Microsoft Research Showcases New Browser Prototype, "Gazelle"

Ars Technica reports that Microsoft has opened up about "Gazelle," a new browser prototype of theirs that is modeled after the underlying concepts of operating system design. "A research team led by Microsoft's Helen Wang recently published a report about an experimental browser prototype called 'Gazelle' that uses processes to isolate page content elements originating from different domains. It builds on the concept of multiprocess browsing but uses more fine-grained isolation to expand on the security advantages that are already delivered by existing multiprocess browsing models. But is it an operating system, Microsoft Research's analogue to Google's Chrome OS? Not quite."

New MS browser

Oh boy! A more secure browser from the pros at secure browsing, Microsoft.

Re:New MS browser

[ocularDeathRay]

yes, but the cool thing about this browser is, if you need tech support there is a special number where you can call and talk to Tony Little!!

Re:New MS browser

[Runaway1956]

Yeah. I read the FA. I see ActiveX. Wonderful. We all know that ActiveX is the most secure protocol on the face of the earth. /sarcasm

Re:New MS browser

[Gerzel]

Except it isn't a browser. It is a paper, about a theoretical browser, with not even so much as a screen shot.

Re:New MS browser

[gandhi_2]

ActiveX isn't a protocol. ActiveX != DCOM.

Re:New MS browser

[gmuslera]

Don't be so negative... they said "that is modeled after the underlying concepts of operating system design.". So it probably will be as secure as Microsoft Windows. At last Internet will be safe.

Re:New MS browser

[camperdave]

Tony Little works at the suicide prevention hotline?

Re:New MS browser

[anton_kg]

I feel safe as long as it stays as "prototype".

Re:New MS browser

[ericlondaits]

DCOM is not a protocol either. It's more of a component architecture.

Re:New MS browser

[gandhi_2]

I think it's both.
See also.
See also. [PDF]

Re:New MS browser

[Elektroschock]

I understood Gazelle as a desperate response to the announcement of Google Chromium OS and then you put a female(that is important) researcher in the news and use you PR stalin organ just to shout the Google Chromium OS announcement down. Everyone know that Gazelle is vapourware.

And of course we have other funny spin as well:
* Will Google Chrome OS bankrupt Canonical?
* Guardian: Google Chrome OS: is it copying Microsoft's Gazelle or is it more like Splashtop?
* Microsoft's Web Browser-Based OS: Gazelle with a link to the research paper.

Of couse the experimental study "Gazelle" is presented as the competitor. Not "Windows 7", ha ha.

Essentially Chrome OS shoots the cash cow, the bullets are cheap and it is fun. The Google OS is largely driven by the hardware manufacturers and their interest to lower OS target costs and get more better and more interface information. As it is branded Google Chromium OS you just expect it to support the browser but of course you can run every Linux desktop application you want and oops, the other cashs cows of Microsoft as Microsoft Office are not even available for the Linux platform.

The question for me is why no one attempted to create a Fox Operating System. ;-) To my knowledge the Google OS will not ship with KDE or Gnome but rather a lightweight ressource saving environment.

For Microsoft it all feels a bit Berlin 1945, with Gazelle as the latest Wunderwaffe. Google is so scared about the competitor...

It is a fact, Google can seriously wreck Microsoft with a minor investment and that will make Microsoft do all the wonderful stuff that only competition can achieve. Of course the manufacturers like that.

New Focus

[Haffner]

Microsoft focusing on developing a browser-based OS is directly opposed to their current business model, which involves forcing users to purchase an operating system. Microsoft's focus has always been on for-pay, offline applications. Taking a precautionary foray into Google's future business model seems to show that they are at the very least wary of Google's future plans.

Re:New Focus

[Joe+Jay+Bee]

Uhh... what? I know of Xenix (which was a full fledged Unix) but are you sure you didn't see this on some pisspoor "geek humour" website?

Re:New Focus

[just_another_sean]

Well there was that odd time a few years back when they had Microsoft Linux available.... Just saying... (this isn't a joke, they DID)

[Citation needed]

Re:New Focus

[Andr+T.]

It happened when Microsoft invaded Cuba.

Re:New Focus

[BitZtream]

No, they never had any sort of Linux product ever. They had some Linux machines they used for various things but there was never a Microsoft Linux.

You may be refering to Xenix, which was most certainly around before Linus started.

If I recall correctly, Xenix was one of the things that got linus started on Linux, it was part of his drive for an alternative that didn't suck.

Nice try though, next time a clue would be more useful.

http://en.wikipedia.org/wiki/Xenix

Re:New Focus

[maxume]

You are wildly mischaracterizing what Microsoft Research does. This isn't a new direction or focus for the company, it is a paper about some ideas.

Re:New Focus

[tonyr60]

Microsoft focusing on developing a browser-based OS is directly opposed to their current business model, which involves forcing users to purchase an operating system.

But not opposed to their business model of disrupting competition by any means possible. Significant competitor comes up with browser/OS combination, so lets tell the market that we are doing just that. Should keep the builders of those pesky netbook thingies from drifting away again.

Re:New Focus

[apez1267]

i hav herd of it , idk if ms had anything to do with it but it was called linux xp

Re:New Focus

Fine, just as long as they don't use unfair practices to bundle an OS with this browser thing.

Not an improvement

[Todd+Knarr]

MS's idea is nice, but it's not going to help a lot of things very much. It'll help when plug-ins and helper apps go runaway, being in a separate process they won't be able to block the browser itself. But from a security standpoint the problem isn't that those embedded objects are in the same process, it's that they have access to the same page and the DOM elements in it and the data structures of the browser itself. And that won't be solved just by putting them in their own process, not without isolating them from the rest of the page and browser to a degree that'll break a lot of Microsoft's technologies.

Re:Not an improvement

[girlintraining]

it's that they have access to the same page and the DOM elements in it and the data structures of the browser itself.

