Why American software is junk and why it matters

I hope it will be understood that I write the following being somewhat unfamiliar with operating system design but with the understanding that it is true to state that
1) In the age of the internet there is a pressing need for operating systems and applications which are compact, lean and efficient
2) There is a culture of producing bloatware which has become accepted since the 1990s and which represents a risk.

I also hope that if things are presented properly in this regard that this might help in terms of securing funding /an interest in updating RISCOS. There is no reason (and correct me if I am wrong) why it is technically impossible.

The following is written for the novice who might be unfamiliar with RISCOS and indeed operating systems so someone might wish to copy what is written even if it is a bit “Janet and John” and written in simple language.

Anyway, I am rather irritated at software which runs slowly, is bloated, does not work as stated, has bugs and so on. It is a modern phenomenon and brings to mind a traumatic memory of first using Microsoft PCs in that like many people I had a sudden urge to throw the thing out of the window.

In the 1990s, the United Kingdom under the tutelage of an Italian company was at the very forefront of operating system design.

Operating systems on the face of it to those who are not familiar with such a term do not sound like particularly important but they of course are the bit of software which controls not only computers but also hardware such as mobile phones, gadgets, routers and so on.  Operating systems are therefore of equal importance to the CPU. They go hand in hand if you will much like a husband and wife.

The operating system which was at the forefront and way ahead of its time in the 1990s was RISCOS. In the most important respects it still is. Its ran on ROM and was thus impenetrable to hacking (with the proviso that the memory was unprotected and needs development), had anti-aliased fonts, a task-bar, was stable and microscopic in terms of the amount of code used, and far more advanced and faster than its competitors such as Microsoft even with the latest version running on the latest hardware. It would boot and still boots in a few seconds whereas Windows would take the best part of a minute. Moreover one did not “install” software, one simply copied it

RISCOS still exists today even if it is true to state that it obviously lacks modern features which could be added such as preemptive multitasking and internet security and is still more use-able than windows. It feels light and crisp and instant in a way which even OSX, for all Apple’s talk of miniaturizing, never could match.

RISCOS is supplied on a 4MB rom whereas its then equivalent windows 95 was from recollection 10 times the size. The latest iteration of windows is now around 16 gigabytes

The trouble is the British establishment not realizing (again!) what they had, decided to throw away this golden technology in favour of what is to be frank junk which is american in origin. The UK could have ended up with a situation where it dominated the CPU and OS markets where it could have had the Microsoft of the time but willfully threw away the later.

The argument at the time was that RISCOS was not “industry standard” and that it lacked software which may to some extent be a valid reason except for the fact that American software and the culture which emanates from that has brought its own problems. As I shall explain, this is pertinent to the internet age and means that a decision to overlook an operating systems like RISCOS should be reversed, particularly given that it is eminently feasible to do so.

This isn’t to say that Americans are no good at hardware but that when it comes to software, america is a country which should be avoided and Americans moreover might like to buy from abroad as well.

The reason why this should be the case is down to ,what I think is called psycho-geography. Because Americans live in a large country, they tend to as a consequence have a disregard for the efficient usage of resources and an emphasis on things which are big. Thus they have big SUVs which consume lots of gas (which is a liquid by the way), large freeways, large government departments and so on and they tend to think that a solution to any given problem is trample things to death with lots of money. As a consequence they tend to make big and bloated software and CPUs with a large team because inherently they do not consider the importance of making software small, something which it is especially important in the age of the internet.

The fact is that it is axiomatic to state that the more code and complexity you have in software, the more bugs and security flaws there are likely to be and that any bugs and security flaws will be more difficult to spot and to fix. In the age of the internet age this is important given the fact that computers are now more vulnerable to hacking and one would think there would be attempts to minimize this.

If you like a piece of software is like a castle which needs to be protected against aggressors and it does not do well in this respect to build a castle which should be 1000 metees squared, on the scale of Paris in that it is more difficult to maintain and protect.

There is no argument which contradicts this basic principle as far as I can tell. It seems obvious.

As stated, when one looks at American operating systems from 1995 such as Windows or indeed MacOS, one can see that they were to the order of 15 times larger in terms of their code base than RISCOS even though they performed much the same task than that operating system, did so not as well and were slower on faster hardware.

Because the code was so large and complex, the hardware which, in part because it was CISC based, overheated and needed a fan. The software was slow and not crisp. When additional features were needed or “improvements”, the approach was the one should not look at the efficiency of the code but that customers buy faster hardware in order to run less efficient software.

This culture engendered a laziness on the part of programmers in general who made equally large bloated and insecure programs because they could rely upon Moore’s law and thus rather ironically cancel out the effect of that law by running bloated software.

We now have a situation where

1) The latest version of Windows and Macos when installed take up many gigabytes of hard disk space whereas the latest version of RISCOS (which needs some modernization) is still 4 megabytes of so . It is rather ironic that Apple miniaturize their hardware whilst increasing the size of their software, something which in turn can have an effect upon the size of the hardware. Apple hardware for example gets so hot that it has to have a fan to cool it.
2) There is a culture whereby it is deemed acceptable to have software which is correspondingly large and bloated, slow and insecure.
3) There is a culture of laziness and acceptance of defects, bloated code and consequent insecurity on the part of software developers and the need for upgrades, a situation which had been unfamiliar before the rise of Microsoft and indeed Apple. It might be argued “That’s because” but there are no excuses for this given that one would not accept defects in for example airplanes (with the notable exception of the F35), railways, cars, medical devices, nuclear power plants and so on. It’s a choice to release defective software and to expect the user to pay for it and indeed some have suggested that certain companies would release defective software in order to profit from any needed upgrades.
4) In turn because American operating systems during the internet age became dominant along with the aforementioned approach to programming, this has led to a general worldwide and American problem in terms of security.
5) Software and operating systems are needlessly slow, a consequence of which one needs to purchase new hardware to run an updated operating system at the same speed. Windows on a modern computer which is however many 100s of times faster than a 1995 RISCPC is slower when it comes to booting up, using the operating system and programs.
6) The environmental impact of bloated software must be huge because of the following
a) The sourcing and mining of materials necessary for the manufacturing process as well as the production and transportation of computers and equipment.
b) The disposal of old computers before it is necessary to do so because of the fact that the some moron at a software company has elected to ensure that the latest software needs upgraded hardware because it is more bloated and has some useless new feature which you don’t need or want.
c) The fact that devices which operate such software exist throughout the world, in every office, factory, home, airport and so on.

Perhaps this is intentional in that if America provides code which is insecure and engenders a culture of insecurity, they think they can easily gain access to computing devices and to the information which they contain but then such a principle equally applies to America and as such they cannot really complain about hackers from whichever country.

There needs to be a culture change within software development. Not so much a culture change as a revolution. A big bang if you will.

One could in this respect look again at RISCOS. It needs development but the important foundations are there and you might like to take a look at the operating system. One could quite feasibly do the following
1) Update RISCOS to include features which are missing from that OS such preemptive multitasking, security features and so on. The OS is opensource and it does not seem likely that this would increase the size of the codebase all that much and indeed care should be taken in this respect.
2) RISCOS should be on ROM with a consequent inability to hack the Operating system. There are currently issues of memory protection which could be fixed but this would not affect the underlying operating system given that it is as it were set in stone. Where updates are needed, one could install a ROM or indeed a software patch overlay and such updates given the small size of the codebase and the less frequent occurrence of bugs would be less frequently needed.
3) For additional security and indeed compatibility, a type 1 hypervisor along with a “linux translation layer” should be part of the OS. Programs should be run as guests in the manner of Qubes. The OS is thus unhackable.
4) It is true to state that RISCOS lacks applications and where needed that linux translation layer can provide for the running of apps.
5) There should however be apps which run natively under RISCOS, which should be subject to an approval process in order to to ensure the most stringent security, look and feel and operating requirements. Most applications in the modern age given the way they are programmed represent a security problem and there is an argument to state that funding should be made available to resolve this issue. And stating that one has a “choice” under X operating system is rather unimportant if all of those choices are insecure and if the choice of the app under RISCOS is secure by design. After all, if you have a choice of 100 rotten apples or one orange, you go for the orange.
6) There should be a tax on the size of an application so it would cost far more to publish a large program than it would a smaller one. This would occur in order to ensure proper coding, avoid laziness and ensure attention and the avoidance of any bugs. In addition there should be a limitation of the size of apps where upon reaching that limit the author is taxed at 100% of ant profits. Conversely if the app was particularly small, the author would not pay any tax.
7) Moreover the post 1990s culture where faults are found after the release of software through new versions should be frowned upon and anyone who does operate according to such principles should be shown the door. Defects can and should be found before software is released. Given that the codebase would be far smaller, this should be easier to achieve than for example with software which is provided by the wheezing asthmatic ant known as Adobe. 8) There is no such thing as a “bug”, it is a product defect and it should not be acceptable to provide defective products
9) Where authors continually publish apps which have faults in them, they should be subject to a tax upon any subsequent approval of the new release. So for example if “The Program” 1st edition was taxed at 20% and there was a defect, they would pay an extra 15% upon any subsequent release.
10) The OS should include by default a programming development environment.
11) It should be possible to have apps delivered on ROM or indeed on a sim card.

This has a consequent beneficial effect upon the complexity, cost and environmental friendliness of the hardware. For example one can run RISCOS and to run the local equivalent of Microsoft Word or indeed a graphics package on a Raspberry Pi. Even thought the hardware is slower, the software runs in a crisp manner which is unlike Microsoft. The hardware could run from renewable energy as opposed to batteries or indeed a power plant and would also affords sovereignty from the current set of American companies

The plain and simple truth is a country which promotes operating systems and software which runs into the gigabytes and which considers that this does not matter is responsible for delivering junk. Moreover it is difficult to see how that country ultimately benefits from such a policy.

On the other hand countries which do not have such an approach could if they so chose to invest in such an operating system as RISCOS and along with the right approach completely dominate the computing industry. This of course includes the Europe Union who by the way employ the co-founder of Acorn computers (a company which delivered RISCOS whilst under Italian ownership) as vice-president of the European Innovation council in order that he might help to promote European leadership with respect to tech companies.

Can you make this a real short story and tell exactly what you want. I think this story should be moved to Aldershot and not put in General. Because tax on application size you are joking right ?.

