Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

WebKit2 API Layer Brings Split-Process Model

Soulskill posted more than 4 years ago | from the empire-strikes-back dept.

Software 95

99BottlesOfBeerInMyF writes "Anders Carlsson and Sam Weinig over at Apple just announced WebKit2, a rework of the WebKit engine that powers Chrome and Safari. This new version of WebKit incorporates the same style of split-process model that provides stability in Chrome, but built directly into the framework so all browsers based upon WebKit will be able to gain the same level of sandboxing and stability. AppleInsider has a writeup, and the team has provided 'high level documentation' as well. Both Palm and the Epiphany team are going to be happy about this."

cancel ×

95 comments

Sorry! There are no comments related to the filter you selected.

Yay! Sandboxes! (1)

WrongSizeGlass (838941) | more than 4 years ago | (#31795764)

Each tab in its own 'sandbox' makes things more stable and more secure, which may give any browser built on it similar security as Chrome. Next year Safari & Mobile Safari may last an extra few hours in the 'hack-a-thon'.

Re:Yay! Sandboxes! (1, Funny)

Anonymous Coward | more than 4 years ago | (#31795778)

I went on a safari once and there was really a lot more driving and picture taking than hacking and bushwhacking.

Re:Yay! Sandboxes! (2, Funny)

ls671 (1122017) | more than 4 years ago | (#31795948)

Well, my own custom browser that I designed and that I use uses a VM (I chose VMware) for every tab, I find it even more secure that way ;-))

Re:Yay! Sandboxes! (2, Interesting)

rawler (1005089) | more than 4 years ago | (#31796024)

Still, whenever a Tab hangs in my Chromium, usually most, or all other tab dies as well, occasionally entire chromium.

Re:Yay! Sandboxes! (1)

Anonymous Coward | more than 4 years ago | (#31796056)

Since it took me a few passes to parse this post, here's a courtesy translation to English:

Still, whenever a tab hangs in my Chromium, most, or all, other tabs usually die as well. Occasionally, it causes Chromium to crash in its entirety.

Re:Yay! Sandboxes! (1, Interesting)

Anonymous Coward | more than 4 years ago | (#31797700)

Do people just make shit up about Chrome? I don't get it. A month ago one person claimed on Slashdot that Chrome caused DNS failure, another that it pegged the CPU when downloading. Both got modded Informative. Both were proven wrong, as was immediately obvious to anyone who has used Chrome.

So now you claim that tab process load freezes Chrome (and its subprocesses). I haven't heard of it. I haven't experienced it, after being forced to close unresponding Chrome tabs 30-40 times. Not on my ancient single-core PC, nor my multi-core gaming system. I don't have *any* plugins except Flash installed, and only 1 extension (FlashBlock). Are you absolutely sure it's not Flash/PDF/[Silver/Moon]light plugins that are freezing Chrome?

Re:Yay! Sandboxes! (2, Insightful)

gaggle (206502) | more than 4 years ago | (#31798966)

Are you absolutely sure it's not Flash/PDF/[Silver/Moon]light plugins that are freezing Chrome?

Wait, hang on, what's the difference in a plugin freezing Chrome and the problem described by GP? He says a tab can hang and then sometimes all the other tabs die too, to the end user who cares if it's technically caused by a plugin or not?

Re:Yay! Sandboxes! (0)

Anonymous Coward | more than 4 years ago | (#31799084)

And for that matter, isn't that exactly what the separation of tabs/plugins processes is designed to prevent anyway?

Regardless of whether its core chrome, or a plugin, the whole point of the separation is to prevent failure of one component taking down the whole browser, which still occurs. Not too often, but every once in a while I get a v8 crash, with every tab being replaced by the 'aw...snap' page, and have to restart chrome entirely to rectify it. I assume its v8, since it typically happens when I'm developing and constantly reloading JS scripts. Usually the scripts work fine after the restart, without further changes, so I'd imagine v8 just gets into some erroneous state.

I can verify that I have witnessed the same thing plenty of times, although I still prefer chrome to any other browser I have used, as generally I find it fast, reliable, and unobtrusive. It basically stays out of my way, doing exactly what I ask and no more.

Re:Yay! Sandboxes! (3, Informative)

Bake (2609) | more than 4 years ago | (#31799058)

I actually have seen something similar since I started to use Chrome. It usually happens when I fire up many tabs from one tab (in my case it happens when I open what I deem fit for further reading from my Google Reader, which can reach up to 30-40 tabs). What appears to happen is that the tabs opened from another tab share the same tab process as the parent tab.

Under other circumstances this might not be a problem, but given the nature of Google Reader when you're scrolling through your unread items list (i.e. it "appends" newer and newer RSS items to the bottom of the list frame itself) it starts to take up a fair amount of ram that isn't freed up when you reload the originating tab (all in the name of caching no doubt).

This has happened less often now that I have Flashblock installed, but still happens occasionally. It also helps that I now open fewer tabs from the Google Reader tab and simply close and reopen it when I'm done reading the tabs that I opened from within the GR tab. This kills the ram eating process and starts a new one.

