Are 'good' designs really worthwhile?

[RUMyMummy]

Are hobby OSs really "worthwhile"?

If you plan on creating a commercially successful enterprise, then marketing strategy is certainly more important than design. But if your purpose is hobby programming for self-satisfaction, does anything other than the design really matter?

While sacrificing security for the sake of "user-friendliness" is a well-known strategy for selling software to naive corporations that have little experience with the net, they all grow out of it pretty soon.

[piranha]

Are hobby OSs really "worthwhile"?

hell yes.

-JL

[Aku-Aku]

I completely disagree that a secure OS is impossible. It is rather easy in fact. It is just very had to make it secure *and* efficient enough to be usable.

My opinion is same. There is a good example (and i am sure there are more) the OpenVMS operating system. This system was an competitor at Def Con 9, the Largest Underground Hacking Convention of world. A short quote from the VMS team member:

> The Head Goon singled out the VMS Server with it's webpage contents and
> continual service under wave after wave of Hacker attack as Cool and
> Unhackable.

As i know they were asked no more attend on this tournament. That is too distressing there is a really secure system

[Zacariaz]

My oppinion on this is very straight forward.
1. I create an os.
2. Programmers are free to program whatever they want for this os, but if they do not follow the strict rules i lay out for them and their software aren't safe, it won't be approved by me, thus won't be included in the trunk. People fo course can still use the software, but i will make sure they know it isn't safe. Alittle like the windows popup when you try to run a file that aren't approved by microsoft, only this will actually serve a purpose.

[Brendan]

Hi,

2. Programmers are free to program whatever they want for this os, but if they do not follow the strict rules i lay out for them and their software aren't safe, it won't be approved by me, thus won't be included in the trunk. People fo course can still use the software, but i will make sure they know it isn't safe. Alittle like the windows popup when you try to run a file that aren't approved by microsoft, only this will actually serve a purpose.

I'm too lazy to waste "weeks per application" checking for bugs the applications developers may have missed - it's much faster to spend a few extra days to get the CPU to do most of the checking automatically, and much more reliable.

For a closed source commercial application how will you know if it's safe or not? Will you tell commercial companies who want to support (and promote) your OS to go away because you can't spend ages doing a half-assed check of their (closed) source code?


Cheers,

Brendan

[Zacariaz]

Hi,

2. Programmers are free to program whatever they want for this os, but if they do not follow the strict rules i lay out for them and their software aren't safe, it won't be approved by me, thus won't be included in the trunk. People fo course can still use the software, but i will make sure they know it isn't safe. Alittle like the windows popup when you try to run a file that aren't approved by microsoft, only this will actually serve a purpose.

I'm too lazy to waste "weeks per application" checking for bugs the applications developers may have missed

Of course one person can't do it and of course other ways of dealing with it must be considered.

- it's much faster to spend a few extra days to get the CPU to do most of the checking automatically, and much more reliable.

Faster for you yes, but as with everything else there's pros and cons. You have to make the choise whether you want to walk the extra mile or not.

For a closed source commercial application how will you know if it's safe or not? Will you tell commercial companies who want to support (and promote) your OS to go away because you can't spend ages doing a half-assed check of their (closed) source code?

Closed source will simply not be included in the trunc.

Cheers,

Brendan

Of course there would also be some sort of unstable/testing phase where people who chooses to can use the software and then after a periode of time, if nothing bad turns up, it will be included in the trunc.

Of course the os developer has to do something too, but this is not the way i imagine it.

As of right now I'm thinking of implimenting and automated bug repport telling the developer and trunc manager which piece of software acted up and hopefully also why. This will not be as "easy" but in return, hopefully, you'll end up with far less "sloppy" code.

edit:
Just to make it perfectly clear.
It is NOT the responsebility of the os developer to correct bug and stuff in other peoples applications. The only thing the os developer has to manage be conserned with is which applications qualifys to be included in the trunc, testing and unstable.

[earlz]

if I made an OS, all web browsers would be forced to implement spell checking...

[wildhalcyon]

While I agree that commercial OSes have usability problems that they need to address, protecting code and making the environment secure is something I don't think should be sacrificed.

[jeff_grimshaw]

Hey, lollynoob, nice thread. Really, it's workth thinking about.

I've been wondering lately, how long has it been since operating systems were designed to be operated?

The answer is "not very long". It just depends on who your "operators" are. For instance:

Overall, the end-users loved their C:\>.

Well, sort of. Computer professionals (aka Operators) did indeed, and do still, love their C:> (or their $>). However, these are not the majority of end users. Most users in the DOS era only saw C:> long enough to type wp or quicken or some such and get on with their work.

My point is that design, like anything else that involves taste and judgement, is subjective. Different prople will decide differently based on their own criteria. The best you can do is clarify your own criteria, make it explicit and design a system that makes you happy.

Now for the cheap shot:

Memory protection was developed to save users from unanticipated program errors.

