back to article Hackers' Paradise: The rise of soft options and the demise of hard choices

John Watkinson argues that the ubiquity of hacking and malware illustrates a failure of today’s computer architectures to support sufficient security. The mechanisms needed to implement a hack-proof computer have been available for decades but, self-evidently, they are not being properly applied. The increasing power and low …

Silver badge
Thumb Up

Backward compatibility ...

One thing this otherwise excellent article doesn't really address, and is the *real* reason we are where we are.

PC/MS-DOS were inherently flawed, as they were single-user in execution, they had no concept of root and user access. Whoever switched on the machine was king of the hill. And this paradigm carried on throughout the 1980s and 90s - right the way up to Windows 95.

We *could* have had a true multi-user multi-tasking PC/OS combination in 1987. But the second business realised they would have to pay for new software to run on OS/2, the die was cast.

Excellent reading and discussion material for a Friday. It's like being back at Uni ;)

25
2
Bronze badge

Re: Backward compatibility ...

I don't see that as a flaw at all, any more than it is a design flaw that anyone with physical access to your kitchen has the ability to switch off your freezer or operate your kettle. Like your kitchen, it was designed for *personal* use, not as something for use by masses of untrustworthy strangers.

1
0
Anonymous Coward

Needs amending

We have licence plates on cars so that bad drivers can be identified. Perhaps one day it will become the law that no computer message can be sent whose sender cannot be identified. Perhaps not, but spare me the howls of protest and come up with a better idea.

Let me amend that: if access to that information can be contained to law enforcement who actually operates under the constraints set and ethics expected of them, then yes. Otherwise, no thanks. We already have enough surveillance.

The choice is between living with a degree of nuisance and taking some responsibility yourself to keep your computing house in order (and have ways to hit computer providers over the head for failing to do it right - yes, Microsoft, I'm also looking at you) or giving the state total control and live in the box they allow you to exist in and pray you don't hit the wrong key so it appears you are a criminal. Well, there is plenty of evidence that the state is definitely not to be trusted, so for me, only the first option is viable. Freedom has a price: you have to work for it.

12
0

Re: Needs amending

"We have a worldwide anti-virus industry that for a small fee will _close your stable door after the horse has bolted._" Identity tracking has the same problem. It's only known who the bad actor is AFTER the damage is done. What is necessary is to prevent the possibilty of damage in the first place. Applying a humanistic approach to a machine is just plain silly. It's a machine. It structure and processing can be controlled.

As far as I know, there has never been a technology developed that hasn't been abused.

3
0
Anonymous Coward

Re: Needs amending

As far as I know, there has never been a technology developed that hasn't been abused.

Dental flossing?

:)

0
0

Re: Needs amending

Nope. Mis-used dental flossing can cut teeth off. Several times it has been reported that over flossing cut into the tooth to the point of requiring either a filling, or a root canal.

0
0
Bronze badge

If I could, I would ...

We have licence plates on cars so that bad drivers can be identified. Perhaps one day it will become the law that no computer message can be sent whose sender cannot be identified. Perhaps not, but spare me the howls of protest and come up with a better idea.

The trouble with securing the machines - like rego plates on cars - is that, to date at least, if someone builds it, someone else figures out a way to break it (eventually). And anyway, only since roadside cameras were widely deployed did the defence of "I wasn't driving" become (almost) obsolete.

There is a telling line in the article, I think:

"Back-in-the-day boffins did not want to do harm"

If they had, would VAX and the like have remained untouchable?

That said, the amount of social issues that would be created by requiring openness before connection to the internet was allowed - Right To Be Forgotten take a bow - would take some mitigating.

And so a system that allows anonymous posting, but full traceability (if needed) is probably the best half way house I can envisage, in the short term at least.

But: Given the lack of trust in any organisation(s) that might seem capable of managing the planet's Active Directory (governments et al), I don't hold out much hope of any implementation at all.

Though as the article says: what other effective choice is there?

Really excellent article.

8
0
Roo
Silver badge
Windows

Re: If I could, I would ...

""Back-in-the-day boffins did not want to do harm"

If they had, would VAX and the like have remained untouchable?"

