Thanks for the correction -- I was only aware of the general sense of the term, and that's what my post referred to. I agree that the signed-key system probably will have very few realistic security applications.
To be fair, OpenBSD doesn't really care much about performance, and is willing to take a big speed hit for security. They have implemented workarounds for the architecture that have been deemed unacceptable elsewhere (Linux). All of this is pretty recent -- a few years ago, they had all the same fundemental problems as everyone else.
-- Linux, BSD, and other *nix systems are reasonably well protected through the design of the system...
Linux/BSD/Solaris's record in this department is barely better than Windows. Sure, modern distros don't have the horrific design choices that Microsoft has made, but, still, exploitable holes in internet demons keep coming and coming and coming and show no sigh of stopping. No disrespect, but the state of Linux is hardly a security standard to shoot for.
--Perhaps the best thing Microsoft can do is integrate something like ProPolice into the C and C++ libraries
Believe they've done this with the latest compilers, whether that would work in production is another question.
--If x86 really is less secure by nature, it probably wouldn't hurt if they'd put their virtualization engine
Good news is that x86 hardware will be fully virtualizable by next year, so this is a likely prediction.
You seem like that you might be under the impression that "TrustedComputing" is a Microsoft brandname. It isn't, it's a class of security systems which include things like Linux Capabilities and SELinux. So it simply does not parse to say that SELinux is better than trusted computing, because SELinux is trusted computing.
(Or technically, an implementation of SELinux would be, if it existed.)
I agree that sandboxes aren't a cure-all, but but neither is the Unixy/OS X "Type your admin password". I still think would be a nice feature to have on a personal system, for myself anyway.
Actually, I'd bet the "majority of exploits" are social-engineering attacks where users are tricked into running email attachments, installing software from a webpage, or installing spyware bundles like Kazaa.
The solution for this is an easily configurable sandbox, which the vapor factory in Redmond says they are working on. Maybe "Sandboxed computing" is a better term, but the DoD called it "trusted computing", so that's what we're stuck with.
"Sandbox computing" also has little relationship to the trusted key storage, bootloader verification and other planned DRM features (as far as I can tell). But its fun to conflate the two ideas for FUD and profit.
I read that MS went through their entire codebase and removed all of these assumptions. The question is why they would go to all that effort when a easier solution was available.
The only reasons I can imagine are: (A) They wanted to kick programmers in the ass to "do the right thing" wrt pointers (B) They surveyed 3rd party code and found that other assumptions about a 32-bit long outweighed the pointer issue, so fixing the system code was the right thing for ISVs.
But I'm out of my depth here, any other ideas to their thinking?
> so, Win16s applications should be able to work without a problem
I'm not so sure about that -- when I run a Win16 app under 32-bit Windows, I get a WOWEXEC and a NTVDM process. The NTVDM ('virtual DOS machine') relies on virtual real/8086 mode, which AMD64 does not provide.
I don't know enough about Win16 to explain this design, but maybe the WOW32 stuff relies on BIOS emulation or something, or Win16 apps still made DOS calls. (If 16-bit OS/2 apps still worked, they would probably run fine.)
I guess I didn't realize we were talking about mouse pointers, or the windowing system rather than the applications.
FWIW, I think your analysis of X11 is Insightful++, however at least part of Windows applications' percieved responsiveness is due to (pretty smart IMO) scheduler hacks.
When Microsoft moved from win16 to win32, everyone had to upgrade all their apps to take advantage of Windows 95
Widespread 32-bit support was long overdue, and the applications were generally more stable and functional than 16-bit apps that had to manage segmented memory. (Plus you had fancy new UIs, long filenames, etc).
I just don't see any real compelling advantage to 64-bit that would make users demand an upgrade to their word processors and MP3 players. Maybe only for high-end video/image editing apps, CAD and the like.
This isn't Microsoft's doing. The AMD64 hardware design disables the needed hardware support ("virtual real mode" etc) when you are in 64-bit mode. DOSEMU, Wine16 and the like break under Linux/AMD64 as well.
> OS/2, at that time, was truly a Windows better than Windows
For me, it wasn't.
In those days, Windows 3.1 was such a piece of trash it wasn't unusual to have it crash 3 times a day . Under DOS you could be back and running within 30 seconds. Under OS/2, it sometimes would come back up in 30 seconds, but other times it would require me to endure OS/2's 10 minute reboot cycle of pain.