Well, if that isn't convincing enough, threads usually inherit the permissions of the process creating it. So multi-threading only manages to increase complexity, without improving security. Any exploit made in the child process/thread can use those permissions to access the parent. It's not even a privilege escalation attack, because no permissions are changed to do it. Sad. Very sad.

Color me less excited :/

[Jugalator]

After reading that article, I'm much less excited than I was. I had assumed it was something similar to Google Chrome OS, but it's not even something that seems like it turned out very well for Microsoft, or something that can have yet undiscovered major issues on the horizon. The idea seems to have turned out overly complex to work around the limitations with the approach, and all that in a resource hungry .NET application. It says they're hopeful to get the per-tab RAM usage down from 16 MB, but I have to wonder by how much? This approach doesn't seem much better than running a process-separated browser written in Java. Ugh.

I have a hard time understanding the decision to use .NET, but perhaps it was a security decision? Anyway, it doesn't sound like the optimal choice, when the project all revolves around low-level features like isolating the tabs even further.

Re:Color me less excited :/

[LO0G]

I actually think it's closer to the OP browser than it is Chrome OS.

Re:Color me less excited :/

[PsychicX]

But it's not supposed to be a product! MS --> Research --. It's an architectural experiment, and sure, a lot of projects graduate from Research to an actual product group. The goal is NOT to make something you can take to the open market though. It's a proper research lab, and so of course its stuff is frequently lacking. If it were to be converted to a product, it'd be staffed up with a full team who would spend a year or two -- or seven in the case of some unfortunate victims -- making it viable for public consumption.

Re:Color me less excited :/

[Colonel+Korn]

After reading that article, I'm much less excited than I was. I had assumed it was something similar to Google Chrome OS, but it's not even something that seems like it turned out very well for Microsoft, or something that can have yet undiscovered major issues on the horizon. The idea seems to have turned out overly complex to work around the limitations with the approach, and all that in a resource hungry .NET application. It says they're hopeful to get the per-tab RAM usage down from 16 MB, but I have to wonder by how much? This approach doesn't seem much better than running a process-separated browser written in Java. Ugh.

I have a hard time understanding the decision to use .NET, but perhaps it was a security decision? Anyway, it doesn't sound like the optimal choice, when the project all revolves around low-level features like isolating the tabs even further.

Read the article a bit more and you'll discover that the purpose of this project was to find the limitations of taking the separate process model to an extreme, with every element on a single page living in its own process. This was low level research, not an attempt to spark a new product.

Re:Color me less excited :/

[Grishnakh]

But sometimes, MS Research's projects do become actual products. Here's a famous example: link

With a track record including successful products like this, I'm sure this MS Research project is sure to be a giant and resounding success.

Re:Color me less excited :/

[b4dc0d3r]

How would you think it was related to Chrome OS?

I came here expecting to ask why they added this line But is it an operating system, Microsoft Research's analogue to Google's Chrome OS? Not quite. but you had already made this comment. Why would a browser prototype be like an operating system?

And.. using .NET more has always been their plan, to convince people you can write useful apps in it. I thought Vista was supposed to have large portions written in .NET - right along with the database-like filesystem of course. That aside, tt's a great choice for prototyping, since you can get something out the door quickly.

Re:Color me less excited :/

[HermMunster]

OMG, that was horrible. Welcome to the new MS. And it took 4+ minutes to show us that.

Re:Color me less excited :/

[aaron.axvig]

Exactly. Sadly some people now think an OS that can do nothing but run a browser is the holy grail of operating systems. (Chrome OS will probably do a bit more than run a browser, admittedly. And then some day a person will write a website that emulates a desktop (probably already done). Performance might be better than anything else, but the feature set will be low. From that webpage users will eventually be able to launch other webpages! And then someone may even figure out a way to launch some C++ application processes for things that really require speed. Java apps might be used for some complicated things. People will use lots of resource caching on their local machine so that they can work offline. So many features will be added that things might start to become slower. Eventually, this web-based operating system will be in a similar situation to what we have today--today's situation is pretty good. But it will take years of work...for what?

Today we already have the technologies/programs to have all of our stuff stored in the clouds. I'm going to cite mostly MS technologies because that's what I'm most familiar with, but there are others (especially a lot of open source):

E-mail: IMAP, Exchange
Files: Live Mesh, Picasa, Flicker (all have desktop applications that will sync)
Documents: Live Add-In For Office

In most cases, the native applications have more features than their webpage clones. The webpage versions will eventually mostly catch up in features. But it will take a lot of work. In the meantime, I envision smart people using webpages for what they do best: displaying and having minor interactions with mostly static data. We already have VERY feature rich "native code" applications, why not build on them?

Disclosure: I am interning as Microsoft. The above is my personal opinion only.

Will this keep the browser from "stalling"?

[wisebabo]

I am far from an expert on browsers so I am genuinely curious to know if this will keep the browser from occasionally "stalling". Will it allow the browser to keep downloading/processing the parts of the web page that it can even when certain elements are unavailable? If so, sounds like a good advance!

Re:Why doesn't MS just rename itself "Bing" alread

[hcs_$reboot]

Just FYI, Bing is a search engine, not a browser. And as for "Bing is not Google" (cf to Gnu's not Unix) I'm sorry to tell you this was largely utilized around /. a while ago...

Standards

[doishmere]

IE doesn't support web standards, but people still use it because it has Microsoft's name. Maybe this will get people to switch to a (hopefully) standards-compliant browser.

Re:Standards

[fridaynightsmoke]

People still use IE because its icon is almost always present on the desktop, and it has "Internet" written under the icon. Such an icon draws inexperienced user's mouse pointers like a light bulb draws moths, especially compared to a FF icon. "FireFox? What does that have to do with the internet?"
At my workplace I even removed all the IE icons I could find, only to be complained at that "I can't find the internet any more!".