Oooh, a wall of text. Looks like I have competition. ;-)

In the age of the internet there is a pressing need for operating systems and applications which are compact, lean and efficient

There was. Now pretty much everybody in the developed world has cheap and nearly unlimited broadband or 4G.
So it’s totally okay to offer a weather forecasting app that runs to about 60MiB. Or an endless supply of “apps” for all known social websites (Facebook, Reddit, etc) that are not only thin veneers over the existing website, they helpfully pillage your data and behaviour as a bonus.

So, no. There is no “pressing need” for apps to be small. In fact, the trend shows rather the opposite.
There will be, and I hope soon, a pressing need for privacy and security. This might be what eventually brings an end to the dominance of Android. No, I do not want that app to run at start-up and No, that app is denied all internet access, etc.
Google won’t be the one to do this, their primary business is selling you (which is why you can’t turn off app net access – it’s used for advertising).

It is a modern phenomenon

Partially.

Almost all sortware has bugs. However back in the days when software was supplied on ROM, a nasty bug could sink an entire company (or, at least, leave them with a lot of worthless stock).
In modern times, it became more accepted to “get something out there” because easy upgrading was possible. Download and install patches.
This evolved into “agile” or whatever it’s called nowadays where the end users are the beta testers and problems will get fixed as they turn up. Well, that’s the plan. Reality can point to a huge pile of Internet-of-Things devices all kitted out with FlashROM that will never ever receive an update.

a traumatic memory of first using Microsoft PCs in that like many people I had a sudden urge to throw the thing out of the window.

You must be young.
My experience of Windows 3.10 was that it was a revelation. The GDI subsystem meant that what was on the screen mostly matched what ended up on the page. And the unified printing system (via GDI) meant that there was only one driver to worry about. As such, loads of manufacturers created drivers. So by and large, stuff just worked.

Trust me, it wasn’t like that under DOS, when one had to juggle not only printer drivers, but screen drivers, and maybe even different fonts for the different screens. Sure, Windows is like that too. But Windows is like that once. In DOS, it was every bloody program. And it was necessary to ensure that your printer had the ability to emulate something else (usually LQ or LJ) because if your printer wasn’t a wildly popular model from a major manufacturer, you just won’t have a driver. All of the laser printers I used in the ’90s were via HP LJ2 emulation, except one odd one that was an LQ emulation (yes, a low-res dot-matrix!).

In the 1990s, the United Kingdom under the tutelage of an Italian company was at the very forefront of operating system design.

No it wasn’t. The Italian company effectively bailed out Acorn, and Acorn (unknown at the time to the sugar daddy) were at the very forefront of processor design.
The operating system? It’s basically a port of the Master MOS with some go faster stripes painted on the side. That’s why all the OS_Byte, the ServiceCall mechanism, and indeed possibly why the OS (and modules) all run in supervisor mode. Any sane operating system is not going to run user code at the same privilege level as kernel code. But since the 6502 didn’t make such a distinction, RISC OS barely does either. I think it’s more a matter of historical convenience rather than anything even remotely related to security.

are the bit of software which controls not only computers but also hardware such as mobile phones, gadgets, routers and so on.

A rather simplistic description. One could say a PC’s BIOS fits into that description, but it’s not an operating system.
[I’m talking about a traditional BIOS, not the weirdo modern things]

Operating systems are more like a collection of drivers, resources, and utilities that allow you (the user) to be able to use the device.

Operating systems are therefore of equal importance to the CPU.

You don’t need an operating system to use a CPU. Out in the embedded world, a small bit of custom firmware will run on the processor in order that it perform the expected tasks. Bread makers, washing machines, the sorts of devices that can offer “smart” functions using an eight bit processor and maybe half a kilobyte of RAM. It doesn’t need an operating system. It just needs some code that runs at power-up to do what needs done.

The operating system which was at the forefront and way ahead of its time in the 1990s was

There lie the ruins of many a holy war.

Its ran on ROM and was thus impenetrable to hacking

As did pretty much every single one of the eight bit era, and quite a few of the sixteen bit era since at the time ROMs could be larger and faster (and more reliable) than floppy discs.

had anti-aliased fonts,

By version three, yes.

It would boot and still boots in a few seconds whereas Windows would take the best part of a minute.

Apples vs Oranges.

RISC OS, at start, doesn’t actually do a lot.

Windows… does. Sure, it’s a tragically slow memory hog, but press “Windows + R” and in the Run dialogue, enter services.msc to get an idea of what’s running in the background. Then open Switcher (the right-most icon on RISC OS) and compare.

Moreover one did not “install” software, one simply copied it

Depends upon the software. PhotoDesk needs to be installed. Back in the day, Impression needed not only to be installed, but a hardware dongle.

RISCOS still exists today even if it is true to state that it obviously lacks modern features which could be added such as preemptive multitasking and internet security and is still more use-able than windows.

Here we go again.

One does not bolt pre-emption on to a single user single process operating system that multitasks via magic and smoke and mirrors.

Seriously – the entire Wimp message handling system is predicated on the fact that you will get your message bounced back to you once everybody else (who may be interested) has been offered it. Pre-emption means a task could be “busy” which would break that.
There’s only one, global, cursor position. Or font handle. Or foreground colour. Or…

RISCOS is supplied on a 4MB rom whereas its then equivalent windows 95 was from recollection 10 times the size.

True, but then I believe it is actually possible to get a booting version of W95 onto two floppies, which means Windows wins. Okay, it doesn’t do a lot and it only assumes very basic hardware (like a 16 colour VGA screen), but it does indicate that a fair amount of the bloat (for a full distribution of W95 requires 54 floppy discs) is a large stock of drivers for the many different sorts of “PC” that existed then. Indeed, the definition of what a PC is has always been rather vague, so operating systems need to ask the BIOS and/or probe the hardware to try to work it out for themselves.

The UK could have ended up with a situation where it dominated the CPU and OS markets where it could have had the Microsoft of the time but willfully threw away the later.

Not with RISC OS, they wouldn’t.

The argument at the time was that RISCOS was not “industry standard”

That’s always a rubbish excuse trotted out by the sort of people that think it’s totally okay to attach Word documents to emails.
I’m in the process of cancelling the insurance my mother had on the (real) car, and the agent sent Word files. I actually forgot about it, but when I remembered I apologised and said it took me a while to find something that was capable of opening Word documents. Actually, that part is true but it only took about five minutes until I realised the printer’s app could do it. ;-) Well, as if by magic all the following documents were provided as PDFs. I’d say PDF is more “standard”, wouldn’t you?

but that when it comes to software, america is a country which should be avoided

Hmmm… Shades of Trump’s lunatic rantings about Huweai… H…. oh, however the hell it’s spelled. You know what I mean.

and Americans moreover might like to buy from abroad as well.

I’m not sure it’s exactly logical to generalise a population of some 350,000,000 people. I’m sure some happily use software from other countries. And some plant big flags on their porches and won’t touch anything that wasn’t born in the yew ess aye.

have a disregard for the efficient usage of resources and an emphasis on things which are big.

As opposed to, say… Harddiscs are enormous and memory is dirt cheap so efficiency isn’t as important as it once was?

large freeways,

Because big population? If you’re going to point out such bizarre differences, then place let me point out that many French motorways (and moterway-like roads) are two lane. The English equivalents are three lane. So stop talking about British stuff and use French. It’s clearly a third more efficient. Motorway sizes said so.

they tend to think that a solution to any given problem is trample things to death with lots of money.

? I’d have said “throw bombs at it”. But, again, we’re into stereotypes.

In the age of the internet age

…is what you meant to write…

There is no argument which contradicts this basic principle as far as I can tell. It seems obvious.

There’s a very obvious argument. A castle the size of Paris (see? told you France FTW!) is a castle. It might be a hulking monstrosity with a hundred unguarded entry points, but it is a castle.

By comparison we have a timber frame house with wattle and daub walls.

in part because it was CISC based, overheated and needed a fan.

As does the Pi4 by all accounts.

The thing is, CISC design and microcode meant that the number of necessary transistors got very large very rapidly. Which is why pretty much anything after the slab of the early Pentium needed cooling.
ARM is getting there, and while they have the benefit of more recent technology (1.8V logic, smaller process, etc), you do reach a point where the speed and complexity inside generates more heat than can be effectively radiated away naturally.

1) The latest version of Windows and Macos when installed take up many gigabytes of hard disk space whereas the latest version of RISCOS (which needs some modernization) is still 4 megabytes of so.

First, double or triple the RISC OS size. You’re not counting the stuff in !Boot are you? Start up your machine without booting properly, see how useful it is. The stuff in there is important.

Secondly, Windows is insanely more complicated and capable than RISC OS.

Tell you what – I’d like to download the lyrics to a song (it’s in Russian), copy them to a document so I can print them tidily to my AirPrint/IPPEverywhere capable printer via WiFi, and then stream the music video and watch it. It’s a song called “Luna” by a group called Mysterya.
I can start up my PC, running XP SP3, and do that right now.
Or from my phone.

From RISC OS? Let’s see… Cyrillic font? Native WiFi? Modern printer? Video? Uh-hu.

Apple hardware for example gets so hot that it has to have a fan to cool it.

My iPad doesn’t.

a situation which had been unfamiliar before the rise of Microsoft and indeed Apple.

I think this has more to do with advances in technology than any particular company. Back the the ‘80s, technologies like flash memory didn’t exist, and the price of a megabyte of harddisc storage would be urine inducing. Seriously, a 40MB drive would have probably cost about as much as the computer. RAM was dead expensive too. That is why the original ARM (the 26 bit PC incarnation) could only address 64MiB, and why the original MEMC could only handle 4MiB per MEMC. It’s because this stuff was so damned expensive that it was unthinkable that anybody would really want more than 4MiB in their machine.
Times change. Twenty euros will buy me a 32GB µSD card. Not only is it smaller than my smallest fingernail, it is – in comparison – well over a million quid’s worth of storage if compared to the 40MB drive I mentioned earlier. I grew up with 16KiB EPROMs. That a 32GB device is… smaller is… astonishing. As is, to be honest, the smartphone that everybody takes for granted these days.

It might be argued “That’s because” but there are no excuses for this given that one would not accept defects in for example airplanes (with the notable exception of the F35),

…and the 737-MAX?

railways, cars, medical devices, nuclear power plants and so on.