History says no. Students were cracking machines to get more compute/disk space and cause mischief before the VAX-11/780. I suspect people are unaware of this because they are too lazy to search USENET archives, or they assume that if it isn't indexed by Google then it didn't happen. Computer history has developed a "dark age" because people tend to use Google and WWW as their primary sources rather than books, journals and periodicals. Anything pre-WWW seems to be forgotten... :(

24
0

Re: If I could, I would ...

It's been a long time since I read Cliff Stoll's book "The Cuckoo's Egg", but the gist is that roughly 30 years ago, Unix, GNU, VMS, et al were being hacked into regularly (by the NSA and others), locally and remotely, with an ease roughly proportional to each software provider's hubris. I guess PBS/Nova made a sensational (in the derogatory sense) TV show based on the book called "The KGB, the Computer, and Me".

Later, a designer of one the above insecure systems was hired to architect Windows NT (now known to everyone as Windows 7/8/9).

Čas je šarlatán a věci sotva změní.

0
1
Silver badge
Flame

This is just a rant. It starts by explaining how things were in the good old days. Then, on the final page, the author admits they don't understand how things are these days. And then he says he doesn't care.

Well here's the simple version. Data has to be transferred from user space to kernel space so it can be written to "peripherals" or to the user space of another process. Bugs in that code allow viruses to insert themselves into the kernel. For historic reasons, one operating system is more vulnerable to this, but until we write bug free software it's always going to be possible. Even an OS on a separate CPU won't save you from that.

And Airline avionics don't have to run a web browser that mediates between the user and the internet.

And as for licenses, we can't even stop telemarketers phoning me up and telling me I have a virus and please could I go to their website. If we can't control the phones, what chance computers?

26
1
Roo
Silver badge
Windows

"This is just a rant. It starts by explaining how things were in the good old days. Then, on the final page, the author admits they don't understand how things are these days. And then he says he doesn't care."

The article reflects very badly on the knowledge base and quality of thinking in the BCS.

I can't help but suspect that John Watkinson is trying to justify mass surveillance with the intent of hitching his wagon onto the anti-liberal-government think-tank/quango gravy train.

13
0

it's different, innit...

"Well here's the simple version. Data has to be transferred from user space to kernel space so it can be written to "peripherals" or to the user space of another process. Bugs in that code allow viruses to insert themselves into the kernel."

You cannot insert code into the kernel of a mainframe. You just don't have the write access to do so. Or to execute the instructions to give you that write access. You could start randomly writing bits of data, should you get to a point of being executed, but changes are good you'd protection exception long before that.

It's not just 'not a similar' architecture, it's totally different.

TPF mainframe since 1990...

6
0

I had exactly the same reaction

Shame on Mr. Watkinson for advocating increased surveillance and less freedom in the name of the illusion of increased safety. I imagine he loves to walk naked before minimum wage flunkies when going through the airport for the illusion it makes him safer, and for having all his banking activity, text messages and use of the internet, stored and analysed for the same reasons.

None of which is ever misused by those with access to it.

I don't, so much so I left the developed world to live in Africa.

Make yourselves sheep, and the wolves will eat you.

5
0
Bronze badge
Meh

And the backwardness of the BCS was why I never bothered with the hassle of becoming a member even though I could have easily done so.

0
1

An ignorant rant - reminded me of A-level computing: grossly out of date, irrelevant, and unwilling to update.

The author didn't know whether modern processor had all these stone age memory management techniques? Here's an idea - use the internet, and look it up! Of course they've got all that gubbins, it's just malicious hackers are a good deal sneakier than the friendly people who might attack a 60s mainframe.

2
0
Pint

Great article!

Very interesting read. Bravo!

0
3
Silver badge
Headmaster

The last machine on my desk with no MMU was an Amiga 2000

Since malware relies on having access to the whole computer in order to do harm when the code is executed, malware on such a machine will be defeated, because even if it manages to get into the machine as a bona fide piece of code, as soon as it runs, it will find it has no direct access to anything except an area of RAM. It can’t mess with the operating system because it will run in user mode. It can’t mess with the mass storage because only kernel processes can reach the physical addresses of peripherals.

