MS Traces Duqu Zero-Day To Font Parsing In Win32k 221
yuhong writes "MS has traced the Duqu zero-day to a vulnerability in font parsing in win32k. Many file formats like HTML, Office, and PDF support embedded fonts, and in NT4 and later fonts are parsed in kernel mode! Other possible attack vectors, for example, include web pages visited using web browsers that support embedded fonts without the OTS font sanitizer (which recent versions of Firefox and Chrome have adopted)." Adds reader Trailrunner7: "This is the first time that the exact location and nature of the flaw has been made public. Microsoft said that the permanent fix for the new vulnerability will not be ready in time for next week's November patch Tuesday release."
Nearly as insane as executing code in images (Score:2)
It looks like somebody was half asleep that day as well and the long "focus on security" didn't go deep enough.
Re: (Score:3, Informative)
If you remember what 3.5 and 3.51 were like, it's possible to have some sympathy for this, but IIRC it was highlighted at the time as a bit of a silly thing to do.
Re: (Score:2)
I am surprised they haven't gone back to the old model now the hardware is up to it. It would make a lot of sense.
Re: (Score:2)
Well, the graphics drivers were moved out of the kernel and into a special user-space-like environment with Vista. This allows Windows to restart crashed graphics drivers on the fly (and this even works most of the time). Looks like other parts of the graphics subsystem are still where the don't belong, though.
Re: (Score:2)
Yea, partly because of the need to support old XP display drivers. The good news is support for that is eliminated in Windows 8, which may even allow the DWM to be part of the new CSRSS.
Re: (Score:2)
I once suggested to Larry Osterman of MS that this be done, now that there is a *separate CSRSS for each session* and has been since NT4 TSE. If one of them crashes, only the session is lost.
brb banging head against wall (Score:2, Funny)
Re:brb banging head against wall (Score:5, Insightful)
Very easily.
The world was a different place in the early days of NT 4 - and remember this design dates back to before then, because the design decision would have been made some time before NT 4 was released.
NT 4 was, arguably, the first version of Windows to really enjoy any sort of success in the server room. The Internet was only just starting to attract attention outside of academic circles; it would be some years before it became apparent how bad Windows was security-wise. Microsoft's priority wasn't security, it was making an OS with a sophisticated GUI you could install on a 486 with 16MB of RAM that could act as a server to a whole network. Historically it's always been somewhat quicker to run code in the kernel; NT 4 moved most of the GUI to the kernel for exactly this reason. Security? Why would that even appear on the radar?
Re:brb banging head against wall (Score:5, Informative)
This right here. The world was a different place back then. One could leave their house without locking their doors, and all that nonsense.
The WMF vulnerability was borne out of the same situation. When designed, there was no consideration made for remote-code execution, because "remote" didn't really exist. Your worries were boot-sector viruses and executable viruses coming in on that floppy of Doom you "borrowed" from your friend. You didn't get viruses from the internet, heck, you were lucky if your computer connected to the internet at all!
To end all this, this design decision clearly and loudly screams: GET OFF MY LAWN!!!
Re: (Score:2)
no we weren't thrilled... lots of sites stopped working anywhere other than in IE, and certainly not in Slackware! NOW GET OF MY LAWN!!! PULL UP YOUR PANTS!
Re: (Score:2)
Well, when they designed ActiveX, they did realize that there would be security issues, which is why they created code signing and "safe for scripting" and "safe for initialization" etc... One of the problems however was that back in 1996 buffer overflows etc was not well-known security threats, which is now one of the biggest reasons why nowadays MS is adding kill bits in security updates.
Re: (Score:2)
Alrightie, quick question for you since you clearly have been doing this longer than I have.
Back in 1996 when I was learning C it was pointed out many times that gets() was dangerous and should not be used. It was common knowledge by then.
So when and who started making a big fuss out of gets and the danger of buffer overflows? I find it strange that a teenager back then knew of them when Microsoft apparently didn't think it was a problem.
Re: (Score:2)
FYI, a series of blog articles on this:
http://rdist.root.org/2010/05/03/why-buffer-overflow-exploitation-took-so-long-to-mature/ [root.org]
Re:brb banging head against wall (Score:4, Insightful)
The world was a different place in the early days of NT 4
No, it wasn't. NT4 was released in 1996. By that time, many people here on /. had been exploiting bugs like that for 10 or 20 years already. Granted, mostly for fun or to cheat in (single-player) games, but still...
