Inside the Windows Vista Kernel

Reader trparky recommends an article on Technet (which, be warned, is rather chaotically formatted). Mark Russinovich, whose company Winternals Software was recently bought by Microsoft, has published the first of a series of articles on what's new in the Vista kernel. Russinovich writes: "In this issue, I'll look at changes in the areas of processes and threads, and in I/O. Future installments will cover memory management, startup and shutdown, reliability and recovery, and security. The scope of this article comprises changes to the Windows Vista kernel only, specifically Ntoskrnl.exe and its closely associated components. Please remember that there are many other significant changes in Windows Vista that fall outside the kernel proper and therefore won't be covered."

Soft links?

[Libor Vanek]

From the article: "...the symbolic file link (or as it's called in UNIX, the soft link) finally arrives in Windows Vista." - anybody heard "soft link"? Me (after 10 years of using Linux) never...

Re:

[Virak]

I've heard "soft link" a few times. While not as popular as symbolic link/symlink, it still sees a fair bit of usage [google.com].

Re:

[NuShrike]

Or a comparison with Google Trends [google.com]

Re:Soft links?

[Knuckles]

Let's try it again with proper quotes [google.com]. Amazing how often people get this wrong. It looks like some school in India has recently started using this term,

Re:

[Hes Nikke]

it's even more telling when you add symlink [google.com] to the mix.

Re:

[Knuckles]

Which the Indians don't seem to use at all. Weird. Thanks for the addition.

Re:

[Knuckles]

Yes, I know. So? The question was how frequently the term "soft link" is used as a synonym for "symbolic link".

Re:Soft links?

[tuffy]

The symlink(2) manpage mentions that they're also known as "soft links", as opposed to the hard links created by link(2). It's not a very common usage, though.

Re:Soft links?

[Moridineas]

Absolutely. I guess "symbolic link" is the more common term, but soft link is hardly rare, and differentiates a link from a hard link. (think ln -s here)

From wiki:

Soft Link [wikipedia.org] and Hard Link [wikipedia.org]

Re:Soft links?

[wirelessbuzzers]

Does anyone else find it amusing that Wikipedia's page on soft links is a redirect?

Re:

[NuShrike]

Since using BSD from 1999, plenty of times. Hard links (ln), soft links (ln -s) aka symbolic links. It's been pretty difficult not to know. Maybe the Linux man pages aren't as clear?

Re:

[Eideewt]

They're pretty clear:

"A symbolic link (also known as a soft link) may point to an existing file or to a nonexistent one; the latter case is known as a dangling link."

Re:

[loconet]

I've heard them be called soft link many times. In fact, ln creates hardlinks by default and the -s switch makes it create "soft" ones.

On the "symbolic file links finally arrives to Windows Vista.."

Has it really arrived? really? Considering only Administrators have access to creating them by default?

Re:

[doshell]

The usage is established, but "symlink" or "symbolic link" are far more common:

Wikipedia: Wikipedia article [wikipedia.org] (redirects to "Symbolic link" article)

Google hits: ~1M hits for ("symbolic link" OR "symlink") unix [google.com] vs. ~419K hits for ("soft link" OR "softlink") unix [google.com] ("unix" appended to avoid potentially irrelevant matches)

Ocurrences in manpages (my Gentoo Linux system):

$ find /usr/share/man -type f -name '*.gz' | xargs zcat | grep -i "soft link" | wc -l
27
$ find /usr/share/man -type f -name '*.gz' | xa

Re:

[guruevi]

well, you forgot this IS slashdot so somebody else will find a shorter way to do this, it will look ugly, probably done in perl and thus unreadable. If you want to do it in shell script, you could have used zgrep (not all distro's have it) and/or used grep to count the lines and recurse through the files.

Re:

[donaldm]

Of course in Unix/Linux there are two types of links one is a hard link and the other a soft link and have been around in Unix since the early 1970's. There is another type of link that is called a context dependent symbolic link (Tru64 Unix or OSF1) which is a way of assigning a directory or file to a specific cluster member. Very useful in a clustered file-system since each cluster member may need its own log and configuration files or even specific directory that has identical names to those used by the

Finally...

[physicsnick]

Everytime I read anything about Vista's new features, I hear myself saying "fucking finally" like half a dozen times. Symlinks? Cancelling I/O? These are things other, better operating systems have had for over a decade. Anyone wanna start a pool for when they'll roll out a patent for symlinks?

Re:Finally...