Re:Yay! Sandboxes! (0)

Anonymous Coward | more than 4 years ago | (#31852262)

Note that Chromium supports several process models [chromium.org] . You might try experimenting with others, along with monitoring how your tabs are divided with its Task Manager, to help figure out what's going wrong for you.

Re:Yay! Sandboxes! (2, Insightful)

martin-boundary (547041) | more than 4 years ago | (#31796840)

It's still a bad way of reinventing the Unix philosophy. There should be one process per webpage, with a caching demon handling common images and resources. Maybe a separate app to combine web pages into a tab collection, for those whose window manager is not powerful enough.

IMHO of course :)

Re:Yay! Sandboxes! (1)

ultranova (717540) | more than 4 years ago | (#31802050)

There should be one process per webpage, with a caching demon handling common images and resources.

There should be one network IO, one HTML (and image and whatever) parser, one script VM, one rendering and one UI response thread per page. I'm sick and tired of Firefox locking up regularly when browsing the net, even on a 4-core machine. Parallelize everything that can be parallelized, and never ever block or run a heavy computing operation with a lock held.

Javascript should not be able to stop the browser from responding to clicks, even if it enters an eternal loop. This is also a performance matter: if you can guarantee that Javascript never blocks the browser, and a hung script can be killed by other threads, you can JIT compile it without having to insert breakpoints at every iteration of every loop. You can just let pre-emptive multitasking worry about killing it when necessary.

Why is this tagged 'Apple'? (0)

Anonymous Coward | more than 4 years ago | (#31795784)

Like so many things, Webkit isn't an Apple innovation!

Reference example [blameitonthevoices.com] .

Re:Why is this tagged 'Apple'? (0)

Anonymous Coward | more than 4 years ago | (#31795822)

I have a suspicion it's because of the first half of the first sentence of the summary:

Anders Carlsson and Sam Weinig over at Apple just announced WebKit2

Re:Why is this tagged 'Apple'? (4, Informative)

UnknowingFool (672806) | more than 4 years ago | (#31795922)

Like so many things, Webkit isn't an Apple innovation!

Don't let facts and history [wikipedia.org] get in the way of your bias. Webkit was forked from KHTML by Apple in 2002 and named it Webkit. For a while KHTML developers backported Apple's features independently but have since worked closely with Apple incorporating Webkit features into KHTML. Apple released Webkit as open source in 2005. They are still active in maintaining and developing it. Specifically, some developers at Apple did the development and announced the changes on a dev forum:

This is a heads-up that we will shortly start landing patches for a new WebKit framework that we at Apple have been working on for a while.

Re:Why is this tagged 'Apple'? (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31796036)

Like GP said, WebKit is basically just the work of the KHTML devs. Apple leeched off of their work.

Re:Why is this tagged 'Apple'? (4, Informative)

TheRaven64 (641858) | more than 4 years ago | (#31796152)

Did you ever use KHTML? It did a tiny fraction of what WebKit does, and most of the recent stuff (JavaScript implementation, all of the HTML5 support much of the CSS support) is from Apple. It's basically just the work of the KHTML devs in the same way that FreeBSD is basically just the work of those guys at UCB in the '80s.

Re:Why is this tagged 'Apple'? (0)

andersa (687550) | more than 4 years ago | (#31798204)

When you say JavaScript implementation, you mean a replacement engine for the standard one in KHTML, right? KHTML had javascript and it was working fine before Apple started ripping it apart. Same goes for CSS. HTML5 was still just being talked about when they did the fork, so obviously couldn't have been implemented at the time.

Re:Why is this tagged 'Apple'? (2, Informative)

beelsebob (529313) | more than 4 years ago | (#31798468)

When he says JavaScript engine, he means that Apple wrote the entire javascript engine in WebKit. It happens that KHTML had a javascript engine that was much slower, much less stable, and much less supporting of modern javascript, but that doesn't change the fact that apple wrote *all* of WebKit's Javascript support as it stands. They also wrote most of it's CSS support, and most of it's HTML support (even for older standards).

To suggest that WebKit as it currently stands is the work of the KHTML devs is a bit of an enormous stretch, and probably falls into the rabid anti-apple fanboisim category. Try using a KHTML (from when apple grabbed it) browser, and a WebKit one, and then consider how much work apple have done.

Re:Why is this tagged 'Apple'? (2, Informative)

jo_ham (604554) | more than 4 years ago | (#31798486)

Yes, they rolled their own Javascript engine for Safari 4, but based on the original engine with large improvements in speed. This is Nitro (or SquirrelFish, or SFX, or whatever it is being called right now).

They also did *massive* work on the CSS core to enable Safari (and Webkit itself) to pass Acid 2. So "working fine" before Apple "ripped it apart" to make it more standards compliant.

Apple have done a great deal of work on Webkit, not to diminish any of the work done by people on KHTML before that, but any charge that Apple haven't done much, or just rebadged it and called it done, or have negatively affected KHTML or Webkit is just a non starter.

Re:Why is this tagged 'Apple'? (5, Insightful)

pslam (97660) | more than 4 years ago | (#31796158)

Like GP said, WebKit is basically just the work of the KHTML devs. Apple leeched off of their work.