Since there was no alternative to the Win apps I was using, I was back with DOS until I got my hands on Windows NT (where the Win16 was slower and less compatitible, but very very stable).
I doubt that what you're seeing has anything to do with process priorities or scheduler design
I wouldn't be so sure. In Windows, bringing a window to foreground effectively re-nices it to a higher priority. This has been true since NT3.1, and it wouldn't suprise me if MS and/or IBM did the same trick in Presentation Manager.
They tried hard enough to get a very good Windows 95 OEM deal. ($11/copy per court testimony.) That at least covered the costs of the OS/2 Fiesta Bowl (and other OS/2 marketing mishaps).
(A) It makes it "too easy" to install software directly from a web page (1 or 2 clicks instead of 3 or 4).
(B) It removes the absolute javascript sandbox from the html-renderer, which leaves you at the mercy of underlying flaws in the OS and intentional and unintentional holes from every third-party vendor.
Apple might have avoided (A), but it sounds like they've charged right into (B). At this point I think it's too early to say that Dashboard won't be a "spyware and virus enabler" -- I've yet to hear any technical reason why it wouldn't or couldn't be.
Dashboard's technology is very similar to ActiveX or "HTAs" -- just remove the Sandbox from javascript. HTML/JS apps that reformat your hard drive will soon be available to Mac users.
You're confusing two thing in your posts. The floating "dashboard" UI is pretty cool and innovative. The actual Dashboard widgets/DAs themselves are a copy of one of Microsoft's least good ideas.
Linux is no replacement for Solaris and vice versa. A 40ton truck...
This incorrect perception that Solaris is only good for mid-to-large systems is Sun's biggest problem in the marketplace -- The demand for 8+ way UNIX systems is declining sharply, while sales of cheap Xeon/Opteron servers is booming. However, there's nothing about Solaris which makes it unsuitable for lowend boxes -- it's just a minor tuning issue.
With AMD/Intel's dualcore chips coming out, you'll see "low-end" 4-way Dells for $2000 by next year. The year after that, you'll see commodity 8-way systems with 4 chips per core. Even lowend users will want an OS designed for CPU scalability in the near future..
Maybe someone can find it, but the SCO GCC guy posted on Slashdot once. He indicated that he was pretty much single-handedly responsible for the SCO UNIX port, so GCC pulling their endorcement wouldn't make much if any difference to SCO customers. I belive his attitude towards his employer was "I don't like it but who else will pay me to hack on GCC?"
Now tell me how frivilious lawsuits agaisnt wrongfull termination are not out of control?
They are not out of control because you told a rambling and pointless anecdote.
I rather doubt that anyone could get $1.3M from a Fortune 500 legal department simply for being hispanic. Either there was substantial evidence of discrimination, or (more likely) this chick had some very good dirt on someone up high.
Yeah, but they did almost file bankrupcy (twice), and subsequently lost 90% of their marketshare. But as long as they didn't totally go under, I guess you can't criticize them.:P
Your history is incorrect -- Dvorak was a huge Mac (and Amiga) fan in the late 80s and early 90s, and only later became a "counterpoint", after which he was fired from MacUser.
One particular example I recall is when the new PCI PowerMac 8500 shipped. Cover-to-cover, the mag praised this wonderful new machine. Dvorak is the only one who bothers pointing out that Apple is shipping $3500 hardware with a crashy OS and no networking. (All true on release, although with later OSes the 8500 became a great machine.) Of course the next months letter column is full of silly Mac Zealots complaining about how they would rather not read this sort of news.
The historical facts show that Apple management was seriously malfunctional in the 90s -- buggy hardware, buggy software, bad pricing and model strategies, bad finances, little response to Windows advances. Heaven forbid that Mac users would have to read someone telling it like it was. (I got a copy of MacWorld recently, and it was astounding how vapid and pathetic the thing was, but I suppose that's true of all print mags nowdays.)
Like you said, Avalon is a "foundation" -- a technology. The reason people use Flash is the fancy designer software which allows creators to use the technology. It will take a long time before the Avalon tools are up to the same level as Flash's.
Slashdot Mirror
> Trusted Computing is a trademark,
Thanks for the correction -- I was only aware of the general sense of the term, and that's what my post referred to. I agree that the signed-key system probably will have very few realistic security applications.