[cnettel]

Cancelling I/O has been in Windows for long, "just" not always done properly. I have seen similar issues while killing processes in other OSes where they are stuck in some I/O. One reason for why this happens more frequently in Windows (in addition to bad drivers/a complicated driver model) is the fact that asynchronous I/O is so common. That way, you might not see the that the IO got stuck until you try to kill the process.

Re:Finally...

[RAMMS+EIN]

`` I have seen similar issues while killing processes in other OSes where they are stuck in some I/O.''

Oh, the horrors! I've had this happen to me many times, as well, especially on Linux. Not even a kill -9 would get rid of the wedged process. Why is there even such a thing as "non-interruptible sleep"? If I don't need the process anymore, I should be able to get rid of it no matter what.

And wedged drivers, too. I think you can still see this for yourself by doing I/O with some USB device, and then yanking it out while the I/O is in progress. You get at least one process that you can't kill (I guess the comatose state causes ethical issues), and probably a driver you can't unload (although maybe new kernels allow you to do that). If you're "lucky", you get a whole lot of hardware devices that you can't use anymore, and any program that tries to gets into the dreaded D state.

Re:

[xenocide2]

"Oh, the horrors! I've had this happen to me many times, as well, especially on Linux. Not even a kill -9 would get rid of the wedged process. Why is there even such a thing as "non-interruptible sleep"? If I don't need the process anymore, I should be able to get rid of it no matter what."

I haven't yet read the internals of the linux kernel, but I understand that disk dma requests are a major source of non-interruptible sleep. I imagine it has to do with locking the RAM the disk is going to write to safe f

Re:

[AndrewHowe]

Sorry, you're wrong. CancelIO has been available since NT 4.0. And Asynchronous IO works very well, perhaps you weren't using it correctly?

Re:

[AndrewHowe]

I suggest you read the documentation for CancelIo before you make a bigger fool of yourself. How would you call CancelIo for a synchronous operation? You wouldn't regain control until the operation had finished, so there would be no need to cancel it anyway.

Re:Finally...

[Anonymous Coward]

How much praise was adorned on Linux when it got an O(1) scheduler? NT has had it for over a decade.

Re:Finally...

[ultranova]

How much praise was adorned on Linux when it got an O(1) scheduler? NT has had it for over a decade.

Yes. A round robin scheduler, which runs every task for exactly 2 clock ticks except for foreground tasks which are run for 6 (or is this an XP improvement ?) - assuming there's no interrupts occurring during those ticks, of course - and not paying any attention to whether the task is IO- or CPU-bound. It performs absolutely shitty if you have anything heavy running in the background (say, POV-Ray rendering an image while you try to browse the Net). Praising that to be "O(1) scheduler" is about the same as calling the Goatse picture "art": sure, it may be technically true, but...

What Linux was praised was getting a scheduler that handles 40 priority levels, real-time tasks, and multiple CPUs (500+, in some cases) while retaining both interactivity and high throughput, and doing all this in O(1) time. No version of Windows has ever gotten even close.

Ideas borrowed from QNX. But bulkier

[Animats]

Much of this new stuff sounds like features of QNX. QNX has a "sporadic scheduler", for when you need things like 10ms of CPU every 100ms. QNX has had I/O cancellation for years. In QNX, you can set a timeout on any system call that blocks. If you set a 35ms timeout on a write, after 36 milliseconds, you'll have control back. Very useful in real-time systems where you're doing something less important, like logging, that should never take very long but, in some trouble condition, might. QNX has had prioritized I/O for years, too.

It all works, too. I've done compiles on QNX while running a real time program on the same machine, without the real time program missing a deadline.

Of course, in Vista, it's all more complicated.

Re:

[canuck57]

Anyone wanna start a pool for when they'll roll out a patent for symlinks?

They might! But it would be embarrassing for M$ if the judge to hear that Windows as the last OS to get them and that UNIX supplied the concept.

But I am also amazed at how "excited" people are over new-4-Windows features like this. Might as well jump right into Linux/UNIX and get it all now. I will never forget when W98(?) said it would not check the disk on boot if it was previously shutdown nicely. UNIX has this for a decade

Re:

[dave562]

But I am also amazed at how "excited" people are over new-4-Windows features like this. Might as well jump right into Linux/UNIX and get it all now.

The longer operating systems are around for, the more heterogenuous they will become. Although Linux/UNIX might have a bunch of features that Microsoft is getting around to implementing, similar arguments can be made in the other direction as well. The fact of the matter is that computer users as a whole will demand certain things from their operating system

Re:

[drsmithy]

Everytime I read anything about Vista's new features, I hear myself saying "fucking finally" like half a dozen times.