NT4 already had a security architecture. There was a different place available (basically anywhere outside ring0) and it should have been put there, and it definitely should have been obvious to anyone with three grams of brains that stuff like this doesn't belong into ring0.
Re: (Score:2)
They still supported non-x86 architectures back then. And on those, there is only a kernel mode and a user mode. Rings 1 and 2 don't exist there. So putting the graphics in ring 1 or 2 would have hurt portability. OS/2, on the other hand, actually started to put stuff in all 4 rings because it was designed to run only on 386 and up.
Re: (Score:2)
I don't think that OS/2 ever used ring 1 and ring 2 was used for DOS compatibility, allowing DOS device drivers to work in a DOS virtual machine.
Re: (Score:3)
Seems you almost got it right. A quick Google search turned up the information that ring 1 was unused and ring 2 was home for parts of the graphics and printing system.
Re: (Score:2)
The world was a different place in the early days of NT 4
Arguably true... but only for the monolithic win 9x series releases, which aren't relevant to this topic since the NT kernel was developed independently within Microsoft by Dave Cutler from DEC. It was Microsoft's first truly modern operating system. As many comm enters above me have mentioned NT originally did have functions such as font rendering in userspace due to its heavy hardware abstraction. As the pending issues with 9x loomed however MS could read the writing, on the wall; porting 9x to Unicode (it was ANSI throughout, a separate " Layer for Unicode [wikimedia.org]" had to be used to run Unicode programs on 9x machines) as well as supporting newer hardware (AHCI, USB, true Plug and Play) was going to be nearly impossible (the attempt was called Windows ME). So Microsoft began with NT4 to prep for the mass migration from 9x. Since the average consumer at the time didn't want to drop $3k for a workstation that would be able to run the NT model correctly, Microsoft made some compromises to the OS for the sake of speed.
No, it wasn't. NT4 was released in 1996. By that time, many people here on /. had been exploiting bugs like that for 10 or 20 years already. Granted, mostly for fun or to cheat in (single-player) games, but still...
NT4 already had a security architecture. There was a different place available (basically anywhere outside ring0) and it should have been put there, and it definitely should have been obvious to anyone with three grams of brains that stuff like this doesn't belong into ring0.
You however are making the assumption that everybody in Microsoft talks to each other. A most incorrect assumption. The reality is most likely that WinDiv (The division responsible for the OS) made the assumption that fonts would not be loaded from insecure sources, e.g. Word documents. The Office division however faced the problem of what do you do when some user uses a font that is not on another users system? So they made the decision to allow the embedding of fonts into the file format, along with a bun
Re: (Score:2)
Note here that MSDN has completely get rid of compatibility info for any Windows versions before Win2000. Look in the old Platform SDK for WinServer 2003 SP1 from 2005 for the true compatiblity info.
Re: (Score:3)
The reality is most likely that WinDiv (The division responsible for the OS) made the assumption that fonts would not be loaded from insecure sources, e.g. Word documents.
The bug here is a kernel level exploit by user land code, not administrative, just normal users. If the kernel team doesn't expect fonts to be loaded from 'insecure' locations then the API should have required special access, as it is, any user can root the machine, Internet or no Internet, Word or no Word. I can write an app to exploit this, just need to get someone to run it.
Thats not a miscommunication issue, thats a fucking huge mistake, it doesn't MATTER what the word team tried, it shouldn't have wo
Re: (Score:2)
If someone in WinDiv allowed anything in ring0 to depend on anything unprivileged to keep it from being exploited (such as depending on Office to not load insecure fonts), then they were wrong, full stop. No exceptions, no excuses. Whoever made that decision needs to wear the paper bag now.
Ideally, a privileged gatekeeper would get the request from unprivileged processes, parse it out and sanitize it, simplify it and pass it up to ring 0.
Re: (Score:3)
It wasn't really. Things like this were well known to be a bad idea and were only done to cut corners. Stuff as mainstream as Scientific American had articles on computer viruses in the early 1970s for fuck sake and a few hacking movies let alone popular novels had come out before NT4.
It was nineteen fucking ninety six and personal computer users had been worried about computer viruses for about a de
Re: (Score:2)
It was nineteen fucking ninety six and personal computer users had been worried about computer viruses for about a decade.