It seem the author has totally bypassed any knowledge about how modern computer systems or even malware actually works and is making things up as he writes? It's like listening to a neocon explaining the political situation in the Middle East and how we need to smash in some doors lest people get uppity etc.

I recommend taking up a good old Tanenbaum explaining principles of Operating Systems. Then to start studying practical examples of how security is being bypassed by various means in case the system is not kept at minimal levels of complexity with a strictly enforced and mathematically describable security policy with no bugs in the code underlying it. These systems are very rare, very restricted in functionality and the hoi polloi doesn't want them.

The combination of kernel and user register sets in the CPU with hardware memory management and a small amount of hard-wired logic that no software of any kind could circumvent, meant that with a competent operating system, these machines were essentially bomb proof.

Bomb proof my arse: Morris worm says no. Oh you mean it needs to run VMS? Right.

23
1

Re: The last machine on my desk with no MMU was an Amiga 2000

Actually, the Morris worm simply guessed passwords.

It did not even attempt to break into the kernel, or even attack other processes.

So the phrase "bomb proof" still remains valid for the hardware.

2
1
Silver badge

Re: The last machine on my desk with no MMU was an Amiga 2000

Actually, the Morris worm simply guessed passwords.

That's utterly incorrect, as a quick glance at any of the analyses of the Morris worm would tell you. Its most famous vector was a stack overflow in fingerd (for 4BSD, the worm's target), but it used a number of them.

It did not even attempt to break into the kernel, or even attack other processes.

Except for fingerd, sendmail, etc.

So the phrase "bomb proof" still remains valid for the hardware.

That's a vapid claim. VAX systems running 4BSD were infected by the Morris worm, which was malware by any sensible definition, so clearly Wilkinson's claim is a load of rubbish.

1
0
Roo
Silver badge
Windows

Rose tinted glasses are misleading...

The old machines he refers to were actually very prone to being hacked, people found holes the microcode, OSes and peripherals, they were anything but bombproof. The only thing making them look better than they were are the rose tinted specs being worn by John Watkinson.

He's right to touch on the software side of problem, but I think the OS folks have (mostly) got a good grip on what needs to be done now, the nastiest security holes seem to be in userland these days. Sometimes those holes are usually caused by app developers circumventing/ignoring OS security provisions & policies, but often it's down to userland developers failing to design and implement an robust and verifiable security model.

The verifiable bit is really important, ideally the verification process should be repeatable, cheap, transparent and available to the end user. Anything less than that is a fail. This is all doable now, but it is often viewed as a nice to have - rather than an essential part of product development. That will only change when vendors get hit very hard in the wallet.

The idea that having people identify themselves online will somehow improve the hacking situation is extremely naive and extremely dangerous. Crackers, and other criminals will *continue* to spoof ids regardless, meanwhile folks who would like to make an honest protest will be now have a massive bullseye painted on their back. Personally I don't think we should trade legit protest for an increased incentive for criminals to commit id theft and spoofing.

16
0
Bronze badge

Re: Rose tinted glasses are misleading...

@Roo

A gentle, partial rebuttal?

The idea that having people identify themselves online will somehow improve the hacking situation is extremely naive and extremely dangerous. Crackers, and other criminals will *continue* to spoof ids regardless, meanwhile folks who would like to make an honest protest will be now have a massive bullseye painted on their back. Personally I don't think we should trade legit protest for an increased incentive for criminals to commit id theft and spoofing.

The situation now could be categorised as: In order to stay safe, everyone must hide

Surely it would be better if it were: In order to be nasty, someone must hide?

If hiding is difficult - and I appreciate some people will always be clever enough to hide - then the majority won't do it. Catching a minority is, I would imagine, far easier than policing an anonymous mass.

... And to be fair to me - and who else will be?! - I suggested traceability, not visible openness ... even I am not that naive ... not today anyway ;-)

(I accept the point about the usefulness of anonymity for protest and the like - But, just like there are clever bad-actors there are clever good-actors too)

0
0
Bronze badge

Re: Rose tinted glasses are misleading...

(2nd try at this post - hopefully the Comment-Monster doesn't eat this one ...)