Funny, I think exactly the same thing almost every time I hear about the latest "innovation" in Linux or OS X.

Re:

[sconeu]

RTFA. Russinovich mentioned Junction Points and how they differed from symlinks.

Re:

[Hes Nikke]

Finally! It only took you guys 20 years to catch up with the rest of the operating systems out there!

Oh and only by buying someone else's 15 year old work to get there! O_o

Is this the same as...

[tgatliff]

Isnt this like entering the belly of the beast? I will save you some time in reading the article.

Proper care for your Vista "Beast"
1) Feed it plenty of CPU cycles. Preferrably multiple cores.
2) Give it obsene amounts of memory. 2.5G preferable.
3) This one seems to really enjoy Video Ram as wll, probably it tastes better. 256M advised.
4) Keep feeding it a constant supply of disk space. Interestingly enough, this version seems to consume HD space simply with doing nothing.

Thats the basics folks. Give your Vista beast what it needs and you should have a kind of good experience. At least for at least 6 months or so... Then you must slay the beast and re-install.. :-)

Re:

[bwd234]

Hell with all that...I'm sticking with my Windows 2000! Best M$ OS I've run yet. More stable than 95 or 98 and w/o all the wastefull eye candy of XP. If it does someday become totally obsolete, I guess I'll have to switch to Linux or whatever, but in the meantime it's 2k all the way!

Re:

[robogun]

It can't be made to run like win2k. There are a couple of things XP does better than Win2K, many worse, and activation is the deal killer.

Thankfully we have pirates to repair XP and/or post corporate versions of it online. How anyone pays for the wga "experience" is just one of those modern mysteries.

Re:

[laffer1]

You don't know how right you are. I'm running Vista Ultimate x64 RTM right now. Its peppy for regular tasks.

AMD and NVIDIA are not shipping OpenGL drivers yet. NVIDIA's is very slow and you can not play most games like Enemy Territory (quake3 based). WoW works.

Windows consumes half my ram on startup. I have 2.5GB of ram. Granted I have a NVIDIA 7300 GS w/ turbocache too.

My system is:
Pentium D 805 (dual core 2.6Ghz)
2.5GB PC5300 DDR2
SATA II Hitatchi disk.
Intel DP965LT Motherboard
NVIDIA Geforce 7300 GS 2

Re:

[mobby_6kl]

Look carefully at the RAM usage in task manager. Most of the "used" memory is cache - it will be freed immediately when needed. I'm running Vista with a 1gb of ram (and a 2.6 Northwood P4), and real memory usage is around 300mb. I did turn off the Defender and Sidebar, but didn't go through any serious service cleanup, so I probably saved 20-30 megs here.

The NVIDIA drivers suck, but UT2004 and Warhammer 40000 Dawn of War work fine, if slower than in xp/2003. The old Ghost Recon and R6 games work ok too. Di

Re:

[jaavaaguru]

I guess multiple cores are more than your "average core" [sorn.net]

Screenshot

[Dirtside]

They actually have a screenshot of what it looks like inside the Vista kernel. [atari-spie...itungen.de]

Re:Screenshot

[bl8n8r]

whew.. for a minute there I thought that was a link to goatse

Re:Screenshot

[typobox43]

Don't worry, there's plenty of gaping holes in the kernel too.

Whoa

[Sloppy]

I think we've finally seen the very first actually interesting Slashdot story about Vista. About fucking time.

Re:Whoa

[mobby_6kl]

What, you don't find outrageous articles based on misinformation and speculation, full of FUD and pure lies, written by people who know nothing about what an OS consists of besides window decorations and shiny progress bars, interesting?

What are still you doing here?

Re:

[that this is not und]

written by people who know nothing about what an OS consists of besides window decorations and shiny progress bars

Are you kidding? You think that the design staff at Microsoft writes most of the Vista articles posted on Slashdot?

OS classes will always be open OS based

[GodWasAnAlien]

Black box OS kernels like Windows can really never be disclosed. All you can really do is make some guesses or have an insider reveal some limited details.

For this reason, OS classes in school will be based on Linux,BSD,Minux,or even ReactOS. With all of these, if want to really know how it works, there is the code.

The secret-software-business is quite different that the shared discoveries of the scientific method that works well in education and science.

