So what prevents them launching malware that can do the same thing, like they do now ?
Nothing. It only prevents the damage done by malware.
That makes no sense, but I think I know what you meant.
Oh, it does. Please stop being so negative because someone thought something you did not think. The problem with malware is that it can access various system resources without the user's consent, once launched (either from a user action or by user acceptance). By presenting "a virtual world" to the malware, where the malware sees a copy of the world, the damage can be limited.
To which my answer is: if users were capable of making those sorts of decisions, we wouldn't have the malware problem we do today.
You say "I know what you mean" and then you completely fail to show that you understood what I am proposing. So here it is again, with an example: suppose malware 'Foo' wants to alter the contents of file 'Bar'. 'Foo' opens the file 'Bar', and alters the contents. The operating system kernel though, instead of delivering the original file, it does a copy-on-write on file 'Bar', and therefore the original file 'Bar' is preserved.
For example ?
Lots of military embedded systems, lots of avionics systems. The F22 software, for example. Some parts of the F16 software kernel. Or the THALES Crotale kernel...really, if you look around, safety-critical and Ada go hand in hand.
I'm aware of Ada. Several of my CS degree subjects used it.
Yet you reject it for a commercial operating system kernel? how strange.
So how does the user launch applications that can access their files ?
Normally, like they do now.
Or are you proposing they are bombarded with even more "are you sure" dialogs every time some app wants to access a file and/or the network ?
The user will be able to configure which files are sensitive enough not to belong to any virtual session that is less privileged than his/her files.
Your reluctance says far more than Google does.
Your loss, not mine pal. There are plenty of real-time operating systems created with Ada.
If you knew Ada, you would know that is exactly like C when it comes to low-level control, yet advanced enough to be able to protect the system from the major flaws of C.
By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.
Not if the user's files do not belong in the virtual session that the malware belongs.
I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?
No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?
Sorry, I am not gonna do anything like that. Google is your friend.
For those who say C++ cannot be as flexible as ObjC, I wrote a little C++0x class and example that demonstrates how easy it is to have message passing in C++.
The overhead of sending messages through the run-time is little more than that of a function call.
No, it is not. It has significant overhead. WTF, doesn't anybody here understand how message passing works? Each time an ObjC message is passed to an object, the run-time does a search in a map to find the implementation!!!! WTF, what is wrong with Slashdot!!!!! has it become so popular that we can't understand how searching in a map works vs a vtable indirection!!!!!!
Please excuse my tone, but I've read lots of comments about ObjC today, most of them either wrong or exaggerating. It's amazing that a site proud for its members being technically skilled with computers to be ignorant of such basic facts!!!
I suppose you have a significantly better (simpler and more flexible) compiled OO language suitable for system-level programming up your sleeve, when you talk like that.
Yes. It's called C++. Which is significantly better than ObjC, and almost as simple and flexible.
And before you say anything, consider the fact that BeOS was largely programmed in C++. If the most flexible, fastest and most responsive multimedia operating system ever produced is not a testament to C++'s power, I don't know what it is.
And they chose NeXT precisely because of Objective-C and NeXTStep.
SOME military, intelligence, banking, financial and science communities chose NeXT. NeXT was a commercial failure...so the client list was pretty small.
Secondly, I doubt they chose a whole operating system because of the programming language used. It's a silly argument, for obvious reasons. They chose NeXT because it could support their requirements, at a good price.
This kind of stuff is either extremely difficult or outright impossible in C++.
No, it is not. Please stop spreading FUD. You can do ObjC's slow message passing mechanism in C++, using operator overloading and dynamic message maps (even creating a class dynamically).
You apparently do not really understand what Objective-C is about yet.
As if you understand what C++ is about.
But in my opinion, it is hard to see how anyone who has actually taken the time to look at Objective-C closely could ever refer to it as being a "poor man's C++".
Lack of templates and operator overloading means no smart pointers, which means no automated reference counting. This had led to quite a lot of bugs in iPhone applications.
The ObjC runtime is dynamic, which is IMHO a blessing, compared to the strict typing and template system of C++
It is a blessing and a curse, at the same time. There is a reason strict type systems have been developed.
You have protocols for that, amongst other things.
Protocols (or interfaces) are a poor man's multiple inheritance.
Actually, it's the other way around, C++ is the poor mans objC.
C++ has a lot more capabilities than ObjC. For any non-trivial software, C++'s capabilities are necessary.