They had. But this is Microsoft we're talking about here, and their ability to predict the future has always been notoriously terrible; the great majority of viruses at the time were assembler-written things that did all sorts of clever stuff bypassing the OS entirely - and they were able to do that because memory protection was scant at best on DOS/Win3.x/Win9x. Few viruses even worked in NT, and with a proper security model, how could they?
Re: (Score:2)
Re: (Score:2)
Umm, yeah, so we also have no excuse for kitting our asses kicked in an alien invasion, right?
Re: (Score:2)
It wasn't done to "cut corners" - remember that earlier version of NT (3.1, 3.5) did it all in user space. It was moved to kernel space, deliberately, so that it would sit there together with the graphics driver for maximum rendering perf. On the hardware of that time, it did make a visible difference, and let it run well on less powerful machines.
You can argue that choosing speed over safety was a wrong priority, especially for a server OS. And I would agree with that. But it wasn't done just for giggles,
They should have known better (Score:3)
Security? Why would that even appear on the radar?
Computer security has been an issue since at least the 1960s, and it's been well-documented and understood since at least the 1980s (when the NSA Rainbow Books appeared). The Morris worm hit in 1988. None of this stuff should have come as a surprise, and there were many people talking about how Microsoft was repeating all the mistakes over and over again.
As you say, the fact is, Microsoft wasn't concerned with security. I don't give them a free pass for that. The entire world has been paying for their m
Re: (Score:2)
I can very well remember how many people criticized MS for moving the graphics subsystem into the kernel for a slight performance advantage. I liked NT3 with all its VMS heritage and it was clear that MS was spoiling the clean design.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Give it up. There's a difference between not being perfect and deliberately introducing flaws. Not one of your other objections has any bearing at all.
Re: (Score:2)
Re: (Score:2)
"Deliberately introducing flaws": I don't know where the actual failure in their code was, but truetype rendering is done by a full virtual machine. This isn't an exaggeration [microsoft.com]. Do chase that link: that machine is not simple, not by any measure. They're firing up an arbitrary user-supplied VM image in the kernel, and yes I say that constitutes a conscious introduction of a security flaw. Nobody could possibly have thought that was safe.
True but obviously irrelevant statements "have no bearing" on the poi
Re: (Score:2)
Re: (Score:3)
NT 4 was, arguably, the first version of Windows to really enjoy any sort of success in the server room.
Only for the first 42 days or 2^20 page outs....
Re: (Score:2)
And in particular it took until IE4 in 1997 before MS's own web browser supported embedded fonts.
Re: (Score:2)
I'm a college dropout and have no idea what any of this means... so... uh... kudos to you; you have my envy, younger yet superior nerd.
Seriously. I feel like this post comes across as sarcastic but I mean it.
Re: (Score:2)
FFS microsoft, I'm a highschooler and I think that a really bad idea. How do mistakes like that get through q&a?
If you're a highschooler, I bet you never had to write code that's supposed to run a 486 with 8Mb of RAM and a crappy S3 video card that barely does 2D. Try that, then have your clients come screaming at you about how your OS is so slow as to be unusable (sure it is, when you've almost got a microkernel there and nice isolation levels for all stuff, including graphics!) - then get back to us.
Re: (Score:2)
Q&A = Questions & Answers. :P
How did that easy mistake get through you? :P
WTF (Score:5, Insightful)
Whiskey Tango Foxtrot Microsoft. What genius thought font parsing belonged in ring 0?
Re:WTF (Score:4, Informative)
It's a questionable decision, yes. However, the vulnerability wouldn't be any less worse if it was in userspace. And Microsoft weren't exactly the first. There was a time when the X11 server parsed fonts directly, and it was running as root, perhaps with some privileges dropped along the way. It wasn't kernel mode, but you still had a font parser running as root. So, they weren't the only geniuses who thought so.
But yeah, the X11 world has improved a lot since then, font parsing and rendering by the client, in userspace, and with an unprivileged account -- all great ideas that Microsoft might want to follow.
Re: (Score:3)
Re: (Score:2)
X server runs as root because it needs to directly access your video hardware.
Re: (Score:2)
UAC is irrelevant, since it doesn't tell the user what the program is actually trying to do, so the choices are to accept and hope everything goes well, or deny and have the program not work. Add the fact that random programs will require admin rights at random times, and the only real effect of UAC adds up to blame shifting.
