Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Microsoft Operating Systems Windows

Microsoft is Busy Rewriting Core Windows Code in Memory-safe Rust (theregister.com) 150

Microsoft is rewriting core Windows libraries in the Rust programming language, and the more memory-safe code is already reaching developers. From a report: David "dwizzle" Weston, director of OS security for Windows, announced the arrival of Rust in the operating system's kernel at BlueHat IL 2023 in Tel Aviv, Israel, last month. "You will actually have Windows booting with Rust in the kernel in probably the next several weeks or months, which is really cool," he said. "The basic goal here was to convert some of these internal C++ data types into their Rust equivalents."

Microsoft showed interest in Rust several years ago as a way to catch and squash memory safety bugs before the code lands in the hands of users; these kinds of bugs were at the heart of about 70 percent of the CVE-listed security vulnerabilities patched by the Windows maker in its own products since 2006. The Rust toolchain strives to prevent code from being built and shipped that is exploitable, which in an ideal world reduces opportunities for miscreants to attack weaknesses in software. Simply put, Rust is focused on memory safety and similar protections, which cuts down on the number of bad bugs in the resulting code. Rivals like Google have already publicly declared their affinity for Rust.

This discussion has been archived. No new comments can be posted.

Microsoft is Busy Rewriting Core Windows Code in Memory-safe Rust

Comments Filter:
  • by AutoTrix ( 8918325 ) on Friday April 28, 2023 @01:43PM (#63483698)
    Why not just ask Bing to do it?
  • If a company with $2T market cap can't afford to hire enough "non-idiots" to competently write C/C++ code, then you probably can't, either.

    • Re: (Score:3, Insightful)

      by iggymanz ( 596061 )

      hey Rust fanbois are cheap

      • Inexperinced developers are a likely to make mistakes.
        • Re: (Score:3, Insightful)

          by Anonymous Coward

          Experienced developers still make mistakes. So, do what you can to reduce the number/amount of mistakes that can be made. Not saying that Rust cures all mistakes, but takes the most egregious ones out of play.

          • +1 Agree. Even the most skilled of developers will make mistakes, and there are limits to what static analysis and code reviews can catch. Putting up guardrails is a good thing.

            • I ship a helmet to every user, just in case.

            • by ArmoredDragon ( 3450605 ) on Friday April 28, 2023 @07:18PM (#63484392)

              It's a classic No True Scotsman fallacy that they're falling into.

              https://en.m.wikipedia.org/wik... [wikipedia.org]

              Bjarne Stroustrup himself seems to believe in it as well. Basically the C++ die-hards argue that any good programmer can produce bug free code. Yet not a single one of them could ever point to such a person, which is because that person doesn't actually exist.

              • Why person? Why not programs written in C++ that work well without so-called memory safety problems?
                • by ArmoredDragon ( 3450605 ) on Friday April 28, 2023 @11:17PM (#63484782)

                  Substitute "memory safety problems" with "memory safety problems that we know of" and you have your answer. The Linux kernel itself has had its share of memory errors that were in the source code for everyone to see, and yet nobody did for over a decade.

                  https://arstechnica.com/inform... [arstechnica.com]
                  https://en.wikipedia.org/wiki/... [wikipedia.org]
                  https://www.bankinfosecurity.c... [bankinfosecurity.com]
                  https://www.bleepingcomputer.c... [bleepingcomputer.com]

                  Keep in mind, this is only a few of them. There was one particular vulnerability that was in the kernel a whopping 20 years, I can't recall the CVE though. That last link in particular is three different memory bugs that were 15 years old at the time of discovery.

                  And of course, this is *only* one project, which is open source, and used on a majority of the computers that connect to the internet. Sure, it's not C++, but C developers aren't the ones going around saying that there's nothing wrong with their language. C is only trying to be a portable assembly, not an endless heap of abstractions that sees drastic changes every 5 years to the point that every C++ developer has their own style that doesn't make sense to any other C++ developer.

                  All the while, NIST, Microsoft, Google, Fuckerbook, and basically every other big tech company has realized that, as much as he doesn't want to hear it, Stroustrup's "call to action" to save C++ from Rust is ultimately pointless because he's trying to argue that all of the existing C++ code shouldn't just be tossed out, but the only realistic way to pull off his "call to action" is to do exactly that anyways. That's why these companies are exclusively moving to Rust for all greenfield work, and even rewriting old problematic code in Rust, which is exactly what Microsoft is doing here.