The company I work for writes ObjC code for iPhone applications, and we have lots of memory problems, due to mismanaged reference counts, but we can't have smart pointers as in C++, due to lack of templates. On the other hand, we have written C++ applications with thousands of lines of code (120 kloc) without a single memory problem, thanks to smart pointers.
Unlike C++ it's a C superset
C++ is 99.9% compatible with C, whereas ObjC is 100% compatible with C. That's hardly a worth noting difference.
and way back with NeXT it was demonstrably leading to fewer bugs and less developer time on the same job.
C++ 2010 is different from C++ 1990. C++ didn't even have templates back then.
It's also a matter of design; for example, if you compare Qt with Cocoa, you'll find a similar level of quality.
Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system.
Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.
Furthermore, applications that communicate with any network should be run within their own virtual session; if they modify any critical resource, they would not affect the operation of the computer.
Finally, capability-based security has been proven to work brilliantly as a security paradigm.
Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).
You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.
If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.
We are not arguing about 100% bug free software, we are arguing about software that is bug free from trivial(*) bugs, like buffer overflows or privilege exploits. Complex bugs that are the result of unsolvable problems will always exist.
Let's also not forget that anti-malware software is a serious business with millions of downloads every week. Why would Microsoft want to disturb that, when they have a lot of software houses making anti-malware software for them? it's bad from a business point of view.
Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.
It's strange, isn't it? there is no PC-based console. A machine like that could be easily upgraded by replacing the graphics card, processor, CPU and motherboard, etc. The only thing required is a dumbed-down version of Windows or a special version of Linux.
The console could be sold with 3 configurations: one extra cheap with a low-level graphics card for playing older/smaller games, a middle range card for playing most games and a super-high-powered card for playing games based on the Crytek engine. The consoles would be easily upgradable by just opening them and replacing the video card.
Closures and delegates are different things: delegates are constructs that forward the invocation to another function, and closures are function objects that have some state of the program bound to them so as that it should not have to be passed explicitly to the function.
Nitpicking, I know, but I think it's in important distinction.
It may be that DesqView, GEM etc were better than Windows 1.0, but when PCs became a viable platform (i.e. when 80386 was a viable choice), Windows 3.0 was the only O/S choice, vastly superior than anything else on the PC.
When the 386 CPU came out, some of the people that were into computers understood that it was time for a true 32-bit operating system for the PC. Most magazine articles of the time talked repeatedly about how 32-bit operating systems is the future of the PC and the IT industry.
Microsoft got it, and they made Windows NT. The others didn't(*), and they faded into oblivion.
(*)Except Apple, that is: MacOS was superior than Windows, but Windows run on PC compatibles.
You are wrong on most of your accounts. It's amazing that memory has faded so fast. 25 years is not that of a big period of time to forget all those things.
but the Atari ST was an amazing piece of hardware,
It wasn't. It was a shitty piece of hardware, bolted on the superior cpu of the time (the MC68000). The sound chip of the ST as an FM modulator with 3 channels and only one hardware channel, and there was no graphical acceleration. Graphics were limited to 320x200 with 16 colors, 640x200 with 4 colors and 640x400 with 2 colors. It had MIDI ports, but the joystick ports were 'reversed' so you could only buy Atari joysticks to connect to it.
I can see that it was clearly the best of the 8-bit era.
Having a 32-bit CPU with a 24-bit address space, the Atari ST was a 32-bit computer, with 24-bit memory, confined in the limitations of a 16-bit machine. It was not 8-bit. 8-bit computers included the machines with the Z80 and 6502 CPUs (ZX Spectrum, Amstrad CPC, BBC Acorn Electron, Apple I/II, Commodore 64 and their offsprings).
and separate processors for both sound and video
No, it did not. It had minimal support for hardware sound and graphics. Most Atari ST games were really bad when compared to Amiga, which had real custom chips.
The Atari ST got a Blitter chip with STE, and a DSP with Atari Falcon.
And it was cheaper than most of its competitors.
It wasn't. It cost a little bit less than the Amiga, but it was way inferior to the Amiga in all things that mattered. The Atari ST was much more expensive than the 8-bit micros of the time.
I wonder how old the author of TFA is. It's not hard to remember life before Windows at all. I remember life before DOS, back when the first pull-down menus were implemented in WordStar -- a text editor by today's standards -- solely as an aid to learning the key commands.
