...because in forums most people frequently have heated discussions. If we are not allowed to say the hard stuff in blogs, pretty soon we would not be allowed to say the hard stuff in forums as well...or any other place online in the end.
Objective-C on the iPhone does not have garbage collection, does it?
That's a serious drawback, because C/C++ programmers are not aplenty. There are many more programmers around with experience only in managed environments.
It's a scare tactics strategy aimed at the general population (not the outlaws), for the following reasons:
1) civil unrest is growing by the minute. People start to realize that politicians are in bed with the filthy rich oil & media tycoons, so there is a need to scare them back to their caves.
2) the politicians want the donations of their rich oil & media owning friends in order to get re-elected. The media tycoons push for elimination of piracy, because they think their profits will skyrocket without piracy, and push the politicians to do something. The politicians don't have any means other than scaring the Average Joe that he is going to prison for a long time because he illegally downloaded songs and movies. The government has to persuade the Average Joe that they know what A.J. does...
3) political groups are largely coordinated via the internet these days.
In other words, what we have here is the same ol' battle of the classes, like Marx described. The means are different though this time.
The kernel defines the page table and therefore the components.
You can't jump in the middle of the other component, unless the component defines that area as public.
If you want to ensure that no jump in the middle of a subroutine is allowed, then have a jump target instruction. If the first instruction after a jump is not a jump target instruction, then throw an exception.
Arbitrary function pointers will work because the compiler will insert the jump target instruction at the appropriate places.
The stack is not a problem, unless components put critical data in it. Components today don't do that, so I don't see why they have to do it in the future. Even in microkernel architectures, a component does not put its critical data in areas shared by other processes.
If you find any more problems, please share them with us. I am interested to hear them.
I am talking about a different thing here, i.e. isolation within a process address space, which provides the security of process isolation but not the relevant overhead.
Actually, you don't need independent page tables per component. All that you want is a new word in the page table descriptors that includes:
1) the component id. 2) read/write/execute bits for the other components.
Then when component A tries to write or execute something in memory of component B, the CPU will check the access rights of the target page. If the access is not allowed, then an exception will be raised.
That's a trivial job for the CPU with zero overhead, as the CPU already checks the supervisor/user bit on any memory access.
A 32-bit word has 3 bits for the access writes (2 bits if a read bit is not required) and 29 bits for the component id. So the page descriptors need to fit in 64 bits instead of 32 bits (in the 80x86 CPUs).
If you don't want an extra 32-bits for a page descriptor, then the 80x86 page descriptor has 11 bits free (20 bits are reserved for the page frame and 1 bit for the valid/non valid page). With 2 bits for access writes (write/execute), you have 9 bits for the component id, i.e. you can have 2^9 = 512 different components in a process.
Still, I don't see why my comment was modded as flamebait. My intention was to show that the transition from XP to Win7 was nothing like the transition from OS9 to OS10.
The real reason there is no security and that we have the monolithic vs micro kernel is that CPUs provide process isolation and not component isolation. Within a process, CPUs do not provide any sort of component isolation. If they did, then we would not have this discussion.
I once asked Tanenbaum (via email, he was kind enough to reply) why CPUs do not have in-process module isolation. He replied:
From: Andy Tanenbaum [ast@cs.vu.nl] Sent: Ðáñáóêåõ, 1 Öåâñïõáñßïõ 2008 4:00 ìì To: Subject: Re: The debate monolithic vs micro kernels would not exist if CPUs supported in-process modules.
I think redesigning CPUs is going to be a pretty tough sell.
Andy Tanenbaum
But why? I disagree with that for two reasons:
1) the flat address space need not be sacrificed. All that is required is a paging system extension that defines the component a page belongs to. The CPU can check inter-component access in the background. No change in the current software will be required. The only extra step would be to isolate components within a process, by setting the appropriate paging system extensions.
2) The extension will require minimal CPU space and CPU designers already have great experience in such designs (TLBs, etc). Money has been invested for less important problems (hardware sound, for example), so why not for in-process components? it will be very cheap, actually.
Of course, security is not only due to the lack of in-process component isolation, but it's a big step in the right direction...
It seems many slashdot readers have the opinion that Win7 is some sort of different O/S from XP. Actually, it is not. Applications running in XP also run in Win7 unmodified.
The transition from OS9 to OS10 was like the transition from Win95 to WinNT, i.e. from a co-operative multitasking unprotected 16-bit O/S to a preemptive multitasking protected 32-bit O/S.
The transition from XP to Win7 is a transition from one version of WinNT to another more advanced version of WinNT.
Your post reminds me of...Holywood. Yes, that's right, flashes of countless movies showing what you just said. Is America brainwashed and conditioned by the media? I'd say it is.
There is no such thing called 'love'. In reality, 'love' means that 'I like you for what you are giving me'.
Under this observation, it's natural for women to love you for the stability you offer to them to raise their children, and it's natural for men to love women that are good in reaffirming their masculinity.
The brain simply picks the outcome that maximizes survival the most, using pattern matching on the available data. If the available data are not good, the brain is fooled to select a non-rational decision.
Slashdot Mirror
Easy : go in with a supply of blue jeans, Elvis vinyls and Marlboro cigarettes. They 'll love you.
It's a shame that they are going under, because C++ Builder is he best C++ IDE for Rapid Application Development, by far.
You can design forms and controls in the same way as Visual Basic, but it is C++.
So, what is your proposal? a world where there is no place for discussion between countries?
You can find corruption in any organization, either inside the US, or outside the US. The UN is not any different than that.
...because in forums most people frequently have heated discussions. If we are not allowed to say the hard stuff in blogs, pretty soon we would not be allowed to say the hard stuff in forums as well...or any other place online in the end.
