolla View Post
Well, running "assign" requires no disk access, and most people have dir cache on, listing only filenames is a breeze with close to no disk access required.
Sorry, no dir cache on my HD. Oh, by the way, its heads are parked (actually permanently because it's dead).


Quote:
Originally Posted by kolla View Post
You wouldn't know you were trolled. And when you finally do, you wouldn't know why. And at last, kicking the troller is pointless, the troller is decoy, remember?
That's equal, i've not been on irc for many years and probably will not be again ever.


Quote:
Originally Posted by kolla View Post
Maybe, maybe not
Try it.


Quote:
Originally Posted by kolla View Post
Maybe we have different understandings of sandboxing?
Maybe.


Quote:
Originally Posted by kolla View Post
Hm, no, your user is not privileged to run su, or do privilege escalation.
There are probably several users on your machine. How can you know which one i used ?


Quote:
Originally Posted by kolla View Post
Those "many people" are unlikely to just give you some account. Of course you may resort to brute force ssh attack and be lucky, but you still have a long way to go. My systems don't let any user in with merely a password.

The idea, of course, is to have a service (remote login) available, and still be fairly safe.
I still prefer to not have any remote login available at all.


Quote:
Originally Posted by kolla View Post
Yeah, it is quite boring like that. It does however have a TCP stack, and certain software may look up records in DNS and be confused about what they receive. Also, you may browse on sites (friendly amiga sites) which may or may not have html crafted to exploit features in friendly amiga browsers that have not seen updates in 10+ years. And then magic may happen.
Then create such an exploit site and we'll see. Can you catch IB2.3 red handed ?


Quote:
Originally Posted by kolla View Post
Now imagine of they didn't.
I see zero change.


Quote:
Originally Posted by kolla View Post
My servers are like little fortresses sure. Tanks are expensive, memory protection is free and gives the system features I enjoy and me control that I want and need.
Unfortunately memory protection isn't as free as you think.


Quote:
Originally Posted by kolla View Post
And you want to disable it because...?
Read this thread and you'll know.


Quote:
Originally Posted by kolla View Post
It would be forcing people to deal with a pointless and confusing option. It would complicate the operating system a lot, a whole range of compromises would had to be made to even make disabling of memory protection possible. Many system tools would simply only work in one of the two modes...
Many system tools would only work without memory protection, that's for sure.


Quote:
Originally Posted by kolla View Post
If I am a software developer for a system that may run with virtual private memory space, or with shared common memory space... hmm, why would I want to write software for the latter?
You don't write software for either mode. Your code doesn't even know in which mode it is.
meynaf is offline  
Old 01 August 2015, 16:14   #150
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
yes you have said it many times, and it was wrong just as many times. Code can execute in a system with memory protection... but as soon as it tries to do anything such as writing to protected memory - boom! Segmentation fault. Process terminate. No harm done.
You don't get a seg fault when some nasty program starts deleting files on your HD.


Quote:
Originally Posted by Mrs Beanbag View Post
Well this is true, but how do you prevent someone from doing so?
Oh, sorry. I forgot people's right to be stupid


Quote:
Originally Posted by Mrs Beanbag View Post
Because i'm not constantly inviting strangers into my own home off the street all day. If i were, i would certainly want some internal security. A better analogy would be a guest house or inn, or maybe living above a shop. Customers come in, maybe i refuse to serve them if they look a bit dodgy... maybe i have a doorman, maybe i have a list of people who are banned. But i'd still want a lockable door between my own rooms and the guest area, where the customers - or websites - can stay a while.

Actually customers is not such a good analogy, either. It may not likely be the customers who do the damage. But maybe some of them have fleas... fleas with lasers controlled by the evil laser-flea overlord.
So what you have as a computer is called a server, not a home computer.


Quote:
Originally Posted by Mrs Beanbag View Post
One bug we recently fixed in a client's (Windows) code was that it required to run from an admin account. Of course it didn't really need to at all, but it was storing its config files in the application directory. Windows users are of course used to only using an admin account, and approving of everything that asks for permissions. There must be a parable about this involving wolves, i'm sure.
Windows users use only a single admin account because they want something that works right away and doesn't annoy them.
meynaf is offline  
Old 01 August 2015, 16:27   #151
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by meynaf View Post
You don't get a seg fault when some nasty program starts deleting files on your HD.
well, ok, that is true in many operating systems. although it has to go through the OS to do so, which means it can't bypass file permissions, it can't compromise the kernel. It could compromise a user account, but not the entire system.

Your idea of each app being in its own sandbox is a good one though, and memory protection would help enforce it (in fact i don't know how you'd do it without).