To be fair, OpenBSD doesn't really care much about performance, and is willing to take a big speed hit for security. They have implemented workarounds for the architecture that have been deemed unacceptable elsewhere (Linux). All of this is pretty recent -- a few years ago, they had all the same fundemental problems as everyone else.
-- Linux, BSD, and other *nix systems are reasonably well protected through the design of the system ...
Linux/BSD/Solaris's record in this department is barely better than Windows. Sure, modern distros don't have the horrific design choices that Microsoft has made, but, still, exploitable holes in internet demons keep coming and coming and coming and show no sigh of stopping. No disrespect, but the state of Linux is hardly a security standard to shoot for.
--Perhaps the best thing Microsoft can do is integrate something like ProPolice into the C and C++ libraries
Believe they've done this with the latest compilers, whether that would work in production is another question.
--If x86 really is less secure by nature, it probably wouldn't hurt if they'd put their virtualization engine
Good news is that x86 hardware will be fully virtualizable by next year, so this is a likely prediction.
You seem like that you might be under the impression that "TrustedComputing" is a Microsoft brandname. It isn't, it's a class of security systems which include things like Linux Capabilities and SELinux. So it simply does not parse to say that SELinux is better than trusted computing, because SELinux is trusted computing.
(Or technically, an implementation of SELinux would be, if it existed.)
I agree that sandboxes aren't a cure-all, but but neither is the Unixy/OS X "Type your admin password". I still think would be a nice feature to have on a personal system, for myself anyway.
Actually, I'd bet the "majority of exploits" are social-engineering attacks where users are tricked into running email attachments, installing software from a webpage, or installing spyware bundles like Kazaa.
The solution for this is an easily configurable sandbox, which the vapor factory in Redmond says they are working on. Maybe "Sandboxed computing" is a better term, but the DoD called it "trusted computing", so that's what we're stuck with.
"Sandbox computing" also has little relationship to the trusted key storage, bootloader verification and other planned DRM features (as far as I can tell). But its fun to conflate the two ideas for FUD and profit.
> sizeof(long) >= sizeof(void *)
I read that MS went through their entire codebase and removed all of these assumptions. The question is why they would go to all that effort when a easier solution was available.
The only reasons I can imagine are:
(A) They wanted to kick programmers in the ass to "do the right thing" wrt pointers
(B) They surveyed 3rd party code and found that other assumptions about a 32-bit long outweighed the pointer issue, so fixing the system code was the right thing for ISVs.
But I'm out of my depth here, any other ideas to their thinking?
> so, Win16s applications should be able to work without a problem
I'm not so sure about that -- when I run a Win16 app under 32-bit Windows, I get a WOWEXEC and a NTVDM process. The NTVDM ('virtual DOS machine') relies on virtual real/8086 mode, which AMD64 does not provide.
I don't know enough about Win16 to explain this design, but maybe the WOW32 stuff relies on BIOS emulation or something, or Win16 apps still made DOS calls. (If 16-bit OS/2 apps still worked, they would probably run fine.)
I guess I didn't realize we were talking about mouse pointers, or the windowing system rather than the applications.
FWIW, I think your analysis of X11 is Insightful++, however at least part of Windows applications' percieved responsiveness is due to (pretty smart IMO) scheduler hacks.
When Microsoft moved from win16 to win32, everyone had to upgrade all their apps to take advantage of Windows 95
Widespread 32-bit support was long overdue, and the applications were generally more stable and functional than 16-bit apps that had to manage segmented memory. (Plus you had fancy new UIs, long filenames, etc).
I just don't see any real compelling advantage to 64-bit that would make users demand an upgrade to their word processors and MP3 players. Maybe only for high-end video/image editing apps, CAD and the like.
This isn't Microsoft's doing. The AMD64 hardware design disables the needed hardware support ("virtual real mode" etc) when you are in 64-bit mode. DOSEMU, Wine16 and the like break under Linux/AMD64 as well.
> OS/2, at that time, was truly a Windows better than Windows
For me, it wasn't.
In those days, Windows 3.1 was such a piece of trash it wasn't unusual to have it crash 3 times a day . Under DOS you could be back and running within 30 seconds. Under OS/2, it sometimes would come back up in 30 seconds, but other times it would require me to endure OS/2's 10 minute reboot cycle of pain.
Since there was no alternative to the Win apps I was using, I was back with DOS until I got my hands on Windows NT (where the Win16 was slower and less compatitible, but very very stable).