In the first 10 seconds of reading the headline, I thought it was Bill Gates!!!
Finally, I can run Emacs the way God indented to!!!!
Objective-C on the iPhone does not have garbage collection, does it?
That's a serious drawback, because C/C++ programmers are not aplenty. There are many more programmers around with experience only in managed environments.
News articles are mostly text and most of us have our mobiles with us most of the time. It only makes sense to read the news in our mobile phones.
It's a scare tactics strategy aimed at the general population (not the outlaws), for the following reasons:
1) civil unrest is growing by the minute. People start to realize that politicians are in bed with the filthy rich oil & media tycoons, so there is a need to scare them back to their caves.
2) the politicians want the donations of their rich oil & media owning friends in order to get re-elected. The media tycoons push for elimination of piracy, because they think their profits will skyrocket without piracy, and push the politicians to do something. The politicians don't have any means other than scaring the Average Joe that he is going to prison for a long time because he illegally downloaded songs and movies. The government has to persuade the Average Joe that they know what A.J. does...
3) political groups are largely coordinated via the internet these days.
In other words, what we have here is the same ol' battle of the classes, like Marx described. The means are different though this time.
The kernel defines the page table and therefore the components.
You can't jump in the middle of the other component, unless the component defines that area as public.
If you want to ensure that no jump in the middle of a subroutine is allowed, then have a jump target instruction. If the first instruction after a jump is not a jump target instruction, then throw an exception.
Arbitrary function pointers will work because the compiler will insert the jump target instruction at the appropriate places.
The stack is not a problem, unless components put critical data in it. Components today don't do that, so I don't see why they have to do it in the future. Even in microkernel architectures, a component does not put its critical data in areas shared by other processes.
If you find any more problems, please share them with us. I am interested to hear them.
I am talking about a different thing here, i.e. isolation within a process address space, which provides the security of process isolation but not the relevant overhead.
Actually, you don't need independent page tables per component. All that you want is a new word in the page table descriptors that includes:
1) the component id.
2) read/write/execute bits for the other components.
Then when component A tries to write or execute something in memory of component B, the CPU will check the access rights of the target page. If the access is not allowed, then an exception will be raised.
That's a trivial job for the CPU with zero overhead, as the CPU already checks the supervisor/user bit on any memory access.
A 32-bit word has 3 bits for the access writes (2 bits if a read bit is not required) and 29 bits for the component id. So the page descriptors need to fit in 64 bits instead of 32 bits (in the 80x86 CPUs).
If you don't want an extra 32-bits for a page descriptor, then the 80x86 page descriptor has 11 bits free (20 bits are reserved for the page frame and 1 bit for the valid/non valid page). With 2 bits for access writes (write/execute), you have 9 bits for the component id, i.e. you can have 2^9 = 512 different components in a process.
Oh, did I write Win95? I meant Win3.1.
Still, I don't see why my comment was modded as flamebait. My intention was to show that the transition from XP to Win7 was nothing like the transition from OS9 to OS10.
The real reason there is no security and that we have the monolithic vs micro kernel is that CPUs provide process isolation and not component isolation. Within a process, CPUs do not provide any sort of component isolation. If they did, then we would not have this discussion.
I once asked Tanenbaum (via email, he was kind enough to reply) why CPUs do not have in-process module isolation. He replied:
From: Andy Tanenbaum [ast@cs.vu.nl]
Sent: Ðáñáóêåõ, 1 Öåâñïõáñßïõ 2008 4:00 ìì
To:
Subject: Re: The debate monolithic vs micro kernels would not exist if CPUs
supported in-process modules.
I think redesigning CPUs is going to be a pretty tough sell.
Andy Tanenbaum
But why? I disagree with that for two reasons:
1) the flat address space need not be sacrificed. All that is required is a paging system extension that defines the component a page belongs to. The CPU can check inter-component access in the background. No change in the current software will be required. The only extra step would be to isolate components within a process, by setting the appropriate paging system extensions.
2) The extension will require minimal CPU space and CPU designers already have great experience in such designs (TLBs, etc). Money has been invested for less important problems (hardware sound, for example), so why not for in-process components? it will be very cheap, actually.
Of course, security is not only due to the lack of in-process component isolation, but it's a big step in the right direction...
It seems many slashdot readers have the opinion that Win7 is some sort of different O/S from XP. Actually, it is not. Applications running in XP also run in Win7 unmodified.
The transition from OS9 to OS10 was like the transition from Win95 to WinNT, i.e. from a co-operative multitasking unprotected 16-bit O/S to a preemptive multitasking protected 32-bit O/S.
The transition from XP to Win7 is a transition from one version of WinNT to another more advanced version of WinNT.
Your post reminds me of ...Holywood. Yes, that's right, flashes of countless movies showing what you just said. Is America brainwashed and conditioned by the media? I'd say it is.
In case of flooding, there would be no escape.
Perhaps there shouldn't be skyscrapers...
We go to school because we have to. Do we really need to meet those suckers again?
It can't be done because Windows is not modular enough.
Can we please get another real Star Trek movie?
It seems the dumbing down of Star Trek is continued with dumbed down video games...
A lot of lives would be saved...
And this is one of the greatest moments in televised sci-fi history:
http://www.videosift.com/video/Hawking-Einstein-Newton-and-Data-Playing-Poker
There is no such thing called 'love'. In reality, 'love' means that 'I like you for what you are giving me'.
Under this observation, it's natural for women to love you for the stability you offer to them to raise their children, and it's natural for men to love women that are good in reaffirming their masculinity.
The brain simply picks the outcome that maximizes survival the most, using pattern matching on the available data. If the available data are not good, the brain is fooled to select a non-rational decision.
It's as simple as that.
so that is what 3DRealms awaits for!!!