@Roo

A gentle, partial rebuttal?

The idea that having people identify themselves online will somehow improve the hacking situation is extremely naive and extremely dangerous. Crackers, and other criminals will *continue* to spoof ids regardless, meanwhile folks who would like to make an honest protest will be now have a massive bullseye painted on their back. Personally I don't think we should trade legit protest for an increased incentive for criminals to commit id theft and spoofing.

The situation now could be categorised as: In order to stay safe, everyone must hide

Surely it would be better if it were: In order to be nasty, someone must hide?

If hiding is difficult - and I appreciate some people will always be clever enough to hide - then the majority won't do it. Catching a minority is, I would imagine, far easier than policing an anonymous mass.

... And to be fair to me - and who else will be?! - I suggested traceability, not visible openness ... even I am not that naive ... not today anyway ;-)

(I accept the point about the usefulness of anonymity for protest and the like - But, just like there are clever bad-actors there are clever good-actors too)

0
0
Silver badge

What a load of bull

According to this article malware is all the fault of IBM and MS. If we were all using minicomputers running Unix it would not exist.

The Morris Worm disagrees.

14
1
Gold badge
Unhappy

"with a competent operating system, these machines were essentially bomb proof."

The author may not know if any system has an MMU but most of the readers here do.

And anything above the '286 should be able to muster a competent MMU to get the job done if the OS meets it half way.

The question is why does it not meet the hardware half way?

I'm describing the article as basic tutorial/nostalgia/rant.

8
0

Re: "with a competent operating system, these machines were essentially bomb proof."

Basic tutorial, ill-informed and rose-tinted nostalgia, and ignorance. Anyone who thinks a 11/780 with VMS was hackproof obviously wasn't there in the day. And do I read this right, but the author thinks that modern CPUs don't have MMUs? Is this the level of expertise displayed by all Chartered Information Systems Practitioners? God help us.

Poor article, El Reg.

14
0

Re: "with a competent operating system, these machines were essentially bomb proof."

@ John Smith 19

The question is why does it not meet the hardware half way?

My guess is ease of development and marketing advantage.

I believe JS19's characterization of the article is accurate and fair. However, I believe that the article does a service by raising exactly the question JS19 poses.

Being approximately as old as dirt myself, I'm nostalgic about the day when OS's were OS's, executables were computer programs, and data files were stored as such. As many commenters have pointed out, this did not necessarily make the systems more secure. What it did was give me, as the user, better visibility and control.

My admittedly jaundiced assessment is that MS's introduction of the Hardware Application Layer had more to do with locking users into their products than it did providing them with enhanced capabilities. I also believe, based on information from people far more expert in the field that I am, that to facilitate this strategy, certain hardware security features in the microprocessor hardware were not exploited.

If memory serves, MS DOS for my first PC, fit on a single 160 kB floppy disk. A floppy disk . . . . oh, never mind. The Windows folder on this W7 computer comprises more than 25 GBytes, (I appreciate that this is not all, strictly speaking, "the OS." But frankly I despair of figuring out what is or isn't part of the OS.)

A fundamental principle of engineering (engineering is a ancient discipline , , , oh, never mind)

The principle is that simple designs with fewer moving parts tend to be more reliable and easier to maintain than large, complicated Rube Goldberg concoctions with gazzilions of parts. My personal common sense assessment is that an OS of this size--requiring constant multiple updates on a monthly basis, all done in the background without the user having either visibility or control--is categorically unprotectable. System integrators and users cannot manage the configuration effectively, because the details of what is happening inside the updates is proprietary.

Critics of the piece are right, things cannot be as simple as they were back in the day. But the author has an even more valid point to make. . .things do not have to be anywhere near as bad as they are now.

At this point I've spent close to half a century in designing, building, and testing complex systems. I know technology advances so I offer this just an observation. In the past, the kinds of hiccups, flaws, and foibles that are being reported with increasing frequency in the Reg have always been a reliable indicator that the wheels are coming off the wagon.

One old man's observation, for what it's worth.

20
2
Silver badge

Re: "with a competent operating system, these machines were essentially bomb proof."

