Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
fluoridation 3 days ago

>crash bugs are finite. Do you spend your time on complex rearchitecting of your OS to try and fail slightly less hard when some critical code crashes, or do you spend that time fixing the bugs?

Finite can still be a very large number. Clearly the former is preferable, otherwise your argument applies just as well to usermode code. Why bother having memory protection when the code should be correct anyway?

Remember the CloudStrike bug? That wouldn't have happened had the developer been able to put the driver in user mode. The module was not critical, so the system could have kept on running and a normal service could have reported that the driver had failed to start due to an error. That's much, much, much preferable to a boot loop.

mike_hearn a day ago | parent [-]

Everyone is responsible for their own software, but the OS is more critical than other pieces and also a lot more profitable, so they can afford to invest. Some userspace apps with large budgets do use microkernel architectures, most obviously browsers.

But by and large, kernel code is much more tightly scoped and stable than userspace apps. The requirements for a core filesystem change very slowly and a migration from one version to another can take years. Userspace apps might update every week and still be too slow. We tolerate much more instability in the latter than the former.

fluoridation 15 hours ago | parent [-]

...What? How is that a response to anything I said?

mike_hearn 13 hours ago | parent [-]

Let me try again.

The engineering costs of moving things out of the kernel can be significant. If your OS isn't totally hosed then - third party drivers excepted - there's probably a finite number of bugs you have to solve to get reliability up above your target level. It can often make sense to just sit down and fix the bugs instead of moving code out of kernel space, which will take a long time and at the end the bugs will still be there and still need to be fixed.

This argument gets a lot weaker when you can't fix the bugs, or when code changes so frequently new bugs get added at the same rate they get fixed. AV scanners and GPU drivers are good examples of that. And they do tend to get moved out of kernel space. Most of CrowdStrike doesn't run in kernel mode, and arguably Microsoft should have kicked the remaining parts out of the kernel a long time ago. A big chunk of the GPU driver was already moved.

Unfortunately by the nature of what AV scanners are trying to do they try to get everywhere. I'm sure MS would love nothing more than to boot them out of Windows but that's an antitrust issue not a technical issue.