Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - sunseeker2k

Pages: [1]
1) If this router-specific problem can't be solved (s. below), connecting the C128 via TOR to the internet MIGHT be a solution for this (assuming that TOR could be considered to be 'secure', which I doubt though).
2) You are absolutely right that this problem regarding flashable routers is a big problem. I'm not sure though whether this really applies to all (affordable) routers, e.g.:
[Among all routers I compared regarding their possible vulnerabilities this at least appeared to be the most reasonable choice.]

But this is exactly what I wanted to stress: Of course no computer could ever provide any kind of security if you 'invite the NSA for a cup of tea' (granting anyone physical access) - However, modern systems don't need any kind of physical access but can simply be 'patched' by remote access (s. above).
Preventing physical access is much easier to achieve than preventing your system to be patched by remote access. And I would assume that (just as an example) a C128 being connected to the internet can't get 'patched' by receiving packages containing those magic numbers, which is the case for modern systems' network devices (including the consequences of this).

BUT still you are right that Linux, BSD or any other OS running on such a system would still have many vulnerabilities - I think the first step should be to minimize the attack surface, and this is most definitely the existence of firmware that can be patched by remote access. Once you have closed this fundamental security hole you can start to figure out how a secure OS could be implemented on a secure hardware.

Kind regards



I'm sorry for replying on this after one year - I've been so busy with several things that I missed checking the thread for replies, and it was just yesterday when I saw the very interesting reply posted by g4ugm.

I already sent him a PM, because his comment really aroust my interest regarding this particulat issue mentioned by him ("ROM routines gets coied to RAM at startup to allow patching"), but maybe there are some other people being interested in this aspect and know some stuff about this matter, so I'm going to address this issue in this thread as well, mainly quoting the PM I already sent, since that basically contains the relevant part.

Having thought about what g4ugm wrote, I think that he is right with his objection that even the Z80 can't  be considered as being 'bullet-proof' regarding the question whether it would be 'patchable' in some way or not. I think the same issue (ROM routines getting copied into the RAM, therefore making them patchable) applies to the 6502 and related CPUs.
Does anyone know know a platform/system where this is not the case?
Or better still: Any system where this would not be the case AND which would be suitable for using it with a (minimalistic) implementation of Unix (like LUnix for 6502 based systems or Cromix Z80 based systems) or BSD?

I don't know whether you are interested in security-related issues as I am. After having done years of research on this I can definitely say that all those (OS or in another way software-based) approaches currently being developed for this purpose all create the opposite effect by making people 'build their own honeypot'. E. g. running QubesOS (an approach based on virtualization) on any kind of hardware which is being used these days will probably give people the perfect illusion of having found a '100% secure solution' - Until their network device receives packages containing 'magic numbers' which first set it into 'maintenance mode' allowing the network adapter's firmware to get 'patched', and from this point on it's no problem that the whole 'QubesOS stronghold' gets 'maintained' (which got demonstrated quite a while ago already, but obviously people are not interested in the largest attack surface, which is their hardware and not their OS/software).
Even when not considering this specific aspect, I wouldn't even trust open-hardware x86/x64 based solutions for related reasons (To mention only one among endless reasons for this: I remember a QubesOS security bulletin, which informed about that fact the XEN developers (!) openly admitted that they can't be 100% sure anymore whether they understand every single piece of the current x64 architecture, since it just became too complex - And it should be clear what this implies in regard to the security of QubesOS, which totally relies on XEN).

I once talked about this topic with developers of GNU Hurd, who are quite aware of all this, but believe that they can overcome those problems by the approach of isolation. I wouldn't be able to find better words than one of those guys, who (quoting from my memory) was able to put this whole fundamental issue in a nutshell by saying, "Well yes, it's a matter of fact that a modern computer can't be considered as being one system, but as multiple systems, which partly run independently while still being able to access/manipulate the other systems." (Maybe the ACPI subsystem is one of the best examples for this - But there are enough other components being affected by this as well [PCI components etc.].)

So that's the concrete reason why I'm very interested in this topic and think that it should be considered as being very important for finding ways to ensure informational security (if this is required).

