Path: utzoo!attcan!uunet!comp.vuw.ac.nz!virtue!ccc_ldo From: ccc_ldo@waikato.ac.nz (Lawrence D'Oliveiro, Waikato University) Newsgroups: comp.sys.mac.system Subject: Protected-mode snake oil Message-ID: <1204.26c2fb48@waikato.ac.nz> Date: 10 Aug 90 06:22:00 GMT Organization: University of Waikato, Hamilton, New Zealand Lines: 59 There was a discussion a while back about the virtues of protected operating systems. A number of people seem to believe that PCs in general, and Macintosh in particular, will become much more reliable once they start to enforce a separation between user-level and kernel-level code. Frankly, I'm a little skeptical. As a regular user of both a Mac and a VAX/VMS cluster, I'd have to say that the relative frequency of crashes of the two systems, leaving aside the times I crash either one while debugging my own software, is something in the region of 10:1. That is, it's not as much as 100:1. Now, if it were 100:1, you could claim that a protected system is truly wonderful, and would effect a great improvement in the reliability of the system. But 10:1 is probably comparable to the ratio of crashes that you would get between different Mac users running different applications, or using the same applications in different ways. You could effect a comparable amount of improvement by tightening up the quality control on your software development. In other words, I don't think protected mode is worth it. Even if you disagree with my numbers (feel free to come up ones with some real evidence behind them, by all means), there are more fundamental problems. Consider a couple of Mac applications that I have installed on my machine right now: After Dark and Adobe Type Manager. In a protected system, would they be ordinary user-mode code, or would they need to run in privileged mode? If they can run in user mode without any special privileges, then any other user-level code could use the same hooks, run amuck, and render my screen display totally unusable. The kernel may still be running undamaged, but as far as I'm concerned, my system has crashed. On the other hand, if these two applications would need to run privileged, then I would argue that a significant number of other applications out there would also have reason to run privileged. What good is a protection system with lots of exceptions to it? Our VAXcluster runs several applications requiring some level of privilege. For example, the TCP/IP product that we use, called Multinet, loads itself into system memory as an extension to the VMS kernel (analogous to TSRs under DOS, or INITs on the Mac). A couple of months ago it hung; the rest of VMS kept running, but all TCP/IP services became unusable. The only way to clear the problem was to restart the system, which would have annoyed about 100 people who were trying to use the machine at the time. In short, the protection system on a typical multi-user machine is there to protect users from one another; it affords *some* protection to users against bugs in programs, but it would appear that the commercial software for the big machines is just as unreliable as the products for the little beasties we all know and love. Lawrence D'Oliveiro fone: +64-71-562-889 Computer Services Dept fax: +64-71-384-066 University of Waikato electric mail: ldo@waikato.ac.nz Hamilton, New Zealand 37^ 47' 26" S, 175^ 19' 7" E, GMT+12:00 The meek shall inherit the Earth--if that's OK with the rest of you chaps.