                  Despite that, people like The Evil Atheist just use the "NIST and all of the big tech companies don't know what they're talking about and have shitty engineers anyways" excuse every time this topic comes up. And people like him are one to talk because they definitely have no leg to stand on compared to the ones they criticize.

                  • The Linux kernel is written in C. You basically have to deal with pointers and memory in very low-level ways all the time C doesn't have the safe subset that C++ has. C++ (like rust) would be beneficial since it still allows you direvt access to memory when needed (to access I/O registers etc which usually isn't where the problems occur) and you can still write everything else using safe constructs
              • If that person does exist, there certainly aren't enough of them to write a text editor, much less an entire operating system and all its accoutrements.

      • by SirSlud ( 67381 )

        Thinking c/c++ is "perfectly fine" in the hands of the best programmers is an opinion only poor, low skill programmers can have. It's ironic, if unsurprising.

        Rust is real, and the best c/c++ people I work with are huge proponents of it, as they should be. Get used to this, unless you truly have nothing to lose from missing the inevitable boat. There's a reason it's in Linux and Windows now. This is not Xbox vs playstation. The adults in the room know why we need what it brings to the table. This is not a dr

        • by caseih ( 160668 )

          All true, but the problem with C++ may lie more in legacy code bases than the modern language itself. The next couple of releases of the C++ standard are bringing a lot of what Rust has for reference safety and ownership to C++.

    • A lot of APIs involve passing in a pointer to a memory block, and hacking revolves around malforming it to cause unexpected behavior.

      Is your API gonna require a Rust-approved block?

      "Sure, here it is, not malformed at all!"

    • Re: (Score:3, Insightful)

      by gweihir ( 88907 )

      The problem is not the cost. The problem is broken management that only cares about the bottom line and wants to do things cheaper than possible, hence accumulating technological debt. This move will probably not fix anything but introduce a few new and stupid problems.

      • by edwdig ( 47888 ) on Friday April 28, 2023 @02:18PM (#63483802)

        It never had anything to do with cost or doing things cheaply.

        Microsoft puts an extremely high value on backwards compatibility, and decades old code will usually still run on modern Windows versions. That level of compatibility often means mistakes made decades ago are often kept around far longer than anyone would otherwise like.

        They're well known for going out of their way to include hacks so that popular old programs still work after Windows bugs have been fixed. It would be far cheaper to just fix the Windows bugs and let everyone else deal with the fallout, but that's not how they want to operate.

        • Microsoft puts an extremely high value on backwards compatibility, and decades old code will usually still run on modern Windows versions
           
          That just isn't true anymore. Especially being that there are no longer going to be anymore 32bit Windows releases

          • by edwdig ( 47888 ) on Friday April 28, 2023 @03:02PM (#63483902)

            64 bit versions of Windows are compatible with 32 bit software. It's only 16 bit Windows code that no longer runs.

            That means your baseline of support is Windows NT 3.1, which was released in 1993.

            • There is also a ton of 32 bit software that was packaged with a 16 bit installer.

              • by edwdig ( 47888 )

                Yeah those installers will break, but if you can separate the software from the installer, you can still use it.

                There isn't anything Microsoft can do about this. If you're running an x86 CPU into 64 bit mode, you can't create a 16 bit process. The compatibility only goes back one level. Best you can do is run a 32 bit OS in a Virtual Machine, and run a 16 bit process inside that.

          • It's still true to this day. A lot of 32-bit software from ~20 years ago will run quite happily in Windows 10. There will always be outliers, but backwards compatibility is still impressive in Windows.

            Obviously if it's a game that requires an ancient 3rd party API (*looks at 3DFX*) or has a 16-bit installer (*sigh*) then it's not going to work, but there are plenty of examples online of people running pretty ancient software on Windows without hacks or community-made patches.

        • If the problem is just or mostly backwards compatibility, and M$ can make a Linux virtual environment for running Linux apps, then why couldn't they make Win3 /95 /W2K /10 /etc virtual environments just for those folks to run their old code in too ? Then they wouldn't have that excuse for writing buggy code that will be fixed in the next version of Windose ... Oh.
          • by edwdig ( 47888 )

            They did include XP Mode in Windows 7, letting your run Windows XP in a VM. It was mostly there to ease the transition from 32 bit Windows to 64 bit. But people generally want their programs running together, not sandboxed in a VM.