There, fixed that for you. Glad to hear you write bug-free code. And all the libraries you use are bug-free as well. And your device drivers and ...

[jal]

That why my OS does not have any protection, just like the XBOX. And i would say the xbox was successful and from all the homebrew thats been made, i do not see many virus.

No, but that's because the XBOX is a very closed system. You cannot run your own code, all code must be signed etc. They have very tight security at the door, just not much within. XBOX has a huge fence with motion sensors, burglar alarm, bars in from of its windows and 20 locks on the door. Once you're in however, you are free to do as you please. But you don't get in that easily!


JAL

[Dex]

That why my OS does not have any protection, just like the XBOX. And i would say the xbox was successful and from all the homebrew thats been made, i do not see many virus.

No, but that's because the XBOX is a very closed system. You cannot run your own code, all code must be signed etc. They have very tight security at the door, just not much within. XBOX has a huge fence with motion sensors, burglar alarm, bars in from of its windows and 20 locks on the door. Once you're in however, you are free to do as you please. But you don't get in that easily!


JAL

But to run "homebrew" you need a mod chip, alot of gamer's chose and pay more to take the fence etc down.
Now i do not see a load of virus hitting gamers with mod chipped consoles.
Now the point is because, virus nolonger do damage, but are used for things like bots etc, So unless you have at least 20% useage no one want to write a virus for your OS.
As it all about making money.

[Brendan]

Hi,

But to run "homebrew" you need a mod chip, alot of gamer's chose and pay more to take the fence etc down.
Now i do not see a load of virus hitting gamers with mod chipped consoles.
Now the point is because, virus nolonger do damage, but are used for things like bots etc,

I'd say the point is: if all your code is on (read only) ROM chips or (read only) CD-ROMs, you don't need to worry much about anyone writing a virus because the virus can't modify any code anyway, and therefore can't be executed.

So unless you have at least 20% useage no one want to write a virus for your OS.

Are you sure that's around the right way? IMHO if someone can write a virus for your OS, then you'll never have at least 20% usage (because less than 20% of people are stupid enough to rely on an insecure OS for anything more important than some "save game" files).

For general purposes OSs performance isn't the issue - a protected/secure OS will spend 90% of it's time idle, while an insecure OS will spend 91% of it's time idle. The real issue is whether or not the OS developer has the skills and time to implement effective protection/security. For most of us, time is a huge factor (there's never enough of it), and if anyone says they don't have time to implement protection/security in their hobby OS and doesn't care if anyone ever uses their OS, then that's fine. All other "reasons" are just excuses IMHO.


Cheers,

Brendan

[Dex]

@Brendan, Some times its easy to get blinkered in your thoughts, what is the highest priority to you Brendan, is of less priority to others.
This does not mean they are less able or lazy, as no one who is any of these things will get far in OS Dev.
The people who are successfully in OS Dev are coders who have a clear design and strong convictions of what the OS is for ( which you do with your OS and security is one of the highest priority).

I for one am very happy with linux as a desktop OS, so from the start have never seen the need for me to code a desktop OS, but at the same time i like experimenting with new ideas, coding custom software to do custom things, when trying to do such things in linux, i was fighting with the OS, what i wanted was something like a supper Dos, a modern ver, I would not use such a OS as a desktop, but for things like running my CNC lathe, mills etc.
I could not find such a OS so i made one, so from the start i had a list of what this OS needed, and direct access to hardware etc was very important, but security was not.

I would put you as one of the most knowledgeable codes on the forum, but as such you should ask them the ?, what is the OS for, if the answer is a full blown desktop OS, then by all means say less than 20% of people will be stupid enough to use it without good security.
But depending on the reply, you should advise them one way or the other, but bad coders is not justified, if there OS does not do what it supose to or crash everyones PC, then sure there bad coders, but not if it does what they coded it to do, but you disagree with the design.


You say performance isn't the issue, but it is a big issue, not in CPU terms, but in peoples time, take XP and vista as a example, most experts will say vista is more secure, but most people do not like vista, and one of the big reasons is all the secure pop ups that people would turn off, which will really help security.

Regards Dex

[packet50071]

i don't get how people get virus 0_o , I used my computer for 4 years with out any anti virus and firewall and never got a virus.

I think Os should be really secure and stable. its not the programmer's job or the user's job to do things safely. A os should never ever crash cause of a other program
Os should also at the same time allow users to do what ever they want if they want to do it with out too many pops ups ( like most of the anti virus that is available to day) .

[lollynoob]

I think Os should be really secure and stable. its not the programmer's job or the user's job to do things safely.

Have you ever programmed anything before? It sure as hell is your job to do things safely. Also, how is it not the user's job to operate their computer safely? The operating system isn't there to hold your hand and make sure you don't delete everything by accident.

Os should also at the same time allow users to do what ever they
want if they want to do it with out too many pops ups ( like most of the anti virus that is available to day) .

How is this relevant? Are you saying the quality of an operating system relates to how many pop-ups it has?

If you don't know what you're talking about, don't post.