flat assembler
Message board for the users of flat assembler.

Index > Heap > Why is CPU design hard? And MMU plus other random ramblings

Goto page Previous  1, 2, 3, 4  Next
Author
Thread Post new topic Reply to topic
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
lazer1: With so many contradictions and inaccuracies in your posts it is hard to know where to begin with a response.

Try to focus on one issue at a time. That way we can have a better chance of discussing the issue and hopefully clearing up any misconceptions.
Post 28 Aug 2008, 06:11
View user's profile Send private message Visit poster's website Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2141
Location: Estonia
Madis731
Maybe one (I mean the optical lightning thingy) should head to http://www.verbaldiarrhea.org/
Post 28 Aug 2008, 08:01
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
lazer1



Joined: 24 Jan 2006
Posts: 185
lazer1
f0dder wrote:
I can't really be bothered with this anymore, it's ludicrous Smile

lazer1, you write too much fluffy irrelevant text,


fluffy and irrelevant?

this post of yours is also fluffy as it contains ZERO information!

Quote:

and your examples/analogies are pretty bad. You also don't seem to get where problems/security hole are really located.


And neither does Bill Gates as he isnt a programmer,
and neither do the users which is why they get so many viruses.
Post 28 Aug 2008, 13:04
View user's profile Send private message Reply with quote
lazer1



Joined: 24 Jan 2006
Posts: 185
lazer1
LocoDelAssembly wrote:
Then, lazer1, we are both referring to the same thing but because of that another question arises: In which way does Linux implement less incompetently the memory protection via MMU than WinXP?


It doesnt matter how they do it, XP has several HUNDRED viruses and Linux has none which is EMPIRICAL PROOF that XP is totally insecure.

eg if you have no money that is EMPIRICAL PROOF that you
dont know how to make money! it doesnt matter if you
are a professor emeritus of economics.

the problems for XP begin with the entire idea of XP,
the default automatic updating for a start means XP itself is a virus!

f0dder says my posts are fluffy but here is a completely specific
security problem: automatic updates. BAD IDEA. If the OS can
automatically do things, then a virus can also automatically do things
and Microsoft could automatically spy on my machine. The automatic
updating could be an OS trojan horse smuggling out information.

a virus is any software which makes unrequested unilateral actions,
users should download updates NOT the OS. The same way that
you go to a shop to buy. A shop doesnt come round and give
you things it thinks you need but that is what MS does.
Hey, we thought you needed a new fridge, we have removed your
old fridge and put in a new one unasked. And we didnt like the
food you previously had, we have put in food we think you will like.
We have updated your fridge.


Linux is safe because its a clone of a safe system Unix.

Unix is more or less definitive on security.

A Unix system typically can have say 100 users all accessing the
same hardware. Internet servers are an extremal case where
huge numbers of users are accessing, eg with this forum
each person has their own account.

Unix has been doing security since the 1970's and most CPUs
other than x86 are designed to conform to the security ideas
that Unix requires, eg MMU protection: supervisor vs user,
rwx protection.


But you need a usage paradigm which is secure, the fact
that emails and weblinks can infect Windows is pretty damning.

Unix is a public paradigm, anyone can walk in and ATTEMPT to login
to a Unix system.

its not worth knowing how Linux is safer, just to understand WHY it
is safer. and that is because it limits what can be done.

if you limit everything you can then control everything.

you need to understand the principles not the specifics,
the specifics of Linux are mostly borrowed from Unix and
Unix is a very inefficient but robust design.


eg when you visit this forum the actions you can do are limited,
you can either read a thread or post a reply or edit your
profile. Everything can be controlled. But if there were 1000
things you could do then there will be some oversight somewhere
and you could threaten the security.


if you have too much stuff in a system then you lose control,
because you need just 1 flaw and malware will exploit that.


Quote:

And please don't take into account the amount of viruses available on each platform because that is much more user base and default user privileges dependent than real kernel design flaws (nearly all Windows costumers use "root" users instead of creating and using a limited user). Lets consider only the aspect of memory protection of both OSes alone.