If by 'leeched' you mean they took an existing open project, modified and extended it, then released that work for free. I guess if you redefine leech then yes they leeched it.

Re:Why is this tagged 'Apple'? (1)

Lemming Mark (849014) | more than 4 years ago | (#31798800)

Though since rather addressed, there were grumbles early on that Apple weren't running the project in a co-operative way - they were abiding by the letter but not the spirit of the open source licensing. It's their right to do this but it used to upset people when Apple got credit for "contributing" when they were doing the bare minimum. But I think they reformed the WebKit project a lot and they're working rather in the open now, so I'm not sure that (generally) so much of this historical attitude remains at large.

Re:Why is this tagged 'Apple'? (1)

jo_ham (604554) | more than 4 years ago | (#31800400)

They released big chunks of changes at once, especially in the early days, since they had been working on the fork for about a year before they made it public. They switched to a CVS model that made it easier, but there were also grumblings that some of the changes made it less KHTML-like (but that did help to make it more portable).

They also (not immediately) released the other parts of the engine that they wrote from scratch under a BSD licence to go with the GPL components.

Re:Why is this tagged 'Apple'? (1)

cheesybagel (670288) | more than 4 years ago | (#31799132)

They couldn't have done otherwise. KHTML was licensed under the LGPL.

Re:Why is this tagged 'Apple'? (1)

jo_ham (604554) | more than 4 years ago | (#31800364)

Yes, clearly, but I think the original assertion by the troll was that Apple took KHTML, changed the name to WebKit and put it in a browser and called it done and they they haven't done or contributed anything and that every new development is a KHTML-crafted change.

They also open sourced the other parts of Webkit that they wrote (under a BSD-style licence) to go with the GPL licensed bits.

Re:Why is this tagged 'Apple'? (0)

Anonymous Coward | more than 4 years ago | (#31796364)

Unless you can provide an example where Apple didn't comply with the KHTML license you're full of crap.

There's no such thing as "leeching" from an open source project.

If the KHTML team didn't like what Apple did they should use a better license.

Re:Why is this tagged 'Apple'? (1)

yabos (719499) | more than 4 years ago | (#31796990)

If the KHTML devs don't want someone using their code then why did they license it the way they did? Why do people complain about companies using open source code and then making it better?

Re:Why is this tagged 'Apple'? (0)

Anonymous Coward | more than 4 years ago | (#31797470)

Like GP said, WebKit is basically just the work of the KHTML devs. Apple leeched off of their work.

I contributed a patch to OpenOffice.org and they accepted it. Motherfuckers leeched off of my work.

Re:Why is this tagged 'Apple'? (2, Informative)

bonch (38532) | more than 4 years ago | (#31796162)

While WebKit began from KHTML, since 2002, it's definitely been an Apple-driven innovation, and they contribute most to its existence.

Re:Why is this tagged 'Apple'? (0)

Anonymous Coward | more than 4 years ago | (#31797982)

Yup. A while back, there was some friction between the KHTML team and Apple, because Apple's changes to KHTML were incompatible with what KHTML wanted (there was some minor whining about not having CVS access or something too). But Apple's changes made Webkit much more generic -- it no longer needed to rely on the KDE libraries. And they made Webkit much more flexible. Despite some pains, the KHTML guys basically decided to ditch their fork and work with Webkit instead. It really is better. Konqueror is scheduled to switch to Webkit (if it hasn't already -- I haven't kept up in a while, though I know there was a bleeding edge Konq with Webkit with KDE 4's introduction)

I'm going to predict the future. (0, Troll)

Anonymous Coward | more than 4 years ago | (#31795846)

The next "big thing" will be some dipshit who writes an HTML rendering engine using nothing but JavaScript and HTML5 canvas. Just because this is how the Web community does things, that JavaScript/HTML5/canvas browser will in turn get a new scripting language that's even shittier than JavaScript is. Then somebody will come along and implement a web browser using that new shitty scripting language, running inside the web browser that runs inside a web browser. Soon it'll be hyped even more than Ruby on Rails, AJAX and Cloud Computing were. Managers around the world will force their developers to rewrite all of their web sites and web apps to target this new shitty scripting language and browser.

Re:I'm going to predict the future. (1)

Josh04 (1596071) | more than 4 years ago | (#31795902)

We already have it, it's called 'Facebook'.

Re:I'm going to predict the future. (2, Insightful)

SanityInAnarchy (655584) | more than 4 years ago | (#31796052)

The next "big thing" will be some dipshit who writes an HTML rendering engine using nothing but JavaScript and HTML5 canvas.

Nope, canvas clearly isn't the right choice. If some dipshit were to seriously consider this, they'd use OpenGL.

Just because this is how the Web community does things, that JavaScript/HTML5/canvas browser will in turn get a new scripting language that's even shittier than JavaScript is.

First: Where's your evidence that this is how the Web community does things? I honestly can't remember the last time I wrote a scripting language within a scripting language in anything at all related to web development.

Second: What, exactly, is shitty about JavaScript? Most people who think JavaScript is shitty don't understand it. It's actually a very nice language, albeit with a few ugly quirks.

