From mboxrd@z Thu Jan  1 00:00:00 1970
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	autolearn_force=no version=3.4.4
X-Google-Language: ENGLISH,ASCII-7-bit
X-Google-Thread: 103376,8623fab5750cd6aa
X-Google-Attributes: gid103376,public
Path: 
 g2news1.google.com!news1.google.com!news.glorb.com!wn13feed!worldnet.att.net!12.120.4.37!attcg2!ip.att.net!news.binc.net!kilgallen
From: Kilgallen@SpamCop.net (Larry Kilgallen)
Newsgroups: comp.lang.ada
Subject: Re: Improving Ada's image - Was: 7E7 Flight Controls Electronics
Date: 15 Jun 2004 13:55:14 -0600
Organization: Berbee Information Networks Corporation
Message-ID: <O$tvOcRyVZ3u@eisner.encompasserve.org>
References: <40b9c99e$0$268$edfadb0f@dread16.news.tele.dk>
 <ubrk5lwoo.fsf@obry.org>
 <pan.2004.05.30.18.03.35.769965@n_o_p_o_r_k_a_n_d_h_a_m.abyss2.demon.co.uk>
 <40ba315a$0$254$edfadb0f@dread16.news.tele.dk>
 <oLwuc.17575$be.14510@newsread2.news.pas.earthlink.net>
 <04udnR-eHNChzSbdRVn-vw@gbronline.com>
 <vfSuc.8469$hB2.7817@nwrdny03.gnilink.net>
 <7J0xc.7371$8k4.269106@news20.bellglobal.com>
 <1086630278.542788@master.nyc.kbcfp.com>
 <8xlxc.27603$sS2.845496@news20.bellglobal.com>
 <1086715817.122983@master.nyc.kbOrganization: LJK Software
NNTP-Posting-Host: eisner.encompasserve.org
X-Trace: grandcanyon.binc.net 1087325676 19349 192.135.80.34 (15 Jun 2004
 18:54:36 GMT)
X-Complaints-To: abuse@binc.net
NNTP-Posting-Date: Tue, 15 Jun 2004 18:54:36 +0000 (UTC)
Xref: g2news1.google.com comp.lang.ada:1520
Date: 2004-06-15T13:55:14-06:00
List-Id: <comp.lang.ada>

In article <a%Fzc.16351$nY.585525@news20.bellglobal.com>, "Warren W. Gay VE3WWG" <ve3wwg@cogeco.ca> writes:
> David Starner wrote:
> 
>> On Mon, 14 Jun 2004 14:30:08 +1200, Berend de Boer wrote:

>>>So far the real world has not produced a reliable secure OS in C. Can
>>>it be done? I doubt it.

But that does not mean the real world has not created such in other
languages.

>> What OSes are you looking at? You can't expect the major commercial
>> operating systems to be reliable and secure, because the public doesn't
>> want reliable and secure. 
> 
> Well, of course, it depends again on what you consider reliable
> and secure to mean (as Alexander Kopilovich has said).  Some of
> the public _does_ want reliable and secure (depending on what that
> means).

Three examples that seem to me "reliable and secure" are VMS, MVS and
Nonstop.

>> A reliable and secure operating system would run
>> on one standard set of simple predictable hardware. 
> 
> Predictable yes. Simple is what we would want, because
> simple is easier to validate. But I am not certain
> that simplicity must be a prerequisite.

VMS and Nonstop each run on two (in each case diverse) architectures,
going on three.  I don't know about MVS.

>> A reliable and secure
>> operating system would probably run everything in its own virtual machine
>> anyway; 
> 
> This only shifts responsibility from one layer to another. There
> still must be validation, just at a different level. The bottom
> line doesn't really change.
> 
>> the public wants things to go fast. 
> 
> Speed should not matter. Hardware is always run at suboptimal
> speed for reliability reasons. But this is a hardware tradeoff,
> not a software security issue (except possibly for complex
> timing issues).

The Multics ring architecture seems to offer protection without requiring
a virtual machine or emulation.