Historically, the open ones will be the only ones that survive. In 50 years: You want to know how DOS worked in the 1980s? Well, no source is available. But freedos provides a good example of how it worked. You want to know how some random UNIX worked. Well the source to that specific one is not available, but BSD and Linux are a good examples of how it worked. You want to know how Windows-2000 worked? Well, no source code is available, but ReactOS provides a close approximation of how it worked.

Re:OS classes will always be open OS based

[dioscaido]

True in theory, but Universities can license the source code of the windows kernel for academic purposes:

http://www.microsoft.com/resources/sharedsource/Li censing/researchkernel.mspx [microsoft.com]

Re:

[that this is not und]

And anybody at said university who looks at said source code for any length of time becomes 'contaminated' and can't contribute to any similar non-Microsoft project ever again.

Re:

[atsabig10fo]

huh?

"You may use any information in intangible form that you remember after accessing the software."
http://www.microsoft.com/resources/sharedsource/li censingbasics/wrklicense.mspx/ [microsoft.com]

Re:

[oglueck]

So if a prof wants to use the MS kernel for his lectures, he first needs to convince his university to license this beast. The Windows kernel is not exactly a small code base. To understand it the prof then needs to look at it for, say, a year before he can give any reasonable lecture. It's a high risk for the prof because he doesn't know what the kernel will look like and if it will be useful for him. Sorry, things just don't work that way.

Re:

[hughk]

I disagree. I have not had the dubious pleasure of seeing Windows source code but I have worked with older monolithic closed source kernels such as OpenVMS where at various points I had access. With a good book about the kernel, finding your way around wasn't a major issue. Some items were complex but you could easily extract, for example, material for a course on say lock management, I/O or scheduling.

A prof would want a commercial system to counterpoint something like Linux. However, if I was teaching,

Re:

[nuzak]

> To understand it the prof then needs to look at it for, say, a year before he can give any reasonable lecture.

Whereas professors are born knowing Linux, or magical documentation fairies just wave their little wands and give the professor knowledge about the subject.

This might be a wild guess, but a professor teaching OS architecture might already know a thing or two about the OS architecture of the OS implemented by the source he's looking at.

Re:OS classes will always be open OS based

[jadavis]

The secret-software-business is quite different that the shared discoveries of the scientific method that works well in education and science.

Although you're right about closed software, computer science as a whole is actually much more open in many respects than some other scientific fields. In particular, the medical and biological science fields are quite closed-off. Even physics is somewhat closed-off, not by design, but because the equipment required to perform experiments is so expensive.

Few computer science experiments take more than a couple thousand in capital investment. Also, if you have questions, you can often discuss your experiments, ideas, data, findings, etc. with an expert (or even industry leader) simply by signing up to a mailing list or going on IRC.

Re:

[blackpaw]

Bollocks, the public windows DDK by its nature reveals the kernel architecture pretty explicitly. Driver writers cannot operate without good documentation on the kernel.

did mention ReactOS

[GodWasAnAlien]

There are sufficiently different open OS's to cover all modern and past OS architectures.

UNIX - BSD, Linux, Minix
DOS - FreeDOS.
Windows NT/200 - ReactOS.
VMS - FreeVMS
Mach,XNU,OSX - Darwin
Microkernel - Hurd
Multics - SIMTICS
Plan9 - Plan9
BeOS - Haiku
OS/2 - NuDawn ?
Solaris - OpenSolaris
RT-OS - eCos

Inside the Windows Vista Kernel

[jhines]

The subject line made me think instantly of the old Adventure game,

"you are in a maze of twisty passages all alike"

sent a shiver up the spine.

Classic Microsoft patchwork

[teslatug]

However, because not all applications may handle symbolic links correctly, creating a symbolic link requires the new Create Symbolic Link privilege that only administrators have by default.

Why would they do this? Just make the default be the deletion of the symlink instead of the target. And why would you need this permission if you already have permission to modify the directory (to create the link) and the permission to read the target? Instead they go and take the ability of normal users (meaning most p

If it's not on by default, it doesn't exist.

[Myria]

99.9% of Windows users will not know what a symbolic link is, and even less will know how actually enable the feature for non-administrators. This means that no end-user application can ever use them. A lot of work for nothing - good job Microsoft.

They should have added an API call to tell kernel32, "hey, I know how to use symbolic links, so let me use them".

Melissa

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[oglueck]

Why would they do this?
For security probably. On Unix programmers are (should be) aware of the fact that any file can possibly by a symlink. Especially processes with higher privileges must check if a filename that is passed to them as user input is a symlink to a file that is not normally under control of that user. So introducing this feature and running code that isn't symlink safe introduces a security risk.