Thanks in advance for any opinions and kind regards



most people will probably know that not only every modern PCs include a whole bunch of HW components, which contains (patchable / modifiable) firmware: Looking at x86 based HW, this fact is valid at least since the introduction of the PCI standard - Virtually every PCI component contains such firmware, and it can be said for sure that since a certain point of time those firmware components could also be 'patched' not just by physical, but also by remote access (if anyone should be interested in this: much more info on this can be found on etc.). This possibility of firmware being able to get patched / modified by remote access (to give a concrete example on how this can be done: e. g. network devices receive so-called 'magic numbers', which set them to a certain mode - from this point on not only the network device, but the whole system can get 'patched' / compromised [I don't want to go much into details on that, but the introduction of the ACPI standard made this procedure become much more easily]) could be considered as a 'flaw in design (on purpose)' security risk, which would apply to this whole issue.

Now my big question is: Which HW architecture (or a concrete microcomputer) would 1) not contain ANY patchable firmware components, while 2) providing the highest performance / usability?

E. g., I could say that this would apply to the C128, which has a quite powerful Z80 CPU inside (and which would allow running a custom designed Linux / 'Linux-like' distro on it, and which would also allow someone to access the internet for basic things like sending e-mails).

In my opinion, this would not applicable for any Amiga model - But what about other systems based on the 68000 CPU (which would be probably more suited for running a Linux distro on it and providing internet connectivity / usability / performance compared to the Z80 CPU), like the original Apple Macintosh or Atari ST models?

Any hint on this would be highly appreciated.

A very important point is: There is no flashable component on a C128 and the same would probably apply for many 68000 (maybe even 68020 ) systems [I would be curious about this latter question]. And you don't need a floppy or cassette for the C128, you could put it all together on a non-flashable cartridge.

With the introduction of the x86 architecture you could forget security: Flashable PCI, BIOS, etc... I don't think that was being made used of in the first days, but it is surely the case now and it is fascinating to know what can be done by making usage of the ACPI tables...

Some people would say: Use QubesOS (with the latest Intel-VT). I would answer: Wasn't there something around 1975 between IBM and the developers of DES? Why should anyone trust any Intel-VT? That is totally crazy - A secure system is just impossible on x86 architecture.

Thank you very much for your reply, which is quite an in-depth analysis!

Do you know if there are any PGP/GPG implementations available for CP/M? If not, I guess it would be not that difficult to port it? What about TOR regarding this question?

And how could the potential of manipulating CP/M in regards to security (up to the point of virtualizing the system) be compared to Linux/Minix/Unix?

Thanks in advance!

Hi everyone,

since this is my first post, I'll use it as a short introduction as well. I'm from Germany, I got my first computer, a C64 when I was 12, and virtually the only stuff I did with it (but this to a quite extensive degree) was learning BASIC and 6502 machine code / assembler  programming by myself. A while ago I bought a used C128 and now I'm excited to get the converter which shall convert the audio and video signal to HDMI (according to reviews it really works).

The C128 has two CPUs, an 8502 @2 MHz and a Z80 @4 MHz. It can't make use of them simultaneously, and the 8502 runs on Commodore BASIC while the Z80 runs on CP/M.
Many people are surprised, when they hear that there were Linux(-like) systems developed which worked on the C64/C128. However, there are some, for example LUnix:
Now the Z80 is a really powerful processor: It has more instructions (there are also negative points concerning the architecture though), but even it's clocking on the C128 (4 MHz) is quite high for that time. And I think it's just incredible that you can overclock it to 80 MHz with a lot and to around 20 MHz with relatively little effort (Sorry I can't find the links right now). The 80 MHz set-up involved a water-cooling, so that would not really fit to the C128. But I think 20 MHz could be realized, maybe one would have to use a little bit bigger cover so that a good cooler could fit.

Now my question is: Why was there never a Lunix(-like) OS coded for the C128 running on its 4 MHz? It's obvious that you can't do much with such an OS on a C64 with 64k RAM, but I think if clever coding is being done, then it would run quite smoothly on a C128 Z80 @20 MHz with upgraded RAM.
Did this post really give any well-grounded reasons to say that it would not or only hardly possible?

I would be really curious what others think about this.

Thanks in advance!

Pages: [1]