Overanalyzed

On Applications, OSes, and VMs

March 18, 2009 at 6:31 pm | In Technology | No Comments
by Chris Davenport

I’ve lately begun to realize that when a common problem shows up, it’s often the symptom of something else. Such as when customers complain about the amount of rBGH in their food, manufacturers can decide to avoid it, not avoid it, or, and more intelligently, create two products and sell to everyone.

Writing about how my less savvy family members are terrified of anyone touching their computer, for fear of damaging the stuff they use, I got thinking about the problem that their issues are showing exists. Because applications do have that problem.

One solution I often see are VMs, but the solution is less interesting than the reason. Why are VMs better than applications? Separate OSes can’t interfere with each other the way separate applications can. But really they have the same requirements. Independent hardware interfaces, protected memory, protected processor time, so why aren’t applications exactly as rock-solid as a VM is? So far the only answer I can come up with is the OS sucks. Sucks because it allows applications to indirectly destabilize each other through it’s interactions with the app.

From a windows perspective, some of that is solvable, some is not. Windows has grown to the point where separate users are handled reasonably well, though not yet perfectly, such that it’s almost impossible for one non-admin user to break something in a different non-admin user’s session.

It does that by keeping a separate registry for each user. (mostly). It doesn’t do that for applications though, so if I change network settings in Yahoo, and it decides to be [un]helpful and propagate those to the IE/Windows (integrated) registry key, it could potentially break IE or any other app that uses those settings. Though not without UAC confirmation now.

Fair time to the Linux side (fair isn’t fair, interesting. But offtopic).. Linux handles multiple users very well, even allows CPU runtime quotas, and it’s virtually impossible for one app to take out another, even indirectly through syscalls. Might be able to do something with IOCTLs, or otherwise cause IO bottlenecking that slows the whole system, but I’m not sure exactly how. Linux is also pretty good about service accounts, where the vanilla kernel does almost nothing on its own, used to be that you needed a service running just to ping it, though that’s a kernel module now.

The various fans generally tell me that windows is just as capable in that regard, and I have no doubt the windows kernel is.

I’m pretty sure granddad is admin of his box. He doesn’t log in. I think if I changed the autologin username to a non-administrative user, he’d just call me up and complain that he couldn’t install some software he bought, and the local pc repair place would simply reformat his machine with blank admin windows, business-pirated. They all seem to do that now.

What’s at question here is the application framework, even if granddad weren’t admin, and could install an app that is totally contained within his specific windows environment, one evyl (www.stopbadware.org) install later and he’s still got 15 IE plugins he can’t get rid of.

Android, that little Linux/Java OS Google wrote on the G1 phone, runs each application as a separate user. as it’s own user. Apps are incapable of interacting with each other, unless they specifically decide to keep things in common locations.. Like the SDCard where all your “good data” is stored is visible to all apps, and there have been a few already that brokenly delete all SDCard contents….. music/photos/all non-phonebook user data. Oops.

It makes IPC tough, but not impossible. Google’s got a few special mechanisms in place, particularly for starting/stopping other apps or invoking them dialog-box style.

But I digress. My point was the OS doesn’t seem to be doing its job, applications should be as isolated from each other as users are, even so far as having their own copy of system-wide configurations, like the registry, with administrative-oversight propagation to other apps or the whole system.

Some of that dependency is inevitable. If you update a video driver, it’s necessarily going to affect everything that uses video. That’s even true for a VM, to some extent. Video in a VM is still pretty crappy though, I don’t think you can use OpenGL/D3D in a VM, though I see no reason why it couldn’t.