Re:

[nuzak]

Especially processes with higher privileges must check if a filename that is passed to them as user input is a symlink to a file that is not normally under control of that user.

This has got to be the most succinct wording yet of the "confused deputy" problem. There's just no good reason that a process should be running with higher privileges if it has to constantly second-guess itself in order to not actually use them. Monolithic permission levels just suck.

Re:

[spitzak]

That is not exactly the problem. If a privledged program can take an arbitrary filenam, and does a stat to see if the user has access to the file, the test will work for symbolic links as well. If they don't do such a test they are broken and can be fooled without symbolic links.

The problem is when the privledged program generates it's *own* filename that it assummes is going to be a new file or something owned by the user or nobody, but the user has cleverly set a symbolic link at the name he knows the pri

Re:

[spitzak]

The problem is that they didn't ever really support "hard" links either. In DOS if you tried to remove a directory that was not empty, you got an error. This stupid behavior persists even though they have long supported filesystems where unlinking is possible. So all the file management programs that want to delete a directory will recursively delete every file in it. This is probably not what is expected if the user tries to delete a symbolic link to a directory.

There are plenty of other ways to fix this,

Process startup changed significantly

[Myria]

The article doesn't mention that process startup is now quite different from the other versions of Windows NT.

In previous versions of NT, process creation was quite different from systems such as UNIX. The system call NtCreateProcess creates a "blank" process with nothing in it but ntdll.dll and the new .exe file mapped into memory. No stack is allocated, and no threads are created. In normal process creation, the parent process actually uses the debugger API calls to allocate memory for the stack into the new process's address space, copies the command line and environment into the new memory, and creates the initial thread pointing at kernel32!BaseProcessStartupThunk. It resumes the thread and off it goes. (NT has no concept of environment or command line at the kernel level.)

This changed in Vista for one reason: DRM. Microsoft made it so that certain processes, namely wmplayer.exe and halo2.exe, cannot be a target of the debugger API calls for obvious reasons. It ignores privilege level in blocking the API. If the old method of starting processes were used, then the parent process could start wmplayer.exe with patches to steal the DRM keys or dump decrypted data to disk. Vista's kernel now does the entire initialization for these processes to close this hole.

By the way, Microsoft needs to change that web page so that it doesn't select Spanish over English if you have Spanish listed as an acceptable language in your browser, even if English is higher in the list. This happens for both IE7 and FF2.

Melissa

Re:

[Ben Hutchings]

Interesting. I would expect this to improve process startup time too - which seems like a much more important reason to make the change.

Video of MS kernel developer talking about this

[Myria]

Click here [microsoft.com]. He talks about a lot of things, including these "protected processes", and even says that the purpose is for DRM.

Melissa

Making Symlinks in GUI?

[physicsnick]

Having symlinks in the Vista kernel is nice and all, but Vista doesn't seem to offer a way to create these in Explorer. Who wants to break open a command line just to create a symlink?

Correct me if I'm wrong, but don't people criticize Linux all the time of a lack of GUI utilities in comparison to Windows? Yet when I drag a file somewhere in KDE, I can just click on "Link Here" and poof, I've got a symlink. Why have I not heard a single complaint about the lack of a user-friendly way to do this in Vista?

Furthermore, you need to have Administrator access (or use Administrator to give yourself the priviledge) to create a symlink, "because not all applications may handle symbolic links correctly". Doesn't this seem broken to anyone? Or at the very least, worrysome?

Re:

[John Nowak]

Having symlinks in the Vista kernel is nice and all, but Vista doesn't seem to offer a way to create these in Explorer. Who wants to break open a command line just to create a symlink?

That's how it works in OS X and everyone gets on just fine. Symlinks, unlike OS X's aliases, easily break. You don't want normal users creating them and then complaining when suddenly they don't work any more.

Re:

[Hes Nikke]

but normal users in the terminal can go right ahead with making symlinks... in fact, the command line doesn't even know what to do with aliases, yet the GUI handles symlinks fine...

advantages:
symlink - works in both GUI and terminal, works across platforms with linux, bsd, and anything else that supports symlinks
alias - doesn't break as easily
vista symlink - ????? (possibly cross platform)
shortcut - attach command line parameters, keyboard shortcuts

disadvantages:
symlink - breaks easily
alias - doesn't work i

Re:

[omicronish]

Furthermore, you need to have Administrator access (or use Administrator to give yourself the priviledge) to create a symlink, "because not all applications may handle symbolic links correctly". Doesn't this seem broken to anyone? Or at the very least, worrysome?