Re: (Score:2)
UAC is irrelevant, since it doesn't tell the user what the program is actually trying to do, so the choices are to accept and hope everything goes well, or deny and have the program not work.
Well, it's exactly like su/sudo, and Unix world has somehow managed to live with that for decades.
Then again, it didn't have large quantities of users whose first reaction to the file named amateur_lesbian_threesome.jpg.exe was to click it (and then click "Yes, just fuck off!" in every warning dialog that would appear).
Re: (Score:2)
The sane way of doing this would be to have a font service that would run as an unprivileged user, parse TrueType fonts and pass the beziers to the graphics subsystem in the kernel. This was possible with the NT security model from the start. This wouldn't even have cost anything in terms of performance - parsing the font file is not performance-critical, only rendering the resulting glyphs is.
There was a time when the X11 server parsed fonts directly, and it was running as root, perhaps with some privileges dropped along the way
Kind of. It did, but only of fonts installed on the X server. This meant that it was not parsing untrusted fon
There are a lot of Microsoft shills here... (Score:5, Insightful)
... And I want at least one of them to give a good reason why parsing fonts in kernel mode is a good idea. Speed is not a good reason. Not even on 10 year old equipment it's not.
--
BMO
Re: (Score:3)
Seeing as speed (on 15+ year old equipment) was the reason they did it, you're not going to get an answer you like.
People said Windows NT was too slow on their 486s, so one of the things Microsoft did to try and fix that was to move the GDI into the kernel. They didn't think the security and stability side through however, and I doubt if many people are going to call it the greatest decision ever made in the design of an OS.
Re:There are a lot of Microsoft shills here... (Score:4, Insightful)
Seeing as speed (on 15+ year old equipment) was the reason they did it, you're not going to get an answer you like.
Sorry, but that reason is bullshit. Rendering fonts is performance-critical. Parsing the fonts is not. The vulnerability is in the code responsible for turning a font file into a set of bezier paths that the display subsystem can render. This code is not performance critical, nor does it need to run with any privileges other than the ability to read the font file (or read font data from a pipe or memory buffer) and write the bezier paths somewhere.
Moving the code that takes the output from this bit of code into the kernel makes sense, because that really is performance critical. Rendering text is one of the most CPU-intensive things a modern windowing system does. Parsing font files is not.
Re: (Score:2)
My suspicion was that, when they moved GDI to kernel space back in NT4, it was done wholesale - likely because re-architecturing it completely to properly separate into things that had to go into the kernel for perf reasons, and things that could stay in userspace, and making them interoperate (since that now requires a bunch of new kernel calls) simply didn't fit the release schedule even after considerable stretching.
Re: (Score:2)
Re: (Score:2)
Rendering precompiled bitmap data to screen.
That's a very bullshit definition of "parse fonts" you have there, MS apologist.
Re: (Score:2)
Come at me, bro.
After you take your fucking meds.
--
BMO
Re: (Score:2)
Funny, I haven't had mod points in 2 weeks.
Oh look, it's apk projecting again.
You got modded down because you're a fucking spammer.
--
BMO
deserved (Score:3)
in NT4 and later fonts are parsed in kernel mode!
anyone who doesn't immediately realize this is a recipe for trouble? Parsing externally-supplied data in kernel mode. Yeah, like that never got anyone...
For all the really, really smart people that MS employes, why do they keep on making the dumbest mistakes one could come up with if it were a "dumb idea of the month" challenge?
Re: (Score:2)
I'll bet you anything that this code was in the kernel before you signed up here at slashdot. What does that say about your pretense that this was recently thought up?
I await your snarky reply.
Re: (Score:2)
You've lost me. Where outside some dark corner of your own mind with possible chemical assistance is that suggested? Please quote it.
Re: (Score:3)
You've lost me. Where outside some dark corner of your own mind with possible chemical assistance is that suggested? Please quote it.
Dude, you are the one huffing glue. "keep on making" and "dumb idea of the month" imply a level of immediacy and concurrency that is absolutely unwarranted. The guy is hiding behind a 3 digit ID, thinking it shields him when he makes an asinine remark. It doesn't.
Re: (Score:2)
"keep on making" and "dumb idea of the month" imply a level of immediacy and concurrency that is absolutely unwarranted.
Ah, I see the misunderstanding.
No concurrency was intended. "keep on making" was intended to cover basically the entire existence of MS, who have been doing stupid mistakes like this for as long as I can remember. And the "dumb idea of the month" is a figure of speech not referring to any specific month, neither present nor past.