Ah, but the thing is – failure of airplane will kill people. Failure of a railway or a car will kill people. Failure of a nuclear power plant will kill people and leave the surroundings uninhabited for quite a long time.

Failure of a word processor? Not even remotely in the same category.

some have suggested that certain companies would release defective software in order to profit from any needed upgrades.

Though more and more these days, people expect to receive free updates for a “reasonable” length of time.

Windows on a modern computer which is however many 100s of times faster than a 1995 RISCPC is slower when it comes to booting up, using the operating system and programs.

Because Windows (or even Linux) does rather more at boot.

RISC OS doesn’t even check filesystem integrity FFS.

a) The sourcing and mining of materials necessary for the manufacturing process

Thank you, I’d prefer to let a happy Swedish teenager talk about the environment.

Because there is so much wastage here, a lot of which can’t be pinned on any one company or country, but simply a sign of global tech malaise. Printer inks? The fact that some people buy a new printer because it’s cheaper? Mobile phones and tablets? Electronics buried under gobs of glue because no part of them is intended to be replaced. Chuck it away and buy a new one.
That’s the outlook for TVs and media players these days. Once upon a time there was a guy that lived around the corner with a weird load of stuff in his garden shed. Slip him a tenner and a Jack Daniels and he’d happily fix your TV for you. Doesn’t matter what type, he knows the principle well enough that he can follow the circuit in his mind. Valves? Transistors? No big deal. He’ll have it working by the weekend.
Such devices these days are a big microchip or two hooked to a display panel with a welded ribbon cable. If you can even get inside the device, you’ll see there’s not one single thing that’s likely to be “fixable”. Chuck it, buy a new one.
Moreso with “smart” televisions, that will be obsolete in a couple of years as all the fancy smart stuff gets left behind or deprecated or (hello BBC) outright dumped.

that the some moron at a software company has elected to ensure that the latest software needs upgraded hardware because it is more bloated and has some useless new feature which you don’t need or want.

It’s called capitalism. They exist to sell you stuff. If they can’t sell, they go bust. It’s not moronic, it is just how it works.

equally applies to America and as such they cannot really complain about hackers from whichever country.

You do realise that the FBI chief keeps spouting nonsense about wanting Americans to have good encryption with a back door that the feds can use if necessary?
Clearly these people do not understand how mathematics works. Or security, for that matter.
Or the fact that any back door, once compromised, will be a global problem, not a national one.

But, then, we’re talking about a country that solved the problem of uncovering security flaws in electronic voting devices by hacking them… by outlawing the hacking.
As if that makes any difference whatsoever to the Chinese. Or the Russians. Or whoever else might stand to benefit from corrupting the election process…

There needs to be a culture change within software development. Not so much a culture change as a revolution. A big bang if you will.

I won’t hold my breath. People blather all sorts of personal info on Facebook as if there’s nothing to worry about. And earlier on the TV I saw an advert for “Uber Eats”, which just seems so “oh my god!”.
Faced with that, your revolution isn’t going to be here in a hurry. More likely some really unpleasant people will distrupt, dismantle, and ultimately break what we currently think of as “democracy”, aided by technology and it’s unwitting desire to connect everybody (with no checks, balances, or safeguards).

but the important foundations are there

<raises eyebrows>

You… uh… do… know what the RMA is, right?

One could quite feasibly do the following
1) Update RISCOS to include features which are missing from that OS such preemptive multitasking, security features and so on.

I’d really like to see your feasibility study regarding the addition of PMT.

2) RISCOS should be on ROM with a consequent inability to hack the Operating system.

First, this won’t fly with modern hardware that boots from SD or the like.

Secondly, it’s irrelevant. Only a newb would hack the operating system. Anybody with more than a single cluon would hack the user. And that’s ridiculously simple under RISC OS whether it’s in ROM or not.

There are currently issues of memory protection which could be fixed but this would not affect the underlying operating system given that it is as it were set in stone.

I’ll point you, once again, at the RMA.

The OS is thus unhackable.

Have you been following what’s been going on with those clever people who are hacking the actual processors? You know, the cache miss data leakage, the one that can set up specific states by fiddling with the processor core voltage in certain ways? In these cases, the operating system is largely unimportant because the attack vector is the processor itself.

5) There should however be apps which run natively under RISCOS, which should be subject to an approval process in order to to ensure the most stringent security, look and feel and operating requirements.

And are you going to provide a guarantee of the stability and safety of your curated apps, or will this be yet another pointless walled garden lulling people into a false sense of security?

and there is an argument to state that funding should be made available to resolve this issue.

Just as there is an argument to state that modern applications are of a level of complexity where running logical and mathematical analysis on the program to verify all possible code paths is… not only infeasible, it’s also not even remotely realistic.
A large rocket carrying a satellite payload – you’ll want to do a hell of a lot of testing to ensure the software is flawless (been there, done that, got the burnt T-shirt).
A word processor? A web browser? No, it’s just not economically viable.

under RISCOS is secure by design.

Except… Wow… Where do I even begin to shoot that down.

You are NEVER EVER going to get a secure app on an OS that will grant anybody kernel level privilege with one SWI call.
You… you just aren’t.

After all, if you have a choice of 100 rotten apples or one orange, you go for the orange.

That rather depends upon your thoughts for cider, don’t you think?

This would occur in order to ensure proper coding, avoid laziness and ensure attention and the avoidance of any bugs. In addition there should be a limitation of the size of apps where upon reaching that limit the author is taxed at 100% of ant profits. Conversely if the app was particularly small, the author would not pay any tax.

Are you… even old enough to be considered a teenager? Surely nobody with a double-digit age could write something so utterly naive.

through new versions should be frowned upon and anyone who does operate according to such principles should be shown the door. Defects can and should be found before software is released.

That’s how I release my software. Okay, it’s all free, but still. Would you like something that mostly works today, or something perfect never? Your choice. I do this as a hobby. For fun. I’m mostly writing stuff for myself, and releasing things in case it may be of use to others.

Yes, defects should be found. But they aren’t. Not always. Sometimes I do “one more thing” when it’s late and I need to go to bed to get up in five hours to go to work. It’s not a good state to be in when programming, but given how scattered my attention is, I take what I can get.

Given that the codebase would be far smaller,

You seem to be obsessing about the small codebase.
I could double the size of RISC OS overnight.

You know how?

Validate the bloody inputs! RISC OS barely does. Which can lead to some interesting bugs turning up.
One that was recently looked at by nemo – an OS_File (I think?) that loads a file into a block of memory. You read the size of the file, allocate the memory, and then make this call to read the data. Problem is, there was no range provided, it just loads the entire file into the memory at the given address. Which is fine until you realise that a networked filesystem could validly change the size of the file in the background, so when it is read, it’ll just trash whatever memory follows the intended allocation.
What were you saying about secure by design?

There is no such thing as a “bug”, it is a product defect and it should not be acceptable to provide defective products

Show me a ten line program and I’ll show you a bugdefect.

Actually, let’s put it to the test.
Please provide a routine to convert a string of characters to lower case. As we’re talking RISC OS, I will expect it to be written in assembler. String will be C-like (null terminated). You can assume R13 points to a stack, and R0 points to the string, and R1 points to ample space for the result.

There’s more, but it’s quarter past midnight. I have to be up in seven hours so I’ll bring this to a close here.

Wow! A long rant with lots of good points IMHO.

There should be a tax on the size of an application

A nice thought.

The OS should include by default a programming development environment.

Yes, with libraries of appropriate tools, future proofed against changes of hardware.

There needs to be a culture change within software development.

An OS is hardly a project for an amateur (eh, Linus?). In the case of choosing an OS the market has conspired to suppress competition. If there were genuine choice we would be less likely to be saddled with bloat and poor GUIs.

Part of the problem is the lack of practical specification for software. Specification is a vague term, and can mean anything on a gamut from hand-waving waffle to an abstract program. The idea used to be, perhaps it was naive, that first you specified what you wanted your program to do, then you wrote a program, then you proved that your program satisfied the specification, then you implemented the program and then you tested it. Maybe some of these steps were done in a different order, or done in parallel; and do not forget that most of the activity involves debugging and starting all over again. An OS should be accompanied by detailed documentation of the principles on which it has been designed, and of how the user’s programs can interact with it. Of course this will be a moving target, so the design has to abstract away from the hardware and be capable of extension, within clearly laid down principles. The perennial problem is how to do this without sacrificing speed and economy (think of X11).

For any sort of UI there are various principles which should be followed. For example, every user-action should be followed immediately by a response (visual in the case of a GUI) to reassure the user that their action has been recognised. This forestalls unnecessary repeated actions because the user thinks the input device may have broken. RISC OS is pretty good at fulfilling this principle, Windows can be rotten.

I think Fred is a little optimistic in seeing RISC OS as a basis for a lean universal single-user OS. Such a thing would need a complete redesign IMHO, starting at a level of extreme abstraction. The foundations of RISC OS are not robust enough that the extra features it needs could be simply tacked on. In fact most software dies eventually because the foundations of its design have not been abstract enough to cater for later developments – too many built-in assumptions.

Linux, with its plethora of distributions, can be seen as a useful arena for testing out different ideas; file-systems, for example. Whether RISC OS can take advantage of Linux I do not know. Sadly, the ROX filer experiment, trying to produce a RISC OS-like GUI for Linux, appears to have hit the buffers. But consider how many more users there are of Linux than of RISC OS. More important, repeat the previous sentence with the word users replaced by developers.

Well quite, I did say it needed a lot of work and well it looks like I am not the only one who agrees about code size

https://tonsky.me/blog/disenchantment/

Anyway Rick Murray perhaps misses two important points

The first is about the general importance of code size in the age of the internet.

I know that one could get a 3 ghz computer with 16gigs of Ram and code size would not matter from certain perspectives. That’s obvious given that my computer is around 3 Ghz and has 12gigs of Ram and it can run X program. This is not the point

A basic principle is that the more code you have, the more bugs there are likely to be and the more difficult they will be to find. As such larger code is inherently liable to be more insecure.

The second is that RISCOS needs development (ı.e. updating). It offers good prospects in that, apart from other things, the approach of other computing platforms, for the most part, is, as you have stated, not to pay attention to the importance of code size.