Re:Standards

[leuk_he]

This was cerntain;y true for explorere 5 , 6 and somewhat explorer 7. But for explorer 8 they were brave enough to break not compliant sites.

Re:Standards

[terrukallan]

Try making a link to FireFox using the IE icon. Some of the users I've done this for never even noticed the difference.

Wait, they did WHAT for HOW MANY COOKIES?

[girlintraining]

It builds on the concept of multiprocess browsing but uses more fine-grained isolation to expand on the security advantages that are already delivered by existing multiprocess browsing models.

That's a new definition of security of which I was previously unaware. Just about anyone who's spent five minutes trying to do multi-process, multi-thread, unsyncronized accesses, cloud, spin-locks, etc., will tell you that no, there are no inherent security advantages. It'll be less secure unless you make a dedicated effort from project start just to keep it on par with single-threaded. The only "advantage" it has is that when it fails it'll crash more slowly, with a wider variety of obscure error messages, hammering the operating system as it tanks with the extra overhead as it does so. Yes, it might be slightly harder to develop an exploit because it's not using a generic flaw, but some complicated and obscure flaw -- but that's not more secure; Only badly designed.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[Tanman]

It's more secure because if one browser instance gets compromised, you don't automatically compromise all of the data currently in other browser instances.

At least that's my understanding. I could just as easily be wrong.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[Cyberax]

Yes. There ARE inherent advantages.

You can make RPC protocols with time-outs, so a supervisor process can kill offending child tab. Of course, you'll need to design your protocol to support timeouts, but I assume that Google and Microsoft developers are not stupid.

Next, you can easily isolate a process. Operating systems are GOOD at that, especially Linux with SELinux, seccomp and other _kernel-level_ sandboxing solutions.

Empirically, Google Chrome which also uses multi-process approach works _faster_ than IE and FireFox.

Re:Wait, they did WHAT for HOW MANY COOKIES?

It is true that our current abstractions for concurrency suck. However, the benefit of a multi-process (not multi-thread) abstraction is address space isolation. Namely, when your browser tab or plugin goes off scribbling in memory, every other browser tab keeps on chugging along without getting corrupted. As you pointed out, we still need good designs for exchanging data between processes. But now we can design much smaller interfaces around narrow, inter-process communication channels instead of the massive communication channel that we like to call shared memory.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[llmc]

oops. posted anonymously

Re:Wait, they did WHAT for HOW MANY COOKIES?

[BitZtream]

Bullshit.

It is not more secure 'just because'.

It CAN be more secure, but as history shows, pretty clearly, the more code you add, the less likely it is to be secure.

You don't get automatic security when you have multiple processes unless they are completely and in every way unable to do anything to the other. Since multiprocess browsing results in using shared memory, IPC, and even sharing files on disk, there is pretty much no reason what so ever to assume that multiprocess is more secure.

Once you break one process you can go after the next using any one of the ways the different processes communicate with each other.

Since most programmers think like you do, these IPC methods are likely to be FULL of holes to advantage of.

It is not any more or less secure because of some theory. Implementation defines security as much as a specification, if not more so.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[BitZtream]

You realize that IPC implies shared memory right?

You may pipe it through a file, a socket or as in unix a 'pipe'. But in the end you are effectively sharing bits of memory in one way or another, thats the point of IPC, to share data and commands.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[ChatHuant]

You realize that IPC implies shared memory right?

Geeze, no, it absolutely doesn't. Shared memory is one of the possible mechanisms, but it's certainly not the only one. You can do interprocess communication between processes running on different machines, on different architectures, on different continents, ferchrissake!

Unless you call the data itself "memory", in which case I suggest you should take up plastering, since computers are clearly too complex for you (no insult to plasterers intended, wonderful people, wonderful people!)

Re:Wait, they did WHAT for HOW MANY COOKIES?

[llmc]

You are right. Entities can't cooperate without shared communication. And communication between entities is only as secure as the communication contract between them. Hence, it is entirely plausible for a hacker to compromise one entity and use its communication contract to compromise another entity--IF the contract allows for it.

For instance, the contract could still certainly allow an entity to pass arbitrary pieces of code for another entity to run or allow an entity to change an arbitrary memory location in another, but this would either be a design decision (and a poor one at that) or due to a vulnerability in the implementation of the communication contract. Address space isolation removes from the communication contract the ability to twiddle any/all of another entity's bits modulo the explicit implementation of this capability or vulnerabilities in the communication contract. The latter is certainly a concern, but now our trusted base is reduced to the design and implementation of the communication contract as opposed to the sum of functionality in both entities.

Address-space isolation for reliability and security is at least as old as Mach (25 years?) and it only claims to be more secure and not a panacea.

Re:Wait, they did WHAT for HOW MANY COOKIES?

[phreakhead]

Even Google Chrome fails to capitalize on the most useful feature they could have with a separate process per tab: the ability to SLEEP any tab you want until you view it!

I keep all my frequent pages open in Firefox tabs (Facebook, Myspace, Digg, etc...), and they all hog my processing time, even when I'm not viewing them! I want to be able to COMPLETELY STOP all Javascript and Flash processes in that tab if I'm not looking at it, so it doesn't waste my CPU fetching updates when I don't care. When I click on the tab, THEN and ONLY THEN will the JS and Flash be able to run! How could they overlook this feature? It seems like that's the whole point of having separate processes!

Perhaps those technologies need to be broken.

[Kupfernigk]

Some of Microsoft's technologies - like data files that can execute code - need to be broken. It is sometimes necessary to sacrifice convenience for a degree of security. The personal computer industry has been slowly coming to terms with this for the last 10 years or so, it would be nice if we don't have to wait another 10 before it all works properly.

Re:Perhaps those technologies need to be broken.