The guy is hiding behind a 3 digit ID
No, the ID is too short to hide behind. :-)
Re: (Score:2)
No, the ID is too short to hide behind.
That is one of the greatest smack-talk comebacks of all time. My hat is off to you good Sir.
Re: (Score:2)
Re: (Score:2)
What is it with these idiots trying to get something out of nothing?
Re: (Score:2)
I'll bet you anything that this code was in the kernel before you signed up here at slashdot..
What was supposed to have happened during Microsoft's security "rebirth", where they put Longhorn development on ice for about a year so they could overhaul XP for Internet-worthy security robustness? What about since that time where they've supposedly been using the most advanced code verification tools on the planet to verify their OS?
Shouldn't they have reimplemented this feature in userspace at some point during that long process?
Re: (Score:2)
Tell me how an application can tell whether a particular parsing task takes place ring 0 or in user space.
Re: (Score:2)
I'll bet you anything that this code was in the kernel before you signed up here at slashdot. What does that say about your pretense that this was recently thought up?
I didn't say anywhere this was recent. Adding something like that to kernel code was an obviously stupid idea even at that time.
And yes, it is probably about two years older than my /. membership.
Re: (Score:2)
Just curious, can you name an OS that doesn't do it in one form or another?
Keep in mind, just because you aren't parsing raw file data doesn't mean you aren't parsing. Parsing memory from an ioctl is still doing the same thing, might be a simpler file format, like say a C structure, but its still parsing.
Re: (Score:2)
Just curious, can you name an OS that doesn't do it in one form or another?
I can name two that had a font-rendering kernel exploit in 2009 [infoworld.com]. You'd have thought their manufacturer would check his other products for the same or similar problems...
And yes, I know quite a few OS who don't do complex operations like that in kernel space, but push it into user land and reserve the kernel space part to simple operations that are more likely to be done with less bugs.
Yes, you need to do stuff with data, and sometimes that data comes from the outside. But name me one reason why font renderi
Re: (Score:2)
For all the really, really smart people that MS employes, why do they keep on making the dumbest mistakes one could come up with if it were a "dumb idea of the month" challenge?
It's faster and easier and they're able to externalize the consequences.
Xbox (Score:2)
Isn't this how people hacked the original xbox so many years ago (a font vulnerability)? It's not like they haven't been warned...
Re: (Score:2)
I'm fairly certain that since they've fixed this flaw so quickly that if they had known about it specifically, they probably would have fixed it.
Re: (Score:3)
I don't know about the Xbox vulnerability per se, but font parsing vulns are nothing new. For an actually pretty recent example, t least one of the iPhone jailbreaks used a very similar exploit to this one (and was embedded in a web page).
That said, I know MS fuzzes the heck out of their font parsers. It's a little tricky since it's in kernel - if something breaks, it's slightly harder to debug and takes more time to go through repro steps, since you're basically intentionally bugchecking ("BSoDing") the bo
Kaspersky may have pointde to the bug before MS (Score:2)
Symantec and Microsoft still haven’t made the actual dropper file available to other antivirus companies yet, nor have they provided information about which Windows component contains the vulnerability that results in privilege escalation. However, indirect evidence suggests that the vulnerability is in win32k.sys.
We discovered a similar vulnerability (see MS10-073) a year ag
And this is why I have font downloading disabled (Score:2)
In both Ie and FF. I'm sorry but those damn idiot web designers who insist that a 4px font is readable because they still use a 320x240 screen need to upgrade to something reasonable like 1024x768, means I've been forced to learn enough about CSS to begin creating my own overriding page to prevent those damn pesky and funky fonts/colors/sizes that make it impossible to read their sites. Of course, when I hit one of those sites, I add them to my block list though if I can get the custom css page working corr
Re: (Score:2)
It says it just a true type font parsing.
I don't know why but image and font file parsing and thumb-nailing is a common security problem (about once a month or so my distro has a security update for a potential hole).
I think they generally work by tricking the computer to run arbitrary code from elsewhere rather than contain the code themselves.
Re:let me guess... (Score:5, Insightful)
Oh, go ahead, mod me down
I wish people would for your karma whoring. The "mod me down" is a standard trick to get modded up on Slashdot.