Many platforms most notably Microsoft and Apple have much legacy code. It would be rather easier to start small and build upwards on the basis of smallness rather than to rebuild something which is inordinately large.

There was. Now pretty much everybody in the developed world has cheap and nearly unlimited broadband or 4G.
So it’s totally okay to offer a weather forecasting app that runs to about 60MiB. Or an endless supply of “apps” for all known social websites (Facebook, Reddit, etc) that are not only thin veneers over the existing website, they helpfully pillage your data and behaviour as a bonus.

So, no. There is no “pressing need” for apps to be small. In fact, the trend shows rather the opposite.
There will be, and I hope soon, a pressing need for privacy and security. This might be what eventually brings an end to the dominance of Android. No, I do not want that app to run at start-up and No, that app is denied all internet access, etc.
Google won’t be the one to do this, their primary business is selling you (which is why you can’t turn off app net access – it’s used for advertising).

See above

That’s the essential point I am making.

Almost all sortware has bugs. However back in the days when software was supplied on ROM, a nasty bug could sink an entire company (or, at least, leave them with a lot of worthless stock).
In modern times, it became more accepted to “get something out there” because easy upgrading was possible. Download and install patches.
This evolved into “agile” or whatever it’s called nowadays where the end users are the beta testers and problems will get fixed as they turn up. Well, that’s the plan. Reality can point to a huge pile of Internet-of-Things devices all kitted out with FlashROM that will never ever receive an update.

Or as pointed out, you supply roms with the latest update or indeed with a software overlay or indeed perhaps with a hardware switch which you can perhaps flick which means it cannot be updated.

You must be young.
My experience of Windows 3.10 was that it was a revelation. The GDI subsystem meant that what was on the screen mostly matched what ended up on the page. And the unified printing system (via GDI) meant that there was only one driver to worry about. As such, loads of manufacturers created drivers. So by and large, stuff just worked.

Trust me, it wasn’t like that under DOS, when one had to juggle not only printer drivers, but screen drivers, and maybe even different fonts for the different screens. Sure, Windows is like that too. But Windows is like that once. In DOS, it was every bloody program. And it was necessary to ensure that your printer had the ability to emulate something else (usually LQ or LJ) because if your printer wasn’t a wildly popular model from a major manufacturer, you just won’t have a driver. All of the laser printers I used in the ’90s were via HP LJ2 emulation, except one odd one that was an LQ emulation (yes, a low-res dot-matrix!).

RISCOS didn’t use drivers (except to some extent printers). And even Microsoft acknowledged that 3.1 was deficient in that regards in that they went on about Plug and Play for the next release.

No it wasn’t. The Italian company effectively bailed out Acorn, and Acorn (unknown at the time to the sugar daddy) were at the very forefront of processor design.
The operating system? It’s basically a port of the Master MOS with some go faster stripes painted on the side. That’s why all the OS_Byte, the ServiceCall mechanism, and indeed possibly why the OS (and modules) all run in supervisor mode. Any sane operating system is not going to run user code at the same privilege level as kernel code. But since the 6502 didn’t make such a distinction, RISC OS barely does either. I think it’s more a matter of historical convenience rather than anything even remotely related to security.

Arthur perhaps and I did say it was under Italian ownership.

You don’t need an operating system to use a CPU. Out in the embedded world, a small bit of custom firmware will run on the processor in order that it perform the expected tasks. Bread makers, washing machines, the sorts of devices that can offer “smart” functions using an eight bit processor and maybe half a kilobyte of RAM. It doesn’t need an operating system. It just needs some code that runs at power-up to do what needs done.

It is the software which operates the system so I called it an operating system for the sake of simplicity

Apples vs Oranges.
RISC OS, at start, doesn’t actually do a lot.
Windows… does. Sure, it’s a tragically slow memory hog, but press “Windows + R” and in the Run dialogue, enter services.msc to get an idea of what’s running in the background. Then open Switcher (the right-most icon on RISC OS) and compare.

That’s my point. It’s far too complicated for what it does. And many people appear to agree because they run things like Linux.

RISCOS needs updating which isn’t the same as making it more complicated.

In any case, one can easily argue that certain standards should be ignored as Apple did with Adobe Flash

Depends upon the software. PhotoDesk needs to be installed. Back in the day, Impression needed not only to be installed, but a hardware dongle.

Two exceptions. Go on :)

Here we go again.
One does not bolt pre-emption on to a single user single process operating system that multitasks via magic and smoke and mirrors.
Seriously – the entire Wimp message handling system is predicated on the fact that you will get your message bounced back to you once everybody else (who may be interested) has been offered it. Pre-emption means a task could be “busy” which would break that.
There’s only one, global, cursor position. Or font handle. Or foreground colour. Or…

Added by integration. I think perhaps you are splitting hairs maybe

Not with RISC OS, they wouldn’t.

Forgive me but why can you perhaps explain why you are on a forum which is meant to promote the development of RISCOS if you don’t think much of RISCOS. I mean its OK. Some people like Eurovision.

And one can watch old science fiction where the actors make fun of their own acting in commentaries.

Hmmm… Shades of Trump’s lunatic rantings about Huweai… H…. oh, however the hell it’s spelled. You know what I mean.
I’m not sure it’s exactly logical to generalise a population of some 350,000,000 people. I’m sure some happily use software from other countries. And some plant big flags on their porches and won’t touch anything that wasn’t born in the yew ess aye

Not really because most of the hacking takes place upon software which is American.

It’s not Chinese or Russian or indeed British for the most part.

As opposed to, say… Harddiscs are enormous and memory is dirt cheap so efficiency isn’t as important as it once was?

See the first point.

Because big population? If you’re going to point out such bizarre differences, then place let me point out that many French motorways (and moterway-like roads) are two lane. The English equivalents are three lane. So stop talking about British stuff and use French. It’s clearly a third more efficient. Motorway sizes said so

Population density in France or indeed the Netherlands is greater than the US is it though?.

? I’d have said “throw bombs at it”. But, again, we’re into stereotypes.

Hence the important word “tend” as one can see from the fact that they trampled the middle east to death with bombs costing 7 trillion dollars.

Not really a stereotype is it?

There’s a very obvious argument. A castle the size of Paris (see? told you France FTW!) is a castle. It might be a hulking monstrosity with a hundred unguarded entry points, but it is a castle.
By comparison we have a timber frame house with wattle and daub walls.

The point of the argument is size and you seem to have overlooked the fact that I did not refer to RISCOS but the general principle. RISCOS does need an overhaul as stated

The more code → the more bugs → the more difficult they are to find→ the less security there is

As does the Pi4 by all accounts.

Not that I can see

The thing is, CISC design and microcode meant that the number of necessary transistors got very large very rapidly. Which is why pretty much anything after the slab of the early Pentium needed cooling.
ARM is getting there, and while they have the benefit of more recent technology (1.8V logic, smaller process, etc), you do reach a point where the speed and complexity inside generates more heat than can be effectively radiated away naturally.

I look forward to seeing an ipad with a fan.

First, double or triple the RISC OS size. You’re not counting the stuff in !Boot are you? Start up your machine without booting properly, see how useful it is. The stuff in there is important.
Secondly, Windows is insanely more complicated and capable than RISC OS.

Yes its too complicated and you can even see that when you compare it to say Linux. And RISCOS is still small by comparison.
Even if one were to add features or update it would be smaller

Tell you what – I’d like to download the lyrics to a song (it’s in Russian), copy them to a document so I can print them tidily to my AirPrint/IPPEverywhere capable printer via WiFi, and then stream the music video and watch it. It’s a song called “Luna” by a group called Mysterya.
I can start up my PC, running XP SP3, and do that right now.
Or from my phone.
From RISC OS? Let’s see… Cyrillic font? Native WiFi? Modern printer? Video? Uh-hu.

The point being is that if one compare the equivalent at the time RISCOS 3.5 would have been able to do most of Windows did.
I did state that RISCOS needed updating and it would not be as large as windows.
That’s kind of the point of the article.

And that refers to apps for the most part.

…and the 737-MAX?

Well quite. A modern development which should change

Ah, but the thing is – failure of airplane will kill people. Failure of a railway or a car will kill people. Failure of a nuclear power plant will kill people and leave the surroundings uninhabited for quite a long time.
Failure of a word processor? Not even remotely in the same category.

Or hacking and stealing and so on in government departments. Not important at all. For example with wannacry
Thank you for proving my point about “If there is a will there is a way”

Because Windows (or even Linux) does rather more at boot.
RISC OS doesn’t even check filesystem integrity FFS

Because it boots from rom for the most part and er um needs an update as is the point of this article.

Thank you, I’d prefer to let a happy Swedish teenager talk about the environment.

Thank you for not addressing the point about the environment :). I think the European union might disagree with you as a result of their decision today

It’s called capitalism. They exist to sell you stuff. If they can’t sell, they go bust. It’s not moronic, it is just how it works

Yes and this is called innovation. You improve the ways of doing things and watch things like the Ford Edsel or indeed American car manufacturers decline in importance because there are better alternatives.

Thus you end up with detroit and thriving foreign car manufacturers.

You do realise that the FBI chief keeps spouting nonsense about wanting Americans to have good encryption with a back door that the feds can use if necessary?
Clearly these people do not understand how mathematics works. Or security, for that matter.
Or the fact that any back door, once compromised, will be a global problem, not a national one.

That’s called a “wish” which has not been granted and cannot be granted because people will move to alternative poducst. It does not exist with signal or indeed AOSP.

No they don’t know anything about security because if they did they would not just to give one example, grant over a million people top secret security clearance.

I’d really like to see your feasibility study regarding the addition of PMT.

I estimate 3-5 million pounds at the most for the entire OS if we are talking about finances

, this won’t fly with modern hardware that boots from SD or the like.
Secondly, it’s irrelevant. Only a newb would hack the operating system. Anybody with more than a single cluon would hack the user. And that’s ridiculously simple under RISC OS whether it’s in ROM or not.

Why not the software is small. It’s not like you’d be running word,
You seem again to have overlooked the fact that I said RISCOS needed updating

Have you been following what’s been going on with those clever people who are hacking the actual processors? You know, the cache miss data leakage, the one that can set up specific states by fiddling with the processor core voltage in certain ways? In these cases, the operating system is largely unimportant because the attack vector is the processor itself.