[kestasjk]

If you're going to wait for an end to Office automation you'll be waiting for a long time.

Anyone else see the irony of this comment on a page full of AJAX tech by the way?

Re:Perhaps those technologies need to be broken.

Data files that can execute code.. you mean not unlike those HTML documents that contain JavaScript on the Internet, or spreadsheets, or even PDFs these days? I think data files with code are now a fact of life. What's needed is better sandboxes.

Re:Perhaps those technologies need to be broken.

[YourExperiment]

Some of Microsoft's technologies... need to be broken.

Hey - you're in luck!

Trident?

[Dotren]

It's largely a .NET application that uses Internet Explorer's "Trident" rendering engine.

Granted, it has made significant improvements but I still haven't been that impressed by the Trident engine. Sometimes I wish they'd use someone else's engine so that they'd be kept up-to-date on standards AND you'd have the same browsing experience on multiple browsers.

I guess I can understand why they don't though... they'd be up a creek without a paddle if they used Webkit and people stopped developing for it or licensed Gecko from Firefox and they went under or yanked Microsoft's license.

Re:Trident?

[SanityInAnarchy]

I don't see how either of these are true.

Licensing Gecko -- is it out of the question for them to just go open source? And certainly Webkit proves you're wrong, by its very existence -- Apple adopted KHTML and started developing for it. As long as Apple continues shipping Safari, I don't see development stopping, but even in some imaginary world where Apple stopped caring, Microsoft could simply adopt the code themselves.

There is no technical or real business reason not to do it that way.

The real reason is that they'd have to admit what a colossal failure IE was, and that they'd have that much less possibility for lock-in.

Re:Trident?

[nine-times]

they'd be up a creek without a paddle if they used Webkit and people stopped developing for it or licensed Gecko from Firefox and they went under or yanked Microsoft's license.

Well for one thing, if it adheres to standards, there shouldn't have to be that much concerns about whether people "stop developing for" a particular rendering engine. Also, can Mozilla yank someone's license for Gecko? Isn't it open source? Why should people stop using Webkit?

There are a few real reasons that Microsoft isn't using one of the existing open source rendering engines:

1. it would be acknowledging the validity and value of open source software
2. having a dominant but incompatible browser has provided them with the advantage of increased vendor lock-in
3. They have a lot of customers with old web apps that want/need to maintain backwards compatibility (which is the flip-side of the vendor lock-in)

Re:Trident?

[BitZtream]

Wow, WTF do you think open source is for? You've managed to imply that the two most important advantages to open source don't exist for two very large open source projects.

Gecko is open source. They can't yank the license out from under you any more than they can from Webkit because the OSS license implies that you can continue to use it forever.

Second, Webkit, like Gecko can stop development right this instant and they won't be any worse off than using Trident. They'll just have to do the webkit or gecko development themselves, which they already do with trident (okay, another MS group does, but thats not the point).

The advantages to OSS is that they can't take away your license to what you're already using. Nor can the death of an OSS project leave you out in the cold with no where to go.

When selecting a rendering engine to replace Trident when I took over the current project I'm working on it was always Gecko or Webkit from the very start because on of the FIRST things I got smacked in the face with when taking over the project is that MS was discontinuing the parts of trident we needed.

So, we switched to Gecko. Try to take those parts away now, go for it. I can continue to use the code I have and bug fix it as needed. I have no dependency on Mozilla if I don't want it. Sure, for the moment I just use what they have and commit bugfixes back to the Mozilla effort because it saves me a whole shitload of effort trying to maintain patches or a fork. Its in everyones best interest for my version of gecko to not diverge from the main code base, and it saves EVERYONE involved time and money by sharing the effort. It doesn't matter that the company I work for doesn't own the copyright to Gecko because the Mozilla guys aren't exerting it to hurt anyone, they just use it to cover their own asses, and have released it under a license which effectively allows me to cover my ass at the same time.

I'm amazed at how someone on slashdot so effectively entirely missed what I consider the greatest benefits of Gecko and Webkit being OSS. Yea yea, finding security issues is great and all, and feature enhancements for free are nice too, but I don't mind paying for those things. Whats far more important to the survival of my company is that I don't have to worry about Mozilla or Webkit doing something that utterly fucks me over. They can't. They have given me a way to protect myself.

That is not something you can get out of Opera or Microsoft, and that is why our company happily contributes all of our changes back to Gecko, which, for reference is in no way a requirement according to MPL, but its most certainly the right thing to do, and as I said, means I don't have to merge our code bases to stay in sync with mozdev.

Re:Trident?

[Dotren]

Wow, WTF do you think open source is for?

The two items you're thinking of in my original post were just some rather bad assumptions on my part due mostly to being in a hurry when I was thinking about this and looking the info up.

When I looked up Gecko today I saw that it was developed by Mozilla and I assumed it was proprietary for their browser. I completed missed the following which is a few paragraphs down:

Its development is now overseen by the Mozilla Foundation. Licensed by a tri-license of the Mozilla Public License (MPL), GNU General Public License (GPL) and GNU Lesser General Public License (LGPL), Gecko is free and open source software.

My bad assumption on Webkit was due to forgetting that there are already other companies contributing back to it and that, therefore, SOMEONE will always be developing on it. Secondly, I also assumed Microsoft wouldn't just continue to work on the code themselves if the project fell into neglect, which of course they would. They generally absorb other company's code by purchasing it, relabeling it, and then continuing development so there is no reason they wouldn't continue development on an open source solution.

What can I say, I had like 10 minutes to get my Slashdot fix in and posted 3 or 4 messages across multiple articles. I guess at least one post had to suffer (maybe all :P ).

Gazelle? How about Tree Sloth?

[MCSEBear]

Ummm... Isn't a Gazelle kind of a fast animal?