@Hargrove

Your Windows' folder isn't full of the "operating system"; it's full of libraries and applications bundled with the OS. And that's what most of the updates are for. If you want things less complicated---and there is definitely merit in reducing the attack surface--then try a Chromebook. If that won't do what you want, then you need the complexity of the Windows' folder.

You actually don't see many OS level bugs reported. Mostly it's application vulnerabilities. Even Heart Bleed happened in userspace without needing to penetrate the kernel.

2
4

Re: "with a competent operating system, these machines were essentially bomb proof."

@brewster's angle grinder

Thanks. Good on all points.

By way of (hopeful) clarification, what I was aiming at was that: (1) Bundling things with the operating system this way introduces vulnerabilities through which the users resources can be effectively attacked, and (2) the current situation is the result of design choices that arguably included marketing considerations.

The point about Chromebook is also well taken. I have an iPad that, given a decent ergonomic keyboard would support 80% of what I need, The problem is that while what used to be called the "thin client" provides simplicity, it comes at the price of dependence on Cloud computing resources. This poses a whole other set of issues,

7
1
LDS
Silver badge

Re: "with a competent operating system, these machines were essentially bomb proof."

HAL is the Hardware *Abstraction* Layer and was designed to decouple the kernel from the actual CPU. NT was designed to run on Intel, Alpha and MIPS CPUs. But it also meant NT didn't use the full security capabilities of Intel Protected Mode, because of portability issues among different CPUs. There were also performance reasons, because hardware checks cost cycles.

4
0
Roo
Silver badge
Windows

Re: "with a competent operating system, these machines were essentially bomb proof."

"If you want things less complicated---and there is definitely merit in reducing the attack surface--then try a Chromebook. If that won't do what you want, then you need the complexity of the Windows' folder."

It's not an either-or proposition at the moment (thank goodness).

There are a whole spectrum of possibilities, that provide different strategies for tackling attack surface.

A base install of OpenBSD is pretty minimal, it might be a better fit to Hargrove's OSes of yesteryear, all the core stuff is designed to be "secure by default", but you can, at *your* discretion, install 'ports' (ie: imported stuff like GNOME :P), either in pre-built form or build them from source. undeadly.org publishes hackathon reports if you want to know what is being hacked on and why.

You can get read-only Linuxen that support persistent storage, all the way through to a full on 'experience/clusterfunt' like Android and Ubuntu. Then there's NetBSD, FreeBSD, and some looney Russians trying to clone Windows NT. Pretty much all of those will run Thunderbird, Firefox, and some descendent of OpenOffice which covers about 80% of the time people spend using computers for work and play.

So there is some choice out there, and if folks threw half as much money at an Open Source project as they spaffed on Oracle licensing they would have a better product that fits their needs perfectly.

Love it or loathe it Open Source has given us a massive amount of choice and it has given the vendors a massive kick up the arse. Prices have fallen, utility and security have improved at a far greater rate since Open Source showed up. I expect this process to accelerate - because the percentage of people who can write code is going up every day, and they now have a massive library of mature open source components to use.

It will be interesting to see which vendors adapt and survive. IMHO the odds don't look good for Oracle while Larry & H-Bomb are showing their faces at the office. :)

12
0
Silver badge

Re: "with a competent operating system, these machines were essentially bomb proof."

Which is a way part of the problem. OSs have long competed on features out of the box - even Windows, though it was mostly competing with the previous version of Windows. This has lead to a clean-install OS steadily doing more and more and more over the years - and with more complexity and more active services, there are more things that can go wrong or contain vulnerabilities. Look at Windows as an example, though some linux distros are just as bad: From the first install, it runs a a SMB/CIFS server. Even if you have no network shares. It's already listening, even if just for devices wanting to access your media library for DLNA purposes. That's a great big juicy target, a service running that really shouldn't be running until after the user has indicated a desire for it. It's just as bad outgoing - every time you access a network drive it starts poking the address on port 80 to see if it's for a WebDAV service and it listens for UPnP devices on the network. That's just the easily-reached network services. If you include the rest it's got all manner or sillyness. A printer service that runs even if no printer is installed, a wireless configuration service that runs even if there is no wireless interface.