          • by gweihir ( 88907 ) on Friday April 28, 2023 @03:30PM (#63483954)

            Exactly. Remember the blatant, utterly dishonorable lie that Win10 would be the last Windows? Obviously it was only used to manipulate people into moving and then, as soon as they had the numbers they did not care anymore and announced the next version. I think there was not even any kind of apology ever for their despicable conduct.

            MS lives off selling defective products so they can sell you the next, slightly less bad (in some aspects) product after that. They are a really bad historical accident that has done and keeps doing massive economic damage.

        • by gweihir ( 88907 )

          You know, backwards compatibility _can_ be done right (see the Unix API) or can be done massively wrong (see the Windows API). And I would like to point out that the Unix API is quite a bit older. Hence it has to do a lot with the MS API being done cheaply and incompetently initially and with ignorance of what already existed. And then they did it over, keeping the old bad stuff and added some new bad stuff that is broken in a different way. And then MS did this several times again.

          Hence this is all about m

        • by Malc ( 1751 ) on Friday April 28, 2023 @04:53PM (#63484090)

          Tell that to the team that completely broke the ATL Wizard in VS2017. You couldnâ(TM)t do basic things like adding properties and methods. They clearly didnâ(TM)t know what they were doing or had tried to even test the most basic and common use-cases.

          Thatâ(TM)s why re-writing things in Rust just for the sake of re-writing it in Rust is stupid. All new code has bugs, and furthermore, the people who wrote the original code have probably long gone either retired or fired for being too expensive so todayâ(TM)s devs are going to be doing a lot of guessing.

        • Microsoft puts an extremely high value on backwards compatibility, and decades old code will usually still run on modern Windows versions.

          They do not value backward or forward compatibility even within MS Office. Couldn't even go '972000/xp without getting document corruption. Thankfully StarOffice was around.

    • by DesScorp ( 410532 ) on Friday April 28, 2023 @02:40PM (#63483866) Journal

      If a company with $2T market cap can't afford to hire enough "non-idiots" to competently write C/C++ code, then you probably can't, either.

      Microsoft has some of the best people in the world working for them. This brings snickers here at Slashdot, but they've truly got some world-class folks.

      The problem isn't so much competence as sheer volume. How many lines of code is Windows up to now? Office? It was Sisyphean task to keep even older version of Microsoft OS's debugged. It's only gotten more difficult as software becomes more complex. Throw in the pressure of deadlines, and even experienced, quality programmers are going to make mistakes.

    • This is Microsoft. C++ vs Rust is not the problem. I would wait for version 3.1 of Rust Windows at the very least.
    • If a company with $2T market cap can't afford to hire enough "non-idiots" to competently write C/C++ code, then you probably can't, either.

      There's no such thing as a non-idiot. Not a single person in history has ever written a complex piece of code perfectly securely. And if they have, maybe we should kill these non-human alien imposters.

    • In high rise construction, even (especially) non-idiots use harnesses to keep from falling to their deaths. Only an idiot programmer would want to use antiquated, unsafe tools, when perfectly good, safer, modern tools exist.

  • by ebonum ( 830686 ) on Friday April 28, 2023 @01:50PM (#63483722)

    The coders who know the millions of lines of undocumented/un-commented backward-compatible tangled messes of code have long since moved on.

    My guess is that the risk of changing anything that "ain't" broken will outweigh the benefits of Rust.

    • by gweihir ( 88907 ) on Friday April 28, 2023 @02:02PM (#63483770)

      Indeed. The real problem MS has is not shoddy implementation. They have that too and with their broken engineering culture, they will doubtlessly introduce many new and exciting problems in this rewrite. Mut memory safety does not fix stupid. It may look to some people like it would, because lot of problems get lumped together under "memory safety" while other problems are usually grouped in smaller groups. This gives the wrong impression that fixing memory safety would make code fundamentally better. It does not. Incompetent coders will just make other mistakes and Rust cannot prevent that at all. Also, in some places you cannot have memory safety because it costs far too much performance. An OS has a lot of such places.

      No, the real problem Microsoft has is shoddy design and architecture which accumulates technological debt. No implementation technique will fix that because it cannot, This is due to MS management there not actually caring about technology. All they care about is profits. What they would have to do is the same as Apple, throw it all away and rebuild the look & feel on an actually solid base. My guess is there is not enough pressure to do that despite the billions the substandard MS crap costs users all the time.