Since this browser runs at half the speed of the not exactly quick IE 7, shouldn't it be given a code name more in keeping with it's actual speed? I've always thought Ubuntu had a cute naming scheme going. I hereby dub this software Turgid Tortoise

Not new

[BitZtream]

Unless if by new you mean:
From february at least, seems older to me: http://research.microsoft.com/apps/pubs/default.aspx?id=79655

Has already appeared on slashdot and a hundred other tech sites.

http://tech.slashdot.org/article.pl?sid=09/02/22/1724244

Its hard to google before you run to try and get a story submitted isn't it?

Re:Not new

[BitZtream]

Oh, even better.

This isn't a article from Microsoft. Its an article from another news aggregator, like slashdot about a paper published by microsoft.

Theres something fundementally wrong when your stories consist of links to other people talking about stories they didn't even write.

Ars and slashdot are gonna get together and just circlejerk each other into their own little world.

Re:Gazelle? How about Tree Sloth?

[fuzzyfuzzyfungus]

What they don't tell you is that the part of the gazelle it most closely emulates is the stomach; which, in ruminants, implements four-chambered process isolation in order to safely digest large quantities of low-quality input. This seemed like a valuable feature for a web browser.

Re:Gazelle? How about Tree Sloth?

[NonUniqueNickname]

Still faster than Firefox 3.5 - http://www.youtube.com/watch?v=6cWzWil_h8s

Cool! I am totally there!

[zmollusc]

Sounds neat. I shall get it immediately.
Well, right after I get Windows 7, which will be after I get Vista, which will be after i get XP which will be after I decide microsoft have done anything worthwhile after Windows 2000.

Re:Gazelle? How about Tree Sloth?

[BitZtream]

Ruminants have multiple chambers, period.

There is no set number and it depends on species.

There is nothing to do with safety in ruminants, and more to do with the fact that they eat foods that require far more processing to be broken down into useful components. Basically the food ferments in their 'stomachs' as other bacteria and such break the food down as the bacteria eat it, then as it makes its way along the process it becomes something useful to the animal itself.

Cows can't eat grasses. They can how absorb the byproducts of the grass that ferments in their stomach thanks to the symbiotic relationship with the organisms in their stomachs.

Yes yes, its off topic, but I've just been the boyfriend to 4 years of vet school. err, I mean a girl in vet school.

Re:Gazelle? How about Tree Sloth?

hey it is not slow but is DIFFERENTLY ABLED.

Have some respect please.

Virtualize Javascript?

[Randomly]

Moving away from the DOM is ultimately going to confound searching engines and the namespaces they index. It would be nice to see Javascript running inside a VM - CLR or JVM, followed by other languages with the same access that Javascript has. Making Javascript a language under .NET in IE, perhaps using the Java VM for Javascript in Firefox etc. This may lend itself more readily to an indexable semantic web in the future.

Re:Virtualize Javascript?

[BitZtream]

Why?

The DOM is a programming technique. DOM is independent of HTML and HTML doesn't require DOM. DOM is how an app interacts and deals with HTML in general in its own memory.

SAX is another common alternative.

Then you can do what companies like Google, Yahoo! and MS do right now which is completely custom and has very little in common with a DOM implementation because a DOM implementation doesn't work on the scale they deal with.

Re:Virtualize Javascript?

[Randomly]

I'm referring to programmatic interaction with the browsers DOM interface once the document is loaded.

Why? Primarily because Javascript is an awful language. As the emergence of GWT and countless other web 2.0 Javascript API's indicate, there is a lot of work being carried out in Javascript to bring more interactive UI to web pages. There are a number of advantages that introducing other languages thru a .NET or Java VM could bring:

- Javascript is not a language that scales well to larger teams and projects. It's loosely typed, not strictly OO, no standard documentation support, the list goes on.
- Staying within the browser DOM enforces more searchable, indexable semantic content.
- Allowing other server side CGI languages, like Ruby, Perl to interact with the same language on the client side.

Perhaps I'm a bit off topic, this could be more relevant on the Silverlight 3 thread.

URL to the document to save going through ArseTech

MS Research

All in all, i think it is a great idea for them to be researching things like this.
But the fact they are still with Trident hurts me and the web greatly.
Please Microsoft, switch to Webkit or anything else.
Or even scrap it and make a new one and don't force it to replace IE-whatever if you update, just move away from Trident!
Trident was a horrible idea and always will be. The quicker it is killed off, the better for them and us. (especially since Microsoft have now realized it is a futile attempt to build their sites around IE since the numbers of users are dwindling)

Also, i lol'd at the URL
http://research.microsoft.com/en-us/um/people/helenw/papers/gazelleSecurity09.pdf
"um" indeed, Microsoft.

Boy, don't we miss x86 segments!

[tjstork]

Well, we were so eager to get rid of segments that by the time 80386 more or less perfected them, we dumped them for flat mode. Now they are gone in x86-64, likely never to return. What a terrible mistake! If we had different segments, we could have a lightweight browser process with user space threads assigning segments to different domains on the page. Instead of trying to get protection by wrapping software sandboxes around everything like Java, C# or something else does, we could have the CPU actually doing it. If only I could go back in time and say to myself, as I fumed over the likes of ES:CX... and say, no no, this will actually turn about to be a good thing in the future!

Re:Boy, don't we miss x86 segments!

[BitZtream]

Uhm ... segmenting didn't sandbox shit. It just made it annoying to get in between, not impossible as shown by the many different libraries that help programmers do exactly that.

The Virtual Memory Manager support built into processors on the other hand DOES segment blocks of ram. This is why kernel space can be protected from random attacks in user space.

Perhaps an OS that takes more advantage of the VMU would accomplish what you want, but jumping back to segmented addressing just means that the hackers (i.e. the programmers that actually do know what they are doing) will still be able to take advantage of exploits that exist now, as well as being able to take advantage of all the clueless programmers and CS grads who shouldn't touch code with a 10 foot pole but do it anyway since these people are the ones who will have a problem with a segmented memory model.