Soon it'll be hyped even more than Ruby on Rails, AJAX and Cloud Computing were.

Nope, because as much as you'd like to believe otherwise, each of those things actually has something of value to contribute to the world. You may not like Rails, but it did remind everyone that MVC is a Good Idea, and new Web frameworks generally include at least that concept. AJAX allows applications to run in the browser -- again, like it or not, that's something which has value. Cloud computing, in either sense -- whether you're talking about web apps keeping your data, or utility computing -- again have something to contribute.

What does your hypothetical browser contribute? It does the exact same thing as everything we have, only slower and shittier. (And before you claim that this is how web apps work, how, exactly, could I safely run an application without installing it before now? Again, it actually has some positive points, whether or not they're things you want -- your idea has none.)

Managers around the world will force their developers to rewrite all of their web sites and web apps to target this new shitty scripting language and browser.

I don't know any managers who have suggested something so stupid with the current generation.

Re:I'm going to predict the future. (1)

ciroknight (601098) | more than 4 years ago | (#31796804)

Well first of all, since it makes no sense for me to reiterate them here: wtfjs [wtfjs.com]

Secondly, Prototype-based OO is quite ugly. Sure, it's workable, and you can argue that it's the more pure way to do OO as it emphasizes object orientation and encapsulates better, however, any way you try to sugar coat it, Javascript makes it a lot uglier than it needs to be.

Thirdly, the fact that it's a defacto standardized language, a lot like the web itself was defacto'd into existence rather than people trying to follow standards (which came later), each implementation is different enough that what will work in one does not necessarily work in another. While this is a lot better today than it used to be, there are still places where this is really rough.

Still, you can point out flaws and inconsistencies in any language, but the web-related technologies tend to be a lot more, well let's call them "special" (just to make them feel better).

Re:I'm going to predict the future. (2, Informative)

SanityInAnarchy (655584) | more than 4 years ago | (#31798406)

wtfjs [wtfjs.com]

Top post on that is a remark about how things behave weirdly when you redefine certain methods. That's true of other languages I like -- any language that supports operator overloading can create some really weird shit.

The more important question is why you would ever do that? Don't abuse the language, and it won't abuse you.

Next one is about numbers close to infinity. When would I ever see this?

And there is one that's an IE-specific bug. That's an IE bug, not a Javascript bug.

Again, these are interesting warts, but why would I care?

Secondly, Prototype-based OO is quite ugly. Sure, it's workable, and you can argue that it's the more pure way to do OO...

I can and do. I actually like it, because it's simpler, and I think it's far easier and cleaner to build a class-based system on top of prototype-based than the other way around.

any way you try to sugar coat it, Javascript makes it a lot uglier than it needs to be.

I don't think so. There are a few patterns in particular which work very well in Javascript, even elegantly. I certainly agree that it has room for improvement, but the fact that it's prototype-based is the last place I would look.

Thirdly, the fact that it's a defacto standardized language, a lot like the web itself was defacto'd into existence rather than people trying to follow standards (which came later), each implementation is different enough that what will work in one does not necessarily work in another.

There is, however, an official standard now. The differences seem to be largely at the API level, and that's something which can be handled in libraries.

Still, you can point out flaws and inconsistencies in any language, but the web-related technologies tend to be a lot more, well let's call them "special" (just to make them feel better).

Could be. I still don't think it justifies the "even shittier" comment. It's not hard to find many examples of languages shittier than JavaScript -- I'd start with, oh, Java.

Re:I'm going to predict the future. (1)

xero314 (722674) | more than 4 years ago | (#31798520)

You were really onto something until you said:

think it's far easier and cleaner to build a class-based system on top of prototype-based

You really can't say things like that and then expect people to take you serious when you say "Don't abuse the language." Creating a classical framework on top of a prototypical language is clearly abusing the language. And I don't mean abusing as is "trying to get it to do something it was not originally designed for," I mean abusing as in "what goes on in prison when then guards are not looking." And this coming from someone that wrote one of the earlier classical frameworks for JS, before I realized that prototypical inheritance is, in my opinion, far superior.

Also you don't look like much of an advocate for a language when you refer to other languages ( specifically the number one... err... number two language in the world) as "shittier."

Palm? Epiphany? (1)

sznupi (719324) | more than 4 years ago | (#31795854)

Wouldn't it be easier to just mention by far the most popular products falling into general categories instead of two quite obscure ones?

Like...Nokia (they ship Webkit browser with S60, half of smartphone market, since forever; plus lately with mainstream "featurephone" S40) and Safari. Users of those should be pleased too, you know...

Re:Palm? Epiphany? (1)

Quarters (18322) | more than 4 years ago | (#31797168)

I've never heard of a Nokia S60, but I recognize Palm. Obscurity is relative.

Electrolysis ETA? (1)

Elgonn (921934) | more than 4 years ago | (#31795860)

Is there an Electrolysis ETA for Firefox? I have a bad feeling that WebKit will get this out first. Firefox is sure getting slower and slower in tech advancement.

