Interresting discussion

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Interresting discussion

Bugzilla from daniel.mantione@freepascal.org

Nice to find these discussions in the wild :)

http://www.osnews.com/comment.php?news_id=13749&offset=10&rows=15&threshold=-1#98071

Only the 6mb exe urban myth stays floating around :/

Daniël
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Florian Klämpfl
Daniël Mantione wrote:
> Nice to find these discussions in the wild :)
>
> http://www.osnews.com/comment.php?news_id=13749&offset=10&rows=15&threshold=-1#98071
>
> Only the 6mb exe urban myth stays floating around :/

Well, without striping ...

Another point is that people think managed enviroments are better which wrong
imo. I don't see the point of a managed environment when a secure operanting
system is used.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Michael Van Canneyt


On Wed, 22 Feb 2006, Florian Klaempfl wrote:

> Daniël Mantione wrote:
>> Nice to find these discussions in the wild :)
>>
>> http://www.osnews.com/comment.php?news_id=13749&offset=10&rows=15&threshold=-1#98071
>>
>> Only the 6mb exe urban myth stays floating around :/
>
> Well, without striping ...
>
> Another point is that people think managed enviroments are better which wrong
> imo. I don't see the point of a managed environment when a secure operanting
> system is used.
EXACTLY !!

I've been saying this for years. There is no need for a managed
environment if the host OS does it's job correct...

But both Sun and Microsoft propagate another story :/

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Florian Klämpfl
Michael Van Canneyt wrote:

>
>
> On Wed, 22 Feb 2006, Florian Klaempfl wrote:
>
>> Daniël Mantione wrote:
>>> Nice to find these discussions in the wild :)
>>>
>>> http://www.osnews.com/comment.php?news_id=13749&offset=10&rows=15&threshold=-1#98071
>>>
>>>
>>> Only the 6mb exe urban myth stays floating around :/
>>
>> Well, without striping ...
>>
>> Another point is that people think managed enviroments are better
>> which wrong
>> imo. I don't see the point of a managed environment when a secure
>> operanting
>> system is used.
>
> EXACTLY !!
>
> I've been saying this for years. There is no need for a managed
> environment if the host OS does it's job correct...

In fact, the host OS provides a managed environment :)

>
> But both Sun and Microsoft propagate another story :/
>
> Michael.
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> fpc-pascal maillist  -  [hidden email]
> http://lists.freepascal.org/mailman/listinfo/fpc-pascal

_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Jonas Maebe-2

On 22 feb 2006, at 10:43, Florian Klaempfl wrote:

>> I've been saying this for years. There is no need for a managed
>> environment if the host OS does it's job correct...
>
> In fact, the host OS provides a managed environment :)

I don't think there are many host OS'es out there which e.g. only run  
signed applications. The fact is that for some purposes, none of the  
current OS'es "does its job correctly" in that sense. Just use the  
right tool for the job, I personally don't understand all this  
hostility against managed environments (except as a reaction against  
claims that they are always much better than unmanaged environments,  
but overdoing it in the other direction isn't going to get the  
discussion anywhere).


Jonas
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Michael Van Canneyt


On Wed, 22 Feb 2006, Jonas Maebe wrote:

>
> On 22 feb 2006, at 10:43, Florian Klaempfl wrote:
>
>>> I've been saying this for years. There is no need for a managed
>>> environment if the host OS does it's job correct...
>>
>> In fact, the host OS provides a managed environment :)
>
> I don't think there are many host OS'es out there which e.g. only run signed
> applications. The fact is that for some purposes, none of the current OS'es
> "does its job correctly" in that sense. Just use the right tool for the job,
> I personally don't understand all this hostility against managed environments
> (except as a reaction against claims that they are always much better than
> unmanaged environments, but overdoing it in the other direction isn't going
> to get the discussion anywhere).

Well, the very idea of a program running in a managed environment which by
itself is also a managed environment seems like a waste of resources.
Secondly, too many links in the chain makes it easier for the chain to break...

The advantage of running 'signed' applications also eludes me. Even so,
provided you really want that, you could easily integrate that in the OS,
without having a new managed environment...