Two maybe three instances and there is xen

And are you going to provide a guarantee of the stability and safety of your curated apps, or will this be yet another pointless walled garden lulling people into a false sense of security?

Yes like the appstore….

Just as there is an argument to state that modern applications are of a level of complexity where running logical and mathematical analysis on the program to verify all possible code paths is… not only infeasible, it’s also not even remotely realistic.
A large rocket carrying a satellite payload – you’ll want to do a hell of a lot of testing to ensure the software is flawless (been there, done that, got the burnt T-shirt).
A word processor? A web browser? No, it’s just not economically viable.

Yes it is. Governments use word processors and so on. They commonly used microsoft word or indeed openoffice

Except… Wow… Where do I even begin to shoot that down.
You are NEVER EVER going to get a secure app on an OS that will grant anybody kernel level privilege with one SWI call.
You… you just aren’t.

Heard of Xen?

Are you… even old enough to be considered a teenager? Surely nobody with a double-digit age could write something so utterly naive.

You mean. “I cannot imagine anything different” Perhaps you have an argument.
For example the app store could take more from the developer depending on the size of the apps

It’s not that difficult and Apple provide a warning for example if the app you have developed is over 100Mb

You seem to be obsessing about the small codebase.
I could double the size of RISC OS overnight.
You know how?

By proceeding on the basis that its unimportant that’s how. You said as much earlier

Show me a ten line program and I’ll show you a bugdefect.

And with 100 line program you’ll find 10.
:)

Well quite, I did say it needed a lot of work and well it looks like I am not the only one who agrees about code size

Code size is irrelevant. Code efficiency counts.

Firefox, for example, can do almost everything, from video playing to accelerated 3D. Its code is not bloated, if you consider all the features provided.

Forgive me but why can you perhaps explain why you are on a forum which is meant to promote the development of RISCOS if you don’t think much of RISCOS. I mean its OK. Some people like Eurovision.

FreeDOS is smaller than Windows and RISC OS. So it’s better?
Windows Embedded is smaller than Windows 10 and RISC OS. So it’s better?

Like nuclear power stations and the like..

That’s a perfect example of much bigger code for better security (contract programming, massive type checking, etc.) and much slower OS for better predictability (real-time OS). The absolute antithesis of RISC OS.

We all appreciate simplicity and economy, for a number of reasons, both ecological and aesthetic. The trouble is that simplicity is often an illusion, created by overlooking detail. Isaac Asimov’s joke about the Three Laws of Robotics might have been intended to nail this one, but lots of people did not understand that it was a joke. For tying down the notion of codesize, google Gregory Chaitin .

Code size is irrelevant. Code efficiency counts.

The more code you have,
The more bugs there are likely to be
The more difficult they will be to find.

As such larger code is inherently liable to be more insecure.

As Rick Murray said

Show me a ten line program and I’ll show you a bugdefect.

So as he himself states, the more code there is the more bugs he can find.

Firefox, for example, can do almost everything, from video playing to accelerated 3D. Its code is not bloated, if you consider all the features provided.

I would hardly describe mozilla products as efficient or having lots of features or functional given that
1) In the latest version of firefox on my machine with the latest updates, browser tabs crash at odd moments for no apparent reason.
2) Thunderbird cannot do the very basics which is to import and export MBOX and EML files properly even with a plugin. I have had to spend money on a product which carries out this very basic functions.

FreeDOS is smaller than Windows and RISC OS. So it’s better?
Windows Embedded is smaller than Windows 10 and RISC OS. So it’s better?

These are not GUI based products so is this a fair comparison?

The version of Windows embedded to which you refer from my understanding does not come with a GUI

I seem to recall that nuclear power stations in Iran were subject to the Stuxnet virus a while back which I think was developed in Finland.

ETAP for example runs on windows. Not exactly secure and I would imagine (or at least I would hope) that they are not connected to the internet.

And the F35 is the perfect example of large code which does not work properly and which is apparently more difficult to fix

I’ll reply to this when I get home this evening and get some tea in me.

Secure by design? “If I wanted to go there, I wouldn’t start from here!”

Well I mean it’s on ROM and it’s small.

It is also true to state that the more complex and large something is, the more unstable it is with the exception perhaps of biology but then this is a different kettle of fish in that the later relates to things which are organic.

Even so, nature has a preference for smaller mammals from what I recall of David Attenborough

Three example are

Chemistry: The higher up the periodic table one goes, the more protons an elements has and the more unstable it is.
Mathematics: The complexity of the financial mathematical models were part of the cause of the financial crash of 2008.
Coding: Rick Murray states that he can find a bug/defect in any given 10 lines of code. It therefore follows that he will find more bugs in 1000 lines of code.

More unstable, and more liable to have unforeseen security holes.

The more code you have,
The more bugs there are likely to be
The more difficult they will be to find.

Simple answer: no.

Quick example: take a lowercase to uppercase code. The smallest version will do the job. But to avoid security issues, you must do type checking, and check the range of characters, buffer overflows, etc. More code, for more security.
Another example: in order to steel some data on RISC OS, you just need to copy it. You can’t under Linux. Linux is much more code, and more secure too.

And now, proofs that this is not so simple:
SmallBasic: 108 kloc, defect density 0.62
Perl: 1173 kloc, defect density 0.06
LibreOffice: 6140 kloc, defect density 0.00

Sources:
https://scan.coverity.com/projects/perl11-cperl
https://scan.coverity.com/projects/smallbasic
https://scan.coverity.com/projects/libreoffice

The version of Windows embedded to which you refer from my understanding does not come with a GUI

It does.

more liable to have unforeseen security holes.

True, and less seen security holes too, as part of the code is sometimes here only to avoid security issues.

BTW, I find very funny for someone (Fred) who say that less is more secure, to suggest that to get a more secure version of RISC OS, you should add an hypervisor and run Linux apps.

Question 1: if you add more code to provide an hypervisor, should it not be less secure?
Question 2: if the idea is to use Linux apps under RISC OS with Xen like hypervisor, to use only Linux will be less code, no?

I don’t want to be rude, but I really don’t understand your point.

I find very funny for someone that say that less is more secure

Obviously missing out necessary security features doesn’t improve security; but missing out unnecessary fancy features certainly does. More importantly, taking care over writing code rather than throwing it together in a hurry and getting it working somehow is important; otherwise you produce bloated code, susceptible to errors of all kinds, but specifically security holes.

to suggest that to get a more secure version of RISC OS, you should add an hypervisor and run Linux apps
It wasn’t me who suggested that!

No, that was Fred… Bad transition in my answer. Sorry :)

Nae problem my friend! 8~)

Also, I didn’t make clear that the bloat and the errors in thrown together code are distinct issues, but both consequences of the thrown-together-ness and so often occurring together.

but missing out unnecessary fancy features certainly does

I agree. That’s why I prefer to talk of code efficiency (you can extend this idea to application efficiency).

taking care over writing code rather than throwing it together in a hurry and getting it working somehow is important

True too. But it’s funny to note that it’s mainly a small projects issue. If you do this on big projects, they’ll quickly collapse.

The more code you have, The more bugs there are likely to be The more difficult they will be to find.

Simple answer: no.

Quick example: take a lowercase to uppercase code. The smallest version will do the job. But to avoid security issues, you must do type checking, and check the range of characters, buffer overflows, etc. More code, for more security.
Another example: in order to steel some data on RISC OS, you just need to copy it. You can’t under Linux. Linux is much more code, and more secure too.

And now, proofs that this is not so simple:
SmallBasic: 108 kloc, defect density 0.62
Perl: 1173 kloc, defect density 0.06
LibreOffice: 6140 kloc, defect density 0.00

And the later crashes on mine despite the latest updates so the source is not true. And indeed is proven by the fact that they issue updates every month…

In any case bugs tend to turn up when they aren’t expected so how would people know? I did say bugs need to be detected and you don’t necessarily know whether they are there or not.

Moreover, as a general principle, it is obviously the case that it is more difficult to find bugs where they exist in the later.

The version of Windows embedded to which you refer from my understanding does not come with a GUI

It does.

It says that Windows embedded needs 2GB here
https://www.proxis.ua/files/documents/Windows%20Embedded%20Version%20Overview.pdf

BTW, I find very funny for someone (Fred) who say that less is more secure, to suggest that to get a more secure version of RISC OS, you should add an hypervisor and run Linux apps.

Question 1: if you add more code to provide an hypervisor, should it not be less secure?
Question 2: if the idea is to use Linux apps under RISC OS with Xen like hypervisor, to use only Linux will be less code, no?

1) You run linux apps where there are no native apps.
2) Xen takes up 1Mb
3) My understanding is that a Type 1 hypervisor is secure or at least as secure as it gets.

As regards all these different means of communication which are missing from RISCOS (Airplay and so on) why not just miss some of these out and go for what is standard.

(Confession. I don’t like Apple)

Perhaps some of you like RISCOS in the same way as some people like Doctor WHo DVDs starring Peter Davion so you can laugh at the acting as he does in the commentary

Obviously missing out necessary security features doesn’t improve security; but missing out unnecessary fancy features certainly does. More importantly, taking care over writing code rather than throwing it together in a hurry and getting it working somehow is important; otherwise you produce bloated code, susceptible to errors of all kinds, but specifically security holes.

So why don’t American software producers take note

More importantly, taking care over writing code rather than throwing it together in a hurry and getting it working somehow is important; otherwise you produce bloated code, susceptible to errors of all kinds

Indeed. At work, someone declared “I WANT IT NOW!” and kept going to their manager, their manager’s manager, etc, until we ended up with a directive to write the system before the Christmas break.

Due to lack of resources, one developer spent 2 weeks on it, then handed it over to me with the comment “it’s almost all working, but features X and Y still need to be written”. I then spent the next three days fixing bugs in the existing “working” system before even touching the new features!

future proofed against changes of hardware.

Future proofing is mostly an illusion. You can make something upgradeable, but you’ll find the original specification itself is what ages. Consider the RiscPC. Easy to slot in newer better processors, until the processors far exceeded the capabilities of the slow memory bus.

That’s hardware. In software terms, consider Java. It was to be The One to take on the world. Flexible, capable, with many available libraries.
And a mess of runtimes, all with enough flaws that they’re generally considered a security risk. There was a time when your browser would run Java applets for you. Then it asked you. Now it tells you “just don’t”. It isn’t present at all on modern tablet/mobile platforms (yes, I know the apps are written in a Java-like manner, however one doesn’t “run a third party applet” on Android).