I can and will take into account the amount of viruses!

good design also is about guiding users to good practise.

a well designed system you can just buy, install, boot and
not get viruses. pretty much how Linux is and how AmigaOS is.

the fact that "nearly all Windows customers" configure inappropriately
IS THE FAULT OF WINDOWS!

when you go on an aeroplane the cabin crew patrol the whole plane
and ensure that EVERY passenger has the seat belt fastened before
take off. If any passenger doesnt it is THE FAULT OF THE AIRLINE.

the airline MUST enforce correct actions by their staff and the
staff must enforce correct actions by the passengers
(within reason).

with a well designed system UNSAFE options eg supervisor privileges
should be made to be difficult to access. That is GUIDING the users
away from danger.

also a well designed system should be relatively simple. Windows
has vast amounts of system files. That makes it impossible for
the user to understand their system.

With the Amiga which had pre-emptive multitasking in 1mb of memory
in 1986 on a 68000, booting from a floppy the user can know what ALL system files are. They fit onto a 880K floppy disk Workbench:
It must be the most efficient OS ever.

with Windows if you have any problems with system files you have to
reinstall the entire system as it is unfeasible to respond to the problem.

But then pre-installed Windows systems by default just have C:\
which complicates reinstallation. All Windows programs install by default
to C:\ which is a stupid idea.

the whole concept is bad. and Bill Gates isnt even a programmer,

we are talking about multiple topics here, because people responded
to stuff I was saying with new topics. And just because I talk about
multiple things doesnt make the effort fluffy. And anyway I have the
right to be fluffy, that is a personal insult to refer to someones posts
as fluffy. respond to the points or ignore.

x86: the computing mainstream has been using MMUs for security
for a long time, has NEVER used segmented addressing,
has always used flat addressing.

the Amiga 1000 is from 1986 based on the 68000, some 68000 asm:

move #$a00000, a0 ; load flat address to a0, pointing 10mb into mem.
addi.l #$12345678, (a0) ; add 32 bit const to the above int

no segments, flat addressing, 1986,

x86 only got true unsegmented memory with long mode which
only became mainstream in 2007, TWENTY ONE years later!


mov rax, 0a00000h
add [ rax ], 12345678h

is the long mode equivalent.

you can do flat addressing with protected mode but only as a workaround,

with 68k you can code without MMU without segments, DIRECTLY to
physical memory! eg the AmigaOS entirely runs above physical memory.

you can use protected mode via physical mem but unfortunately
long mode has to use the MMU, which makes it trickier to get to long mode
Post 28 Aug 2008, 15:29
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
lazer1: I am still trying to decide whether you are deliberately spreading misinformation or are genuinely misinformed. Your posts contain much that is in error.

However I thought this was funny:
lazer1 wrote:
Hey, we thought you needed a new fridge, we have removed your
old fridge and put in a new one unasked. And we didnt like the
food you previously had, we have put in food we think you will like.
We have updated your fridge.
Post 28 Aug 2008, 15:42
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
The empirical proof still doesn't proofs that the flaw is in the MMU "incompetent utilization", and you in fact understood that apparently because at the middle of your post you perfectly said that Microsoft doesn't guide the user to use proper configurations.

Sorry if I don't participate on this thread in the future but it is taking me too much time and I'm constantly feeling that I'm not going anywhere...

PS: BTW, your claim about 0 (zero) viruses for Linux is in fact false, I know of the existence of a virus that is built in such a way that the very same binary can infect both Linux and Windows (maybe not the 64-bit Windows versions due to the lack of V86 mode). And of course there are more and even Linux specific but there is too much propaganda hiding the very simple fact: malware can be made on all OSes but its worldwide impact depends on the user base and the security practices of the OS's users, obviously Windows users tends to be much less knowledgeable than Linux users so that is the reason for why pamela_anderson.exe gets executed easily. But again all this things has absolutely nothing to do with MMU.
Post 28 Aug 2008, 15:53
View user's profile Send private message Reply with quote
f0dder