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Jonas Maebe-2

On 22 feb 2006, at 11:26, Michael Van Canneyt wrote:

>> I don't think there are many host OS'es out there which e.g. only  
>> run signed applications. The fact is that for some purposes, none  
>> of the current OS'es "does its job correctly" in that sense. Just  
>> use the right tool for the job, I personally don't understand all  
>> this hostility against managed environments (except as a reaction  
>> against claims that they are always much better than unmanaged  
>> environments, but overdoing it in the other direction isn't going  
>> to get the discussion anywhere).
>
> Well, the very idea of a program running in a managed environment  
> which by
> itself is also a managed environment seems like a waste of resources.

The environments have different management capabilities. The OS  
manages the hardware and provides an interface between the hardware  
and the software. These managed environments pure manage software.  
They don't have a compatibility scourge to deal with, and therefore  
can break paradigms which are widely in use but which are inherently  
insecure (such as pointers) or which make programs unverifiable (self-
modifying code, data-in-code and code-in data, code flow which is  
impossible to determine etc).

> Secondly, too many links in the chain makes it easier for the chain  
> to break...

I don't think a managed environment is easier to break than in case  
you try to stuff all those things in an already existing environments.

> The advantage of running 'signed' applications also eludes me. Even  
> so,
> provided you really want that, you could easily integrate that in  
> the OS,
> without having a new managed environment...

Then you have to integrate it in every OS, bolting it on on  
structures which were never designed for such things. It can be much  
safer and sometimes even easier to start from scratch and build  
something from the ground up which was made for this purpose. A bit  
like the difference between adapting Turbo Pascal into a 32/64 bit  
retargettable compiler (I wonder whether Borland wouldn't have  
advanced faster if they started Delphi from scratch rather than  
reusing stuff from TP in the beginning) and starting Free Pascal  
(should that have been a possible choice back in the days).


Jonas
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal
Reply | Threaded
Open this post in threaded view
|

Re: Interresting discussion

Michael Van Canneyt


On Wed, 22 Feb 2006, Jonas Maebe wrote:

>
> On 22 feb 2006, at 11:26, Michael Van Canneyt wrote:
>
>>> I don't think there are many host OS'es out there which e.g. only run
>>> signed applications. The fact is that for some purposes, none of the
>>> current OS'es "does its job correctly" in that sense. Just use the right
>>> tool for the job, I personally don't understand all this hostility against
>>> managed environments (except as a reaction against claims that they are
>>> always much better than unmanaged environments, but overdoing it in the
>>> other direction isn't going to get the discussion anywhere).
>>
>> Well, the very idea of a program running in a managed environment which by
>> itself is also a managed environment seems like a waste of resources.
>
> The environments have different management capabilities. The OS manages the
> hardware and provides an interface between the hardware and the software.
> These managed environments pure manage software. They don't have a
> compatibility scourge to deal with, and therefore can break paradigms which
> are widely in use but which are inherently insecure (such as pointers) or
> which make programs unverifiable (self-modifying code, data-in-code and
> code-in data, code flow which is impossible to determine etc).

This is all true, but none of these cannot be handled by the OS.
No-one said that an OS has to apply the same rules to user-space
programs and to device drivers. In fact, most don't...

>
>> Secondly, too many links in the chain makes it easier for the chain to
>> break...
>
> I don't think a managed environment is easier to break than in case you try
> to stuff all those things in an already existing environments.

It's not about breaking in.
But 2 cooperating programs break down easier than 1.

>
>> The advantage of running 'signed' applications also eludes me. Even so,
>> provided you really want that, you could easily integrate that in the OS,
>> without having a new managed environment...
>
> Then you have to integrate it in every OS, bolting it on on structures which
> were never designed for such things.

Now you must rewrite your engine on each OS. To do that, you must build some
kind of OS-asbtraction layer if you don't want to re-implement from scratch,
so, it's the same thing as far as I can see...

Anyway, it's not really worth the discussion. It exists, people use it...

Michael.
_______________________________________________
fpc-pascal maillist  -  [hidden email]
http://lists.freepascal.org/mailman/listinfo/fpc-pascal