I was working at MS at the time and actually had access to the source code (my project involved devdiv). I don't remember the exact details, but I opted for not adding any of my "private" knowledge to the post.
I agree with you that I prefer looking at optimized assembly with symbols rather than following code through files (which are usually filled with #ifdefs and macros).
As someone in an unsexy safety critical environment, I would really love to work with a popular language that has a critical mass behind it, like in the case of the Rust community.
I would really like to hear your insights about the pros and cons of Ada 2012 and for even more critical contexts SPARK (The Ada subset not the Java framework).
Also from your experience do you have any insights on were would Rust outshine Ada?
Thanks for the article. I know you mentioned at the end of the article that there will be a future article with more details about your recommendation to use Rust. Can you expand on your reasons for this a bit?
Great work.
Only one improvement I would like to see 1) Switch the web design away from javascript (at least for loading) or, 2) Implement some command line interface in cargo for searching crates and displaying it's description.
> "privileged userland process" is a circular way of saying administrator. They claim administrator is "ring 3" or "admin ring 3" which is super-confusing...
It doesn't seem a circular description but the full technical one, at least from a processor privilege point of view.
And I find it pretty amazing, they are invalidating the whole purpose of the UEFI without needing to execute ring0 code.
To quote Wikipedia[0] ("Architecture of Windows NT"):
> While the x86 architecture supports four different privilege levels (numbered 0 to 3), only the two extreme privilege levels are used. Usermode programs are run with CPL 3, and the kernel runs with CPL 0. These two levels are often referred to as "ring 3" and "ring 0", respectively. Such a design decision had been done to achieve code portability to RISC platforms that only support two privilege levels, though this breaks compatibility with OS/2 applications that contain I/O privilege segments that attempt to directly access hardware.
Except MS has implemented software-based permission groups, which the person you're replying to pointed out. This really low level x86 stuff doesn't mean you can't have more granularity.
Windows has system, high, medium, low, and untrusted security levels that get mapped to security groups. A local admin is high, but not system, etc.
Indeed, but it isn't a "ring." A protection ring has a specific meaning and that meaning IS about "low level [CPU] stuff." For example the CPU can be made to support more than two rings, Windows NT and UNIX just only utilise two of them and then build software protections on top (OS/2 supported 3).
I agree with you that I prefer looking at optimized assembly with symbols rather than following code through files (which are usually filled with #ifdefs and macros).