It's ultimately an application compatibility problem. You don't want some pre-Vista app to blow away the user's stuff because the app recursively deleted a folder that contained a user-created symbolic link. It's fine on Unix OSs because they've h

"not all apps may handle symlinks correctly..."

[dpbsmith]

It certainly sounds broken to _me_. Why wouldn't all apps handle symlinks correctly?

In Mac OS 9, and in 8, and 7... when did they add aliases (the Mac OS equivalent to symlinks) anyway, I think it was 7... all the standard file routines, including the "open file" and "save file" dialogs, automatically resolved aliases.

A Mac application doesn't need to know anything about aliases to handle them "correctly." It is only a Mac application that needs to open an alias file directly as a file that needs to do some

Re:

[bcmm]

Lnks are incredibly broken. Some apps treat them as files, some treat them as links. I have accidentally ended up actually opening an lnk in wordpad more than once (a load of binary junk with several filenames appearing at various different points).

Lnks are good enough for users to make links on their Desktops, but are useless for actually getting a program to believe a file is really there.

Re:

[jb.hl.com]

No.

The first one is just a shortcut, as is the second one. A link is an entirely different concept.

To put it very simply, a symlink is a special type of file which when referenced calls a linked file. So let's say you symlinked C:/foo to D:/bar; if you then opened C:/foo, you'd get the contents of D:/bar. They're called "symbolic" links because they're just that; they do not point to data directly, merely represent it, so if you delete the symlink the original file is unaffected. Hard links, on the other ha

Re:

[jb.hl.com]

Actually, I put that a little wrongly. A symlink is subtly different from a Windows shortcut because it is only a pseudofile, a file system construct that looks and works like a file but isn't one. Windows shortcuts are just normal files (extension .lnk) which contain data about where the shortcut points to.

Re:

[curious.corn]

Nope... hard links are just the sting-to-inode entry in a directory map (that's why they can't cross mount points, inode IDs are unique only within a single filesystem). A file normally has one hard link and is "deleted" when there's no hard link left that points to it.

Incidentally, now that Linux has the concept of UUID in filesystem structures, one could extend hard links to prefix an inode ID with the owning volume UUID and make cross-mount hard links possible.

e

Is it true?

[BillGatesLoveChild]

Is it true that every line in the source contains comments like this?

; Hah! Take that user!
; Oh nice try but we thought of that!
; Clearly they are trying to steal this.
; Thief! Thief!
; MP3s have no DRM. Refuse to play.
; Block association away from Windows Media Player
; SONY rootkit plugs in here
; Powered up. Now lets get today's authorization.

Closed source

[Eravnrekaree]

I dont think anyone can really know exactly what is in the Windows Kernel when it is closed source.

Unfair CPU scheduling

[gillbates]

Ok, I'm not trying to troll, but the latest CPU scheduling algorithm is just yet another example of how when it comes to Windows, the design is done more by the marketing department than by the engineers. At least we hope the engineers would have raised objections!

I understand their CPU cycle counting is intended to improve fairness between applications, but the proposed scheme will have just the opposite effect. Consider, for example, that interrupts aren't counted against a process' cpu usage. All well and good in theory, but the practical result is that a process which is I/O intensive - that is, one which causes interrupts to occur - will actually run much longer than it would otherwise. So, the problem of one I/O intensive process locking out all of the other applications will only get worse in Vista.

And the interesting thing is that this will actually give a subtle priority boost to multimedia applications, without them having to raise their priority level. IOTW, your multimedia app gets realtime priority whether you asked for it or not.

Well intentioned, yes. But also naive.

Re:MMCSS

[swissmonkey]

Yet another (promised?) feature they could not deliver.

??? This is in Vista

thought for a second that they required admin access to activate MMCSS; but upon a second reading, it looks like they've merely reimplemented nice with some kind of setuid root service.

"nice" as you call it has been in NT since its conception.
He's talking about multimedia specific scheduling related to I/O operations here, you might want to read this whole document a 3rd time, he's not talking about "regular" kernel scheduling of threads/processes, he's talking about scheduling based on I/O needs which is a whole different beast.

Re:MMCSS

[QuickFox]

may need more I/O than WMP11 but will not get any because it's tagged Low in advance.

