Going Deep Inside Vista's Kernel Architecture

bariswheel wrote to mention an episode of 'Going Deep' on Channel 9 which takes a hard look at the architecture of Windows Vista. From the post: "Rob Short is the corporate vice president in charge of the team that architects the foundation of Windows Vista. This is a fascinating conversation with the kernel architecture team. It's our Christmas present to all of the Niners out there who've stuck with us day after day. This is a very candid interview." Topics discussed include the history of the Windows Registry, and the security/reliability of Microsoft's upcoming operating system.

Fix whats there!

[a_greer2005]

Not flame, genuine curiosity from a 20 year old IT major

OK, am I the only one who has grown weary of the "oh well, another month, another insain exploit" state of mind in which windows users and admins seem to be willing to accept? Why do people just accept this, I understand a few bugs, and maybe a SINGLE large scale outbreak in something as commonplace as Windows, but this crap is just outright crazy now-a-days.

Businesses would never accept this kind of qualty from, for example, partners, suppliers, and so on, so why do they "just take" this seeminly QC-lacking products from redmond with glee?

You name it, they've probably been there.

[CarpetShark]

Microsoft has been releasing a lot of Vista video "interviews" and tech intros lately. If you believed what they're trying to sell you, you would easily think that the Microsoft Vista teams are developing ground-breaking new technology for the benefit of us all.

However, any remotely circumspect look at them will reveal that they're carefully choreographed attempts to show microsoft as a powerhouse with new ideas behind every corner... i.e., "Ohh look, here's Joe, the guy responsible for all this, right behind the camera...". What's more, they're basically doing what they've always done, stealing other peoples' technology and claiming is as their own, in the process. One of these videos, for instance, is all about microsoft's new printing architecture, which is basically just a rip-off of postscript. Microsoft is finally catching up, and yet they tell their customers that they're doing new stuff.

It must be nice to have mainstream consumers for your main customers, rather than IT pros. You can sell 'em anything, and they'll never know it's crap, because they don't keep up with the industry.

Re:Please, kill the registry...

[displaced80]

(I'm a .NET developer .... hey, don't shoot me!)

I'm a huge fan of .conf files (or, on my home platform of choice -- OS X -- .plist) files. Although I appreciate .conf files' readability, sometimes I want to store prefs which are a little more complex. My preferred method is to create 'Prefs' classes in my apps. Depending on requirements, I'll make a UserPrefs class and optionally a SystemPrefs class (for prefs that apply to all users). These are just a bunch of properties to hold each setting. It's nice from a coding point of view because you can put sensible defaults into the prefs class(es)' constructor in case the prefs haven't been saved previously. I then just serialise and de-serialise these classes into and out of an XML file. These get saved into appropriate filesystem locations.

The resultant XML isn't as tidy as that which OS X's Cocoa frameworks produce, but it's still a gazillion times more manageable and flexible than registry entries. I'd like to put together a generic viewer/editor for these xml files (much like OS X's 'Property List Editor'), although they're still plain-text tweakable if you're paying attention.

The registry is an idea whose time has passed. I'd like to see a future MS operating system implement a standardised xml file layout for everything the registry holds, using as many individual files as are appropriate. Turn the legacy Registry API calls into wrappers for the file-based system.

That'd make things neater, if done right! :)

Re:Please, kill the registry...

[Jugalator]

Turn the legacy Registry API calls into wrappers for the file-based system.

For those who don't know, this is actually exactly what Microsoft themselves did starting in Windows 4.0. They changed the implementation of a number of Registry API calls to work (read + write) against the registry rather than system .ini files. Time to change back to files again, maybe? ;-)

Re:Fix whats there!

[MightyMartian]

Oh, I'm sure they blinked. But MS has so thoroughly convinced the world that Windows is the only operating system that they just simply felt there was no place else to go. And to some extent, those businesses and corporations are correct. The investments are huge, and to change course would be extremely expensive, from IT departments getting up to speed with alternatives to the poor guy just trying to send a spreadsheet via an email program. This is, in reality, the best demonstration of the kind of damage the Microsoft monopoly has had. An inferior product, which is only in the last year or two really began to solve some of its most serious shortcomings, has become so embedded into corporate and consumer culture that the alternatives are shut out. People will use Windows and Microsoft's other products no matter how crappy or insecure simply because they cannot fathom working without them. Microsoft's market share is guaranteed simply by fear.

Vista and .wmf

[QuietLagoon]

the security/reliability of Microsoft's upcoming operating system.

The answer to one question will determine whther Vista is really an improvement in security for Windows.

Is the current test version of Vista susceptible to the .wmf exploit that is currently making the rounds on the internet?

Re:Fix whats there!

[Arandir]

The investments are huge, and to change course would be extremely expensive...