Re:Electrolysis ETA? (0)

Anonymous Coward | more than 4 years ago | (#31796072)

I think it's coming in phases. Isn't the next version of Firefox supposed to isolate plugins in their own processes? I believe that's one phase of the Electrolysis implementation.

Also, I believe Gecko is really hard to implement this in which is why Mozilla didn't do it before. They did consider it well in advance of Chrome but ultimately rejected the idea.

Re:Electrolysis ETA? (2, Informative)

TLLOTS (827806) | more than 4 years ago | (#31796302)

I think it's coming in phases. Isn't the next version of Firefox supposed to isolate plugins in their own processes?

It is indeed, in fact I'm writing this post on the beta version [mozilla.com] .

Wikipedia is for fucking bastards (-1, Flamebait)

Anonymous Coward | more than 4 years ago | (#31795888)

A fat bastard hipster faggot neckbeard loser called peter symmonds reverts all my edits and rangeblocks all my IPs.

Please do not use wikipedia. Also dferg is a cocksucker.

Re:Wikipedia is for fucking bastards (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31796112)

Hipsters aren't usually fat, nor 'neckbeards'. They're the ones you see on fixed-speed bicycles on their way between coffee bars, on in coffee bars, fiddling with their fucking iPhones.

fir5t (-1, Troll)

Anonymous Coward | more than 4 years ago | (#31795908)

long term survival has significantly of America (GNAA) 4ere, please 3o Is mired in an FUCKING USELESS want them there. FreeBSD showed

Re:fir5t (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#31795940)

Worst. Troll. Ever.

Turing Test (1, Funny)

Anonymous Coward | more than 4 years ago | (#31796498)

Wow.

This script has been around nearly as long as slashdot itself. Congratulations to the author, if he's even still around.

Is there a sandbox for sandbox? (1)

Pentium100 (1240090) | more than 4 years ago | (#31795920)

I mean if Firefox starts using this model, I'll have 100 firefox.exe processes in the task manager and I don't want that. So, is there a way to run all of those processes inside a one big process? Well, other than using a full VM...

Re:Is there a sandbox for sandbox? (2, Informative)

Anonymous Coward | more than 4 years ago | (#31795978)

Alternatively, you can use a better task manager such as Process Explorer which will group all processes in a nice hierarchical view:

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx [microsoft.com]

Re:Is there a sandbox for sandbox? (1)

CRiMSON (3495) | more than 4 years ago | (#31796030)

Way to miss the point of the question he asked....

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31797406)

Maybe you should look into Process Explorer as well.

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31797564)

Slashdot is giving guru meditation errors, let's see if I can post this anonymously:

The point of the question he asked was to not have 100 firefox.exe processes show up in task manager. The solution presented was an alternative task manager where all 100 processes are folded into one (expandable) entry. This addresses the concern as stated.

Honestly, I'm with you for the most part -- I don't like it when people's "how do I get Windows/OSX/Linux to do X" questions get a response of "use $OTHER_OS", for instance. But what's wrong with this answer?

Re:Is there a sandbox for sandbox? (1)

Pentium100 (1240090) | more than 4 years ago | (#31796266)

How do I make it appear when I press Ctrl+Alt+Del?

Re:Is there a sandbox for sandbox? (1)

EvanED (569694) | more than 4 years ago | (#31796296)

See here [cybernetnews.com] ; at least newer versions of Process Explorer have that feature built-in.

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31893934)

Options->Replace task manager

FF with out of process plugin beta available! (2, Informative)

Tumbleweed (3706) | more than 4 years ago | (#31796150)

https://developer.mozilla.org/devnews/index.php/2010/04/08/firefox-lorentz-beta-available-for-download-and-testing/ [mozilla.org]

'Lorentz' - a beta version combining FF 3.6.3 with the out of process plugin feature, became available yesterday. This shoves the plugins into their own process, which is where the vast majority of problems occur. Give it a shot and report them bugs!

Re:Is there a sandbox for sandbox? (4, Interesting)

TheRaven64 (641858) | more than 4 years ago | (#31796214)

So, is there a way to run all of those processes inside a one big process?

Not on most operating systems, no. This is a major flaw (I actually gave a talk about this and proposed a language extension that takes advantage of it a couple of weeks ago) in most modern systems. It's particularly embarrassing because several mainframe operating systems did support this idea back in the early '70s.

The browser should not be doing this, it should be the job of the OS. Operating systems have a much better track record of isolating processes from each other. A process should be able to create subprocesses that have a subset of the capabilities of the parent and can not interact with the system without going via the parent. The isolation could then be trivially enforced by the MMU, without requiring (slow, complex, buggy, insecure) software implementations.

Re:Is there a sandbox for sandbox? (2, Interesting)

c_forq (924234) | more than 4 years ago | (#31796658)

On the other hand I think Steve Jobs made a great point about this at the iPhone OS 4 event. If your end user has to use some sort of process management you have failed. The more I have thought about it the more I agree, only coders and debuggers should have to deal with process management. If I'm not working on the project I don't care about processes, and unless your program is screwing up my system I don't care about processes.

Re:Is there a sandbox for sandbox? (1)

Servaas (1050156) | more than 4 years ago | (#31796844)

unless your program is screwing up my system I don't care about processes.