What’s trendy these days anyway? Rust? Or is that now a has-been?

An OS is hardly a project for an amateur (eh, Linus?)

It’s worth pointing out that Linus looks after the kernel. It’s the most important part of the OS, certainly, but the majority of software on that installation CD has nothing to do with Linus other than his platform created the ecosystem that gave birth to the likes of Debian and Ubuntu.

In the case of choosing an OS the market has conspired to suppress competition.

You make it sound more deliberate than it is. Generally speaking, an OS needs to be popular. If it is popular, there is a business case for supporting it.
There is no technical reason why we cannot have LibreOffice on RISC OS. The OS is advanced enough that it can cater for the sorts of things that may be required for basic use – hell, it caters for the likes of Ovation and Impression without problem.
I put the bit in italics because…FontManager. ;-)

Thing is, nobody looking after LibreOffice will give us more than a passing glance followed by a shrug and maybe utter “a what now?” having no idea what RISC OS actually is. Because our user base and market reach does not justify the effort in porting.
Windows, on the other hand, is big and well known. So office suites, MuseScore, and all manner of things get ported to it. Only in the last few years have people stopped supporting XP and moved on, a fair while after Microsoft themselves gave up on XP support. Because it was that popular.

Anybody can introduce a new OS. And people do. And sometimes (Symbian?) they are popular. But eventually a larger juggernaught will come and push them off the road. Why would a developer support multiple small systems when she could support two or three big ones? [or take sides and just support the one]

For example, every user-action should be followed immediately by a response

Quite a few things fail in this respect. Even on RISC OS. Spot the double-postings on days when there’s server lag, so people click the button twice thinking that the first time must not have worked…

Windows can be rotten.

“can be”?

Anyway Rick Murray perhaps misses two important points

Okay, shoot…

The first is about the general importance of code size in the age of the internet.

Code size is irrelevant in the age of the Internet.
I can download an episode of Chihayafuru (about 300MiB for 480p) in a quarter hour. Which means an hour will get me a gigabyte. And I’m on a rural air-strung twisted pair pushing south of four gigabit on a good day. Many others are much faster.

That means, for me, an entire ISO CD image of the Linux distro of my choice in about three quarters of an hour. All of it, the entire thing. Burn to disc, boot it.

So, no, I don’t think in the age of broadband internet, that code size makes much difference at all.

That’s obvious given that my computer is around 3 Ghz and has 12gigs of Ram

Mine’s a P4 clocking around 2.4GHz and has about 3GiB RAM. But it’s running XP SP3 and XP gets a bit stressy if you give it more than 3GiB.
It does what I need. Mostly. It’s terrible at 1080p video and don’t even attempt to feed it HEVC. But that’s because the Intel chipset integrated GPU is rubbish.

And anyway… 12 gigs? You have 12 gigs? You need 12 gigs? That’s just silly amounts of memory…

Your point was?

As such larger code is inherently liable to be more insecure.

You are making a logical fallacy. There is no correlation between code size and security. You can easily have a small tight piece of software that is worse than a hulking monster if the small one gets its lean size because it doesn’t bother to validate inputs, sanitise things, and include protections to try to reduce potential attack vectors. Dealing with potential problems adds code. There’s no if-but-maybe. I said yesterday that I could easily double the size of RISC OS by adding code to sanitise inputs. Inputs to every single API. Seriously – you can write a few lines of BASIC (a user mode program) to HeapSort the RMA, and RISC OS will happily do so until the point where it crashes.

The second is that RISCOS needs development

That’s obvious. It’s kind of why all of this exists…

Many platforms most notably Microsoft and Apple have much legacy code.

RISC OS is much legacy code. Did you notice in the kernel sources “Arthur2”, “Arthur3”, and “ArthurSWIs”? Or the keyboard handler code (in PMF subdir) was started on the 13th of October 1986? Quite a bit of the VDU code dates from ’86 too…

Or as pointed out, you supply roms with the latest update

And as pointed out, modern ARM boards don’t support ROMs. Precious few of them support Flash. They boot from SD, µSD, USB, net…

RISCOS didn’t use drivers (except to some extent printers).

RISC OS bloody well did use drivers! The primary difference is that Acorn manufactured the machines that their OS was for, so your original-era serial port was one of three possibilities:

1. Not installed (mostly the A3000)
2. Based on a 6551 chip (original Archimedes, A3000)
3. Based on a 16450 UART as part of the 82C710 (A5000 and later)

The RiscPC introduced the 16550 compatible UART built into the FDC37C665. But note that RISC OS 3.5 and later only work on a RiscPC, so the older code could be discarded.
Parallel port? Discrete logic or part of the Super-I/O chips.

And so on.
There were drivers. But there were few as the machines were precisely known and so this stuff was buried inside where you didn’t see it.

Of course, there was a good selection of add-on podules to do all sorts of things. IDE cards, scanners, digitisers, MIDI, I/O, blah blah. And you know what? Pretty much all of them needed to have a ROM or EPROM onboard, not only to hold the device’s identity (RISC OS needs to know certain things about it at start-up), but also to hold the module(s) that comprise the various drivers and things that are necessary to make it work.

And even Microsoft acknowledged that 3.1 was deficient in that regards in that they went on about Plug and Play for the next release.

That was not Microsoft. That was the world moving to PCI and leaving behind the mess that was (E)ISA. Plug and play can work with self-configuring cards. It doesn’t work with cards that need the user to fiddle with jumpers to set up IRQs.

and I did say it was under Italian ownership.

Nothing to do with the birth of Arthur/RISC OS. It came about because the OS that Acorn wanted to release (ARX) was too resource-heavy for the platform to sensibly cope with, and too late. They needed something to go with the hardware that they already had. And so Arthur was cobbled together in a hurry and… well.. it’s how we got to where we are today.

Have you read: http://www.rougol.jellybaby.net/meetings/2012/PaulFellows/

written for people who are perhaps unfamiliar with such terms so I am not sure what point you are getting at.

Most of us around here are nerdy enough to know what an operating system is and what it does. Therefore it helps to be concise in stating what you mean.

so I am not sure what point you are getting at.

The point that “operating system” actually has a commonly understood definition, that is to say that it is a set of services that interact with the machine’s hardware to allow other (user chosen) programs to be run.
There are numerous devices which have a processor but no operating system.

In other words, your small and simple “explanation” was simplified to the point of being wrong. Thus demonstrating that things which are smaller and simpler aren’t necessarily better. Language, code, cars… it’s the same.
That’s not to say bigger is better. There needs to be other metrics involved. Clarity, in the case of language. Safety and fuel economy in the case of cars.

That’s my point. It’s far too complicated for what it does. And many people appear to agree because they run things like Linux.

Which, under the hood, is arguably more complex than Windows.

Two exceptions. Go on :)

I’m sure people here with other large commercial products might be able to give their input?

Arguably some software such as Zap could do with an installer. Bits go here, bits go there. It’s easier to click a button than drag stuff hither and thither.

Forgive me but why can you perhaps explain why you are on a forum which is meant to promote the development of RISCOS if you don’t think much of RISCOS.

I think a lot of RISC OS.

However I think you’re crazy to think that throwing some money at it will make it a world-class operating system that can not only compete on the same playing field as the likes of Windows, but win.

Many came. Many crashed and burned.
You know, people still talk about “the year of Linux on the desktop”. It never happened. And it never will – because more and more people are using mobile devices instead of big computers. And Linux is, arguably, much more technically competent than Windows.
And if it can’t best it, what hope us?

Besides, Android vs iOS is where the battle is at now. And, amusingly, Microsoft failed to gain any useful foothold in the arena. The short-lived Windows Phone is no longer. Is the Surface still a thing? I don’t remember – I just remember that that were way far in third place, so far it hurt.

I mean its OK. Some people like Eurovision.

Uh… is that a pointed dig or did you just pick that randomly? ;-)
[ https://heyrick.eu/blog/index.php?diary=20191201 ]

Not really because most of the hacking takes place upon software which is American.

Oh come now. Hacking Windows is so last decade.

Now it’s all about hacking rubbish IoT devices thrown together from a botched and butchered Linux in a basement in the arse-end of Shenzhen, Guangdong Province.
Why hack some sap’s Windows when you can aim for getting yourself an army of webcams to get you on the softer side of the owner’s NAT, or to rent out as a DDoS botnet to anybody with bitcoin.

I mean… it’s not like it’s much of a challenge either… https://heyrick.eu/blog/index.php?diary=20170617

Population density in France or indeed the Netherlands is greater than the US is it though?.

Ridiculously considerably, YES.

The US has a population of about 330 million. The UK has a population of about 66 million. It just so happens that 330 is five times 66.
Is the US five times the size of the UK? Here’s a hint. Alabama is about the same size as the UK. There are ten states larger than Alabama.

For France? Basically the same population as the UK, and about twice the land area. Lower population density, but nowhere near as low as the US. Because, you know, you could go to some place like Montana and have the eerie feeling that you can see the horizon in every direction, and you are the only person in that entire space. Because America is just bloody enormous.
As for “indeed the Netherlands”, it’s a tiny but populated country. As such, in terms of population density it is something like fourth or fifth (in the world).

Feel free to look any of this up. I knew it because I like geography, but I’m sure Google will point you to sources that agree, should you care to verify.

Not really a stereotype is it?

No. Because if one was to consider the actions of a small subset of people as representative of the entire populace, then it would be clear that English people are Brexit-loving foot-shooting xenophobic racist pillocks.

Are they? Or is that just another stereotype?

[note: the Tories may have won, god help us, but more of the electorate didn’t bother to vote than those who voted for the winning party]

The more code → the more bugs → the more difficult they are to find→ the less security there is

It is true and logical that more code gives rise to more risk of bugs. It does not necessarily follow that every bug is a security risk. Indeed, correctly functioning code that uses strcpy() instead of a ranged strncpy() may become a vector for a buffer overflow. It isn’t exactly a bug, as the code is functioning correctly. But it is a flaw that could potentially lead to security problems.
It is never a case of “more code == less security”. The issue is a lot more complicated than that.

As does the Pi4 by all accounts.

Not that I can see

https://maker.pro/raspberry-pi/tutorial/how-to-prevent-your-raspberry-pi-4-from-overheating

Random result returned from Google search for “Pi4 overheat”. There are plenty of others.
It certainly sounds like the Pi4 needs some sort of cooling.

I look forward to seeing an ipad with a fan.

Ever wonder why it is in a metal case? It’s not just like that to dick around with the WiFi antenna.

Ever wonder why the Samsung S9 (and similar) is basically two bits of glass mounted in a metal frame? The metal part is the important part. Run something processor intensive, like Maps Navigation with GPS and it will get hot. Because that bit of metal around the edges? That’s the heatsink.
A tiny water filled copper pipe takes heat from the chip to the metal casing. Then the air, or your hand, takes heat from the metal casing.

Even if one were to add features or update it would be smaller

Based upon what metric? If magically RISC OS was adapted to do all the stuff that Linux can do, it would logically be “more or less the same size” because it’s basically doing the same sort of things.

The point being is that if one compare the equivalent at the time RISCOS 3.5 would have been able to do most of Windows did.

Yes, it did. And RISC OS did more than Windows back in the 16 bit era, when both were version 3.xx. But that ship has not only sailed… all of its crew have retired.

Or hacking and stealing and so on in government departments. Not important at all.

A fair amount of “hacking” in that context is more social engineering than “skillz”.
Or in the case of the British government, a concerning propensity for losing media containing unencrypted and potentially very sensitive information.
Or, in the case of the NHS, just offering to give patient data away. And no, the peons don’t get a choice.

RISC OS doesn’t even check filesystem integrity FFS

Because it boots from rom for the most part and er um needs an update as is the point of this article.

Where it boots from isn’t relevant. Any serious OS needs to periodically verify the integrity of the filesystem, so you don’t find a growing accumulation of errors because, oops, those blocks weren’t what they looked like. It should be triggered automatically if there’s a power cut. You’ll note that both Windows and Linux do.

Yes. Updates and enhancements are needed, but maybe you’re starting to understand why RISC OS is lean and mean? And, while we’re at it, why it’s not the basis of taking over the world. By all means make something RISC OS like, because there’s a lot (especially in the UI) that RISC OS gets right. But it won’t be RISC OS.

Thank you for not addressing the point about the environment :)

I did address it, by pointing out a much larger problem. Bloated code burning extra cycles is less of a problem than the mentality of “disposable devices”. Think about it. If I choose wisely, I can buy a printer with a useful amount of ink supplied with it (and not one of those stupid “starter inks” that runs out after a dozen pages). I can buy it for less than the price of replacement ink. So I can buy a new printer, and chuck it, and save money compared to buying a set of inks.
At what cost to the environment?

All these phones and tablets, welded closed with massive amounts of glue. Some are carefully designed so that fragile things actually break if one tries to open them up (the glue most by liquid, if it isn’t, you can probably kiss goodbye to the USB port and maybe some of the display ribbon cable). It’s a frequent rant on… is it i-fixit? I forget.
Anyhow, you don’t get to replace the batteries when they wear out (which is only a few years). You’re supposed to chuck and replace. At what cost to the environment.

We’re not talking about landfill, we’re talking about everything (and all the precious metals) involved in their creation as well as the landfill. So as you can see, I did talk about the environment. And pretty much the same point you were making, too.

I’d really like to see your feasibility study regarding the addition of PMT.

I estimate 3-5 million pounds at the most for the entire OS if we are talking about finances

Uh… That’s not what a feasibility study is. Cost projection is a part of it, yes, but… well… feasible. Clue in the name.

You seem again to have overlooked the fact that I said RISCOS needed updating

You seem again to have overlooked the fact that fixing the OS to make it secure by any useful definition of the word… would require a ground-up rewrite that would probably break vast amounts of existing software and change the API out of all recognition.

That’s just not my definition of the word “update”.

And are you going to provide a guarantee of the stability and safety of your curated apps, or will this be yet another pointless walled garden lulling people into a false sense of security?

Yes like the appstore….

Oh, you mean the appstore (pick one, they’re both guilty) that has had to pull apps (including removal from people’s devices – Play Store Services can do that) because of issues that never would have passed a properly curated environment.

One for Google: https://www.theregister.co.uk/2019/08/22/google_play_malware/
And one for Apple: https://www.theregister.co.uk/2019/10/24/apple_clickfraud_takedown/

Yes it is. Governments use word processors and so on. They commonly used microsoft word or indeed openoffice

And how many have therefore been proven to be computationally correct?
Oh, yes. That’s right.
None.
Because, as I said, that level of proof is important with a rocket. Or a car’s ABS.
It isn’t with a mere word processor. Regardless of who happens to be using it.

You are NEVER EVER going to get a secure app on an OS that will grant anybody kernel level privilege with one SWI call.
You… you just aren’t.

Heard of Xen?

Irrelevant.

Read what I said. I’ll highlight a salient point: You are NEVER EVER going to get a secure app on an OS that will grant anybody kernel level privilege with one SWI call.

Running a hypervisor, you may have secure apps on another OS on the same machine, but you simply cannot have security on a platform where one simple call will make me “kernel level”. Or, indeed, a sweet little SWI that means that my app can read the entirety of your app’s memory. A bit of lateral thinking and my app could probably change your app’s memory, on the fly, as it is running.
How does that go with security?

So as he himself states, the more code there is the more bugs he can find.

Actually the point was “even the smallest program will have a bug”.

browser tabs crash at odd moments for no apparent reason.

There’s a reason. You just don’t know what it is.

These are not GUI based products so is this a fair comparison?

It’s about as fair as comparing RISC OS to Windows when, frankly, all they have in common is the use of a desktop metaphor.

and much slower OS for better predictability (real-time OS)

Hmmm, an RTOS isn’t “slower”. Much the opposite in fact. It is a fast deterministic system that mostly looks after multiple threads (rather than multiple applications). The prime differences between it and traditional OSs is that the developer usually gets control over its threading behaviour, and that it is deterministic. That means that one knows how long things take. A thread must be invoked, do its thing, and be done in a known amount of time. This includes responding to external events, how quickly a response can happen, when the response will complete, and so on.

the more complex and large something is, the more unstable it is

The nerdy word for that is “entropy”.

Coding: Rick Murray states that he can find a bug/defect in any given 10 lines of code. It therefore follows that he will find more bugs in 1000 lines of code.

And even more in a million lines. Because code is written by people. And people are not perfect.

However, bugs and security issues are not the same thing.

Quick example: take a lowercase to uppercase code.

I did ask Fred for a demonstration.

I’ll repeat it:

Please provide a routine to convert a string of characters to lower case. As we’re talking RISC OS, I will expect it to be written in assembler. String will be C-like (null terminated). You can assume R13 points to a stack, and R0 points to the string, and R1 points to ample space for the result.

If you don’t do assembler, feel free to write it in C. Parameters are char *input then char *result and the stack is not important as that’s what the compiler is for. ;-)

(Airplay and so on) why not just miss some of these out and go for what is standard.

Because AirPrint (using URF bitmaps) is much more widely supported than IPP Everywhere (which is quite recent).
It’s about whether one wants to support printers made in the last year and a half (ish) or most of the WiFi print-from-your-smartphone devices.
Sadly, AirPrint is not an open spec. IPPEv is.

Perhaps some of you like RISCOS in the same way as some people like Doctor WHo DVDs

Oh, it would be good to dream of a RISC OS renaissance. Maybe even imagine the sorts of things that could be done with the hardware of 2020 as opposed to the hardware of 1986.

But it’s worth tempering these dreams with reality. Malware came on floppy discs. People hacking your machine generally had to be physically present (or in the case of Econet, usually in the same room). There was no risk of Russians or Chinese. I mean, you’d pee in your pants at the cost of an hour talking to somebody on the other side of the country, never mind the other side of the planet. Besides, you’d be lucky to get much done without being noticed on a 1200 baud connection that was strictly single-purpose (none of this fancy TCP/IP bandwidth sharing). If you were using Xmodem to download, that is all you were doing.

RISC OS was born in a vastly different time.

So, no. We aren’t laughing at it. We think of it fondly (or we wouldn’t bother using it), but we also understand its weaknesses.
And we understand that it isn’t going to be a primary player in the OS stakes. And you know what? That’s probably for the best. We can just do our thing quietly and out of the chaos of the mainstream.

There was a time when your browser would run Java applets for you. Then it asked you. Now it tells you “just don’t”.

Or even “won’t, not doing it, no, no, no”

“Firefox no longer provides NPAPI support (technology required for Java applets)”

Source: https://java.com/en/download/faq/firefox_java.xml

and you know what – I can think of just one application at work that requires it, so the much insulted ESR system is the only reason to fire up IE which is legacy enough to support it.

I hope this isn’t rude but perhaps it is true to state that the length of your replies neatly underlines what I am saying about bugs because for whatever reason there are “bugs” in your reply

Code size is irrelevant in the age of the Internet

As such larger code is inherently liable to be more insecure. You contradict the point later by talking about entropy and acknowledge my point

.
There is no correlation between code size and security.

Yes there is.
Sorry to sound insistent

Even the US military acknowledge as much
https://www.onr.navy.mil/en/Media-Center/Press-Releases/2016/Software-Bloat.aspx

You said yourself “Give me ten lines of code and I can find a bug”

Therefore it follows with elegant inevitability that in 100 lines of code you can find 10 bugs

The more code you have
→The more bugs there are likely to be
→And the more difficult they will be to find

Bugs can of course include security issues and in any case one can replace the word bug or defect with “security flaw” and the same applies

The second is that RISCOS needs development

That’s obvious. It’s kind of why all of this exists…

Seems not to be obvious to be fair :)

And as pointed out, modern ARM boards don’t support ROMs. Precious few of them support Flash. They boot from SD, µSD, USB, net…

Or you er um manufacture one which does.It’s not that hard.

RISCOS didn’t use drivers (except to some extent printers).
RISC OS bloody well did use drivers! The primary difference is that Acorn manufactured the machines that their OS was for, so your original-era serial port was one of three possibilities:

You did not have to install drivers which is the point even if there was software to perform that function.

A slight error in emphasis for reasons of simplicity

And even Microsoft acknowledged that 3.1 was deficient in that regards in that they went on about Plug and Play for the next release.

That was not Microsoft. That was the world moving to PCI and leaving behind the mess that was (E)ISA. Plug and play can work with self-configuring cards. It doesn’t work with cards that need the user to fiddle with jumpers to set up IRQs.

Er yes it was lol. Here’s one example
https://www.youtube.com/watch?v=DP9pIoQTeAA

Most of us around here are nerdy enough to know what an operating system is and what it does. Therefore it helps to be concise in stating what you mean.

And? Should I preclude the average person from participating.

In other words people who might be potential newbies or even new customers?

I’ve snipped the rest of what amounts to er um pedantry within the context which I have set of simplicity

That’s not to say bigger is better. There needs to be other metrics involved. Clarity, in the case of language. Safety and fuel economy in the case of cars.

That’s my point. It’s far too complicated for what it does. And many people appear to agree because they run things like Linux.

Which, under the hood, is arguably more complex than Windows.

It has a smaller code base and is thus by definition less complex and can be made not to be complicated by removing packages.

Forgive me but why can you perhaps explain why you are on a forum which is meant to promote the development of RISCOS if you don’t think much of RISCOS.

I think a lot of RISC OS.
However I think you’re crazy to think that throwing some money at it will make it a world-class operating system that can not only compete on the same playing field as the likes of Windows, but win.

Well you clearly don’t to be fair which is OK

Besides, Android vs iOS is where the battle is at now. And, amusingly, Microsoft failed to gain any useful foothold in the arena. The short-lived Windows Phone is no longer. Is the Surface still a thing? I don’t remember – I just remember that that were way far in third place, so far it hurt.

Yes the world will always be the way it is. Don’t change things. Don’t come up with anything different (of non-American or even American). Be “realistic”. Know your place. Don’t complain.

Depend upon two American companies

Shesh

And Surface is a thing.

Not really because most of the hacking takes place upon software which is American.

Oh come now. Hacking Windows is so last decade.

Disregarding firmware, most software is American.

Hence why there are no large IT companies outside of the US with the exception of China whose software foreign users do not tend to use.
There is SAP in Europe for example but that’s about it with regards to Europe.

China, Russia, Turkey, Africa, Asia or the rest of America? Nope can’t think of anything major.

There is the odd application but not many

Hence most hacking takes place on software which is American because most software is American

Population density in France or indeed the Netherlands is greater than the US is it though?.

Ridiculously considerably, YES

Thank you for acknowledgment the point. I made the point about a preference for large freeways within a less dense population

No. Because if one was to consider the actions of a small subset of people as representative of the entire populace, then it would be clear that English people are Brexit-loving foot-shooting xenophobic racist pillocks.
Are they? Or is that just another stereotype?

1) So I state that Americans tend to like things which are large and by extension of that you infer that I am stating that it follows that one can state that English people tend to be Brexit-loving foot-shooting xenophobic racist pillocks. Heard of knights thought lol?
2) The American people voted for the Republican party on the basis that they would carry on with the war on terror
3) One can generalize about a country. SUVs tend for example popular in America but not so popular elsewhere. Nations do have general differences otherwise there would be no point in things like market research

The more code → the more bugs → the more difficult they are to find→ the less security there is

It is true and logical that more code gives rise to more risk of bugs. It does not necessarily follow that every bug is a security risk. Indeed, correctly functioning code that uses strcpy() instead of a ranged strncpy() may become a vector for a buffer overflow. It isn’t exactly a bug, as the code is functioning correctly. But it is a flaw that could potentially lead to security problems.
It is never a case of “more code == less security”. The issue is a lot more complicated than that.

OK the more code there is, the more potential security issues there may beT

This is a fact which is acknowledged by the US military as pointed out earlier

As does the Pi4 by all accounts.

Not that I can see

https://maker.pro/raspberry-pi/tutorial/how-to-prevent-your-raspberry-pi-4-from-overheating

So that’s the construction of the Rpi and the specific ARM chip and is thus a design flaw. What has that got to do with software?

That is one piece of ARM hardware with an ARM chip on it.

One

Based upon what metric? If magically RISC OS was adapted to do all the stuff that Linux can do, it would logically be “more or less the same size” because it’s basically doing the same sort of things.

So Linux is the same size as Windows and does the same things. Jolly good
By the metric below

The point being is that if one compare the equivalent at the time RISCOS 3.5 would have been able to do most of Windows did.

Yes, it did. And RISC OS did more than Windows back in the 16 bit era, when both were version 3.xx. But that ship has not only sailed… all of its crew have retired.

Well they haven’t actually. Many of them work at Cambridge within the university or indeed at Dr Hermann hauser’s company.
And the culture or the approach to things lives on

Or hacking and stealing and so on in government departments. Not important at all.

A fair amount of “hacking” in that context is more social engineering than “skillz”.
Or in the case of the British government, a concerning propensity for losing media containing unencrypted and potentially very sensitive information.

No it isn’t its a choice.

Or indeed government computers which are hacked and which I have personally witnessed

Where it boots from isn’t relevant

By all means make something RISC OS like, because there’s a lot (especially in the UI) that RISC OS gets right. But it won’t be RISC OS.

SoWe get it you are a RISCOS developer who does not like RISCOS and who pours cold water on any suggestion of improvements.

I don’t wish to disuade anyone but why bother lol coming on here? It’s not attractive exactly to others who might be interested in improvements is it?

Thank you for not addressing the point about the environment :)

I did address it, by pointing out a much larger problem.

You didn’t. You made fun of Greta Thunberg and said that it was normal for there to be waste because of capitalism

I estimate 3-5 million pounds at the most for the entire OS if we are talking about finances

Uh… That’s not what a feasibility study is. Cost projection is a part of it, yes, but… well… feasible. Clue in the name

You seem again to have overlooked the fact that I said RISCOS needed updating

You seem again to have overlooked the fact that fixing the OS to make it secure by any useful definition of the word… would require a ground-up rewrite that would probably break vast amounts of existing software and change the API out of all recognition.

Heard of Aemulor?

Oh, you mean the appstore (pick one, they’re both guilty) that has had to pull apps (including removal from people’s devices – Play Store Services can do that) because of issues that never would have passed a properly curated environment.
One for Google: https://www.theregister.co.uk/2019/08/22/google_play_malware/
And one for Apple: https://www.theregister.co.uk/2019/10/24/apple_clickfraud_takedown/

Yes what’s your point?

Yes it is. Governments use word processors and so on. They commonly used microsoft word or indeed openoffice

And how many have therefore been proven to be computationally correct?
Oh, yes. That’s right.
None.
Because, as I said, that level of proof is important with a rocket. Or a car’s ABS.

Or indeed an intelligence agency or indeed a ministry of foreign affairs where employees have access to sensitive documetns such as those which pertain to defence which are written in word passed by a standard off the shelf email program.

Heard of Xen?

Irrelevant.

Not if you are running software in VMs ala Qubes

Read what I said. I’ll highlight a salient point: You are NEVER EVER going to get a secure app on an OS that will grant anybody kernel level privilege with one SWI call

So as he himself states, the more code there is the more bugs he can find.
Actually the point was “even the smallest program will have a bug”.

Actually the point is the less code you have the less bugs and the less security flaws

browser tabs crash at odd moments for no apparent reason.

There’s a reason. You just don’t know what it is.

Yes its rubbish software which I will not use because it has a defect. I use an alternative which works

the more complex and large something is, the more unstable it is

The nerdy word for that is “entropy”

Thank you. Its the second law of thermodynamics but I elected not to include the word. My understanding is “The more you put things together the more they fall apart”

And you do acknowledge that the principle exists

Coding: Rick Murray states that he can find a bug/defect in any given 10 lines of code. It therefore follows that he will find more bugs in 1000 lines of code.

And even more in a million lines. Because code is written by people. And people are not perfect.
However, bugs and security issues are not the same thing.

No but bugs can encompass security issues. And one can delete the word bug and insert security issue

Because AirPrint (using URF bitmaps) is much more widely supported than IPP Everywhere (which is quite recent).
It’s about whether one wants to support printers made in the last year and a half (ish) or most of the WiFi print-from-your-smartphone devices.
Sadly, AirPrint is not an open spec. IPPEv is

Why support it? It’s used on less than 10% of the world’s computers and Apple could use an alternative in much the same way as people had to find an alternative to flash

I don’t like Apple by the way.

And size of code does matter to google (or at least slowly loading websites which will occur in large part because of a large code base or indeed not properly compressed images and so on).
https://techcrunch.com/2019/11/11/google-chrome-to-identify-and-label-slow-websites/

It says that Windows embedded needs 2GB here

Really? “While an OEM-only version of Windows XP for 64-bit was released, these Windows XP Embedded products are all 32-bit for x86 only. The minimum requirements were 128 MB of storage and 256 MB of RAM.”

A classic RISC OS 5 installation will need at least 64 MB RAM and 83.7 MB of disc space. XPe provides much more functionalities (including PMT, full Unicode support, a web browser, Wifi support and a RDP client). So it’s probably not so bad under the same perimeter.

There is no correlation between code size and security. You can easily have a small tight piece of software that is worse than a hulking monster if the small one gets its lean size because it doesn’t bother to validate inputs, sanitise things, and include protections to try to reduce potential attack vectors. Dealing with potential problems adds code.

Correct on all points.

Hmmm, an RTOS isn’t “slower”.

It’s slower because of other aspects. The microsecond scheduler for example, that implies a very heavy load on the system. But that’s another story.

Even the US military acknowledge as much

They criticise the bloat, not the size. And you know what? They’re right. Windows 10 Calc : 27648 bytes. RISC OS Calc : 46182 bytes. Excellent optimisation… on the Windows size. But, hey, they have more developers than us.

It has a smaller code base and is thus by definition less complex and can be made not to be complicated by removing packages.

IF A = 0 THEN A = 1 ELSE IF A = 1 THEN A = 0
Easy, but big.

A=1-A
Smaller, but much complex to understand, especially when you’ll read this in a few years.
And it could become a security issue or a bug since it does not check the value of A.

We get it you are a RISCOS developer who does not like RISCOS and who pours cold water on any suggestion of improvements.

Troll point.

You didn’t. You made fun of Greta Thunberg and said that it was normal for there to be waste because of capitalism

Another.
Goodbye.