You have misunderstood resource scheduling. If WMP doesn't need the cycles, they will be available for the Low Priority processes. No matter how low their priority, they will get the cycles that WMP doesn't need. WMP will preempt them only if and when it needs the cycles.

Unfortunately many programmers seem to misunderstand this. Usually you can give user-interface processes very high priority, even if they are far less important than some of the background processes. Very often user-interface processes consume only limited amounts of processor cycles. When this happens, no matter how high their priority, they will leave plenty of cycles for the other processes.

It doesn't matter if a virus-scanning process gets delayed a few additional seconds, because there's no person waiting for it and getting impatient. It does matter if a web browser or text editor gets delayed, because there is a human waiting for them.

Re:MMCSS

[Tim C]

Classic: multimedia apps take precedence over anti-virus.

Yes, as it should. If the AV activity is a scheduled full system scan, then it can indeed wait those few tenths of seconds extra, as if you're already infected, they won't make any difference. If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway.

So what exactly is the problem with giving a multimedia app a higher priority on the processor than your AV software? We're not talking about killing the AV soft, just lowering the priority; it's still running.

they've merely reimplemented nice

You've been able to set process priority through the Task Manager since at least NT4 (the earliest I remember it being available; it may have been in earlier versions too, I just don't remember seeing it personally).

Re:MMCSS

[timeOday]

You've been able to set process priority through the Task Manager since at least NT4

Forget CPU sheduling priority, that is indeed old hat. What I saw in this article that really makes me jealous, as a Linux user, is I/O priority. Why have the systems people iterated for decades on CPU scheduling, and sorely neglected scheduling more precious resources like the network and disk? I can "nice" my system backup script, but what difference does it make when it's hogging the disk so much I can hardly load a new application? Process priorities should by default apply not only to the CPU, but to the disk and outbound network queues.

Bah!

[Dante]

Try this "man ionice" works for me

Re:Bah!

[Black Acid]

cfq/ionice is for reads only [lkml.org]. "Due to the complex path writes take to get to the io scheduler there is no ionice support for writes yes so they are all treated equally." It'll happen...

Re:

[Yokaze]

> but to the disk and
ionice [die.net]
> and outbound network queues.
QoS/Differentiated Services [opalsoft.net] + marking with iptables --pid-owner <pid>

As (almost) always under linux, the tools are already there, but simple accessible GUIs are lacking.

Re:

[timeOday]

Unlike "nice", both ionice and iptables require root-level access, even to run a process with reduced priority. I hope one day it's as simple as "nice myproc" (as a normal user). I think it's more reasonable to assume a low-priority process should have low priority to everything, than to manage every resource separately.

Re:

[alext]

Aye indeed. I seem to remember working on some OS way back that did have disk scheduling, which seems essential in most ordinary business aps (otherwise a low priority app can bring a high priority one to a standstill by disk hogging). Might have been MVS or AS/400, or maybe Stratus VOS... anyway I remember being surprised that Unix was being considered as a replacement platform when it couldn't do this.

Looking briefly at the Vista description, it sounds like there might be some milage in trying to implemen

Re:

[David Horn]

It doesn't seem all that balanced to me. If you want to cripple a Vista system for TWO HOURS then install Visual Studio 2005 SP1. CPU usage on my Turion64 X2 CPU was pegged at 100%, memory usage (2GB!) at 100%, disk thrashing away etc. Vista was completely unresponsive for approximately 40 minutes of the two hour install, and extremely sluggish for the rest.

* I appreciate that this post has nothing to do with Vista's IO scheduling, but it should not be possible for any application to suck up 100% of the

Re:MMCSS

[vadim_t]

That's complete nonsense.

There are basically two options here:

1. Antivirus hooks into the OS, and scans every program BEFORE it gets executed. In that case, the scanner's priority doesn't matter, it gets run before the program starts anyway.

2. You run the antivirus scanning every file on disk, as a normal process. This would be what the priority adjustments affect, but doing things this way you can't really detect a new virus in real time. You can just find it during the scan, and the priority only determines how fast it will proceed when something else wants CPU time.

Re:MMCSS

[Tim C]

Perhaps you need to learn how AV software works. I said "If it's a real time scan on a file you're accessing, then it can definitely wait, as the file won't be opened/executed until the scan has completed anyway" because any anti-virus software worth using scans every single file you attempt to access before that access takes place. As such, it doesn't matter what the virus claims to be, the AV software will have scanned it before it tells the OS.