      • Windows is a victim of its own success. Fixing bad implementation and bugs in many cases means having to carry along known issues and papering them over wherever possible. Any profound fixes are going to break backwards compatibility, so they have one of two choices, either keep the bringing forward the screwy and potentially dangerous bits of the API, trying to bolt on security fixes where possible, or sandbox the ghosts of Christmas past. That's basically what they've done with IE, creating a sandbox vers

        • I have given this some thought over the years (esp during the transition from 32bit to 64bit) and I believe I have a solution:

          Start with a clean-sheet OS, 64bit, no backward compatibility with all the legacy code. Call it WindowsNew (or something) and run it along-side the existing Win10/11/whathaveyou, but let everyone know, WindowsNew is the only path forward. Let all the old code die off, yes it'll take years, like WinXP/7, but it will eventually die off. In the meantime, code from fresh.
          Yeah it'll never

      • by ebonum ( 830686 ) on Friday April 28, 2023 @03:09PM (#63483920)

        A good craftsman never blames his tools. I started out on two large (~5+million lines) C++ projects. If you know what you are doing, C++ can be used effectively (Ha-Ha Mr. Meyers). Didn't seem too hard back in the day. Good habits go a long way, and I had some awesome mentors. Likewise any programming language can be used to write hideous code (I haven't had reason to use Rust. Guess I need to find an excuse).

        Certain people have a way of clearly thinking about a problem and then turn out clean code. Just a few of these people working together can accomplish a lot.

        • by gweihir ( 88907 ) on Friday April 28, 2023 @03:47PM (#63483998)

          Certain people have a way of clearly thinking about a problem and then turn out clean code. Just a few of these people working together can accomplish a lot.

          I agree. I talked about this with a lot of students back when I was supervising a lot of thesis work during my PhD. It seems there really were only two cases when they had to use existing code: 1. Utter mess (90%) and 2. Clean code that you could use easily and that explained things. I fall in the 2nd class and I had several students tell me how clean and readable and usable my Perl (!) code was. You know, Perl, the "write only language". It is likely because I have pretty bad memory and write every piece of code with all assumptions and decisions documented and the cleanest interface I can do, so that I can read and understand it a year later. Apparently that makes it easy to use for other people as well.

          So, yes. Expecting a tool like a programming language to fix your mess is foolish. A programming language can stand in your way to some degree, especially when it offers features that are not nearly as good as advertised or does not let you do some things. But that is it. If you know what you are doing, you can write clean, maintainable and efficient (within the limits of the execution model) code in almost anything, be it C, C++, Perl, Python, Rust, Haskell, Erlang or even Java. You can also create the most awful unmaintainable mess in all languages. It really comes down to coder skill, experience and, yes, mindset. Most of what the Rust proponents like to promise is hence simply a lie, because these are things that a _language_ cannot fix. Shoddy thinking will be shoddy thinking in any language. Bad or missing documentation will be bad in any language. Broken logic will be broken in any language. In the OWASP Top10, for example, memory-safety places wayy down the list and even then shared with other issues. Other things are far more important, especially as memory safety issues are easy to find and easy to fix. Other issues are often neither.

      • by Locutus ( 9039 )
        hahaha, you thought that this announcement was about making Windows better. And yes, they did say lots of things in the press release about that being the goal but Microsoft really is more of a marketing company than anything else. As you point out, they are really just changing bugs and more likely implementing more bugs. But, this is all in the name of making Windows better so the sales pitch is that Microsoft is working to improve Windows so it's worth lots of money and on top of that they will be able
        • by gweihir ( 88907 )

          hahaha, you thought that this announcement was about making Windows better.

          Ah, no. I thought that was the narrative being pushed. And it is. It is obviously not what MS is trying to do as making Windows better would mean tossing the whole horrible mess and starting over. I am pretty sure quite a few people at MS know that.

  • by Junta ( 36770 ) on Friday April 28, 2023 @01:51PM (#63483734)

    unsafe {

    • I told someone here [slashdot.org] that writing Linux kernel modules in Rust will require the usage of "unsafe" keywords. They guy, who seems to be a Rust supported/coder, asked me on what was my argument based on. Well... here [rust-lang.org] it is:

      The following 3 paragraphs pretty much says it all:

      All the code we’ve discussed so far has had Rust’s memory safety guarantees enforced at compile time. However, Rust has a second language hidden inside it that doesn’t enforce these memory safety guarantees: it’s called unsafe Rust and works just like regular Rust, but gives us extra superpowers.

