OSDev.org

The Place to Start for Operating System Developers
It is currently Sun Apr 30, 2017 8:18 pm

All times are UTC - 6 hours




Post new topic Reply to topic  [ 5 posts ] 
Author Message
 Post subject: OS Secruity
PostPosted: Sat Apr 22, 2017 2:07 pm 
Offline

Joined: Sat Apr 22, 2017 1:40 pm
Posts: 1
I think this is what the future holds in some form or another. Either...

A) Devices are just slaves that stream content from a cloud server and only know how to operate on basic input hardware but do no "thinking". OR

B) Subscribers are forced to net boot into a login screen that once credentials are supplied are given an obfuscated(headers, standards), randomized(load order), and even encrypted. Then the OS loads your saved content being either encrypted from the last session or decrypted being some sort of IoT standard. Now only the system understands how to communicate with itself which is where some sort of internet cloud based application layer downloads the code*not to be confused with the content* of the applications you are subscribed too that are custom to your OS. Even programmers can write non specific code and submit it to said company too in theory run on any completely "random" system.

C) We continue to make fixed systems and constantly patch security holes in a snake eating itself scenario. Leaving only non public OS software mostly unaffected.


Top
 Profile  
 
 Post subject: Re: OS Secruity
PostPosted: Sat Apr 22, 2017 4:10 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 774
Location: Athens, GA, USA
aliceinchainz wrote:
A) Devices are just slaves that stream content from a cloud server and only know how to operate on basic input hardware but do no "thinking". OR

B) Subscribers are forced to net boot into a login screen that once credentials are supplied are given an obfuscated(headers, standards), randomized(load order), and even encrypted. Then the OS loads your saved content being either encrypted from the last session or decrypted being some sort of IoT standard. Now only the system understands how to communicate with itself which is where some sort of internet cloud based application layer downloads the code*not to be confused with the content* of the applications you are subscribed too that are custom to your OS. Even programmers can write non specific code and submit it to said company too in theory run on any completely "random" system.


Both of these models have been tried numerous times before, most recently with things like the Chromebook, with what could be politely described as mixed results.

The former is basically a return to timesharing and dumb terminals, which was terrible in 1967 and would still be terrible today. The entire computer revolution got its impetus from trying to get away from that, even if it meant using a box the size of a small microwave oven which initially had 256 bytes of RAM, a 4-slot passive backplane with the CPU and memory each filling one slot, no permanent storage, and no I/O except a set of toggle switches and red LEDs, all for the price (as an unassembled kit, soldering gun not included) of $440 US (1976 dollars - about $2000 today). Timesharing was just so bad that the Altair sold faster than they could make the kits, despite being about as useful as a Yugo with the axles removed.

The latter are what were called 'diskless workstations' (I think you can guess what people actually called them :roll:), 'thin clients', and 'netbooks', all of which were conspicuous and costly failures in the market. The Chromebook and the various modern tablets are the closest thing to a successful version of that, and you will note that even they have significant amounts of local storage and can (technically) operate offline.

It isn't so much that it is a bad idea, per se, as it is an extremely impractical and onerous solution that most consumers hate with a passion. Most users would rather put up with their computers running like a dead tortoise and having their credit card information and SSN stolen about once every nine months, than deal with either of those solutions, as foolish as it might sound. The reason PC security is awful isn't because PC operating systems are awful (well, not just because of that), but because 99% of the users are less inconvenienced by poor security than they would be be replacing what they have. Which should tell you all you really need to know about how actual consumers see the world vs how we as engineers do - and if you think they are the crazy ones, you are probably in for a rude awakening.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
 Post subject: Re: OS Secruity
PostPosted: Sat Apr 22, 2017 5:23 pm 
Offline
Member
Member

Joined: Mon Jul 05, 2010 4:15 pm
Posts: 471
aliceinchainz wrote:
I think this is what the future holds in some form or another. Either...