I doubt that what you're seeing has anything to do with process priorities or scheduler design
I wouldn't be so sure. In Windows, bringing a window to foreground effectively re-nices it to a higher priority. This has been true since NT3.1, and it wouldn't suprise me if MS and/or IBM did the same trick in Presentation Manager.
They tried hard enough to get a very good Windows 95 OEM deal. ($11/copy per court testimony.) That at least covered the costs of the OS/2 Fiesta Bowl (and other OS/2 marketing mishaps).
My understanding is that OS/2 POSIX support is not "native", but implemented with a cygwin-like DLL. It's probably Berkeley code.
If IBM licenced SVR5 code for OS/2, they really should have used more of it (like the portable multiuser kernel).
The two main issues with ActiveX are:
(A) It makes it "too easy" to install software directly from a web page (1 or 2 clicks instead of 3 or 4).
(B) It removes the absolute javascript sandbox from the html-renderer, which leaves you at the mercy of underlying flaws in the OS and intentional and unintentional holes from every third-party vendor.
Apple might have avoided (A), but it sounds like they've charged right into (B). At this point I think it's too early to say that Dashboard won't be a "spyware and virus enabler" -- I've yet to hear any technical reason why it wouldn't or couldn't be.
Dashboard's technology is very similar to ActiveX or "HTAs" -- just remove the Sandbox from javascript. HTML/JS apps that reformat your hard drive will soon be available to Mac users.
You're confusing two thing in your posts. The floating "dashboard" UI is pretty cool and innovative. The actual Dashboard widgets/DAs themselves are a copy of one of Microsoft's least good ideas.
Linux is no replacement for Solaris and vice versa. A 40ton truck...
This incorrect perception that Solaris is only good for mid-to-large systems is Sun's biggest problem in the marketplace -- The demand for 8+ way UNIX systems is declining sharply, while sales of cheap Xeon/Opteron servers is booming. However, there's nothing about Solaris which makes it unsuitable for lowend boxes -- it's just a minor tuning issue.
With AMD/Intel's dualcore chips coming out, you'll see "low-end" 4-way Dells for $2000 by next year. The year after that, you'll see commodity 8-way systems with 4 chips per core. Even lowend users will want an OS designed for CPU scalability in the near future..
Check out the cartoon on page 3 of Steve Jobs selling Mac Minis at Walmart.
Maybe someone can find it, but the SCO GCC guy posted on Slashdot once. He indicated that he was pretty much single-handedly responsible for the SCO UNIX port, so GCC pulling their endorcement wouldn't make much if any difference to SCO customers. I belive his attitude towards his employer was "I don't like it but who else will pay me to hack on GCC?"
You're the one who is trolling now. Anyway, the brand new PCI support was bugged leading to far more bombs than usual.
Now tell me how frivilious lawsuits agaisnt wrongfull termination are not out of control?
They are not out of control because you told a rambling and pointless anecdote.
I rather doubt that anyone could get $1.3M from a Fortune 500 legal department simply for being hispanic. Either there was substantial evidence of discrimination, or (more likely) this chick had some very good dirt on someone up high.
Yeah, but they did almost file bankrupcy (twice), and subsequently lost 90% of their marketshare. But as long as they didn't totally go under, I guess you can't criticize them. :P
Sure it would be fair, but it doesn't seem to me as a likely direction for Apple.
Your history is incorrect -- Dvorak was a huge Mac (and Amiga) fan in the late 80s and early 90s, and only later became a "counterpoint", after which he was fired from MacUser.
One particular example I recall is when the new PCI PowerMac 8500 shipped. Cover-to-cover, the mag praised this wonderful new machine. Dvorak is the only one who bothers pointing out that Apple is shipping $3500 hardware with a crashy OS and no networking. (All true on release, although with later OSes the 8500 became a great machine.) Of course the next months letter column is full of silly Mac Zealots complaining about how they would rather not read this sort of news.
The historical facts show that Apple management was seriously malfunctional in the 90s -- buggy hardware, buggy software, bad pricing and model strategies, bad finances, little response to Windows advances. Heaven forbid that Mac users would have to read someone telling it like it was. (I got a copy of MacWorld recently, and it was astounding how vapid and pathetic the thing was, but I suppose that's true of all print mags nowdays.)
Like you said, Avalon is a "foundation" -- a technology. The reason people use Flash is the fancy designer software which allows creators to use the technology. It will take a long time before the Avalon tools are up to the same level as Flash's.