      Unsafe Rust exists because, by nature, static analysis is conservative. When the compiler tries to determine whether or not code upholds the guarantees, it’s better for it to reject some valid programs than to accept some invalid programs. Although the code might be okay, if the Rust compiler doesn’t have enough information to be confident, it will reject the code. In these cases, you can use unsafe code to tell the compiler, “Trust me, I know what I’m doing.” Be warned, however, that you use unsafe Rust at your own risk: if you use unsafe code incorrectly, problems can occur due to memory unsafety, such as null pointer dereferencing.

      Another reason Rust has an unsafe alter ego is that the underlying computer hardware is inherently unsafe. If Rust didn’t let you do unsafe operations, you couldn’t do certain tasks. Rust needs to allow you to do low-level systems programming, such as directly interacting with the operating system or even writing your own operating system. Working with low-level systems programming is one of the goals of the language. Let’s explore what we can do with unsafe Rust and how to do it.

      I like how they use the terms/sentences: "second language hidden inside", "it’s called unsafe Rust", "superpowers", “Trust me, I know what I’m doing.”, "use unsafe Rust at your own risk", "problems can occur due

    • and do not forget the last line...

      }
  • by serviscope_minor ( 664417 ) on Friday April 28, 2023 @01:53PM (#63483744) Journal

    Wondering if I'm going to be like the old farts who thought FORTRAN was for ever.

  • by TheWorstTakes ( 10347040 ) on Friday April 28, 2023 @01:57PM (#63483752)

    So now instead of a HANDLE for everything, we'll get a win32::Handle<win32::Result<win32::Option<win32::FnMut() -> u64>, _>>. I'll be honest, I really don't know which one I prefer.

  • The big Windows exploits I remember have been more about stupid decision making - having and SQL listener running by default; having a blank admin password; rewriting the TCP stack without apparently considering the old exploits the previous BSD stack had squashed over time, etc. etc.

    • How often is memory safety the issue though?

      The answer is right in the summary:

      these kinds of bugs were at the heart of about 70 percent of the CVE-listed security vulnerabilities patched by the Windows maker in its own products since 2006

      Sure, this won't fix the rest of the stupidity in Microsoft's products, but if they can fix a majority of it by rewriting certain modules in another language, that's better than just letting the old code remain in the wild and...rust.

    • by istartedi ( 132515 ) on Friday April 28, 2023 @02:54PM (#63483892) Journal

      You forgot an important one: "Hide file extensions for known file types" as a default.

      On new machines, I'd always get pissed off because extensions were part of my "muscle memory", so I'd have a few MyFile.txt.txt. files, and then I'd go "dammit!" and un-check that. The real problem was all the people that didn't think about and opened Temptation.txt.exe.

      It was like they socially engineered a huge chunk of their own users with that.

  • That "about 70 percent of the CVE-listed security vulnerabilities patched by the Windows maker" were "memory safety bugs" is NOT a problem with C++ (or any other language)... it's a problem with the programmers and the source code.

    If they don't "fix" the programmers bad habits, changing the language will not resolve the underlying problem, only add more issues.

    • p>If they don't "fix" the programmers bad habits, changing the language will not resolve the underlying problem, only add more issues.

      Honestly, having worked in C and Java, I don't miss memory management....similarly to how I don't miss driving a stick shift. Automatic works great for me. I am not a shittier driver just because I've forgotten how to use a clutch. It's a very specialized skill...just like memory management. Just because you make mistakes in memory management doesn't mean you're a garbage programmer. I see little overlap between memory management and designing good software. Lots of people write great stuff in Java,

    • Yeah, we've been trying this for 50 years.

      It doesn't work.

      Microsoft's hiring standards are amongst the toughest in the industry with corresponding highest salaries and even they couldn't "fix" the bad programmer habits.

      C++ smart pointers partially solved this issue. But 1) You have to use them and 2) references can actually create the same problems, in very tricky and non-obvious ways.

      • Refernces are not the same as smart pointers. And true, smart pointers don't selve everything. When the lifetime of the resource is complicated and can't be tied cleanly to lexical scopes then no amount of language support can safe you, not in rust either
    • by Dwedit ( 232252 )

      C++ has tons of nasty memory safety bugs.

      The worst one is that you must never create pointers to objects in a vector. Otherwise your pointer points to garbage data once the vector resizes.