Re: (Score:2)
http://support.mozilla.com/en-US/kb/Changing%20fonts%20and%20colors [mozilla.com]
Read that page.
Re: (Score:2)
I think recent versions of Firefox uses the OTS font sanitizer which tries to prevent attacks.
Re: (Score:2, Informative)
Besides, font rendering is quite common task and needs to be fast. That's why it also needs to be so low level. Yes, you could isolate everything to higher levels, but that only results in bloat and slowness. This was especially true in NT4.0 days, which this exploit dates back from.
Re: (Score:2)
Does fbcon render true type fonts, or only simple bitmaps ?
Re: (Score:2)
Re:Kernel mode (Score:5, Informative)
The kernel doesn't parse fonts. A userspace program parses the fontfile (which could easily be TrueType if someone feels like supporting that, though it would have to be monospaced). The kernel only gets a raw monochrome bitmap data array for the characters, a width and height, and optionally a character map. No parsing is done in the kernel.
KDFONTOP ioctl arguments: /* KD_FONT_OP_* */ /* KD_FONT_FLAG_* */ /* font data with height fixed to 32 */
struct console_font_op {
unsigned int op;
unsigned int flags;
unsigned int width, height;
unsigned int charcount;
unsigned char *data;
};
fbcon blitting rectangular blobs onto the screen doesn't even remotely qualify as "parsing fonts". Doing TrueType in the kernel, which is what Windows does here, is patently insane.
NT4 was such an abomination... (Score:4, Interesting)
Sometimes I feel like I must be the only geezer remaining who actually had the opportunity to use NT 3.51, so let me tell you: It was a GLORIOUS operating system.
EVERYTHING was client/server, and all the client stuff ran in Ring 3/User Mode.
Heck, you could even kill Windows, and run it as a multi-user "DOS" box.
But, of course, that meant that the video/graphics subsystem also ran as a client service, in User Mode, which [I guess] the suits perceived as being "slow", and therefore as being an impediment to the gaming experience which would come with the impending merger of code bases that we now know as Windows XP [2001].
So in 1996, some genius at MSFT decided to throw out all of the beauty and elegance and stability and security that had been NT 3.51, and to serve up, instead, the great big steaming pile of sh!t which was NT 4.0 [with its video/graphics subsystem subsumed into the kernel].
And the world was never again the same...
Re:NT4 was such an abomination... (Score:4, Interesting)
Actually, IIRC, it was Win NT 3.1 that had the initial full security model you ascribe to Win NT 3.5. Win NT 3.5 had already slid a good portion of the way down the slippery slope of Ring 0 code, including some of the graphics drivers. (Again, IIRC, it's been a while)
NT 4 moved a lot of user space Windows GDI functionality (as defined by Win 95/98/ME) into a kernel mode GDI API, which is single threaded btw, that persisted at least through all versions Windows XP, if not beyond. (This is one of the reasons why opening a 10MB networked file or attachment in Outlook causes your entire machine to lockup until it's done)
This was in contrast to OS/2, which continued to follow the original design criteria, and hence was perceived to be slower on the same hardware as NT 4 for single tasks, although multi-tasking was much faster on OS/2. I mention this because NT's original basis was the OS/2 criteria, which was then mutated to be able to support the Win 95/98/ME gaming solutions.
Re: (Score:2)
The graphics drivers I mentioned had all their utilities directly interacting at Ring 0, instead of running in User Mode.
Re: (Score:3)
Back in the OS/2 1.x days, MS wanted to put the graphics stuff in ring 0, IBM flatly refused, which was one of the many reasons for the falling out between them.
OS/2 did its font parsing in user land with a DLL that was easily replaced with Freetype which was quite an improvement.
Re: (Score:2)
BTW, GDI is no longer single threaded in Win7.
Re: (Score:2)
I did say at least through all versions of XP, and as one commenter pointed out, this continued through Server 2003, which makes sense since XP64 (based on Server 2003) still exhibited this extremely annoying behavior.
I haven't used any MS products for my main desktop in over 5 years, so I can't comment on Vista or W7, except that my exposure to W7 and Server 2008 R2 was more than a little underwhelming on the architecture and performance sides. IOW, nothing had changed, or rather, some things had gotten wo
Re: (Score:2)
NT 4 moved a lot of user space Windows GDI functionality (as defined by Win 95/98/ME)
Did Win9x even have the concept of "user space" and "kernel space" as such?