The general sequence of events is:

1 user double-clicks a file
2 the AV soft's real-time scanner is invoked to scan it
3a the file is clean, access is granted
3b the file is dirty, access is denied

It doesn't matter how long step 2 takes, or what other apps get to use cycles while it's suspended - it will complete before either of steps 3a or 3b.

Re:

[Anonymous Coward]

hey dumass, its because windows nt used to be distributed on fat16 (not vfat) floppy disks and you could use dos to copy their contents over to a hard drive for installation. it had to be 8.3 then, and there's no need to change it now. you can rename ntoskrnl.exe to anything you want and boot off it with the /kernel= boot.ini option.

Re:

[gutnor]

"8.3 filename? In two-thousand-fucking-seven? No wonder Vista sucks"

woo ...

Remind me of an ex-college whose project has been delayed because, during the demo meeting, one of its manager was not happy with the name of the shortcut that launched the demo. ( It was an abbreviation instead of the full corporate name ).

Let's make some more 'professional' comments :

1. They still call their kernel, kernel. Fucking not original.
2. They still call their product Windows. The same name they have been using for 20 year

Re:

[spectecjr]

That's because the ISO file system used on CDs limits you to 8.3 file names if you want to read them on all BIOSes.

Re:

[vadim_t]

vadim@gadget ~ $ ls -l /boot
total 30242
[...]
-rw-r--r-- 1 root root 94760 Jul 3 2006 memtest86+-1.65.bin
-rw-r--r-- 1 root root 1940586 Jan 21 2005 vmlinuz-2.6.10-gentoo-r6

No problem here.

Re:

[Knuckles]

A DOS program knows about the NT kernel name? Amazing!

Re:

[LocoMan]

Well, sometimes I wish OSX did that.

Where I work (video editing) we have a file of logos of clients (and no clients too in case they're needed) in vector format. I don't know who created them, since they were handed to us by someone else, but there are several that have no extension. We have both windows and OSX computers, and in the windows computers, freehand opens them just fine just by renaming the extension to .ai (adobe illustrator format), while the OSX ones tags them as something different (system r

Re:

[BetterThanCaesar]

That's because people need to type "cp" five thousand times a day. Having to type "pleasecopythefilesiwillspecifymrcomputer" every times you need to copy files would be a pain in the arse. But you pretty much never need to type "ntoskrnl.exe", so "ntoskernel.exe" would be quite okay to have to type.

But it IS broken

[dreamlax]

It's the fact that the backwards compatibility is still there. C:\PROGRA~1 etc is fucking ugly and confusing for the new user. They stole long file names from other OSs but implemented it poorly. They need to take the same route as OSX. Start from scratch (sort of) and forget backwards compatibility for once. Allow good implementation of a virtual machine for that sort of crap. You can't get rid of the burdens from your old OS if you allow backwards compatibilty. 8.3 filenames are just one of the burdens.

Re:

[EXMSFT]

He didn't say consumers. He said companies. VERY different. Enterprise companies DON'T want to throw away the 10 year old craptastic apps, the developers of which long since left the company. Ancient software is the key to Microsoft's stronghold. If everyone was willing to buy entirely new software (and throw away or completely rewrite what they have) just to run an entirely new OS with better features than the competition, the world would likely be running OS X already.

Re:

[beuges]

Yes, that is what consumers want. In fact, I'd guess that if Microsoft did indeed ignore backwards compatibility with each new version of Windows, you'd be one of the first people complaining about how much they suck because all your programs dont work and you have to go and buy new versions of all your games and software along with your new OS.

Would you upgrade to a new version of Windows if it meant you having to repurchase or reinstall *all* your existing software? Consumers want the software they purcha

Re:

[account_deleted]

Comment removed based on user account deletion

Not quite...

[supersat]

Err... Not quite. Not all [technet.com] of the SysInternals tools were migrated, and NONE of the source code was. Microsoft's hiding behind some pretty lame excuses (e.g. "They're using undocumented APIs!" or "Hackers are using it to make spyware!") for not distributing the source code.

The Winternals Administrator's Pak is also ">being discontinued [winternals.com], and have its functionality available only to those with Software Assurance agreements [microsoft.com].

Re:

[I'm Don Giovanni]

"For once and for all, if this Vista is as full of DRM as it sounds, I will not use it. For anything, ever."

Do you really mean that, "For once and for all" part? I sure hope so, becaues that means now that you've made your declaration, you'll shut up right?

Get this through your head: NOBODY GIVES A DAMN WHAT OS YOU USE!