Of course the only way any of this works is if the code that manages it all is secure. Since I've yet to see any OS manage this for just the user/kernel space boundry well, then I think trying to add more boundries at this point is just asking for trouble. The smart hackers are still going to beat the code that was farmed out to India or some local uni, sorry.

Re:Boy, don't we miss x86 segments!

[tjstork]

Uhm ... segmenting didn't sandbox shit. It just made it annoying to get in between, not impossible as shown by the many different libraries that help programmers do exactly tha

In 16 bit, it surely didn't, but you could set up a 386 to have a segmented memory model where each segment within a process got its own permissions. So basically, within a process, you could make sure that data from two different pointers, aka segments, would not overwrite each other.

Re:Boy, don't we miss x86 segments!

[ergo98]

I think you're confusing concepts. Segmented memory was a hack, and protected nothing. Then they added protected mode, giving OS' the option of acting as the cop of memory. That has been on the x86 since the 286, and is of course widely used.

Everything that any process on your machine does in user-space has to be effectively "allowed" by the operating system. It is purely due to non-granular permission structures that modern OS' don't allow you to fine-tune every permission of even "native" executables.

Re:Boy, don't we miss x86 segments!

[tjstork]

confusing concepts..

No, I'm just looking at it from an instruction set point of view. In 16 bit world, ES,DS and the other segment registers were just annoyances that you had to deal with in order to get at data over 64k in length. In C you could choose a couple of ways to handle this - there was the small and tiny memory models which locked down the segments to be the start of the program and data, the medium and large, which lets you change the segments occasionally, and then the huge, which gave you an illusion of a giant address space but at a steep performance cost because it did the segment : offset conversion to an effective address at I think about every pointer dereference.

In those days, we looked at the need to even think about segment registers as pure, useless evil, and they were...

But, in 80368 mode, the segment register took on a whole new life and a whole new meaning. Specifically, a segment because the unit of security for protected memory. IT's there that we as an industry blew it. What we have now is that the segments are doled out to each application by the operating system but there's basically a single giant segment for code and data and that's the flat memory model. It's really, conceptually, the small memory model as it was in 16 bit land, but now the count registers can be 32 bits and so we never really think about segment registers at all, at the application level.

What could have happened was that programs could have been the medium modem or large model-esque, which would have allowed them to have multiple segments. Segments in 386 world have their own page tables and permissions and what not, and so offer potentially to the application a way of getting a finer grained memory protection that you speak of. Thus they could guard against overwrites - the cause of -many- security problems and native code bug, via the CPU. Instead, we have a single address space with a fixed set of segments flat model and so everything within a process's space can walk all over each other within the process. Segments were a tool in 386 mode that could have been used to reduce this, but just weren't. And now, in x64, segments are essentially useless appendages, and there's no real going back.

Re:Boy, don't we miss x86 segments!

[TropicalCoder]

I remember those days. I was tasked with updating our assembler libraries to take advantage of the 386. We had the FS and GS registers, and assembler commands such as LFS - Load Pointer Using FS, LGS - Load Pointer Using GS to simplify the loading of far pointers from the stack. It was very tedious at the time, and I think slower to access memory, taking half a dozen clock cycles. However, I think you have an interesting idea. Back in those days security didn't take on the same dimensions as it does today.

10111

[proslack]

They might have better luck reducing the "resource overhead" if they programmed the kernel in something other than C#.

Re:Gazelle? How about Tree Sloth?

[$RANDOMLUSER]

Ummm... Isn't a Gazelle kind of a fast animal?

Well, "Fronkensteen" (stitched together from discarded rotting corpses) was already in use, and "Staggering Fat Man" was voted down by the focus groups.

What year is this?

[FranTaylor]

How long have we had browsers? How obvious is all of this? This reads like an article from 1997.

We are still debating the best way to multi-thread a browser!

One might have thought that we would be a little further along with this kind of stuff.

back to the 1970's

[jipn4]

The UNIX designers were adamant about process-based isolation, to the degree that UNIX for a long time did not have kernel threads (early versions of Java had to emulate threads even in the mid-90's). Macintosh and Windows were much quicker to adopt threads.

It's kind of ironic that Microsoft now is pushing for process-based isolation. Their window system, of course, has also moved to a client/server architecture and asynchronous calls now, like X11 already did 20 years ago. Why don't they just go all the way and adopt UNIX or Linux? And if they really want to be cutting edge, they might switch to Plan 9. :-)

Wow - multi process using IPC!

[Viol8]

I guess thats an advanced concept for application programing in the world of Windows where fork() is still an alien concept.

Excuse me while I remain unimpressed. I'll wait a while longer while MS familiarise themselves with common programming techniques developed in the 1970s.

Re:Wow - multi process using IPC!

I don't understand what you're trying to say. You still have to use some kind of IPC mechanism to communicate between fork()'d processes.

Re:Wow - multi process using IPC!

[Viol8]

Err yes, and?

The point is they're talking this up as some sort of new approach to programming a browser (or any app). It isn't. At least not outside the Windows world.

Re:Wow - multi process using IPC!

The multiple process browser architecture has only been implemented in the last year or two so it is still relatively new. This project just takes it an extra step by isolating elements from different domains on the same page. I didn't see anybody hyping it up, so I'm not sure why you're so hung up on that. If you read the Ars Technica article you will see that they essentially admit that it is a quick and dirty hacked up experimental prototype; at best it is a slight evolution and nothing more.

Next Must-Have Browser Feature

What I want in a new browser is one that, if I tell it to go to http://www.domain_1.com/ then that's where it goes, and it makes no attempts to download anything from any other domains. No cookies sent to doubleclick.net, nothing to googleanalytics.com, etc etc. Does the new MS browser do that? If so, great. If not, then I have no incentive to look at it because firefox is adequate.