A) Devices are just slaves that stream content from a cloud server and only know how to operate on basic input hardware but do no "thinking". OR

B) Subscribers are forced to net boot into a login screen that once credentials are supplied are given an obfuscated(headers, standards), randomized(load order), and even encrypted. Then the OS loads your saved content being either encrypted from the last session or decrypted being some sort of IoT standard. Now only the system understands how to communicate with itself which is where some sort of internet cloud based application layer downloads the code*not to be confused with the content* of the applications you are subscribed too that are custom to your OS. Even programmers can write non specific code and submit it to said company too in theory run on any completely "random" system.

C) We continue to make fixed systems and constantly patch security holes in a snake eating itself scenario. Leaving only non public OS software mostly unaffected.


That answer is C, we have to constantly patch security holes and this also applies if the A or B path is taken.


Top
 Profile  
 
 Post subject: Re: OS Secruity
PostPosted: Mon Apr 24, 2017 11:27 am 
Offline
Member
Member
User avatar

Joined: Sun Jul 14, 2013 6:01 pm
Posts: 281
aliceinchainz: maybe this sounds pessimistic, but i dont think this area is having a future. there is basically 2 kind of data:

1. your public data, its free to be accessed by anyone. this means your pictures of your summer vacation, your public pictures of your family. you have it uploaded to public, or semi-public places like social networking sites, cloud shares, on your cell phones, etc

2. your private data. you protect this, you carry it with yourself, if you upload it, you are uploading it with encryption. this includes your works, your contracts, your personal documents, your source codes, your private photos, list of your business contacts, money transactions, private and health documents, business secrets, emails.

most of people dont have the second, they are perfectly fine with sharing they online life, however, that kind of person is not contect creator, its strictly a content consumer. content creators need having both the two points.

the question is, can this notably evolve into something else? there can be better tools to encrypt and upload data to virtual online drives easyer than the current ones, there can be better wireless devices with better software sets giving great data share access possibilities for the users. maybe there will be better file sharing protocols in the future. maybe the whole networking will be replaced one time.

but there is prety much just this two great category of data handling, and if we think on internet, and cloud integration into an OS, the industry alreday invented all, and the facebook-type exhibicionism became the primary type of user data handling behavior.

i dont think these areas will change in any forms, becouse it did changed in the last 3-10 years INTO this direction, and the evolution of this data handling is seems to be finished, both on business and both on social levels. encrypted file system drivers are also finished (veracrypt, tcnext). there is nothing left to invent, just to make better integration and compatibility with the existing conceptions.

_________________
Operating system for SUBLEQ cpu architecture:
http://DawnOS.tk


Top
 Profile  
 
 Post subject: Re: OS Secruity
PostPosted: Mon Apr 24, 2017 12:56 pm 
Offline
Member
Member
User avatar

Joined: Fri Oct 27, 2006 9:42 am
Posts: 774
Location: Athens, GA, USA
@Geri: @aliceinchainz seems to be discussing the issue of software distribution, and where processes actually are running, rather than the storage of user data. This is not to say that the two are easily separable, and bringing the topic up is welcome, but the main issue seems to be along the lines of DRM on the corpse-rat level, rather than visibility of personal information - or of the dinner plate photos, cat videos, gamification achievement announcements, and so forth that are the primary forms of 'content' created by average users.

As to my thoughts on how to solve either of those problems - well, I shall keep my own counsel on that, as most of the regulars here already know what my answer would be even though doesn't have a snowball's chance in Hell of getting adopted.

_________________
Rev. First Speaker Schol-R-LEA;2 LCF ELF JAM POEE KoR KCO PPWMTF
μή εἶναι βασιλικήν ἀτραπόν ἐπί γεωμετρίαν
Lisp programmers tend to seem very odd to outsiders, just like anyone else who has had a religious experience they can't quite explain to others.


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 5 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: No registered users and 2 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group