Actually, this happened a few years ago during a transition from Unix to Windows. The Unix line is still selling like hotcakes, and is what is putting bread on the table, but has officially been declared "obsolete" by the management in favor the Windows based product.

Re:You name it, they've probably been there.

[MightyMartian]

They designed the 16-bit version of OS/2, but abandoned IBM and the 32-bit version and developed Windows NT instead. But it wasn't NT that ended up on the vast majority of machines in the mid 90s, but Windows 95. While OS/2 Warp was not a perfect operating system, it was miles ahead of Chicago, which was a real bastard child, unstable, with legacy support far inferior to that of OS/2. But MS won because it waged on all out marketing campaign for at least year, even when Chicago was essentially vaporware. They have done that over and over again.

Re:Please, kill the registry...

[Frostalicious]

Although I appreciate .conf files' readability, sometimes I want to store prefs which are a little more complex.

The configuration section doesn't have to be just a list of name-value pairs. You can design your own config sections with the full hierarchial functionality of XML. Look up the IConfigurationSectionHandler interface.

Re:You name it, they've probably been there.

[AnEmbodiedMind]

Yeah sure it is a clever marketing move, but you a way too harsh.

For example one of the interviews with the vista audio engine guys they talk about how Mac OSX has been a long way in front and how they are inspired by great compeditors.

They have an OS X box on the wall

And if you look at the MS Office user interface work, you can't claim that isn't innovative work

Finally if you actually watched the linked video you'd see they actually talk in depth about the flaws in the windows architecture and how they are trying to move forwards.

Guidelines???

[tehdaemon]

There are plenty of guidelines on how to deal with trademark dispute lawsuits, what are you talking about?

(supposed to be funny....)

Most cases of this are resolved long before the programs are installed.

Dependency hell

[curious.corn]

So they're more or less admitting "essentially ... windows is one big binary..." Woah! Low level libraries and frameworks depending on stuff that's higher level, "in the past we've relied on... lockstep... development process..." and "we're now looking at dependencies in the 6 digits range..." Man, these guys are giving one hell of a bashing to the Microsoft codebase.

One guy starts talking about modularity and inserting features and plugins into essential services... and I thought objC. But before that another one gets all hot (I chuckled, this guy is a True Nerd, he really likes fiddling with code... congrats) about semicoop multitask where an app renices itself to 100% resource hog tier for a limited time slot (nice try, but what when all the silly apps do the same trick?), but before that there's a talk about usermode ukernel services... I thought about when I used to renice X11R6 to get better performance (when the graph card module was part of the X process).

I think Bill needs to pull out of tech and sell Microsoft to Apple. These techs are good guys, all they need is a solid process and some decent vision.

Jobs, are you reading this? Watch this video, it'll make you feel good! :-)
e

Re:Um...isn't vista simply rehashed NT 3.x?

[cnettel]

Vista is more NT.

The OS/2 heritage is far more complicated. There are similarities, but the kernel is quite unlike what you found in OS/2 2.x, while NT at some point could have been OS/2 3.x. It's almost as dissimilar to OS/2 as it is to Win 3.1. It was a new kernel that was supposed to be able to run both Win 3.1 and OS/2 user mode apps, so the kernel provides services suitable for that purpose. The OS/2 support was of course never fully developed, but HPFS was supported until a few years ago and NTFS also shares some ideas with it, while not in the actual disk layout.

If your DX(2?)/66 didn't perform well with NT, I would think about memory rather than CPU. Just the fact that NT is all-UNICODE in the kernel, means that every single string is longer than in, for example. OS/2 and 9x. If all you have is 4 or 8 MB, that alone can be quite significant (especially when you're running Win16 and ANSI Win32 apps and every string needs copying and conversion before really being used in the APIs).

reality check

[penguin-collective]

First of all, the video is unviewable even with Microsoft Media Player on Mac, but you can find a whitepaper describing the kernel changes here [microsoft.com]. Keep in mind that all of this is basically Microsoft advertising for developers; it's not taking a "hard look" at the kernel architecture, it's the kernel developers portraying their work in the best light.

What's interesting is how little innovation there actually is. They seem to be struggling with the complexity of the system and its dependencies (5500 components)--similar to the problems Linus is having, but multiplied many times over by greater complexity of the NT system architecture. Most of their actual improvements seem to be cleanups and performance enhancements.

My impression is that the Vista kernel and system libraries are still playing catch-up with Linux in terms of modularity, performance, and functionality.

Re:I love the questions they ask.

[smittyoneeach]

So why not do something intelligent and implement it as a SQLite database?
What's less than half a meg of C that already works on Windows between friends? It's not like the existing registry files are exactly svelte.
Ah, yes: good ideas can be discerned by the Redmond refusal to implement them.

Re:Fix whats there!