Re:Next Must-Have Browser Feature

What I want in a new browser is one that, if I tell it to go to http://www.domain_1.com/ then that's where it goes, and it makes no attempts to download anything from any other domains. No cookies sent to doubleclick.net, nothing to googleanalytics.com, etc etc. Does the new MS browser do that? If so, great. If not, then I have no incentive to look at it because firefox is adequate.

Enjoy having website developers pumping all this stuff back to the server, then dynamically creating the page for you with the ads, because it will happen. (and has happened with advertising at the moment, which is why Adblock and the like exist as they do, instead of simple blocks)

Nice tinfoil hat by the way.

Re:Gazelle? How about Tree Sloth?

[finiteSet]

Ummm... Isn't a Gazelle kind of a fast animal?

Clearly they named it Gazelle because ultimately they expect it to be killed off by safari.

Re:Why doesn't MS just rename itself "Bing" alread

[Grishnakh]

Actually, the PP has a point, why don't they rename themselves "Bing"? After all, "Microsoft" is not only a stupid-sounding name (wow, a portmanteau of "microcomputer software", how clever. They must have found someone with a lot of imagination to come up with that. Probably the same genius that came up with the totally non-obvious name "Internet Explorer".), but it's pretty obsolete-sounding too since no one uses the term microcomputer any more.

However, Bing Crosby's spirit might take offense, if he hasn't already, to them stealing his name.

Here's the truth

[CherniyVolk]

A research team led by Microsoft's Helen Wang discovered how to rebrand and skin a theme for the widely used Firefox. "Since most people already think we stole Firefox code to render webpages correctly with IE 8, we got to thinking..." Helen Wang stated in a call yesterday. "Our next IE release will be simply to rebrand and change the default skin of the latest Firefox web browser! So we can then say, finally, that Internet Explorer correctly renders web pages according to W3C published standards." This move seems to secure Firefox as the dominate web browser with a huge influx of new users. "Most people use Firefox because they have realized Internet Explorer was never able to render HTML correctly. This is in part because we have habitually hired software engineers that have never heard of www.w3c.org." This last fact is found to be true, on a job application for the Internet Explorer Development Team, which looks a bit like a Mc Donalds application, the first question is . "1. Do you know of www.w3c.org?" followed immediately by "2. Do you know what the word 'standards' mean?" Helen Wang affirmed that answering any of these two questions with 'yes' will disqualify you for any prospective position on the Internet Explorer Development Team.

We can only suspect that Microsoft will soon shift back to their own broken browser after people stop switching over to a Firefox branded Firefox.

Any chance of it complying with the standards?

[jcr]

If MS ever ships a browser that passes ACID 3, let me know. Until and unless that happens, MS's offerings in this area are a waste of space.

-jcr

Re:Any chance of it complying with the standards?

[implowry]

Even if they ship a browser that is standards compliant and passes ACID 3 yesterday, it won't matter because we'll still have to deal with all of the corporations that refuse to upgrade past IE6 until 2075.

The war is on!

[qqe0312]

Now Google came out with their free OS with browser MS is striking back. They will now retaliate with their own free OS and browser system. MS is so competitive, they can not loose, they will dominate the free market, if necessary by bribing their way in. You may have vacuum on your head, but we have more vacuum in our heads.

Sorry, Mr. Ballmer but the horse has already left.

[Whuffo]

This sounds like the nice folks at Microsoft finally read the Google Chrome specs and decided to claim that they invented it - or to be more charitable, they're doing the same thing.

This is business at usual for the Microsoft people - but the real world has changed while they weren't looking. That "internet" thing that Bill mis-predicted has allowed news and information to be disseminated at lightning speed. Those who deal in lies and deception no longer have the cloak of secrecy to hide behind.

If Microsoft wants to actually invent something new, we'll be right here to cheer them on. But they need to realize that the days where "innovation" meant stealing from others or stupid (Microsoft Bob) useless (talking paperclip) junk were marketable are over.

I'm not expecting much from them, though. That "I'm God" feeling that comes with great success will be their downfall - they are yet to realize that they're not anything special in the real world and their attempts to force new standards will no longer be a "fait accompli".

They lost sight of who their customers really were and created Vista - and it was a sales flop. If they didn't have those restrictive contracts with hardware vendors to force it onto new machines their sales figures could be counted on their fingers and toes.

But now they're coming out with Windows 7 and there's a huge marketing push going on - and the nice folks at Microsoft are being very careful not to reveal that Windows 7 is really just Vista with some (but not all) serious bugs fixed and just enough changes to the user interface to make it appear to be something different. Even the IT savvy people here on Slashdot are hailing Windows 7 as being something special.

Hey, guys - the DRM is still baked in and everything that was bad about Vista is bad about Windows 7 too. And for those who believe otherwise, here's a challenge: name one single thing in Windows 7 that provides more value to the customer than XP. Just because they can hang more bells and whistles on the same old pig doesn't make it a better pig.

More Processes are NOT Always Better

[CodeBuster]

It has been a while since I took the operating systems course in my undergraduate CS curriculum, but I seem to recall that there is a balance to be struck between too many and too few processes with regard to other related attributes such as security and stability. In some cases, notably in Sun Solaris, an attempt was made to capture more of the benefits of process isolation without the attendant overhead of full processes by introducing so called "lightweight processes" which provide more isolation benefits than threads but are not as resource heavy as full processes. I would venture a guess that this Microsoft Research project will reach the same or similar conclusions of early web server developers (CGI, for example); namely that more is not always better when it comes to separate threads and processes.

Re:Why doesn't MS just rename itself "Bing" alread

[apez1267]

great idea , now how about renameing linux next , seriously , how conceded do you have to be to name a os after your self??