So you would rather see your system hang then go to the process manager? And what if that option isn't available?

Re:Is there a sandbox for sandbox? (1)

poopdeville (841677) | more than 4 years ago | (#31798002)

Why would a system hang if a single process hangs? Unless it's an essential, system process, of course. That's rather the point. If an application hangs in OS X, I "force quit". That ought to be the exception.

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31798012)

I think the point is that the system should NOT hang in such a way as to require the user to fix it with a process manager. At least for the category of systems that try to behave as appliances...

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31798134)

You're assuming that the only solution to the problem is the obvious one that's been used in the past.

The reason the GP likes Steve's point about process management is because Apple's approach pushes the problem onto the developer and not the user. If the App "hangs", the OS kills it before the user even needs to think about going to the process manager. In a sense, the OS takes care of the process killing that the user would have to do anyway. Isn't that what computers are for?

Re:Is there a sandbox for sandbox? (2, Insightful)

beelsebob (529313) | more than 4 years ago | (#31798484)

"Unless your program is screwing up my system..."

In what way is a process hang *not* screwing up my system?

List of ways it's potentially screwing up my system:
- It's consuming CPU and not doing anything useful.
- It's consuming RAM and not doing anything useful.
- It's stopping me from doing actual work in it.

His point is that the only time the end user should see a process manager is if you fucked up... Admittedly programmers tend to fuck up an awful lot – this programming thing is *really* hard to get right, but the general point is right. A user shouldn't see the process manager unless a program has fucked up.

Re:Is there a sandbox for sandbox? (1)

c_forq (924234) | more than 4 years ago | (#31803186)

I think my point is a little beyond that. Unless I'm developing or debugging an application or OS I never want to see a process manager, even if you fucked up your code somewhere in your program. In my ideal world I wouldn't even have to force quit a program or process, my OS would do it for me. Just like how my drill will automatically slips if it hits too much resistance; or how my car will activate all wheel drive if a wheel slips, I want my computer to make my job easier.

Re:Is there a sandbox for sandbox? (1)

poopdeville (841677) | more than 4 years ago | (#31814206)

I think my point is a little beyond that. Unless I'm developing or debugging an application or OS I never want to see a process manager, even if you fucked up your code somewhere in your program. In my ideal world I wouldn't even have to force quit a program or process, my OS would do it for me.

Look up the "Halting Problem".

Re:Is there a sandbox for sandbox? (1)

TheRaven64 (641858) | more than 4 years ago | (#31799274)

Steve Jobs wasn't the first person to say this, by a good few decades. It was one of the design goals of EPOC, which later evolved into Symbian. Symbian does not differentiate between leaving and closing an app. Apps that are in a state where they can terminate without losing data are terminated automatically when the system is low on resources. OS X recently copied this, a couple of decades later.

I hold the same view on files. They're a terrible abstraction for users, who care about things like documents, albums, and so on, not about untyped-streams-of-bytes. There is, however, a massive difference between exposing something to developers and exposing something to users. Nested processes are a very simple and convenient abstraction for programmers, as are files. They can both be used to build things that are useful to users, without exposing them directly. A database like PostgreSQL, for example, uses files but never presents this abstraction to users. They see databases, tables, and rows. Only the administrator needs to know how these map to files (and often even he doesn't.

Re:Is there a sandbox for sandbox? (1)

PenguSven (988769) | more than 4 years ago | (#31808602)

Symbian does not differentiate between leaving and closing an app.

Except, when it does. There is a big fucking button in the corner of my Symbian SE smartphone. It gives you two things - a program "switcher" and a task manager. This is necessary, as so far only two of the Apps I've ever had on the damn thing (the built in picture viewer and music player) actually close on their own. The rest all have to be killed via the Task Manager. The task manager is however, about as useful as a shit in a paper bag. If an app hangs, you're fucked. You have to restart the phone. This happens a lot recently, when using the browser - Opera. All of a sudden the page won't scroll and the UI is unresponsive, except for the fucking Task Manager button. Great I have the task manager open. So in theory I should be able to swtich to an App that isn't hung, or just kill the one that is. Nope. Can't do either. Can't even turn the phone off properly. Pressing the power button gives me the prompt to turn off or go to flight mode, but the buttons don't do fucking anything. I have to either hold the power button down, or take the fucking battery out.

Apps that are in a state where they can terminate without losing data are terminated automatically when the system is low on resources.

Except, when they aren't. I've had my phone restart on its own, even in the middle of a fucking phone call, and when it comes back on it gives me a cheery "Your phone has restarted to improve performance" message.

Re:Is there a sandbox for sandbox? (1)

buchner.johannes (1139593) | more than 4 years ago | (#31798162)

processes inside one big process? Uhm, threads?

Re:Is there a sandbox for sandbox? (1, Informative)

Anonymous Coward | more than 4 years ago | (#31798294)

Except that threads share memory and processes don't. That's the main reason for Chrome's process boundary to ensure that different parts of the browser (tabs, plugins) don't correct each other. A VM can enforce this on the code, but the browsers are compiled. So basically he wants threads without shared memory in C/C++.

