Linked by Thom Holwerda on Fri 10th Aug 2007 20:46 UTC, submitted by SReilly
Privacy, Security, Encryption An unpatched flaw in an ATI driver was at the center of the mysterious Purple Pill proof-of-concept tool that exposed a way to maliciously tamper with the Vista kernel. Purple Pill, a utility released by Alex Ionescu [yes, that Ionescu] and yanked an hour later after the kernel developer realized that the ATI driver flaw was not yet patched, provided an easy way to load unsigned drivers onto Vista - effectively defeating the new anti-rootkit/anti-DRM mechanism built into Microsoft's newest operating system.
Thread beginning with comment 262994
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[5]: Microkernels
by Morin on Mon 13th Aug 2007 11:24 UTC in reply to "RE[4]: Microkernels"
Morin
Member since:
2005-12-31

The situation is a lot more complex. First, context switches waste time in different actions (state saving and restoration, process management overhead, cache/tlb misses, etc.) that all have to be considered independently. This is further complicated by the fact that IPC mechanisms in a microkernel can be implemented in a lot of ways (for example, remote procedure calls can be implemented without thread switching, thus saving time).

Secondly, microkernels do not need to do context switching as often as usually claimed, *provided* that programmers get used to asynchronous system requests. If several system requests do not depend on each other's results, they can all be issues with only a single context switch (or at least, a number of context switches equal to the number of targeted service processes).

Third, one has to consider that even microkernels aren't the blue sky. While claimed to be much easier to use as a developer, microkernels produce nondeterministic behaviour between the different service processes. Stallman once talked in a speech about this problem and how it was one major issue with HURD. If there is any one argument that I could bring up against microkernels, then it's this one. It's not an unsolvable problem, but a really hard one. However, it assumes that the processes in a microkernel run concurrently, which is by no means set in stone (remember remote procedure call based IPC).

To sum it up, there is no such thing as "the" microkernel. Saying that microkernels are faster, slower, more secure, less secure, or whatever simply ignores that microkernels themselves are a huge range of possibilities, and much of that is still research area.

Reply Parent Score: 2