[ThaFooz]

Fix whats there!

A long term plan for fixing the underlying architecture problems is as important as maintaining the current release... otherwise you're just turd polishing (which is more expensive to Redmond & the end users in the long run). System Architects and QA are almost apples and oranges too.

Not flame, genuine curiosity from a 20 year old IT major. Why do people just accept this... Businesses would never accept this kind of qualty from, for example, partners, suppliers, and so on, so why do they "just take" this seeminly QC-lacking products from redmond with glee?

I really don't think there are that many people drinking the MS kool aid. People have been switching to Apple desktops and *nix servers fairly steadily, but you're not going to see an overnight change because the cost of migration is so high

I mean for home users, it boils down to a Wintel system or an Apple... if you're buying a new system its an easy choice IMHO, but what does an unhappy windows user do if they have nice x86 hardware? What do you really expect non-tech-savy users to do when presented with the options of (a) selling their current sytem at a loss and buy new hardware, (b) really making an effort educate themselves for the purpose of switching to an OS with little-to-no commercial apps/games/tech support, mediocre media playback, and a clunky UI (no, I'm not hating on Linux. Fantastic workstation/server, craptacular home desktop) or (c) just accept it & hit the reset button/ bust out the system recovery disk every now and then until it's time for a new box (or a stable release comes out).

For buisnesses, migrating workstations/servers is only possible if the application support is present, and you have the cost of re-training. Porting any custom C#/ASP/MSSQL/etc to cross-platform solutions is time consuming and software developers are expensive, ditto with *nix sysadmins. Not to mention the fact that any good Windows should be able to eliminate (or at least mitigate) the threat of said security flaws.

If you already paid for WinXP, why the hell should you have to pay AGAIN for the "security" that was supposed to be there...and in 2k, NT4, yadda yadda yadda?

Well I'm not exactly a MS fan, but I don't think its quite so sinister. Old versions (even pirated versions) are entitled to security patches for a few years, which is pretty reasonable. To expect lifelong upgrades for free is asking a bit much though. I mean, I expect Honda to issue recalls on any safety issues on my Accord, but don't angry when they won't retrofit it with a hybrid engine.

Re:OS/2 failed because OS/2 didn't work well enoug

[Frumious Wombat]

Given evidence from the era of Microsoft hacking with Win 3.11 to make sure that it broke Windows compatibility, OS/2s demise was only partly that IBM couldn't market eternal life in 1993.

We ran it too, used it to multitask DOS programs, run Win3.1 apps more stabily than Win3.1 did, and to run native apps that needed the 32-bit address space. It was great to be able to recompile our VAX apps with Watcom Fortran, run them (and get a speed-boost over the VAX), and still be able to use the computer for other apps. Other research groups had it powering their Mass-Spectrometers, and similar fussy hardware.

More importantly, we never had a problem with frequent crashes. We bought good memory and standard hardware, and made sure that we had 8-16 meg, which seemed to be the sweet spot. It just ran. I didn't leave it behind until NT 4 had a service pack or two behind it, and I'd acquired a PowerIndigo2 with the Cray-derived Fortran compiler at work, pretty much eliminating why I was still running OS/2.

We're still paying for the mistake of not adopting it, as many of the security problems in Windows stem from single-user, insecure, Windows95 getting released and established first, rather than VMS|OS/2 derived NT.

this guy stole my article

[bariswheel]

I wrote him an email: " Zonk, Don't take this the wrong way, but I submitted the kernel architecture article to slashdot just yesterday...I see you've posted the link that I was going to post....it's funny that this is on slashdot and it doesn't have my name on it....I also see thay you're a slashdot editor...hmm.... Is that how slashdot works? You guys take submissions from people like us and put your name on it? I didn't know slashdot worked that way... I'm bariswheel on slashdot... -baris "

Re:Microsoft ripping off PostScript?

[TheNetAvenger]

Very good account of Postscript.

In response to the poster above that sees Microsoft as ripping off Postscript, they have no idea what Microsoft is doing and how it is different than Postscript.

Everyone that thinks MS is ripping anyone off needs to just go to msdn.microsoft.com and read up on what Microsoft is actually doing before slamming it with a generalization. (

Even what I say below, don't take my word for it, take 10min and go look at it. Even if MS is your enemy, it is better to know what they are doing, especially if they are doing something that might be unique or at least innovative one particular field.)

Sure there are similarities as MS new technologies can be used to render things on screen, to a printer, or store it in a document.

One thing that is different is MS is using a XML based format that will allow Windows and applications to pass this information internally from screen to printer to clipboard to document. (Although this isn't a giant leap, but will be handy for a more streamlined protocol internally within the GUI as well as doing remote operations.)

MS's technologies are like the next generation of what Postscript was in the 80s.