Quote:
Oh, sorry. I forgot people's right to be stupid
well you can call common practice stupid if you like... and you may well be right... but i bet you run code that follows common practice quite often.

Quote:
So what you have as a computer is called a server, not a home computer.
I really don't care what you call it, i look at websites on my PC all the time. This is inviting digital content into my computer. I also run software i didn't write all the time, this could also be considered "guests". Some of it is the Javascript on websites that we now, for whatever reason, don't seem to be able to do without.

Maybe calling them customers confuses the issue, if i was the customer and they were coming into my home to provide me with a service, would that be a better analogy? Well, maybe. I don't have plumbers, builders and all other sorts of tradesmen in my house every single day, but if i did, again, maybe i'd be wise to invest in internal security.

Also there is another reason the analogy fails. In the real world, if someone breaks in, or if a tradesman steals my stuff, i can call the police. That is a sort of internal security that we all have. There is no police on the internet. It is like the wild west.

Quote:
Windows users use only a single admin account because they want something that works right away and doesn't annoy them.
well they made a big mistake installing Windows then...

Quote:
Originally Posted by meynaf View Post
That's equal, i've not been on irc for many years and probably will not be again ever.
ok suppose someone trolls you on EAB instead.

You know there's something very school playground about all this tit-for-tat. "You can't kill me i've got a shield!" "Yeah well i've got a shield-breaking bazooka!"

Last edited by Mrs Beanbag; 01 August 2015 at 16:35.
Mrs Beanbag is offline  
Old 01 August 2015, 16:47   #152
idrougge
Registered User
 
Join Date: Sep 2007
Location: Stockholm
Posts: 3,076
I think Meynaf's entire argumentation proves the point that programmers should be kept as far away as possible from systems design.
idrougge is offline  
Old 01 August 2015, 17:21   #153
Samurai_Crow
Total Chaos forever!

Samurai_Crow's Avatar
 
Join Date: Aug 2007
Location: Ft. Collins, CO USA
Age: 43
Posts: 920
Send a message via Yahoo to Samurai_Crow
Quote:
Originally Posted by idrougge View Post
I think Meynaf's entire argumentation proves the point that programmers should be kept as far away as possible from systems design.
Gunnar von Boehn is a hardware designer who advocates Oberon 2 style managed code over MMU based memory protected environments. He is designing the softcore for the Vampire 2 accelerator.
Samurai_Crow is offline  
Old 01 August 2015, 17:29   #154
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
i do really like the idea of managed code, but it does tie you down to writing in particular supported languages. So no Asm!

Although i have been wondering lately about the possibility of safer instruction set architectures. Perhaps it would be an easy mod of 68k to, for instance, forbid address register indirect modes if the relevant address register is zero (including lea instructions).
Mrs Beanbag is offline  
Old 01 August 2015, 17:57   #155
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
well, ok, that is true in many operating systems. although it has to go through the OS to do so, which means it can't bypass file permissions, it can't compromise the kernel. It could compromise a user account, but not the entire system.
Ah, file permissions. Something that has started to make me crazy as well.

- You don't currently have the correct permissions to access the file location.
- But, stupid computer, i am the supervisor and i own you !
- Sorry, you don't have permission.



Quote:
Originally Posted by Mrs Beanbag View Post
Your idea of each app being in its own sandbox is a good one though, and memory protection would help enforce it (in fact i don't know how you'd do it without).
It can be done with managed code, but the normal memory protection can do it as well. As long as i can bang the metal with asm, it's fine.


Quote:
Originally Posted by Mrs Beanbag View Post
well you can call common practice stupid if you like... and you may well be right... but i bet you run code that follows common practice quite often.
Alas, yes, i run such code. Is slow and crashes a lot.

But remember that a system that is tolerant to errors, actually favors the existence of said errors.


Quote:
Originally Posted by Mrs Beanbag View Post
I really don't care what you call it, i look at websites on my PC all the time. This is inviting digital content into my computer. I also run software i didn't write all the time, this could also be considered "guests". Some of it is the Javascript on websites that we now, for whatever reason, don't seem to be able to do without.

Maybe calling them customers confuses the issue, if i was the customer and they were coming into my home to provide me with a service, would that be a better analogy? Well, maybe. I don't have plumbers, builders and all other sorts of tradesmen in my house every single day, but if i did, again, maybe i'd be wise to invest in internal security.