I wonder if you really had an Atari ST. I had a friend who was a fanatical Atari supporter, while I had an Amiga. We had epic "battles" regarding which computer was superior, and the Amiga always came on top. This is understandable though, because the Atari ST lacked any sort of hardware support for graphics and sound.
Hardware and software have come a long way since then, but it came at the expense of losing the rich variety of the early personal computer era, to the point that people now have passionate arguments about the barely perceptible differences between Mac and PC GUIs.
The rich variety you mention was a setback, actually. It meant wildly different codebases for game companies for the same games, wildly different graphics, wildly different music. GUI applications had to deal with totally different UI concepts and capabilities. Software companies back then had to actually choose one of the platforms to develop on, as they were wildly different. Creating the same game for different platforms meant that you had to give all your data to a third party that was specialized in developing programs for the other platform. Writing code meant assembly. There were no fancy IDEs, C compilers, garbage collection and all that jazz and hand holding we have today.
Yeah, the term "observer" confuses a lot of people, resulting in confusing it with consiousness.
"Observer" means any event that requires the cause to happen before the effect. For example, two particles that change the energy configuration of a point in space are observers, because their collision has macroscopic consequences.
Slashdot Mirror
So what prevents them launching malware that can do the same thing, like they do now ?
Nothing. It only prevents the damage done by malware.
That makes no sense, but I think I know what you meant.
Oh, it does. Please stop being so negative because someone thought something you did not think. The problem with malware is that it can access various system resources without the user's consent, once launched (either from a user action or by user acceptance). By presenting "a virtual world" to the malware, where the malware sees a copy of the world, the damage can be limited.
To which my answer is: if users were capable of making those sorts of decisions, we wouldn't have the malware problem we do today.
You say "I know what you mean" and then you completely fail to show that you understood what I am proposing. So here it is again, with an example: suppose malware 'Foo' wants to alter the contents of file 'Bar'. 'Foo' opens the file 'Bar', and alters the contents. The operating system kernel though, instead of delivering the original file, it does a copy-on-write on file 'Bar', and therefore the original file 'Bar' is preserved.
For example ?
Lots of military embedded systems, lots of avionics systems. The F22 software, for example. Some parts of the F16 software kernel. Or the THALES Crotale kernel...really, if you look around, safety-critical and Ada go hand in hand.
I'm aware of Ada. Several of my CS degree subjects used it.
Yet you reject it for a commercial operating system kernel? how strange.
So how does the user launch applications that can access their files ?
Normally, like they do now.
Or are you proposing they are bombarded with even more "are you sure" dialogs every time some app wants to access a file and/or the network ?
The user will be able to configure which files are sensitive enough not to belong to any virtual session that is less privileged than his/her files.
Your reluctance says far more than Google does.
Your loss, not mine pal. There are plenty of real-time operating systems created with Ada.
If you knew Ada, you would know that is exactly like C when it comes to low-level control, yet advanced enough to be able to protect the system from the major flaws of C.
By definition it would have access to the user's files and be able to interact with the network, which covers about 99% of everything the average piece of malware might want to do.
Not if the user's files do not belong in the virtual session that the malware belongs.
I'm not aware of them being used for mainstream, general-purpose computing. Do you have any examples ?
No, I don't, though it isn't because I haven't looked. Instead of being a pretentious ass, maybe you could just give some examples ?
Sorry, I am not gonna do anything like that. Google is your friend.
But the malware could still do whatever it wanted within the "virtual session". Practical difference == zero.
Wrong. The malware would do nothing. It would affect fake resources.
Proven where ?
See the Eros operating system and its derivatives.
The lack of any general purpose OSes written in Ada should help demonstrate the real world isn't so simple.
You mean that you don't know any. Google is your friend.
For those who say C++ cannot be as flexible as ObjC, I wrote a little C++0x class and example that demonstrates how easy it is to have message passing in C++.
The overhead of sending messages through the run-time is little more than that of a function call.
No, it is not. It has significant overhead. WTF, doesn't anybody here understand how message passing works? Each time an ObjC message is passed to an object, the run-time does a search in a map to find the implementation!!!! WTF, what is wrong with Slashdot!!!!! has it become so popular that we can't understand how searching in a map works vs a vtable indirection!!!!!!
Please excuse my tone, but I've read lots of comments about ObjC today, most of them either wrong or exaggerating. It's amazing that a site proud for its members being technically skilled with computers to be ignorant of such basic facts!!!
I suppose you have a significantly better (simpler and more flexible) compiled OO language suitable for system-level programming up your sleeve, when you talk like that.
