Hi;
Is it considered Poor Form to follow-up your own message?
Actually, I realized something else that needed to be said AFTER I sent the
message ("Doh!" <slap>):
John Morrison wrote:
> Now, I'm a little out of my depth here, but here goes (somebody correct me if
> I'm wrong) -- it is my understanding that native methods are inherently
> non-portable, so we have some freedom to define how they should be
> compiled/written (if, in fact, we support them in the medium to long term -- we
> certainly won't support them in the short term). Furthermore, given that we
> currently envision no memory protection (e.g., separate address spaces for
> native methods), allowing native methods is an huge invitation to Bad Things
> like BSODs, and viruses, etc.
It is fair to respond to that last assertion of mine "How is this different from
native methods in Kaffe?" (Hi Patrick!)
Well, typically Kaffe (or your favorite JVM) runs inside of a "real OS"
heavyweight process (I understand this is not always the case -- didn't you guys
retarget Kaffe to your FluxOS toolkit? -- and I'm REALLY sorry if I have
incorrectly attributed this or misnamed/misspelled something). So, the Bad
Things a native method could do are pretty much limited to the bad things the
user could do. I know this could be bad if you're administrator/root, but, hey,
at least it puts the brakes on the accidentally stupid (as opposed to outright
malicious) mistakes like scribbling to memory that ain't there -- which is
probably a fairly common thing. And, running as a non-privileged user limits
(somewhat) the bad things that a malicious thing could do. (I'm not sure which
would be more common -- e.g., viruses are pretty damned common.)
However, running on bare iron, in a SASOS like jjos+decaf, there's NOTHING it
couldn't do by accident. Like, say, hammering your in-memory, Java, filesystem
implementation, so as to render the box unbootable. Boy, oh boy, would I be
torqued if that happened to me.
It is also my understanding (and I'm a little out of my depth here, too --
somebody please speak up if I'm failing to tell the truth here) that some of the
infamous instabilities of NT are due in part to drivers and other software that,
for performance reasons, run inside privileged space (where there are fewer
guardrails) so as to incur fewer protection-ring boundary-crossings.
-jm
--
==== John Morrison ==== MaK Technologies, Inc.
==== Chief Technology Officer ==== 185 Alewife Brook Pkwy, Cambridge, MA 02138
==== [EMAIL PROTECTED] ==== http://www.mak.com/welcome.html
==== vox:617-876-8085 x115 ==== fax:617-876-9208
_______________________________________________
Kernel maillist - [EMAIL PROTECTED]
http://jos.org/mailman/listinfo/kernel
