Microsoft Research Showcases New Browser Prototype, "Gazelle" 125
Ars Technica reports that Microsoft has opened up about "Gazelle," a new browser prototype of theirs that is modeled after the underlying concepts of operating system design. "A research team led by Microsoft's Helen Wang recently published a report about an experimental browser prototype called 'Gazelle' that uses processes to isolate page content elements originating from different domains. It builds on the concept of multiprocess browsing but uses more fine-grained isolation to expand on the security advantages that are already delivered by existing multiprocess browsing models. But is it an operating system, Microsoft Research's analogue to Google's Chrome OS? Not quite."
Color me less excited :/ (Score:5, Informative)
After reading that article, I'm much less excited than I was. I had assumed it was something similar to Google Chrome OS, but it's not even something that seems like it turned out very well for Microsoft, or something that can have yet undiscovered major issues on the horizon. The idea seems to have turned out overly complex to work around the limitations with the approach, and all that in a resource hungry .NET application. It says they're hopeful to get the per-tab RAM usage down from 16 MB, but I have to wonder by how much? This approach doesn't seem much better than running a process-separated browser written in Java. Ugh.
I have a hard time understanding the decision to use .NET, but perhaps it was a security decision? Anyway, it doesn't sound like the optimal choice, when the project all revolves around low-level features like isolating the tabs even further.
Re:Wait, they did WHAT for HOW MANY COOKIES? (Score:1, Informative)
It is true that our current abstractions for concurrency suck. However, the benefit of a multi-process (not multi-thread) abstraction is address space isolation. Namely, when your browser tab or plugin goes off scribbling in memory, every other browser tab keeps on chugging along without getting corrupted. As you pointed out, we still need good designs for exchanging data between processes. But now we can design much smaller interfaces around narrow, inter-process communication channels instead of the massive communication channel that we like to call shared memory.
Re:Color me less excited :/ (Score:4, Informative)
After reading that article, I'm much less excited than I was. I had assumed it was something similar to Google Chrome OS, but it's not even something that seems like it turned out very well for Microsoft, or something that can have yet undiscovered major issues on the horizon. The idea seems to have turned out overly complex to work around the limitations with the approach, and all that in a resource hungry .NET application. It says they're hopeful to get the per-tab RAM usage down from 16 MB, but I have to wonder by how much? This approach doesn't seem much better than running a process-separated browser written in Java. Ugh.
I have a hard time understanding the decision to use .NET, but perhaps it was a security decision? Anyway, it doesn't sound like the optimal choice, when the project all revolves around low-level features like isolating the tabs even further.
Read the article a bit more and you'll discover that the purpose of this project was to find the limitations of taking the separate process model to an extreme, with every element on a single page living in its own process. This was low level research, not an attempt to spark a new product.
Re:Boy, don't we miss x86 segments! (Score:2, Informative)
Uhm ... segmenting didn't sandbox shit. It just made it annoying to get in between, not impossible as shown by the many different libraries that help programmers do exactly that.
The Virtual Memory Manager support built into processors on the other hand DOES segment blocks of ram. This is why kernel space can be protected from random attacks in user space.
Perhaps an OS that takes more advantage of the VMU would accomplish what you want, but jumping back to segmented addressing just means that the hackers (i.e. the programmers that actually do know what they are doing) will still be able to take advantage of exploits that exist now, as well as being able to take advantage of all the clueless programmers and CS grads who shouldn't touch code with a 10 foot pole but do it anyway since these people are the ones who will have a problem with a segmented memory model.
Of course the only way any of this works is if the code that manages it all is secure. Since I've yet to see any OS manage this for just the user/kernel space boundry well, then I think trying to add more boundries at this point is just asking for trouble. The smart hackers are still going to beat the code that was farmed out to India or some local uni, sorry.
Re:Boy, don't we miss x86 segments! (Score:2, Informative)
I think you're confusing concepts. Segmented memory was a hack, and protected nothing. Then they added protected mode, giving OS' the option of acting as the cop of memory. That has been on the x86 since the 286, and is of course widely used.
Everything that any process on your machine does in user-space has to be effectively "allowed" by the operating system. It is purely due to non-granular permission structures that modern OS' don't allow you to fine-tune every permission of even "native" executables.
Re:Why doesn't MS just rename itself "Bing" alread (Score:2, Informative)
Beware of urban legends : http://www.snopes.com/cokelore/tadpole.asp [snopes.com]
Coca-Cola's translation in Chinese is especially good and very successful. As it is composed of very simple characters, it is also one of the first words I learned :)
Another classic urban legend is the Chevrolet Nova : http://www.snopes.com/business/misxlate/nova.asp [snopes.com]
Bing is translated with biying in Chinese (meaning roughly : "must answer", sorry I didn't manage to use sinogramms to add that little scholarly touch). Microsoft of course did not choose the character of "illness" or "ice". It still must be a little confusing for a Chinese user because he has to type "bing" on the address bar, while he sees another name on the page.