Yes. It's called C++. Which is significantly better than ObjC, and almost as simple and flexible.
And before you say anything, consider the fact that BeOS was largely programmed in C++. If the most flexible, fastest and most responsive multimedia operating system ever produced is not a testament to C++'s power, I don't know what it is.
And they chose NeXT precisely because of Objective-C and NeXTStep.
SOME military, intelligence, banking, financial and science communities chose NeXT. NeXT was a commercial failure...so the client list was pretty small.
Secondly, I doubt they chose a whole operating system because of the programming language used. It's a silly argument, for obvious reasons. They chose NeXT because it could support their requirements, at a good price.
This kind of stuff is either extremely difficult or outright impossible in C++.
No, it is not. Please stop spreading FUD. You can do ObjC's slow message passing mechanism in C++, using operator overloading and dynamic message maps (even creating a class dynamically).
Man, this thread is spread with more fud than ever...as if Slashdotters are no more technical people.
C++ can easily a dynamic runtime just like ObjC, if it was necessary, by using operator overloading and dynamic message maps, instead of vtables.
You some how make it rational to have to type a class prefix all the time, at each and every line of code...
You apparently do not really understand what Objective-C is about yet.
As if you understand what C++ is about.
But in my opinion, it is hard to see how anyone who has actually taken the time to look at Objective-C closely could ever refer to it as being a "poor man's C++".
Lack of templates and operator overloading means no smart pointers, which means no automated reference counting. This had led to quite a lot of bugs in iPhone applications.
The ObjC runtime is dynamic, which is IMHO a blessing, compared to the strict typing and template system of C++
It is a blessing and a curse, at the same time. There is a reason strict type systems have been developed.
You have protocols for that, amongst other things.
Protocols (or interfaces) are a poor man's multiple inheritance.
Actually, it's the other way around, C++ is the poor mans objC.
C++ has a lot more capabilities than ObjC. For any non-trivial software, C++'s capabilities are necessary.
The company I work for writes ObjC code for iPhone applications, and we have lots of memory problems, due to mismanaged reference counts, but we can't have smart pointers as in C++, due to lack of templates. On the other hand, we have written C++ applications with thousands of lines of code (120 kloc) without a single memory problem, thanks to smart pointers.
Unlike C++ it's a C superset
C++ is 99.9% compatible with C, whereas ObjC is 100% compatible with C. That's hardly a worth noting difference.
and way back with NeXT it was demonstrably leading to fewer bugs and less developer time on the same job.
C++ 2010 is different from C++ 1990. C++ didn't even have templates back then.
It's also a matter of design; for example, if you compare Qt with Cocoa, you'll find a similar level of quality.
Seriously, let's hear this brilliant idea that a number of geeks on Slashdot seem to have as to how to design an OS that is perfectly secure against Malware and so on, yet still gives the user full administrative control over their system.
Full virtualization of system resources per user would allow a user to have full administrator rights over his machine, without compromising the operating system. For example, a user may modify the file kernel32.dll, but it would be a copy of the file that would be modified.
Furthermore, applications that communicate with any network should be run within their own virtual session; if they modify any critical resource, they would not affect the operation of the computer.
Finally, capability-based security has been proven to work brilliantly as a security paradigm.
Also then show the design methods that can be used to ensure that there are zero bugs, anywhere, ever, in the design or the implementation and that allow a product to be produced in the timescales demanded by the consumer world (as in it can't take 10 years of validation).
You don't need any particular design methods, you only need to use a programming language that has runtime protection for the most basic of flaws, i.e. buffer overflows. Had Microsoft used Ada, instead of C, for example, 99% of the problems would not exist.
If you put any real thought in this, you'll realize it can't be done. There is no power without responsibility, there is no perfect system that is 100% bug free.
We are not arguing about 100% bug free software, we are arguing about software that is bug free from trivial(*) bugs, like buffer overflows or privilege exploits. Complex bugs that are the result of unsolvable problems will always exist.
(*)trivial in the sense of being easy to solve.
Legacy software could run exclusively under a Virtual Machine. For the last 10 years, CPUs have all the technology required for that.
And it's not that Microsoft would ditch the NT kernel...we are only taking about the Win32 subsystem.
Let's also not forget that anti-malware software is a serious business with millions of downloads every week. Why would Microsoft want to disturb that, when they have a lot of software houses making anti-malware software for them? it's bad from a business point of view.