Also there is another reason the analogy fails. In the real world, if someone breaks in, or if a tradesman steals my stuff, i can call the police. That is a sort of internal security that we all have. There is no police on the internet. It is like the wild west.
Well, you wear an armor and i prefer dodging the blow. It's a matter of choice. I don't like the armor because it hinders my moves. You say i'm not protected but i don't care


Quote:
Originally Posted by Mrs Beanbag View Post
well they made a big mistake installing Windows then...
No. They have something that works right away (especially when it is preinstalled at the time of buying).


Quote:
Originally Posted by Mrs Beanbag View Post
ok suppose someone trolls you on EAB instead.
Everyone trolls me here already


Quote:
Originally Posted by Mrs Beanbag View Post
You know there's something very school playground about all this tit-for-tat. "You can't kill me i've got a shield!" "Yeah well i've got a shield-breaking bazooka!"
Maybe, but while you prefer being in a fortress, i prefer open land, even if you consider it as dangerous. It's my right, isn't it ?


Quote:
Originally Posted by idrougge View Post
I think Meynaf's entire argumentation proves the point that programmers should be kept as far away as possible from systems design.
They have been for a few decades, and we can see the result


Quote:
Originally Posted by Samurai_Crow View Post
Gunnar von Boehn is a hardware designer who advocates Oberon 2 style managed code over MMU based memory protected environments. He is designing the softcore for the Vampire 2 accelerator.
I was right, MMUs aren't exactly the easiest thing to put in a softcore.

I'm not against the idea of managed code, as long as i can still do asm.

Some people like bare metal programming and i want it to be possible.
The machine i want to have is a programmer's dream, not a dumb internet terminal.
Security ? Bah. I surfed the net with my A1200 for more than 15 years and never got hacked. It's about likeliness ; it's less likely to get attacked with such a rare machine than having some attacker pass the numerous defenses on a mainstream machine. So what ?
meynaf is offline  
Old 01 August 2015, 18:22   #156
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by meynaf View Post
No. They have something that works right away (especially when it is preinstalled at the time of buying).
well it works... but it keeps hassling users asking for permissions all the time.

it's a funny thing, is Windows. Because early on, it had very little security at all, because the average home or business user just didn't really need it. but as things moved on, it needed more and more security, so they started locking things down, and of course this frustrates users because they think "why can't i do this, i used to be able to do this why can't i anymore, this latest version of Windows sucks..."

Windows is getting more Unix-like in its security in its latest incarnations, now it requires permissions for all sorts of things, but because people still expect to be able to configure and use Windows the same way they did before, it all ends up a bit of a mess. Like the example i gave earlier, of a software that requires admin privileges to run, because the programmers thought it was reasonable to demand this from the user even though there was no real need to do so, because it was just too much effort to do it properly (or they didn't know better or there wasn't time or whatever).

Quote:
I was right, MMUs aren't exactly the easiest thing to put in a softcore.
I'm going to say it again, there is more than one way to skin a memory protection. It doesn't have to involve page remapping. Really that is done for various other reasons such as virtual memory support, avoid memory fragmentation problems &c.

Quote:
Security ? Bah. I surfed the net with my A1200 for more than 15 years and never got hacked. It's about likeliness ; it's less likely to get attacked with such a rare machine than having some attacker pass the numerous defenses on a mainstream machine. So what ?
Works for you, fine. But if you were designing a new machine, it would be quite crazy to design it specifically for unpopularity. Which is not the same as designing for a niche market, we don't know if that niche is going to become popular at some point in the future.

I think it is possible to serve everyone's needs here. I outlined a way in which it might be possible for hardcore users to run programs in kernel space if they wanted to, but you didn't like it for some reason.
Mrs Beanbag is offline  
Old 01 August 2015, 18:39   #157
Samurai_Crow
Total Chaos forever!

Samurai_Crow's Avatar
 
Join Date: Aug 2007
Location: Ft. Collins, CO USA
Age: 43
Posts: 920
Send a message via Yahoo to Samurai_Crow
Quote:
Originally Posted by Mrs Beanbag View Post
i do really like the idea of managed code, but it does tie you down to writing in particular supported languages. So no Asm!

Although i have been wondering lately about the possibility of safer instruction set architectures. Perhaps it would be an easy mod of 68k to, for instance, forbid address register indirect modes if the relevant address register is zero (including lea instructions).
Ummm... You do realize you can make up your own macros in Assembly in such a way that there is a debug and release version of the macros, don't you? Also remember that the '020+ has exception vectors specifically for the purpose of range checks and such.