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31798592)

memory protection

Re:Is there a sandbox for sandbox? (1)

TheRaven64 (641858) | more than 4 years ago | (#31799314)

Threads have several differences with nested processes. Firstly, threads all exist inside the same address space. This means that they can alter each other's state without any kind of mediation. There is no isolation between threads. (Most) operating systems do not maintain per-thread page tables, so you can't make a region of memory read-only to one thread without making it read-only to all threads in a process.

Secondly, they can make system calls directly, rather than having to go via the parent process. In a system with nested processes, each system call would be mediated by the parent process. If a plugin wants to access the file system, for example, the tab would have to agree, and then would forward the call to the browser, which would then forward the call to the OS. Each nested process could only do things that the parent permitted and the top-level parent could only do things that the OS permitted. Nested processes could use the same address space, but different protection regimes. Each process might have its own page tables, with the same virtual-to-physical mapping but different permissions, so you could pass pointers between them, but could only dereference pointers when a process had been granted permission to do so by the parent.

Thirdly, threads are not a recursive abstraction. A process can contain threads, but a thread can not. You can spawn threads from a thread, but they reside inside the process. If thread 1 spawns threads 2 and 3, and thread 3 spawns thread 4, there is no isolation between thread 1 and 4.

For an object-oriented programming abstraction for using this idea, see Object Planes [swan.ac.uk]

Re:Is there a sandbox for sandbox? (1)

ultranova (717540) | more than 4 years ago | (#31802446)

Each nested process could only do things that the parent permitted and the top-level parent could only do things that the OS permitted.

Would there be a real separation between userspace and OS in this kind of system? Seems to me that you've described a microkernel system, where interprocess communication is handled through unnamed pipes.

Re:Is there a sandbox for sandbox? (1)

TheRaven64 (641858) | more than 4 years ago | (#31802700)

Would there be a real separation between userspace and OS in this kind of system?

Yes, absolutely. You're still stuck with the constraints of the hardware. You only have two modes for most modern CPUs. The kernel runs in protected mode, and other things run in unprotected mode. Some code would be permitted by the kernel to make system calls. Other code would have to use something like a call gate to request that another program calls the kernel on its behalf. You'd probably implement the call from a process to its parent as a system call, although with call gates on x86 or PALcode on Alpha you could permit it directly.

Of course, in such a system it would be very easy to implement things like OS personalities which presented the appearance of another kind of OS. The point is that objects, groups of objects, processes, and VMs are all special cases of the same general abstraction. By supporting the general case properly at the lowest level, you make implementing all of the special cases very easy.

Re:Is there a sandbox for sandbox? (1)

ultranova (717540) | more than 4 years ago | (#31806360)

Yes, absolutely. You're still stuck with the constraints of the hardware. You only have two modes for most modern CPUs. The kernel runs in protected mode, and other things run in unprotected mode. Some code would be permitted by the kernel to make system calls. Other code would have to use something like a call gate to request that another program calls the kernel on its behalf.

Um, what? I presume you meant Ring 0 with protected mode, and Ring 1 with unprotected. But that has very little to do with anything: the only things which need Ring 0 access are device drivers, and even there only the part that actually communicates with the device. Most things, like filesystem drivers, could be run without these privileges; and even things like graphic drivers could run without them, and use some kind of common PCIe driver to actually communicate with their device.

System call is a call made from userspace program to kernel. I think you meant direct hardware access by that.

The point is that objects, groups of objects, processes, and VMs are all special cases of the same general abstraction. By supporting the general case properly at the lowest level, you make implementing all of the special cases very easy.

True.

Re:Is there a sandbox for sandbox? (1)

ploxiln (1114367) | more than 4 years ago | (#31836478)

uh... are you referring to threads? I mean, when you say the MMU could trivially enforce something... in all modern operating systems, the MMU already forces complete separation of all processes, and any interaction between them is through system calls to the kernel (or shared memory, which is set up by system calls...).

My point is, one way or the other, the OS has to decide what processes are allowed to make what system calls (with what arguments). Operating systems already have mechanisms that allow parent processes to drop some privileges for their child processes.

I would agree, however, that these mechanisms could probably be improved, expecially with regards to dropping some privileges for some threads, which might be impractical because those threads can always mess with the memory of more privileged threads...

Re:Is there a sandbox for sandbox? (1)

amorsen (7485) | more than 4 years ago | (#31796774)

So noone should not take advantage of basic multitasking because Task Manager is broken? Right...

A properly written task manager should have no problems showing process groups as, well, process groups.

Re:Is there a sandbox for sandbox? (1)

Pentium100 (1240090) | more than 4 years ago | (#31796988)

Doesn't creating a new process use more memory than a thread?

I mean, there has to be a reason why chrome uses so much memory...

I think the "tab=process" thing should be an option.

Re:Is there a sandbox for sandbox? (1)

Endymion (12816) | more than 4 years ago | (#31797390)

It only uses more memory if your OS is decades out of date and doesn't support copy-on-write for all memory pages after the fork(). The fact that windows sometimes falls into this category is a problem for MS, not Firefox...