It is font independant, has more advanced rendering concepts built in, from blending and transparencies and other normal graphical application types of display that are a bit more advanced than Postscript and what you would normally find in CorelDraw or Illustrator and Photoshop to AutoCad.

It also fully handles 3D dimentional space, animation, control and message handling as well as other forms of media like video, ink, audio and is extensible beyond current media concepts of today.

What probably would be the giant leap is that it even inherently handles modeling and things like collision detection in a 3D space with support for user control and interaction, which is kind of cool for a presentation technology. (Envision how nicely this will adapt to printer technologies that blur displays and printed output - i.e. digital ink)

This is a bit way beyond what Postscript does, although what Postscript does, it does well and shouldn't be dismissed.

But don't say MS is ripping of Postscript, any more than Postscript was ripping off the first Vector drawing formats that predated it.

Re:Windows becoming more like Unix

[TheNetAvenger]

MS said for years that Unix is so old. Now Windows is becoming more and more like Unix. What a bunch of idiots these guys are that took them so long to realize that their architecture is flawed and that Unix's architecure is superior.

I think it was Cutler or someone from his team in 1991 that made a comment along these lines, but it wasn't about the age of UNIX, it was the inherent problems in the architecture of UNIX and its limitations.

And if you know anything about NT and its architecture, you will surely realize that not only is there a great deal of difference from UNIX by design, but the direction Microsoft is evolving NT has very little relevance to anything in the UNIX world.

UNIX zealots should flame you as well as NT proponents.

If Microsoft wanted UNIX, they had XENIX and Cutler had full control to make NT a full UNIX implementation/evolution. However the NT team did not want the UNIX limitations, and they were from the UNIX world themselves.

UNIX is great in many ways, but by definition, when you adhere to a base operational specification, you are limiting yourself, no matter how good it is.

NT doesn't have these rules, and whether people like it or not, it doesn't have to adhere to anything but what they want it to do or believe works well, so it by definition it will never have these imposed limitations.

Re:I love the questions they ask.

[klui]

Unfortunately, you cannot manipulate the data using standard Windows tools as though it were written as a set of files under NTFS. For instance, it would be really nice if I could search for all registry entries that was created/modified since I installed program X. The metadata exists, but is not exposed by regedit. And if something corrupts an entry in the file system, I think the chance of the entire hive becoming inaccessible is less than if the registry is in 1 file. Maybe I trust NTFS more than the registry "file system." Or are they done using same underlying calls?

Re:I love the questions they ask.

[Sarisar]

Where I used to work we didn't do anything in the registry if we could help it - we ended up writing a few standard libraries to do similar things. If it's program related data, dump it on the H drive (read only) with the program files, if it's user data, dump it on their Y drive. Roaming profiles works fine with that and it doesn't require any stupid registry stuff that ends up getting copied up and down the whole damn system. Like the time someone was running a newer version of notes, which overwrote the old notes data which when a new person logged into the machine they inherited and within a few days no-one could check their mail. Good thing this was only in the test environment. Or the time I found out why it took me 20 minutes to log on every single damn day because it was copying my ENTIRE REGISTRY FILE DOWN plus all my 'personal files' and some program had filled it with crap, which I have a feeling was MSDN doing a full install in 'my docs'. Removed that stuff and it logged on in seconds afterwards :)

But I digress. I hate the registry, it's a terrible idea if you need to copy a system out to reinstall XP or something, then you have to reinstall every single damn program back in. But if the registry didn't exist everyone could simply have two HDs, one for windows and one for all their applications and it wouldn't care about it if you reinstalled. This would also mean if (or rather, when) your machine gets screwed up (viruses / trojans / other hacks / simply dies because it's got too much shit on it in the registry) you can reinstall and have everything still the way you want. Window size, everything like that could be ini files and not registry and wouldn't be wiped.

Going back to this company, if we had the ini file wrong we simply updated it and next time people ran, easy. Or if it was on their Y drive we ammended the batch file that ran almost every program (which while sounding stupid was very usefull) to delete or fix the problem then run the program. All remotely done, no need to get every user to run stuff on startup to fix registry issues, then find out one guy didn't do it and everyone else that logged in gained all the settings (as mentioned above).

Is www.bantheregistry.org available? I think I might want to start my own charity :P

Re:I love the questions they ask.

[Eivind Eklund]

Making state saving easy makes software tend to save more state. That makes said software behave differently each time it's started up. With bad developers, this can be highly annoying.

Eivind.

I don't understand...

[Anonymous Coward]

If Microsoft kept GetPrivateProfileString/WritePrivateProfileString (the INI functions) in System32.dll as far forward as 2000 (haven't checked XP yet), why aren't people who hate the registry using it instead? That's what I've been doing for years...or was it actually deprecated in XP/Vista and I haven't found out yet?