Re:Why doesn't MS just rename itself "Bing" alread

[Grishnakh]

It's not conceited; when Linus named it, he just thought it was going to be a little hobby project that he and maybe a handful of other students might work on for a bit. He didn't know it was going to become as big as it did. By the time its global popularity became apparent, it was a little too late to change the name.

Re:Why doesn't MS just rename itself "Bing" alread

[koxkoxkox]

Bing is a really bad name for the chinese market. If you read it as pinyin, the most common romanization system, it can mean ice, military or even illness. Not that attractive a name. Considering the importance given by Chinese to this kind of homophonous association, it won't help the marketing campaign.

Re:Why doesn't MS just rename itself "Bing" alread

[Grishnakh]

Wow, that's interesting. First Coca-cola's "bite the wax tadpole", and then Pepsi's "Pepsi will bring your dead ancestors back to life", you'd think someone at MS would have thought of checking into this before settling on the name "Bing".

Oh well, it's not like MS has a track record of well-chosen names.

Re:Why doesn't MS just rename itself "Bing" alread

[koxkoxkox]

Beware of urban legends : http://www.snopes.com/cokelore/tadpole.asp

Coca-Cola's translation in Chinese is especially good and very successful. As it is composed of very simple characters, it is also one of the first words I learned :)

Another classic urban legend is the Chevrolet Nova : http://www.snopes.com/business/misxlate/nova.asp

Bing is translated with biying in Chinese (meaning roughly : "must answer", sorry I didn't manage to use sinogramms to add that little scholarly touch). Microsoft of course did not choose the character of "illness" or "ice". It still must be a little confusing for a Chinese user because he has to type "bing" on the address bar, while he sees another name on the page.

Re:Why doesn't MS just rename itself "Bing" alread

[hcs_$reboot]

The post I was replying to was (seemingly) deleted (!). So mine doesn't make sense anymore...

Re:Why doesn't MS just rename itself "Bing" alread

[Grishnakh]

It wasn't deleted; it was modded down as "Troll", so it's below your visibility threshold. There should be a link saying "x posts below your threshold" or similar, that you can click on to see the hidden post.

Posts are never deleted on Slashdot unless there's a problem with the system, or the Scientology lawyers threaten a lawsuit.

Re:Gazelle? How about Tree Sloth?

[DeVilla]

So it's got the plumbing of a Gazelle? That's not exactly appealing.

Meet Dr. Wang - Interview on Channel 9

There's an interesting interview on Microsoft's Channel 9 with Dr. Wang and the grad student who wrote some of the prototype code here: http://channel9.msdn.com/shows/Going+Deep/Expert-to-Expert-Gazelle-Operating-System-Architecture-and-Web-Browser-Security/

Language designer Erik Meijer conducts the interview along with C9's usual suspect behind the camera...

not ironic

[mevets]

H Spencer long ago coined the razor "Those who don't understand UNIX are forced to re-invent it, badly".

modeled after ....

[mevets]

the underlying concepts of operating system design...

What does that mean? Is the default home page is a blue screen?

I'm happy to slag microsofts sloppy lazy monopolistic crapware with the best of them; but microsoft research have produced some remarkable works. What is this crap? Research = repackaging with provocative, if meaningless, buzzwords? Was this from microsoft market research?

Re:Why doesn't MS just rename itself "Bing" alread

[bsDaemon]

http://xkcd.com/250/

Just sayin'...

Confusing use of the word "security"

[shervinemami]

By "increased security", they seem to mean that its less likely the whole browser with all your tabs and data is going to suddenly crash. Which can be useful, for example you might be in the middle of filling out an intense job application form on one tab and suddenly the youtube video you were loading in the background takes down your whole session.

But I think calling it "security" just makes everyone assume they mean it will be harder for people to hack their system.

Surely if it takes 16MB of RAM just to load up the Google website (one of the simplest websites there is!) it's going to bring lots of new ways to crash or hack the system!!

Re:Gazelle? How about Tree Sloth?

Checkmate!

Re:Why doesn't MS just rename itself "Bing" alread

> great idea , now how about renameing linux next , seriously...

Idea! Let's call it GNU/Linux.

> how conceded do you have to be to name a os after your self??

Dunno but it seems to work well

There already is a Gazelle out there.

[zoom-ping]

What about Project Gazelle? Now that's something truly revolutionary. http://www.projectgazelle.org/

Poor name choice

[Phoghat]

if they wanted to be competitive they'd call it

The Hound

where is this prototype browser?

[viralMeme]

Microsoft Research Showcases New Browser Prototype, "Gazelle"

Like how, they 'published a report', without actually producing anything like a prototype, in a Ars Technica article, the day after Google announces Chrome OS. If I didn't know any better I would suspect the whole excercise was designed to steal Google thunder.

I still think that Stinger is a better name.

[mattcsn]

Of course, I wasn't the one who got $200k in UEO grants for the damned thing.

Re:Gazelle? How about Tree Sloth?

[Hurricane78]

I *had* to think of the "safari" in Jurassic Park, when you mentioned this.

Didn't go so well, when that Mozilla arrived. ^^

Lemme guess

It'll be called Internet Operator. It'll tap into the full potential of the internet quite like how Windows 95 tapped into the full 32-bit performance of your 486, only better.

Re:COPYRIGHT VIOLATION

Copyright != Trademark

Microserf with mod points, eh?

[jcr]

Modding me down won't make your products worth using.

-jcr

Re:Gazelle? How about Tree Sloth?

unless you're talking about Safari on OSX, and not on Windows, then I have to laugh heartily at that comment.

Re:Why doesn't MS just rename itself "Bing" alread

[centuren]

Undoing a mod-mistake.

Re:Sorry, Mr. Ballmer but the horse has already le

Stop trolling.