This is one of the reasons why opening a 10MB networked file or attachment in Outlook causes your entire machine to lockup until it's done
That's bullshit. It doesn't "lockup your entire machine" - at best it would lock up Outlook, and that would be because it'd use a synchronous file API (open or read) for something that's on the network, from a UI thread. This doesn't have anything to do with GDI, or userspace/kernelspace distinctions.
Re: (Score:2)
NT 4 moved a lot of user space Windows GDI functionality (as defined by Win 95/98/ME)
Did Win9x even have the concept of "user space" and "kernel space" as such?
Of course not, but these functions or their predecessors originally resided in user mode in the original version of NT. On that time's hardware, it was slower than molasses and only ran acceptably for office type applications.
This is one of the reasons why opening a 10MB networked file or attachment in Outlook causes your entire machine to lockup until it's done
That's bullshit. It doesn't "lockup your entire machine" - at best it would lock up Outlook, and that would be because it'd use a synchronous file API (open or read) for something that's on the network, from a UI thread. This doesn't have anything to do with GDI, or userspace/kernelspace distinctions.
You haven't tried this experiment on the appropriate software/hardware then. Downloading that through Outlook will lock up every other program that depends upon the GDI layer. This leaves any open Command Prompts responsive, and the Task Manager. You can't even open a new program from
Re: (Score:2)
Re: (Score:2)
This, plus proliferation of antialased rendering offsets advancements in CPU power - to the point that navigating source code in QtCreator on my Linux box is not that smooth as I'd like it to be.
That almost certainly has more to do with either display sync issues (which sadly aren't uncommon on a composited X desktop especially with non-free drivers) or the various services of the IDE. Anti-aliased font and line drawing aren't that demanding to begin with, and can be GPU-accelerated with pretty much any hardware you might have picked up within the last five years or so.
Re: (Score:2)
Sigh, the userland program is just a preprocessor, the kernel still has to parse and validate the memory it gets passed to it. The compiler does most of the parsing code for you thanks to those neat things called structures.
The two kernels may do things differently, but they are both most certainly parsing fonts. You just seem to think that if the compiler does it for you or that if its done exclusively in memory that its not parsing, which is just silly logic.
Re: (Score:2)
Sigh, the userland program is just a preprocessor, the kernel still has to parse and validate the memory it gets passed to it.
How difficult exactly is it to parse the Linux kernel font format? It's 5 ints plus an array which the kernel doesn't even need to understand (only boundary check)! Good luck exploiting that. Most ordinary programs/users don't even have ACCESS to the console; even if there was a bug you'd need to log in and run programs on the text console to exploit it. It is somewhat unusual to run word processors on the text console these days, you may have noticed.
Compare that to a Turing-complete hint format where you
Re: (Score:2)
Re: (Score:2)
Besides, font rendering is quite common task and needs to be fast. That's why it also needs to be so low level.
Doing something in kernel space does not magically make it faster. What it does is, it gets it all closer to other kernel space code, and so you don't need to waste time on userspace-to-kernelspace transitions if you need it.
In this case, I suspect the fonts are in the kernel because high-level graphics (i.e. GDI) is in the kernel, which in turn is because the graphics driver is in the kernel. It's a design that dates back to the earliest NT versions, where this kind of thing was very much justified if you
NoScript helps (Score:2)
That's why NoScript disables embedded fonts along with other possible attack vectors.
Even on GNU/Linux, font rendering is not to be assumed safe. In particular, freetype was never designed with the idea to parse fonts from various untrusted sources, so security in the font parser has always been secondary up until recently, so there might be many security holes in it lurking. It also had a vulnerability lately, of course it got quickly fixed.
http://hackademix.net/2010/03/24/why-noscript-blocks-web-fonts/ [hackademix.net]
Re: (Score:2)
I was wondering if it was Windows Version 32768 - and since they are only up to Win 8 now that has to be way in the future.
It will probably need a googolplex of RAM to run, and while it is booting up, you can go have lunch at Milliways
Re: (Score:2)
Why do you feel the need to force your crappy monospaced font on the rest of us when you post? Its not even a freaking attractive one for fucks sake.
Re: (Score:2)
They want to push Metro [funtoo.org] out as the replacement.
They do? Well it's about time they switched to a more stable system.
Re: (Score:2)
How do you think ActiveX in the kernel would look like?
Actually, let me rephrase that: do you know what ActiveX even is?