Not true. A firewall cannot prevent from a virus taking over your computer, it only protects from accessing specific ports. If you install Windows 7 and then visit a malicious site, your computer will be a spam transmitter almost instantly.
It's strange, isn't it? there is no PC-based console. A machine like that could be easily upgraded by replacing the graphics card, processor, CPU and motherboard, etc. The only thing required is a dumbed-down version of Windows or a special version of Linux.
The console could be sold with 3 configurations: one extra cheap with a low-level graphics card for playing older/smaller games, a middle range card for playing most games and a super-high-powered card for playing games based on the Crytek engine. The consoles would be easily upgradable by just opening them and replacing the video card.
Pretty soon, we are all going to be considered guilty until proven innocent...as predicted by most works of sci-fi....
Closures and delegates are different things: delegates are constructs that forward the invocation to another function, and closures are function objects that have some state of the program bound to them so as that it should not have to be passed explicitly to the function.
Nitpicking, I know, but I think it's in important distinction.
It may be that DesqView, GEM etc were better than Windows 1.0, but when PCs became a viable platform (i.e. when 80386 was a viable choice), Windows 3.0 was the only O/S choice, vastly superior than anything else on the PC.
When the 386 CPU came out, some of the people that were into computers understood that it was time for a true 32-bit operating system for the PC. Most magazine articles of the time talked repeatedly about how 32-bit operating systems is the future of the PC and the IT industry.
Microsoft got it, and they made Windows NT. The others didn't(*), and they faded into oblivion.
(*)Except Apple, that is: MacOS was superior than Windows, but Windows run on PC compatibles.
Not only UNIXes, but the Amiga as well had preemptive multitasking.
but the Atari ST was an amazing piece of hardware,
It wasn't. It was a shitty piece of hardware, bolted on the superior cpu of the time (the MC68000). The sound chip of the ST as an FM modulator with 3 channels and only one hardware channel, and there was no graphical acceleration. Graphics were limited to 320x200 with 16 colors, 640x200 with 4 colors and 640x400 with 2 colors. It had MIDI ports, but the joystick ports were 'reversed' so you could only buy Atari joysticks to connect to it.
I can see that it was clearly the best of the 8-bit era.
Having a 32-bit CPU with a 24-bit address space, the Atari ST was a 32-bit computer, with 24-bit memory, confined in the limitations of a 16-bit machine. It was not 8-bit. 8-bit computers included the machines with the Z80 and 6502 CPUs (ZX Spectrum, Amstrad CPC, BBC Acorn Electron, Apple I/II, Commodore 64 and their offsprings).
and separate processors for both sound and video
No, it did not. It had minimal support for hardware sound and graphics. Most Atari ST games were really bad when compared to Amiga, which had real custom chips.
The Atari ST got a Blitter chip with STE, and a DSP with Atari Falcon.
And it was cheaper than most of its competitors.
It wasn't. It cost a little bit less than the Amiga, but it was way inferior to the Amiga in all things that mattered. The Atari ST was much more expensive than the 8-bit micros of the time.
I wonder how old the author of TFA is. It's not hard to remember life before Windows at all. I remember life before DOS, back when the first pull-down menus were implemented in WordStar -- a text editor by today's standards -- solely as an aid to learning the key commands.
I wonder if you really had an Atari ST. I had a friend who was a fanatical Atari supporter, while I had an Amiga. We had epic "battles" regarding which computer was superior, and the Amiga always came on top. This is understandable though, because the Atari ST lacked any sort of hardware support for graphics and sound.
Hardware and software have come a long way since then, but it came at the expense of losing the rich variety of the early personal computer era, to the point that people now have passionate arguments about the barely perceptible differences between Mac and PC GUIs.
The rich variety you mention was a setback, actually. It meant wildly different codebases for game companies for the same games, wildly different graphics, wildly different music. GUI applications had to deal with totally different UI concepts and capabilities. Software companies back then had to actually choose one of the platforms to develop on, as they were wildly different. Creating the same game for different platforms meant that you had to give all your data to a third party that was specialized in developing programs for the other platform. Writing code meant assembly. There were no fancy IDEs, C compilers, garbage collection and all that jazz and hand holding we have today.
Yeah, the term "observer" confuses a lot of people, resulting in confusing it with consiousness.
"Observer" means any event that requires the cause to happen before the effect. For example, two particles that change the energy configuration of a point in space are observers, because their collision has macroscopic consequences.
Even with locality, the universe is still deterministic on the macroscopic level.