Joined: 19 Feb 2004
Posts: 3170
Location: Denmark
f0dder
lazer1 wrote:
It doesnt matter how they do it, XP has several HUNDRED viruses and Linux has none which is EMPIRICAL PROOF that XP is totally insecure.
The only thing this shows is that Windows dominates the market, and is thus far more interesting to attack. Also, there's a difference between kernel, core OS components, and <whatever> usermode software. And there's various severity levels of of exploits. Again, take a look at BIND's history... it's pretty damn severe when there's a serious flaw in something like BIND, since the internet infrastructure depends on it.

lazer1 wrote:
f0dder says my posts are fluffy but here is a completely specific security problem: automatic updates. BAD IDEA. If the OS can automatically do things, then a virus can also automatically do things and Microsoft could automatically spy on my machine. The automatic updating could be an OS trojan horse smuggling out information.
And why is this? Just because it's automatic doesn't mean it's exploitable. Granted, I haven't looked at how windows automatic updates work, but in case there's signing involved (which I wouldn't find surprising), it's not a viable attack vector. Much better to get actual security flaws patched automatically on client machines. Especially with something as widespread and used by non-tech users as Windows.

lazer1 wrote:
Linux is safe because its a clone of a safe system Unix.
Linux is (relatively) safe because it has so little market share. Trust me, there's a zillion things to exploit. And because many distros don't have automatic updates and most people don't live in their parents' basement and spend all their time reading security mailing lists, many bugs don't get patched for a long time. Thanks whatever_deity that linux isn't the most widespread OS Smile

lazer1 wrote:
A Unix system typically can have say 100 users all accessing the same hardware.
And windows terminal servers can handle thousands, with much more fine-grained privilege controls Smile

lazer1 wrote:
the whole concept is bad. and Bill Gates isnt even a programmer,
He sure is and he can probably code circles around you, but most of his years at Microsoft he spent time managing the company and it's visions, not with his fingers in his code. And "the whole concept is bad" - nah, you just don't understand the concept. There's a lot of problems with the windows platform, and some of it is part of the OS distribution - but the kernel is a pretty decent piece of work.

I dunno if you're just incompetent or if you're trying to purposely spread misinformation? Smile
Post 28 Aug 2008, 15:57
View user's profile Send private message Visit poster's website Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
LocoDelAssembly wrote:
... that is the reason for why pamela_anderson.exe gets executed easily.
You'd never catch me running something like that. But I would run double_the_speed_of_your_computer_for_free.exe, that is clearly just someone trying their best to help me. Wink
f0dder wrote:
I dunno if you're just incompetent or if you're trying to purposely spread misinformation? Smile
Hmm, sounds familiar.
Post 28 Aug 2008, 16:03
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Me neither, I would need Reese_Witherspoon.exe or maybe Young_Meg_Ryan.exe to get caught Razz

BTW, I will need to split this thread right? I forgot that we are in Main forum and that the original topic was "movupd versus movups whats the point?". I accept new title suggestions and from which post I must split.
Post 28 Aug 2008, 16:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
Title: "Why is CPU design hard? And other random ramblings"

Split point: http://board.flatassembler.net/topic.php?p=81276#81276

edit: Split again at: http://board.flatassembler.net/topic.php?p=81346#81346

And make a new title: "How not to use and MMU and other unspecified topics"
Post 28 Aug 2008, 16:33
View user's profile Send private message Visit poster's website Reply with quote
Madis731



Joined: 25 Sep 2003
Posts: 2141
Location: Estonia
Madis731
Oh noes seems like I'm the one to be blamed. I strayed off-topic.
Post 28 Aug 2008, 16:47
View user's profile Send private message Visit poster's website Yahoo Messenger MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
Nothing wrong with going off-topic, I do it all the time. Oops, I just realised, perhaps that is why I always get into trouble. :shameful:
Post 28 Aug 2008, 16:54
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Done but I've done one split only because from your second split point to the end there was some "CPU design" posts mixed with MMU posts. Thanks for the suggestions Smile