Re:Is there a sandbox for sandbox? (1)

Pentium100 (1240090) | more than 4 years ago | (#31797464)

Of course, since the OS must fit around the browser, not the other way around, right?

Ok if it's just firefox, but what if two different programs that I use start demanding different OSs?

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31797628)

The answer is a lot more complicated than a simple "yes" or "no", and basically, that's the wrong reason to turn off the feature.

Incidentally, neither IE nor Chrome literally do tab = process. Each of them have one overarching process, and then a number of render or tab processes = the number of tabs, according to memory usage. Also, I'm not sure about Chrome, but IE actually does give you the option and even lets you tweak the algorithm (http://blogs.msdn.com/askie/archive/2009/03/09/opening-a-new-tab-may-launch-a-new-process-with-internet-explorer-8-0.aspx).

I don't think whether a tab is a process should be an option at all though, any more than whether a tab is in its own thread or part of a single-threaded mess, or whether object lifetimes use smart pointers or RAII semantics or garbage collection, or they use exception handling or error code return values.

It's an internal implementation detail. Especially in firefox where if you want to change it, you really *should* be good enough to change the source code yourself, because if you can't then you don't know what you're doing and you'll almost certainly make things worse.

Re:Is there a sandbox for sandbox? (0)

Anonymous Coward | more than 4 years ago | (#31797792)

Why don't you write Microsoft a letter then to critique Windows' 11+ svchost.exe instances?

Look up on how threads/processes work. A threading solution would 1. lose all safety 2. be less stable 3. more complex 4. marginally faster. Google 'shared memory' and 'memory mapping.'

Re:Is there a sandbox for sandbox? (1)

Pentium100 (1240090) | more than 4 years ago | (#31801078)

On my PC there are 10 svchost processes. Anyway, if firefox made a new process for each tab, I would have 100 firefox processes. There are 100 processes running in my computer now, with that it would be 200.

Firefox is stable enough as it is for me, it does not crash.

Re:Is there a sandbox for sandbox? (1)

cheesybagel (670288) | more than 4 years ago | (#31799162)

If you use threads you do not have process isolation and it your program isn't going to get more stable. In fact it will likely get less stable.

Re:Is there a sandbox for sandbox? (1)

amorsen (7485) | more than 4 years ago | (#31808982)

Doesn't creating a new process use more memory than a thread?

Yes, on the order of a few kB extra for a large program. Parts of the page table need to be maintained twice. If you're into saving as much memory as possible I can recommend AmigaOS where essentially all "programs" and the OS are threads. Great performance, lousy security and stability.

Webkit on Windows (0)

thoughtsatthemoment (1687848) | more than 4 years ago | (#31796014)

If I have a choice between Webkit and Chrome, I'd prefer Webkit to embed in applications. However, the graphics and network components of Apple's Windows port are appropriate, so Chrome is clearly the better choice, even after Apple has added this split process feature.

Re:Webkit on Windows (1)

thoughtsatthemoment (1687848) | more than 4 years ago | (#31796026)

typo: appropriate should be proprietary.

Re:Webkit on Windows (1)

maccodemonkey (1438585) | more than 4 years ago | (#31796062)

The only proprietary thing required seems to be QuickTime (for H.264), looking at their build directions. Apple added Win32 rendering a while ago... And the network components are open source under CFLite.

Chrome is Webkit (2, Informative)

Anonymous Coward | more than 4 years ago | (#31797292)

If I have a choice between Webkit and Chrome, I'd prefer Webkit to embed in applications. However, the graphics and network components of Apple's Windows port are appropriate, so Chrome is clearly the better choice, even after Apple has added this split process feature.

Chrome uses WebKit as its HTML renderer. Google essentially packaged a separate Webkit instance inside each tab.

This is just moving it down a level.

Re:Webkit on Windows (1)

beelsebob (529313) | more than 4 years ago | (#31798492)

You realise Chrome uses WebKit to render? WebKit is an engine, Chrome is a browser implemented using it.

OpenTTD (0)

Anonymous Coward | more than 4 years ago | (#31796420)

The subject summarizes how far can one go. If you are lucky and the rights-holder cannot punish you... You could release 1.0.0 version 6 years after decompilation, several developers, improvements. I sincerely hope that OpenTTD will remain regardless of the hazy legal background since the game is a testament to the power of fandom.

Go and try if you ever liked the original. As long as you still can.

Inovation? (0, Troll)

pydev (1683904) | more than 4 years ago | (#31796858)

So you're saying that implementing a rendering engine according to existing specs constitutes "innovation" for Apple? Sadly, you're right. I think most people would call that "programming" though,

Re:Inovation? (0)

Anonymous Coward | more than 4 years ago | (#31797636)

Produce the IE version of webkit and until then shut the fuck up.

Re:Inovation? (1)

MobileTatsu-NJG (946591) | more than 4 years ago | (#31800278)

Where was the word 'innovation' used?

Why didn't Google do this? (0)

Anonymous Coward | more than 4 years ago | (#31800696)

Why didn't Google contribute back to the Webkit project in the same way Apple is doing?
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>