Comment by snvzz
3 days ago
Millions of lines of code, all running in supervisor mode.
One bug is all it takes to compromise the entire system.
The monolithic UNIX kernel was a good design in the 60s; Today, we should know better[0][1].
3 days ago
Millions of lines of code, all running in supervisor mode.
One bug is all it takes to compromise the entire system.
The monolithic UNIX kernel was a good design in the 60s; Today, we should know better[0][1].
My conclusion is that microkernels offer some protection from random reboots, but not much against hacking
Say the USB system runs in its own isolated process. Great, but if someone pwns the USB process they can change disk contents, intercept and inject keystrokes, etc. You can usually leverage that into a whole system compromise.
Same with most subsystems: GPU, network, file system process compromises are all easily leveraged to pwn the whole system.
Year of HURD on the desktop?
Highly unrealistic rewrite disease
Of course by now processor manufacturers decided that blowing holes into the CPUs security model to make it go faster was the way to go. So your micro kernel is stuck on a hardware security model that looks like swiss cheese and smells like Surströmming.
How are SEL4 and Genode going for you in your day-to-day compute usage?
Yeah cause windows is amazing Or maybe macos? Ignore their freebsd parts of course.
Yes. As far as kernels go, NT was pretty damn good.
So is Mach, by the way, if you can afford the microkernel performance overhead.
Mach is not a very good microkernel at all, because the overhead is much higher than necessary. The L4 family’s IPC design is substantially more efficient, and that’s why they’re used in actual systems. Fuchsia/Zircon have improved on the model further.
Someone will of course bring up XNU, but the microkernel aspect of it died when they smashed the FreeBSD kernel into the codebase. DriverKit has brought some userspace drivers back, but they use shared memory for all the heavy lifting.
4 replies →
XNU monolith-ized itself over time, even over some microkernel-esque boundaries.
If you include all the drivers too (which surely makes the comparison more accurate), is that still the case?
9 replies →
Apple at least has been making a concerted effort to kick more macOS/iOS functionality out into userland in the past several years.
Just like Windows since Vista.
NT is actually a pretty good kernel. NTFS and the userland is what is shit.
I think NTFS get a bit of crap from the OS above it adding limitations. If you read up on what NTFS allows, it is far better than what Windows and the explorer allows you to do with it.
NTFS is a beast of a filesystem and has been nothing but solid for 25+ years. The performance grievances ignore the warranties that NTFS offers vs many antiquated POSIX filesystems.
4 replies →
Userland peaked in Windows 2000