      • If I called myself a programmer I'd be... well, not lying, but certainly overstating the case by orders of magnitude. I've done some low end stuff professionally.

        Enough that I feel comfortable asking: "If this problem is so well known, why hasn't it been fixed?" and "If this problem has been around so long, why isn't there a code checking tool that will flag it?". Maybe a third, "If we know it hasn't been fixed and the code checker exists, why aren't they using it or accepting its corrections?"

        It just se

      • I think the biggest problem with C++ is its semantics (which are very broad and complex) seem to do the least optimal or most unsafe thing by default. You'd swear the language was designed to make it easy to win underhanded coding contests.

      • Never programmed in C++, but this makes sense intuitively. Reallocating memory in C never guaranteed memory in the same location, so why would someone assume that a vector resize would return memory in the same location? I doubt Rust can guarantee it either, because how can it guarantee an unknown amount of data is contiguous after the original block? It seems Rust just limits the programmer within its paradigm, like training wheels on a bicycle. If some people need training wheels, sure, go ahead, but not
      • by theCoder ( 23772 )

        That is not quite correct. Having something like a std::vector<int*> is perfectly fine. That vector resizing will not change any of the pointer values or cause re-allocations, What you are probably referring to is something like std::vector<std::auto_ptr<int> >. Because of how auto_ptr works, resizing the vector will result in basically all your original items becoming de-allocated.

    • by at_slashdot ( 674436 ) on Friday April 28, 2023 @04:57PM (#63484098)

      You are working with the people you have not with ideal programmers that you don't have. That's almost like saying "there's no reason for safety belts, just have better drivers that don't crash". Besides, if there are tools that eliminate 70% of your problems, why not use them?

    • it's a problem with the programmers and the source code.

      Nope. Programmers are people. You can take the best C++ programmers in the world and throw them into situations where they work for a large company with a huge code base and they won't make anything any better. Linux is no better. Nor are audited highly secure open source libraries. The list of CVEs show one thing and one thing only: Perfect programmers don't exist.

      If they don't "fix" the programmers bad habits, changing the language will not resolve the underlying problem

      Changing languages definitely fix the problems that a specific language causes. You're assuming that the underlying problem is that everyone is

      • Quote: " You're assuming that the underlying problem is that everyone is an idiot and purposefully writing unsafe code rather than the actual reality"

        Nope, YOU are the one assuming THAT.

        We're talking about WINDOWS OS, and I'm not assuming anything, I'm quite CONFIDENT with my statement. You can only see how many bits of outdated code is present just by moving around system config, core apps, and DLLs.

        So, yeah, I KNOW the source code is a hell of "hack-and-slash" which is BAD HABIT of WINDOWS programmers.

    • I know you don't know any top tier programmers because you seem to believe top tier programmers are not capable of making mistakes that are easily caught in langues that have good static analysis. (Or static analysis was used in your c/c++ environment and therefore I hope you were against that because ... Good programmers shouldn't need it right?)

    • Blaming programmers for being careless, is like blaming factory workers in the early 1900s for carelessness when they lost hands or arms in the dangerous factory machinery. You could blame those factory workers for their "bad habits" but that doesn't give them their arm back. Today's factories require a lot more safety mechanisms to be built into their equipment, and as a result, a lot fewer people are hurt.

      Code is no different. Why would we want to keep using antiquated, dangerous tools to build code that

  • You dont have memory safety in the core as it has to be able to access any system memory in order to work so I dont see how Rust will help. Sounds like a case of the new shiny shiny has won out over common sense with some gen z devs there.

    • Ring 0 is always going to have to have unfettered access to the system, and it's also where you want to gain the most efficiency. A lot of that is going to be written in assembly and C/C++, and that's probably never going to change. But, providing you don't have a fundamentally broken driver model (ha ha), other parts of the kernel and the core libraries probably could benefit from a memory safe language. But how you do that with that a kernel with some fairly significant legacy architecture choices is hard

      • by rgmoore ( 133276 )

        Honestly, I don't know why MS just doesn't write a new damned kernel, and use Wine or something similar to translate the system calls.

        Because they'd wind up making the same mistakes over again. A huge reason the code is so nasty in the first place is because they've been catching and fixing bugs, and many of those fixes result in the code being weird and non-obvious. If you throw that out and start over from scratch, you lose all those fixes, and the same mistakes creep back in. Not all of them, of cours

Never test for an error condition you don't know how to handle. -- Steinbach

Working...