Madis, there is no problem actually in going a little bit off-topic like you did (?), but since your post was the head of the cascade of seriously off-topic posts your post also paid the price of getting split.
Post 28 Aug 2008, 17:20
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
Madis731: Thanks for making the ultimate sacrifice.
Post 28 Aug 2008, 17:27
View user's profile Send private message Visit poster's website Reply with quote
lazer1



Joined: 24 Jan 2006
Posts: 185
lazer1
f0dder wrote:

lazer1 wrote:
the whole concept is bad. and Bill Gates isnt even a programmer,
He sure is and he can probably code circles around you, but most of his years at Microsoft he spent time managing the company and it's visions, not with his fingers in his code.


HAHAHAHA! Laughing

he cant even code using other people, take a look at MSDOS
sometime. Confused

8 char file filenames. Mad

When Unix had decent filenames in the 1970s Razz

you just wish he was a programmer, sadly you are wrong.

Gates is just a generic businessman with aggressive contracts,

I think he didnt even complete high school Embarassed ! HAHAHAHAHA Very Happy

he is a capitalist version of Stalin

its below my morals to have a go at someone who
cannot even cope with high school, Twisted Evil


you are clearly an Intel and Microsoft fanboy and cannot
cope with objective critique. it is you doing the misinforming

and your comment about number of users is meaningless,
its no more difficult to have 1000 users than 100 users.



I think Windows is certainly finer grain in all respects than Unix,

Unix is a bit clunky, but it is tried and tested.

BTW my ISP underlines in their publicity that they
dont use Microsoft servers.

As I explained in an earlier post, servers are relatively simple things.
Post 28 Aug 2008, 19:30
View user's profile Send private message Reply with quote
lazer1



Joined: 24 Jan 2006
Posts: 185
lazer1
f0dder wrote:

lazer1 wrote:
Linux is safe because its a clone of a safe system Unix.
Linux is (relatively) safe because it has so little market share. Trust me, there's a zillion things to exploit.


you wish!

Microsoft has plenty of vested interest in discrediting Linux,

if it were so easy they would have done it.

You dont appear to like Linux, why dont you create some viruses?

oh I know, because its secure.
Post 28 Aug 2008, 19:36
View user's profile Send private message Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses (first result for "Linux virus" on Google).
Post 28 Aug 2008, 19:46
View user's profile Send private message Reply with quote
lazer1



Joined: 24 Jan 2006
Posts: 185
lazer1
LocoDelAssembly wrote:
http://en.wikipedia.org/wiki/List_of_Linux_computer_viruses (first result for "Linux virus" on Google).


yes, but that appears to be Windows viruses transferring VIA Linux,

Quote:

Samba or NFS servers, for instance, may store documents in undocumented, vulnerable Microsoft formats, such as Word and Excel, that contain and propagate viruses. Linux mail servers should run AV software in order to neutralize viruses before they show up in the mailboxes of Outlook and Outlook Express users."[1]


the insecurity is at Windows. Its the same problem I have using
AmigaOS emulator to receive emails above Windows. Windows viruses
dont affect AmigaOS but infect the Windows host.

:there is no problem if noone is using Windows.

You need to find an example which is ENTIRELY Linux side
before I believe you.
Post 28 Aug 2008, 21:25
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17280
Location: In your JS exploiting you and your system
revolution
Okay, now I am convinced that lazer1 is deliberately spreading nonsense.

lazer1: You are a troll. Go away. Someone please lock this nut out.

And everyone else, it is just a waste of time responding here, you'll only end up feeding the troll.
Post 28 Aug 2008, 21:34
View user's profile Send private message Visit poster's website Reply with quote
LocoDelAssembly
Your code has a bug


Joined: 06 May 2005
Posts: 4633
Location: Argentina
LocoDelAssembly
Quote:

You need to find an example which is ENTIRELY Linux side
before I believe you.

Then be kind enough to re-read (completely) the Wikipedia link again instead of quoting the comment of a SecurityFocus's member.
Post 28 Aug 2008, 21:39
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2, 3, 4  Next

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.