Complexity breeds vulnerability. An OS that tries to do everything, all of the time is going to grow bloated and insecure.

4
0

Re: "with a competent operating system, these machines were essentially bomb proof."

You missed part of the writeup.

Many/most CPUs DO have MMUs... But what DOESN'T have an MMU every time are controllers...

And a controller is just another name for a CPU. Thus hacking a controller bypasses the MMU...

0
0

Re: "with a competent operating system, these machines were essentially bomb proof."

A better choice would be a Linux based system.

MUCH better separation of user space and kernel space.

MUCH better definition of the operating system and user applications.

0
0

Re: "with a competent operating system, these machines were essentially bomb proof."

@ Brewsters Angle Grinder

Thanks. Good points all. (My initial response was going to be "Roger that." However, from reading the Register I surmise that the Brits use the term "roger" in a sense that would be directly counter to what I wanted to say.)

My points, which I did not make clear before, are: (1) that it is the way things are bundled with the OS that introduces vulnerabilities that can be exploited to attack user data and resources (2) That this is the result of design choice, and the programs did not need (and do not) need to be anywhere near this complicated and vulnerable to provide the capabilities.

Your point on Chromebook is well taken. I have an iPad which, with the addition of a few available Apps, and an ergonomic keyboard, would readily support most of my needs, except for a few high end graphics and design tasks, and the requirement to store and manage large volumes of data files locally. For those requirements, as a practical matter, simplicity comes at the price of being forced into the Cloud. This poses another set of issues, being hotly debated in the Reg..

1
0
Holmes

Unfortunately management types are more interested in

remuneration, golf and skiing than security. Their lizard brains cannot process much else. They are the ones with the power and (well paid) job security. Unlike the techies who are treated like shit, paid shit, often work in a shit windowless room in the basement and often have shit short-term contracts.

"Unfortunately, it seems that it is only after such an event that something gets done. Until then complacency seems to rule."

8
0

Default deny

What about creating a default-deny state on computers?

Meaning any kind of program (whether software or hardware) will not be able to run - at all - until their existence have been verified and approved by the operator?

The only drawback to this is that you'll be overwhelmed with a plethora of access requests, or that somebody who don't understand the implications, will grant running rights to a nasty piece of malware.

0
0
Joke

Re: Default deny

Windows Vista says "Hi!".

14
0
Bronze badge

Re: Default deny

Windows Vista says "Hi!".

DAMMIT MAN, you beat me to it!!!!

0
0
Anonymous Coward

Re: Default deny

"The only drawback to this is that you'll be overwhelmed with a plethora of access requests, [...]"

Which then becomes a human default "accept". Alarms should only go off in exceptional circumstances - so they get full attention. Several aircraft accidents were attributed to too many alarms with similar sounds - most of which were signalling events of low importance.

For reasons I have not yet found - W7 always asks for permissions to run a succession of standard motherboard utilities after starting a "Limited" user login. Why it doesn't remember the "Yes" is frustrating. The intention was to stop malware taking advantage of an "Administrator" privilege login. However - all these alarms will lead to the user either wrongly saying "Yes" on one occasion - or them switching to using the "Administrator" login permanently.

2
0
Roo
Silver badge
Windows

Re: Default deny

"What about creating a default-deny state on computers?"

Default deny is one way of looking at it, it may be more constructive to turn it on it's head and say "what shall I allow this operation to read/write/execute ?"... ie: Capabilities a la KeyKos. Simple to understand, safe by default (ie: you have to load the gun before blowing your toes off), but please don't let the vista UI bods skin it... Instead of supplying signed vendor supplied templates for apps they would insist on swarms of dialogs to swat down.

0
0

Re: Default deny

Already done.

Linux doesn't allow execute mode at all UNLESS the admin first permits (a mount with "noexec" disables all executables...)

0
0
Anonymous Coward

Good beginning, missing middle and end

It was all a nice tutorial on MMUs, and then I turned to the final page expecting mention of memory safety, stack-smashing, ASLR, segmentation, capabilities, iMPX, formal verification, sandboxing, language runtimes and ... was disappointed.