To check the address of an array lookup of type long for range validity, you do something like this on 68020+:
Code:
CHK.W #ARRAY_MAX,D0 ; range check
TST.L A0 ; null check
TRAPEQ
MOVE.L (A0,D0.W*4),D1 ; actual load with scaling address mode
Of course, the trap vectors must be initialized in a debugger or runtime library for these opcodes to be useful. Also, if the index is an immediate value, it can be constant folded for efficiency. Likewise, redundant null checks can be removed via dead-code elimination as well.
Samurai_Crow is offline  
Old 01 August 2015, 18:41   #158
NorthWay
Registered User
 
Join Date: May 2013
Location: Grimstad / Norway
Posts: 391
Quote:
Originally Posted by meynaf View Post
The OS doesn't have to protect from me. I know what i am doing. What i want is a tool, not a cop.
Fantastic, we have now found the single person on earth that never makes a mistake and never has bugs in his code.

Good for you, but I want _my_ OS to protect me from myself.
Humour me this:
-a programmed and intentional write to $100
-a bug ending up writing to $100
how does the OS know the difference?
NorthWay is offline  
Old 01 August 2015, 18:50   #159
Mrs Beanbag
Glastonbridge Software
Mrs Beanbag's Avatar
 
Join Date: Jan 2012
Location: Edinburgh/Scotland
Posts: 2,202
Quote:
Originally Posted by Samurai_Crow View Post
Ummm... You do realize you can make up your own macros in Assembly in such a way that there is a debug and release version of the macros, don't you?
How will that help me? I don't want null pointers to crash the entire system in the released version, either.

Quote:
Also remember that the '020+ has exception vectors specifically for the purpose of range checks and such.

To check the address of an array lookup of type long for range validity, you do something like this on 68020+:
Well of course you can explicitly check for nulls and out-of-ranges in your own code (debug or release) but i don't think you understand my point... the system is still not protected from code not written that way. I'm thinking about a CPU architecture in which these kinds of errors simply can't happen.
Mrs Beanbag is offline  
Old 01 August 2015, 18:57   #160
meynaf
son of 68k
meynaf's Avatar
 
Join Date: Nov 2007
Location: Lyon / France
Age: 44
Posts: 2,459
Quote:
Originally Posted by Mrs Beanbag View Post
I'm going to say it again, there is more than one way to skin a memory protection. It doesn't have to involve page remapping. Really that is done for various other reasons such as virtual memory support, avoid memory fragmentation problems &c.
Oh i could have several options as well : flat with no protection, flat with protection, paged. Why not ?

It's much like the option to run under linux or uclinux (or something else) on the same machine.


Quote:
Originally Posted by Mrs Beanbag View Post
Works for you, fine. But if you were designing a new machine, it would be quite crazy to design it specifically for unpopularity. Which is not the same as designing for a niche market, we don't know if that niche is going to become popular at some point in the future.
Well, do you really think that a configuration option to turn off memory protection (obviously on by default) would make the platform unpopular ?


Quote:
Originally Posted by Mrs Beanbag View Post
I think it is possible to serve everyone's needs here. I outlined a way in which it might be possible for hardcore users to run programs in kernel space if they wanted to, but you didn't like it for some reason.
I didn't like it because it was too complicated.
I prefer to be able to run programs in the same way for both options ; they don't know if they run in protected mode or not and they don't have to.

Frankly the argue that's made here because of that simple option is a little bit overkill...
I bet that if i did the system this way, nobody here using it would even notice the option is there


Quote:
Originally Posted by NorthWay View Post
Fantastic, we have now found the single person on earth that never makes a mistake and never has bugs in his code.
You exaggerate


Quote:
Originally Posted by NorthWay View Post
Good for you, but I want _my_ OS to protect me from myself.
Assuredly. You're dangerous. You need a straitjacket

But don't worry. The memory protection option will be active by default. So you will not harm yourself.


Quote:
Originally Posted by NorthWay View Post
Humour me this:
-a programmed and intentional write to $100
-a bug ending up writing to $100
how does the OS know the difference?
It doesn't have to. It's none of its business.


Quote:
Originally Posted by Mrs Beanbag View Post
How will that help me? I don't want null pointers to crash the entire system in the released version, either.
Perhaps you have to test and debug your code before you make a release
meynaf is offline  
AdSense AdSense  
 


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Similar Threads
Thread Thread Starter Forum Replies Last Post
Amiga 1200 computer sidrulez! MarketPlace 4 02 January 2015 00:36
looking for my amiga 3000 computer amicrawler MarketPlace 4 19 September 2009 22:50
Amiga inc reveal new entry Amiga computer - $489usd Mikey_C News 132 01 October 2007 14:10
The DADDY Amiga computer is? Bloodwych Retrogaming General Discussion 27 05 August 2002 19:14

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 17:51.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Page generated in 0.40242 seconds with 11 queries