Slashdot Mirror

← Back to Stories (view on slashdot.org)

Torvalds On Pluggable Security Models

Posted by kdawson on from the plain-speaking dept.

eldavojohn writes "The KernelTrap highlights an interesting discussion on pluggable security models including some commentary by Linus Torvalds. While Torvalds argued against pluggable schedulers, he's all for pluggable security. Other members were voicing concerns with the pluggable nature of the Linux Security Model, but Torvalds put his foot down and said it stays. When asked why his stance was different between schedulers and security, he replied, 'Schedulers can be objectively tested. There's this thing called 'performance,' that can generally be quantified on a load basis. Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions.'"

52 of 216 comments (clear)

  1. Well by homey+of+my+owney · · Score: 3, Funny

    He's right.

    1. Re:Well by Trillan · · Score: 4, Interesting

      He is right, definitely But being theoretically able to measure something doesn't mean it's practical or the the results are always useful.

    2. Re:Well by HeavensTrash · · Score: 4, Funny

      Linux is arrogant and clueless? I didn't know an OS could have human traits.

    3. Re:Well by rumblin'rabbit · · Score: 5, Insightful

      I've used lots of software that was arrogant and clueless. Hell, I've written software that was arrogant and clueless.

    4. Re:Well by Anonymous Coward · · Score: 2, Interesting

      No. Linux is not convincing. He is arrogant and more and more clueless. Unfortunately people seem to be so in awe of him, that allmost nobody is willing to tell him that he has he is "wanking around" about a lot of things he obviously does not really understand.
      How would you sound if you had been herding cats for years? Linus refuses in this case to chose whether the user cats get their tuna from Starkist or Chicken of the Sea. This makes the cat from Starkist and the cat from Chicken of the Sea mad at him. The user cat gets handed a can opener and while they can chose either source they want some of them complain that they have to chose and open the can. In many cases the distro-cat makes the choice and forks out the tuna from their choice of cans to their user cats. Again, some appreciate the choice and others hiss and threaten to scratch with the target of their threats anywhere from the distro-cat to the security-cats or to Linus.

      Every time Linus has a decision to make there are two or more tom-cats out screeching and raising hell on the fence outside his window. Sometimes the tom-cats are looking at him like he is a tabby and your suprised if every so often he throws a boot at the tom-cats?
    5. Re:Well by QuantumG · · Score: 2, Informative

      Linux is a kernel.
      Linus is an asshole.

      --
      How we know is more important than what we know.
    6. Re:Well by deek · · Score: 5, Insightful

      No. Linux is not convincing. He is arrogant and more and more clueless. Unfortunately people seem to be so in awe of him, that allmost nobody is willing to tell him that he has he is "wanking around" about a lot of things he obviously does not really understand.


      You're not being very convincing either. You call Linus all sorts of things, without actually saying specifically why you think he is arrogant, clueless, and has no understanding. I'm open to the idea that he may be, but your post certainly does nothing to convince me of it.

      At least Linus has specifically stated why he thinks security guys are "wanking around". It's because security people state that "only my version is correct", when they don't quantify exactly why this is the case. That certainly meets my criteria for "wanking around". Linus appears to have made a good judgement call.
    7. Re:Well by Daishiman · · Score: 5, Insightful

      There is no security model that's better than others for all cases. They're all tradeoffs between convenience and security at the user level, and no, a security model is not quantifiable, as the amount of variation between specifications is mindboggling. Do you know the difference between RBAC, RAS, SELinux, AppArmor? Between the dozens of different and incompatible security systems used in AIX, Solaris, i5/OS, QNX, z/OS, and VMS? They all have their places, they all have their own advantages and disadvantages. Security doesn't stop with setting the "sticky bit".

      But most importantly, security models are not CPU-intensive. Even the most demanding model will check file access permissions once in a blue moon in comparison to a scheduler. Schedulers store and use differnt information in very different ways which makes it difficult to make a generic framework that will support every possible datum they might need without making a significant impact on performance (it's a piece of code called thousands of times a second, performing rather complex computations).

      Besides, it doesn't mean that Linux doesn't have several schedulers. It does, but they're kept under different branches, and they're sufficiently tunable to meet all your usual requirements, and CFS is a sufficiently superior alternative with the right stuff to warrant its maintenance in the mainline.

    8. Re:Well by phantomfive · · Score: 2, Funny

      Didn't you know? Software wants to be free. Information wants to be anthropomorphized.

      --
      Qxe4
    9. Re:Well by zeromorph · · Score: 2, Funny

      I think he wrote Clippy.

      --
      "Hannibal's plans never work right. They just work." Amy/A-Team
    10. Re:Well by ShieldW0lf · · Score: 4, Funny

      No it doesn't. Information hates being anthropomorphized.

      --
      -1 Uncomfortable Truth
    11. Re:Well by DrXym · · Score: 2, Informative
      Linus is an asshole.

      To some perhaps. To others he's just an effective team leader who makes decisions to focus efforts. The alternative is usually a lot of people flapping around like headless chickens since they don't know which way to go. Worse yet if the thing is run by an ineffective person or committee where development slows to a glacial pace because no patches are accepted or bogged down in protracted politics and debate. If you want to see what the kernel development would look like in those circumstances, look up XFree86, Emacs, Hurd etc.

    12. Re:Well by mr_mischief · · Score: 4, Insightful

      Security is not a package. Say it with me now, "Security is not a package".

      Security is a process. You make the effort needed to crack or crash a system beyond the value to the attacker, and they won't attack.

      There's simply no need of SELinux in a coffee pot or an MP3 player. It's overkill. Linus is concerned with all the targets of the kernel, and not just the Sewper Seekret Survur next to the dresser in some kid's room.

      Now _you_ might be using Linux to keep millions of credit card numbers or to process satellite intelligence for some national government, but that's not what everyone does with it. So long as there are reasons to focus more or less on security and different needs among those focusing on it, pluggable security models make sense.

      For the vast majority of Linux targets, SELinux in particular is probably overkill. The scheduler effects everyone. If your main goal is security at all costs, use SELinux (it's not hard) or use OpenBSD instead of Linux.

  2. wanking around by Anonymous Coward · · Score: 5, Funny

    I've been wanking around with pluggable opinions for years, and I turned out okay.

  3. Spot on Torvalds... by cez · · Score: 3, Insightful
    I think Torvalds is right on this one. Until we can quantify security as we can scheduling performance, which he argues for, why shouldn't he keep LSM modular?


    If not, an artificial limit onto the integrity of the system would be created. Sure SELinux is a viable option, but why should we think it is the best ?

    --
    Walk with Music;
    1. Re:Spot on Torvalds... by gweihir · · Score: 4, Insightful

      Security cannot be quantified in hard numbers, since security is allways relative to the resources the adversary has. True, you could plan for some specific adversary. But that would be pretty meaningless. Also resources of an adversary is not a simple number that can be compared. Some thinks are limited to pecific attackers. Other stuff depends on money and/or time. Yet other stuff requires a specific type of competence. That is also why there typically is no "best" solution.

      So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    2. Re:Spot on Torvalds... by QuantumG · · Score: 2, Insightful

      Blah. That's a totally backasswards way of looking at it. Why do you want to make something non-modular? Other than to make it hard for people to make competing implementations. No scheduler is optimal for all applications. You either make the scheduler modular so it can be replaced easily for a given application or you settle for less than optimal performance. Linus knows this too, so I don't know what game he is playing - probably trying to lock out that scheduler implementation that he doesn't like.

      --
      How we know is more important than what we know.
    3. Re:Spot on Torvalds... by Solra+Bizna · · Score: 5, Insightful

      Yeah, because modularizing the scheduler doesn't have any performance or implementation or maintainance or QA problems.

      -:sigma.SB

      --
      WARN
      THERE IS ANOTHER SYSTEM
    4. Re:Spot on Torvalds... by cez · · Score: 2, Insightful

      So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions.
      "Wanking around" was a poor word choice at best, and I agree that people "that at least understand present technology in that area make the decisions". However, that doesn't invalidate his argument of modulization.


      The best of present technology is modular to a certain extent, from a micro and macro perspective of system or network. Why implement a non-defacto standard of secure by including it in the kernel?

      I've run SELinux, and I know that James Morris isn't stating he wants that exact implementation only, but he says choose one. How do we quantify that or any assertion and make an informed decision going forward knowing that there possibly is a more secure path to follow?

      --
      Walk with Music;
    5. Re:Spot on Torvalds... by fimbulvetr · · Score: 2, Informative

      You're right, AFAICT, but you've missed the emphasis on "more" code. From what I've read, the scheduler's tentacles touch just about every portion of vital linux code and making something "pluggable" on the order of this would require an enormous amount of effort - effort that would be pointless for all but very small minorities that can apply a patch easily.

      Indeed, it's also been showing (RTFML) that scheduler improvements are mostly trivial and generally don't warrant such an effort.

      Finally, one must consider that the enormous amount of bugs being introduced by touching so many different areas and applying different algorithms in different cases.

      Maybe this is something for consideration with the 3.x branch (Of which Linus has no intention of making), but it seems like a reasonable decision so far given the data.

    6. Re:Spot on Torvalds... by QuantumG · · Score: 4, Insightful

      Wow, Linus should go into politics. The point of the argument is that Linus refuses to make the scheduler modular. He's taken the argument that he isn't opposed to security modules being modular but he is opposed to the scheduler being modular and turned it around to say that he can't make the security modules not modular because there's no good metrics for determining which is better than the other. This is an irrelevant truth. The fact that you can measure which scheduler is better than another for a particular application supports the notion that schedulers should be pluggable modules.. so you can easily use the one which is most appropriate for the given application.

      --
      How we know is more important than what we know.
    7. Re:Spot on Torvalds... by RedWizzard · · Score: 5, Informative

      So, no, security folks are not "wanking around" as some specific asshole seems to claim, they are using the best tools available to evaluate adequacy of different security solutions. Those that do not get this are not getting what security is about and what the state of the art is. These people should better stay far away from security-relevant decisions and let people that at least understand present technology in that area make the decisions. If you actually read the article instead of just reacting to the sensationalist quote you'd know that this is exactly what Linus is saying. Security people don't agree and he is not qualified to make a decision so modularization needs to stay. In the case of the scheduler he feels he is qualified to make decisions and has done so. However he does bemoan the fact that the arguments presented by the security experts often don't make a lot of sense. This is where the "wanking around" quote comes from.
    8. Re:Spot on Torvalds... by fabs64 · · Score: 3, Informative

      Did you even read the freakin discussion? The whole thing was about whether security should be modular, linus was arguing that it should stay modular, someone else was arguing that it should not and cited the scheduler as an example of linus preferring a singular option.

    9. Re:Spot on Torvalds... by FoxconnGuy · · Score: 2, Interesting

      The key here is you have metrics to measure performance of schedulers.

      I think some of the key scheduler performance metrics includes:
      1. Context switch time.
      2. Fair scheduling
      3. Interactive tasks are interactive.
      4. Certain applications always get larger portion of time if needed.
      5. Real time.

      There are things called "parameters" that you can adjust to adopt Linux
      to your need.

      This doesn't say Linux scheduler is perfect. It is evolving, too.
      A few years ago, many embedded systems that needs real time scheduler
      can't be implemented on Linux because timing requirements. Now the
      scheduler supports real time and I can still use any applications
      without knowing what the hack they have done to scheduler.

      Now.

      Give me an example that Linux scheduler can't satisfy your needs, and,
      Give me an example that one security architecture satisfies you and me.

    10. Re:Spot on Torvalds... by kocsonya · · Score: 2, Insightful

      Well, scheduling performance can only be quantified to a degree. When I'm editing a document while running two computationally and disk intensive tasks in the background (e.g big simulations) I don't really care if the background calculations will finish 5 minutes later, but I do care about the editor and every GUI thing I have on the screen being snappy, just as snappy as if there was nothing running in the background. I'm not running the latest&greatest, just some older version of 2.6.??? but that does not seem to be the case, as a matter of fact. So until the for example "perceived responsiveness" gets a firm definition and a method of quantifying it, scheduling performance is scientificly quantified only with the qualifier "..., neglecting all other factors that we can not quantify or care about."

    11. Re:Spot on Torvalds... by cez · · Score: 2, Interesting
      yes but, using that context begs the question of why anyone would ever compare the operation of system security vs. performance to begin with?


      Apples... Oranges...

      --
      Walk with Music;
    12. Re:Spot on Torvalds... by SanityInAnarchy · · Score: 2, Interesting

      Hasn't the work already been done, though?

      I understand that it needs to be maintainable, but I would think a flexible architecture would be MORE maintainable, not less.

      (I admit that I don't have enough experience to make such a statement, at least about Linux and C.)

      --
      Don't thank God, thank a doctor!
  4. Awesome by obeythefist · · Score: 2, Funny

    "But the *discussion* on security seems to never get down to real numbers. So the difference between them is simple: one is hard science. The other one is people wanking around with their opinions"

    Thanks Linus, that cracked me up. I've always felt that way about a lot of the stuff the security guys do. I'm gonna forward that to our local security guys and see what they think!

    --
    I am government man, come from the government. The government has sent me. -- G.I.R.
    1. Re:Awesome by jofny · · Score: 2, Insightful

      If they're any good, they'll agree with him...security is fundamentally subjective (what you want your box to do vs how much what you have on it is worth vs etc)

  5. Cold Hard Engineering Measurement, or Science? by Alexander · · Score: 2, Interesting

    I think Linus may want to think hard about creating a distinction there.

    ``...the subjectivist states his judgments, whereas the objectivist sweeps them under the carpet by calling assumptions knowledge, and he basks in the glorious objectivity of science.'' - I.J. Good

    --
    "oohhh... I didn't know Schopenhauer was a philosopher!" ..."uhhh yeah, he's the one that begins with
  6. So we can quantify scheduling performance? by SanityInAnarchy · · Score: 4, Insightful

    I wasn't aware we'd completely solved problems of responsiveness vs throughput, or of normal vs soft realtime vs hard realtime.

    If we don't keep scheduling modular, an artificial limit on the performance of the system will be created. Sure, CFS is a viable option, but why should we think it is the best ?

    What's more, "wanking around with your settings" has often been what Linux has always been about. Ubuntu never uses chroot in a normal situation; does that mean it should be taken out? My GUI and hotplug utilities can automount anything I plug in; should /etc/fstab be removed?

    We haven't used anything but ELF for probably 5-10 years, yet, last I checked, a.out is still supported.

    Why should the system be made non-modular?

    --
    Don't thank God, thank a doctor!
    1. Re:So we can quantify scheduling performance? by Jah-Wren+Ryel · · Score: 4, Insightful

      I wasn't aware we'd completely solved problems of responsiveness vs throughput, or of normal vs soft realtime vs hard realtime. And I don't think we ever will. I think Linus's point that scheduler performance can be measured is the strongest reason to go with pluggable schedulers. I want the scheduler that performs best for the way that I use my system. I don't think anyone gives a ratsass about how well the scheduler works for someone else. I want it to work best for me and my workloads.
      --
      When information is power, privacy is freedom.
    2. Re:So we can quantify scheduling performance? by mrwolf007 · · Score: 2, Informative

      I wasn't aware we'd completely solved problems of responsiveness vs throughput, or of normal vs soft realtime vs hard realtime.
      Hard realtime usually implies severe perfomance penalties. People who really need something like that probably dont use a vanilla kernel.

      If we don't keep scheduling modular, an artificial limit on the performance of the system will be created. Sure, CFS is a viable option, but why should we think it is the best ?
      Torvalds usually doesnt care about something being the best. Its supposed to be good enough.
      Using the word best requires you to say for what, otherwise you might as well use a word such as coolest, most geeky, most whatsoever.
      Since Torvalds usually cares a lot about efficiency i guess that a plugable scheduler would be less performant.
    3. Re:So we can quantify scheduling performance? by cmat · · Score: 4, Interesting

      No, Linus' point about schedulers is that to make a pluggable scheduler, you will need to sacrifice performance just to achieve the plug-ability. Linus believes that the most flexible scheduler (i.e. performance, tune-ability) can be discovered at development time with a set of metrics that are defined currently. In which case he feels that the kernel devs can make the "best" choice of scheduler up front. Yes there will be fringe cases, in which case, you have the code, replace/tune/massacre the scheduler to your particular needs.

      The security realm however is completely different. For one, the performance requirement does not exist. So the performance penalty that modular architecture brings is largely irrelevant. And since there exist no metrics that can be used to determine whether one security model is better than another without the usage context, a plug-able architecture is the best road to go down to let something that users CAN and WILL want to implement completely differently from one use-case to the next.

      --
      -- Humans, because the hardware IS the software.
  7. I stopped reading TFA by kwabbles · · Score: 2, Interesting

    The moment I saw the word "scheduler".

    Damn I'm sick of scheduler FUD. It makes its way into every single linux conversation now, now matter how unrelated.

    --
    Just disrupt the deflector shield with a tachyon burst.
    1. Re:I stopped reading TFA by Dr.+Evil · · Score: 3, Funny

      You'll reprioritize when your starving children become zombies and your parent tries to kill you.

  8. What about by sokoban · · Score: 5, Funny

    That hot chick on Television who asks if I have worms, and sells antivirus software. That's one pluggable security model right there.

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
  9. If you read all of it ... by golodh · · Score: 5, Informative
    Perhaps if people read all of Linux's email they would be more understanding and less quick to condemn him.

    His complete email reads:

    Schedulers can be objectively tested. There's this thing called "performance", that can generally be quantified on a load basis.

    Yes, you can have crazy ideas in both schedulers and security. Yes, you can simplify both for a particular load. Yes, you can make mistakes in both. But the *discussion* on security seems to never get down to real numbers.

    So the difference between them is simple: one is "hard science". The other one is "people wanking around with their opinions".

    If you guys had been able to argue on hard data and be in agreement, LSM wouldn't have been needed in the first place.

    BUT THAT WAS NOT THE CASE.

    And perhaps more importantly:

    BUT THAT IS *STILL* NOT THE CASE!

    Sorry for the shouting, but I'm serious about this.

    Al I alone in thinking that Linux basically says:

    "Look I'm no security expert, and I'd be happy to follow your collective expert guidance if only:

    (a) you could quantify what you're saying and turn it into engineering instead of a religious argument

    (b) the lot of you could agree on *one* set of guidelines/features as being best all-around

    Unfortunately it appears you can't do either. That being so, I'm not going to burn my fingers and blindly choose one security boondoggle over all the others. I'll just make them pluggable so that every one of you can have his own personal security system. End of discussion. Now go away and be happy."

    1. Re:If you read all of it ... by Ari+Rahikkala · · Score: 2, Funny

      Perhaps if people read all of Linus's email they would be more understanding and less quick to condemn him.

      If I could read all of Linus's email, I think I would be more understanding of him wanting to be able to work with security models :p.

  10. Bring deRaadt in for a consult by e9th · · Score: 2, Funny

    I mean, Theo's the security guy, right? I'm sure Linus would have no problem whatsoever agreeing to abide by his decision...

  11. Re:Good. by NullProg · · Score: 2, Informative


    I can't videoconference, edit videos, make mp3s, play video games or make a slideshow in Linux. How about a couple of kernel devs drop off and help Linux go the last mile.

    Other than video conferencing (haven't tried), my wife and 13 year old son can do everything on your list (using SuSE, Fedora or Ubuntu).

    Shouldn't you be posting questions to http://www.linuxquestions.org/ or http://www.justlinux.com/ ?
    You wont get a RTFM response.

    Slashdot isn't a Linux help forum.

    Enjoy,

    --
    It's just the normal noises in here.
  12. Re:Language abuse by theNeophile · · Score: 2, Funny

    "Wanking" is rough-slang English from England, and means 'masturbating'. But Torvalds sure ain't one of us. All of the other words he used also come from England. How dare he!
  13. Ahem by deblau · · Score: 2, Informative

    Computer security isn't hard science? Someone should point Linus to the Orange Book or the Common Criteria.

    --
    This post expresses my opinion, not that of my employer. And yes, IAAL.
    1. Re:Ahem by GreatBunzinni · · Score: 4, Insightful

      A normalized set of procedures to perform measurements does not a science make. If it was so then phrenology would be almost a pure science.

      --
      Slashdot, fix your code or at least hire someone who is competent at it to do it for you.
  14. Scheduler vs Security Plugins by NullProg · · Score: 2, Insightful

    Correct me if I'm wrong, wouldn't a security plugin have to be authenticated? That would add a couple of extra layers not required for a scheduler. A "Rock Solid" built in security scheme might be better (Unlike the Windows address relocation method). Linus is correct in the fact that there is a new security method every week. Whats the correct one to choose?

    As for the Linux scheduler, I wouldn't mind a choice in desktop vs server tweak settings in (a) /proc/sys/scheduler (if it existed). RedHat, Ubuntu, SuSE, etc. could set the defaults based on user selection at install (Work Station vs Server).

    Enjoy,

    --
    It's just the normal noises in here.
  15. Re:like object oriented? by ASBands · · Score: 4, Insightful

    At some point, you have to deal with the fact that there is going to be some overhead in dealing with an object-oriented approach. Even if the significance is near 0, the scheduler is pushing operations on the CPU on an incredibly large scale, which might show its ugly face in performance. IMHO, it wouldn't, but I guess Linus knows better than I...

    Anyway, there is this great site called the Linux Kernel Archives, which has the source code for every version of the Linux kernel ever put out. If somebody was really serious about using their own CPU scheduler, all they have to do is take the latest version of the kernel, download the source code and modify sched.c to fit their needs. Even if it isn't object-oriented, that doesn't change the fact that everything else in the kernel only cares that default_wake_function tries to wake up a thread - it doesn't matter how it works on the inside. All the other parts know about is the sched.h header file.

    Sure, it isn't on-the-fly pluggable, but different distributions could easily use different schedulers if they simply compile the kernel. A distribution could make a sched.c that is pluggable (it would have an interesting look to it, but it could be done). I wouldn't want to debug it, but for all this complaining, you'd think somebody would do something about it.

    --
    My UID is a prime number. Yeah, I planned that.
  16. Re:Need to plug goatse by Zathruss · · Score: 3, Funny

    Actually, that would be a security 'hole' now, wouldn't it?

  17. irony by cycoj · · Score: 2, Informative

    I think there's some real irony here. Linus says that scheduling performance is "hard science" therefore it is easy to make a decision. But he did not make his scheduler decision based on "hard science" he based it on personal preference.

  18. Re:like object oriented? by Josef+Meixner · · Score: 4, Interesting

    At some point, you have to deal with the fact that there is going to be some overhead in dealing with an object-oriented approach. Even if the significance is near 0, the scheduler is pushing operations on the CPU on an incredibly large scale, which might show its ugly face in performance. IMHO, it wouldn't, but I guess Linus knows better than I...

    Ahh, the "when in doubt claim OO is expensive" defense. Please tell me, how long does a modern CPU need to take a branch to an address in a well known fixed memory cell which is guaranteed to be in L1-cache? Do you think it is longer than a conditional branch needed to handle the case single core dual core? Is it longer than the combined times needed to additionally handle the case one CPU-chip two CPU-chips? I don't know, I haven't done the measuring, but I have doubts the first is the slowest as the opcode scheduler should be able to handle the first and especially has the advantage of an always taken jump. We are heading in a parallel future, there are scheduling differences between single core/dual core and single CPU/multiple CPU. Why on earth should the scheduler written for the most complicated case (it has to handle cases like one dual core and two triple cores and one quad core efficiently or it is not the best scheduler, no?) be more efficient than a single core scheduler on a machine with only a single core? Or are the benchmarks "tweaked" so the first is the "right" case to benchmark?

    As written by multiple posters, yes, you can get benchmark results for schedulers, but what is the correct benchmark? Is it the maximum throughput model you don't want to have as a desktop box or the minimum waiting time for interactive jobs you don't want on a compute server? And if you need numbers to come up with the best security model, count line numbers, it is about as relevant.

  19. Pidgin by upside · · Score: 2, Insightful

    Never having used that software, I had a look at http://www.pidgin.im/about/. It says

    Pidgin is an instant messaging program for Windows, Linux, BSD, and other Unixes.

    How is a shortcoming of this software a shortcoming of Linux? You may be right to say there is no combined im/VOIP/video conferencing suites for Linux. Sounds strange to me, though. Perhaps you can make a feature request for Pidgin.

    --
    I'm sorry if I haven't offended anyone
  20. Re:Language abuse by CortoMaltese · · Score: 2, Funny

    Speaking as someone from the same demographics as Linus, I can assure you that he's familiar with the meaning of the word. Newsflash! Two nerds are familiar with wanking.
  21. Re:like object oriented? by Cassini2 · · Score: 2

    Ahh, the "when in doubt claim OO is expensive" defense. Please tell me, how long does a modern CPU need to take a branch to an address in a well known fixed memory cell which is guaranteed to be in L1-cache? Do you think it is longer than a conditional branch needed to handle the case single core dual core? Is it longer than the combined times needed to additionally handle the case one CPU-chip two CPU-chips?

    The reason why the scheduler is so performance sensitive, is that it uses close to the worst case branching behavior possible. The following steps happen:
    1. An interrupt occurs. The entire register set is pushed, page tables in the MMU are reloaded, and kernel code is executed. L1 and L2 cache are reloaded with kernel code and data.
    2. Kernel code is executed. Hardware response issued.
    3. Scheduler is executed. Per scheduling rules based on waiting processes, new process awakes.
    4. New process executes. L1 and L2 caches reloaded. Page tables reloaded.

    Massive amounts of CPU data are flushed and reloaded as the ISR / scheduler process executes. Additionally, the scheduler executes frequently. Sometimes the scheduler executes and changes processes once per interrupt, depending on what processes are waiting on what resources. Interrupt frequency significantly affects affects system performance, and the schedulers performance directly affects expensive activities like reloading the page table and reloading the L1 and L2 caches.

    The last time I benchmarked the effect of interrupts on system performance, the numbers were like this:
    At 1 kHz interrupt rate, the effect of a short background ISR on foreground performance was minimal. About 5% - 10%, depending on the computer.
    At 10 kHz interrupt rate, the effect was significant (about 50%).
    Between 20-30 kHz interrupt rate, almost all CPU time was being devoted to the ISR. Foreground processes almost stopped.
    Testing was on a fast P-III machine or a slow P-4 machine. It has been a few years.

    Modern multi-tasking 32-bit CPUs just can't handle very many interrupts per second. The problem is that both the L1 and L2 caches and the memory management tables get reloaded every time a major task switch occurs.

    Even if the scheduling penalties were not significant, it is still not desirable to have a pluggable object oriented scheduler. A normal function call is:
    CALL function_address

    A call to a virtual function in an OO langauge is usually implemented as:
    MOV EBX, vtable_address
    CALL [EBX] // Indirect call

    The OO code uses a fully indirect jump, which is significantly slower. However, the big issue is reliability. If the vtable accidentally gets clobbered due to bad code or a hardware fault, then the CALL instruction is a branch to nowhere. Your computer will crash. This fault is non-recoverable since it is in the scheduler itself. If instead we use the faster direct CALL instruction, we know that the scheduler always executes and hopefully some task will run (even if it is the wrong one.) Thus a reliability penalty is paid if we use an object-oriented pluggable scheduler approach.

    For performance reasons, and for reliability reasons, it is a really good idea not to have indirect function calls in the scheduler code.