As for the 'if we had a hardware restriction between kernel and userland we wouldn't have problems', I can only point you at XKCD:

http://xkcd.com/1200/

And, for the record, my last computer without an MMU was a BBC Micro.

10
0

wrong on two counts

I have no reason to question the author's knowledge on the history of computing (I didn't study the article too closely) but he makes two fundamental misjudgements about the nature of people.

Firstly, many (and an increasing number of) computer attacks do/will not arise from a lack of hardware/operating system protection; they come from things like social engineering attacks - fooling the naive user into doing something they don't understand.

Secondly, we are now in 2014 yet still a large proportion of the worlds population does not have access to drinking water, and any relatively rich nation spends a large proportion of its wealth on going to war (and inventing machines to kill people). Over half the world's population still believes in God for f***s sake. Humanity is simply not rational nor capable of acting in the best interests of the whole world.

9
3
Silver badge

Re: wrong on two counts

Humanity tends to act in the best interests of the individual human concerned.

0
0

Re: wrong on two counts

@ Tim 11

Over half the world's population still believes in God for f***s sake.

And what, pray tell, does this have to do with the subject at hand?

Otherwise, a fine post.

4
3
Silver badge

Re: wrong on two counts

> And what, pray tell, does this have to do with the subject at hand?

I think he is saying that a still significant number of people are incapable of the clear and rational thought required for solving computing issues of this kind.

I do agree with one thing previously mentioned, that the fact that there is no clear distinction between what is operating system and what is application, and that which sits in some ambiguous area in the middle. Better, clearer segregation between the two is essential for good design.

There is a good argument in the microkernel world for the idea that a smaller kernel is better for security, but in some ways that has the additional problem of pushing the issue out into the wild west of user space.

6
1
Anonymous Coward

Re: wrong on two counts

"Over half the world's population still believes in God for f***s sake.

And what, pray tell, does this have to do with the subject at hand?"

If the subject at hand is based on science, engineering, and technology, which are meant to be objective and evidence-based, then surely the relevance is obvious.

If, on the other hand, you believe that science, engineering, and technology should be largely based on faith and fashion, then there's a management job for you in the "IT industry".

3
3

Re: wrong on two counts

@ Tim 11

Over half the world's population still believes in God for f***s sake.

And what, pray tell, does this have to do with anything under discussion.

I believe that somewhere I read that the Reg does not do creationism. Neither should it do the brand of categorical atheism that claims to have proof for the non-existence of any and all of the diverse concepts that different people chose to tag with the name "God." (Not suggesting Tim 11 did that. But, by implication is leans sharply in that direction.)

Otherwise, this is a good and thoughtful post.

To be honest, I sincerely appreciate the motivation for Tim 11's angst. It is an understandable and rational response to the myriad atrocities and injustices perpetrated in the name of God. On the other side, atheists have done no better.

1
0
Silver badge

Re: wrong on two counts

> It is an understandable and rational response to the myriad atrocities and injustices perpetrated in the name of God. On the other side, atheists have done no better.

Well, I'm an atheist and I don't remember ever committing any atrocities. As a non-theist, I cannot think of a single reason why I or anyone else would want to. It takes the suspension of rational common sense and personal responsibility to commit atrocities in the name of religion and we see the worst examples of people being total jerks to each other only in those places where religion or a quasi religious form (hero worship, dogmatic obedience: so yes, naziism and the Russian form of "communism" does count) are predominant.

2
0

Learning curve

Perhaps the most important issue that the author points out is the broken learning curve. The rise of MS-DOS/Windows is like the downfall of the Roman Empire, which stalled any progress in Europe for 1000 years. The concepts of VAX VMS and Unix were implemented in the 70's, which offer strong foundations to build a secure system. The Morris Worm, exploiting a mailer bug, does not invalidate this.

Were these systems given the opportunity of growth and scale of use comparable to current Microsoft use, internet would be safer. Think of it, Microsoft builds operating systems since the late 80's. Still the list of issues on every patch Tuesday is chilling.

So after 25 years of windows, with billions of copies sold, it is still bad due to the design issues pointed out by the author. But hey, why would they with 95% market share, no competition and super tankers full of dollars unloading every year.

18
2

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums