Silver's Simple Site - Weblog - 2006

The Mozilla Foundation are really trying my patience with two issues right now:

• No tinderbox graphs.
• No despot (user accounts thing).

In both cases, the relevant pages have simply been blocked, returning error 403 or 500 and no information whatsoever has been provided. The closest I got was after filing a bug for the first one, where I got a comment from one admin of "That's on purpose. The script has issues.". The only information on the Despot issue is "security" - fat lot of good that is!

I'm am going to assume that both things are currently exploitable, which means that they should be fixing them, which they do not appear to be doing. If they know they can't fix them fast (or don't care), as appears to be the case, where's the bloody message saying so? It's absolutely appalling.

It may seem obvious to some, but the level it sucks at is surprisingly high, and causes some rather bad results.

Let's start with school; for reasons not entirely known to me, by about age 12 or 13 I'd already been labeled a "geek", in so much as I was "always right". Sure, I was probably the best in my year at maths, and not bad a physics, but quite how it all extrapolated I'll never know. Anyway, this led to someone always laughing if I answered a question wrong, which in turn meant by year 10 and 11 (age 15) I just didn't answer anything unless I was really sure. That kinda sucked. It also resulted in most of my shyness.

At collage (age 16 - 18 here in the UK), things were actually good; very little of the teacher asking questions, lots of just doing the work. Plus for various things, some people actually came to me for help.

(This is all going somewhere, promise.)

University (18 - 21) was even better, as there was entire groups of people with the same (and better) knowledge of things I'm interested in, and (probably much more importantly with regard to enjoying my time at Uni) people who liked me for being me, not because I knew the answer to something.

Since then (2 and a bit years), I've stayed in the IRC channel for the Computing Society (of which I was the webmaster for my time at Uni), and that has brought about another change. Firstly, I'll just say that IRC is probably the single worst way to have conversation, discussion, argument, whatever, with more than two people (it sucks pretty hard even for two people when it is an argument).

Anyway, one of the things that happens on IRC is the "mob effect", where one person says something that a lot of people disagree with, and they get mobbed. Often so much so that they simply don't get any chance to explain, defend or otherwise expand on their initial comment. The result of this is that I suspect a number of people, myself included, simply don't bother saying what they think sometimes, because they know that a) no one will actually listen, and b) they wont get a chance to explain anyway.

This has been exemplified over the past few days, as the IT people at Uni had some issues on Friday, and members of the IRC channel have been steadily decrementing their karma (karma works by saying Thing++ or Thing-- to show what you think of Thing), and although I don't want to defend what happened on Friday, I do object to a number of the reasons people have used for the decrementing, as well as the sheer volume of it, but I wont say anything because of the issues above.

Finally, to bring a Mozilla.org side to this whole story; I simply don't file bugs when things break here with my own builds any more, even though it is obvious that it's nothing to do with me. The reason: because certain people have (incorrectly) blamed things on the fact my builds are depend builds and other things relating to my setup. Either depend builds are fucking supported or they are not. My conclusion is that they are (unofficially only) most definately not, and that's simply because the entire build system is a pile of crap that breaks if you look at it funny.

And this is why peer presure is bad - it makes people keep things to themselves when they really shouldn't.

We're actually getting some interesting data coming it from the instrumentation "startup ping".

In particular, you can see that people updated from Firefox 1.5 to 1.5.0.1 almost the moment it was released.

We can also estimate that there are approximately 1100 new or updated ChatZilla users a week (calculation: sum up new installs [the numbers on the pages linked, 40], divide by the number of days [25], multiply by 700 [1% and we want per-week]).

So I tried building Firefox with Places a couple of days ago. It ain't pretty. It's definitely good that it isn't being released for a while yet.

• Importing my history and bookmarks took 15 minutes and have no UI what so ever. I only didn't kill the Firefox process using 100% CPU because I saw some sqlite files in my profile being created and modified.
• The imported data is 74% bigger than the original. This seems like a rather big increase.
• My personal toolbar is now empty, and I can't add stuff to it. (The folder in Places for this has the right stuff on, though.)
• The URL bar does not update when changing tabs or if the page loads. This means it only ever displays what I last typed.
• The URL bar has no autocomplete, either as-you-type or using the drop-down button.
• All links appear unvisited, despite clearly being in history.
• None of the navigation toolbar works either, so no back/forward/reload/stop. Not even the shortcuts work.
• The browser no longer opens my homepage on start, even though it's still configured the same. It just loads about:blank, and if I click the Home button it loads the Google start page!
• Add Bookmark menu item does nothing.
• Selecting either the History or Subscriptions items in Places itself hangs Firefox for 5 - 10 seconds. I think this is the calendar, rather than the data, as searching the history only takes 1s second.
• There is no way to select all dates in the calendar, even though it is (apparently) the default when going to a view.
• Expanding or collapsing a folder in Places' top-left box takes 5 - 10 seconds if Subscriptions is selected.
• Switching folders keeps the search string, but doesn't search the newly selected folder.
• Searching "Current Collection Only" doesn't do anything.
• Adding a search filter then can't be removed.
• Filters only allow "starts with", "is" and "is on site" for location matching. Where's "contains"? Have to use "Containing the text" for that, which includes the title.
• No title search option! Have to search title and URL together.
• The icons for items are not fixed, so appear badly inconstant, as they show the favicon.
• Properties context-menu item does nothing, at all, anywhere in Places.
• Quitting Firefox closes all windows, then spends at least 15 seconds using 100% CPU (saving something I think).

Please don't bother pointing out that Places isn't finished yet - I know that, and it sure shows.

So, here I am, 1am and nothing (interesting) to do. Time for something completely random, I think! Let's do a network install SUSE.

• plus Like the graphical "thing" that starts right away from the CD.
• minus "Press Esc for more information" it says. Do that, and you're dumped to text-mode - which is ok - but there's no way to get back to graphical-land (that I could find).
• minus In the default graphical-land, the download of the network installer (all 65MB of it!) happens with no progress indication. The text-mode loader does show the percentage, though.
• minus After all that pretty graphics (that did very little, mind), it imediately dumps you into text-mode YaST. Not fun!
• minus Navigation in the text-mode YaST is a real bitch. It just seems to not follow any sort of convention. Esc never seems to close things, even the Help window which says it does! (Thank Bob that F1 also closes that window.)
• minus It asks me whether I want KDE or GNOME. How the f**k should I know? So it helpfully explains how my decision will affect things:
  • KDE is a powerful and intuitive desktop environment that uses Kontact as its mailer and Konqueror as its browser and file manager.
  • GNOME is a powerful and intuitive desktop environment that uses Evolution as its mailer, Firefox as its browser, and Nautilus as its file manager.

  Joy of joys. They're the same. Why tell me what apps they use, when I've no idea what the difference in them are? If I didn't already know what these apps are like, or that KDE is supported better by SUSE, I'd be completely fucked at this point - it's anybody's guess which would be the better option. Oh, and there's an Other button too!

• minus Now it analyses my system, and starts "Evaluating package selection..." (all I did was pick KDE), which really means let me download some more data with no progress indication. Judging by the time taken and my network graphs, I'd say it is probably downloading about 30MB.
• minus And it's at this point (2:33am) that YaST just hangs entirely. Woohoo. Can't "click" (use the shortcut Alt-<letter>) any buttons, bring up help or anything, and it still says "Analysing your system..." under Software and Language.
• AHA! 8 minutes later (!) it finally is done and ready for me to use it again. That was really bad.
• minus Doing anything in the "Installation Settings" screen seems to take a decade to work, even opening the list of things to change (4 items)! Click accept button (2:46am).
• Two minutes later, is asks if I'm sure I want to install! And now it starts formatting the disk.
• minus By 3am, it's failed on the formatting. "An error occured during the installation." Joy.

And that's it. Can't get it to continue from this point - it spams something to the screen that looks like an error, but overwrites it with the error dialog almost instantly, and Ctrl-Alt-<number> doesn't work so I can't get at any logs or anything. Sucky.

If you ever thought e-mail <--> newsgroup gateways were a good idea, think again. I think the following quote sums it up absolutely perfectly:

This is horrible. It feels like I’m playing some 21st century Web 2.0 version of “telephone”.

Here we go again, and this time I'm not in the mood for any shit. I just want to warn everyone that if I get messed about with this again, I'm just going to stop. They can find some other deluded soul to fix their mistakes next time.

That's right, we've finally got Thunderbird 1.5 support plugged in to the JavaScript Debugger. This also fixes the -venkman command-line flag to work with all toolkit-based apps (Firefox, Thunderbird, etc.).

Ever wondered what download rate the top extensions on Mozilla Addons get? How much it varies by hour/day? Even which are rising and which are falling?

Well, now you can.

(Yes, I was bored. Very bored.)

It's not a good day, and there's plenty to piss me off:

• Someone broke the authentication for Trac (wants-to-be-Bugzilla when it grows up thing) for the IRC bot I work on.
• Possibly same someone put a disrespectful message on the test version of the new Computing Society website.
• Still no-one wants to review the patch which is blocking my theme work.
• My ISP is dropping my ADSL connection an average of 15 times a day for the last two weeks.

So I thought I'd try it out, as it's supposedly worth using. Ha. It suffers from a few rather fundamental problems here:

• It waited three seconds before claiming the test page was actually a phishing page, even though it's set to use a locally stored list.
• It changed my browser's configuration just to display the warning - it turned on the navigation toolbar, which would have been fine if it then hid it again after, but it didn't.
• It positions its "disabled webpage" XUL code horribly, which causes the following extra statusbar row:

  

  To change into:

  

  In other words, it inserted itself between extensions and other code usually attached to the statusbar, and the statusbar itself, causing them to all end up at the top of the screen. If you don't see how silly this is, look what happens with the find toolbar:

  

• Finally, it completely fails to display the "disabled" webpage. I expect this is Canvas and Cairo being shit, but it none the less makes the entire feature rather sucky.

So it's that time of year again, when I disappear for an entire week to spend it in a room full of 55 other computer 'freaks' and generally have a good time (that's play games and socialise, before anyone gets any weird ideas!).

PPM and CPAN

The past few days I've been building up my own PPM (ActiveState Perl Package Manager) repository, which basically involves downloading CPAN packages, building them, testing, then packaging up the built code. It's really not fun, as plenty of CPAN packages fail to build, or fail tests, and generally cause problems. Still, it's getting there. The aim, what there is of one, is to have all the packages needed for Task::Catalyst and the new CompSoc website project. I think the website will be finished before my repo. is. :(

There's some good fun work out on in bug 341764 allowing you to just smack "Debug" on the ultimate in annoying dialogs. I'm going to love that when it's done.

(Only two days to go!)

It is coming, eventually. The plan for last Sunday didn't quite work out, but we're now ready to go and should be rolling it out this coming weekend instead. To come in this version:

• /who now accepts multiple parameters (useful for some of the more extended syntaxes some servers support).
• A small leak for plugins has been fixed.
• Sending files with DCC closes the file handle in more cases so it shouldn't stay locked after.
• When midnight happens, the messages about the logs changing have been suppressed.
• If your connection to a server drops, ChatZilla will now try to reconnect to the same server first, before moving on to the next one in the list.

I ordered some books from Amazon last Sunday and, much to my surprise, they turned up on Tuesday morning (despite being scheduled for dispatch on Wednesday). The result is that I've been reading book one in Robin Hobb's Farseer trilogy, "Assassin's Apprentice".

Assassin's Apprentice, and I suspect the others in the trilogy, are written in a slightly odd 1st person recollection of events. Took a little while to get used to it, but it actually works very well for the most part - once you actually get to know the main character who is doing all the reciting of events. I'm wondering if there will be any significance to this way of telling the story, but for now it's just different.

It's a good read (so far), though some bits brought back some rather painful memories and regretted times for me. Not that that stops me reading a good book! I'm currently about three quarters through book one, so we'll see what happens over the weekend - hopefully I wont finish the entire trilogy in 3 days, like I did with some previous books (it's not that I don't want to read more - quite the opposite - but reading them all in one go both uses up a lot of free time and leaves you suddenly with a huge void when you finish).

ChatZilla doesn't support HTTP proxies. Well, I say "HTTP proxies" but this particular thing apparently has far too many names:

• HTTP proxy [X-Chat]
• SSL proxy [Firefox]
• CONNECT proxy
• URL proxy
• Secure proxy
• (incorrectly) HTTPS proxy
• "Proxy" protocol [mIRC]

Personally, most of them are completely meaningless terms. "HTTP proxy" is what everyone (except Ben C) calls it.

The problem that we face is relatively simple from the top, but a real pain to actually fix: we ask Necko (Mozilla's network layer) to pick the proxy to use.

The result is that it will ask PAC if so configured, just return the SOCKS v4/v5 proxy, or return no proxy. The user has no way to configure Necko to give IRC the HTTP proxy.

There are a few things we can do, none of which seem that good:

• Add a single option to force ChatZilla to use Necko's HTTP proxy.
• Add an option to pick between none, HTTP proxy and SOCKS proxy.
• Add an option to override Necko, and also add host/port settings.

The real problem is that adding any options will be creating two locations for proxy configuration. Could we automatically pick when to ignore Necko's choice? Maybe. Should we? Probably not.

If only I got paid for doing this...

The Mozilla Foundation did a major colo move on Saturday. Naturally, all the tinderbox trees were closed from Friday evening so that no-one tried to do anything silly during the move.

Now, it is Monday and the current tree has the following tinderboxes:

• Linux comet Dep release
• Linux lhasa Dep release (gtk2+xft)
• Linux nye Dep bloat
• MacOSX Darwin 7.9.0 planetoid Dep (temporary)
• MacOSX Darwin 8.7.0 bm-xserve02 Dep Universal release

And the only reason the tree is currently still closed is this:

"The tree is CLOSED until we get luna or btek tinderbox up, for reliable Tp coverage."

Both luna and btek are Linux tinderboxes. That means that no-one cares that there are no Windows build boxes currently up and running properly. Seriously. That is just lame.

There is no way I am checking a single thing in until we have a decent set of builds testing the most-used tier 1 platform.

I've had way more than enough of the fucking attitude from mozilla.org people. I am no longer going to any work on anything mozilla.org related with the exception of my continuing commitment to ChatZilla and Venkman (the JavaScript Debugger).

Have a nice day. You bitches.

Last Sunday, I decided to start playing Oblivion again. Turns out I hadn't uninstalled it from last time, so that was easy. Except for the video playback problem - this was a problem originally, clearly hadn't fixed itself, and consists of all videos (opening sequence, main menu background, etc.) to be static images from apparently uninitialised memory. Which is fun.

Begin Oblivion Video Fixing Sequence, Take 2 (I'd tried before when I first got the game).

1. Download and install latest NVidia drivers for Windows XP 64bit (91.31).
2. Run Oblivion, and find the videos work!

Well that was shockingly easy. That is the one and only point for NVidia, though.

The first and most obvious downside to updating my NVidia drivers was the new "NVidia Control Panel", which does a good job of not quite matching Explorer is every way. It's got a UI consistency you could only otherwise have found on 1995 shareware, too. Horrible.

The looks of the new control panel 'thing' are not the only problems it has, oooh no. If you're running as a Standard User Account (LUA), as everyone does (right?), it fails to save any of the application-specific 3D settings. Better than that, it looks as if they were saved when they weren't! (The Apply button disappears in a fit of horrible UI design and there's no error message at all.)

Then there is the "NVidia Display Driver Service" (nvsvc64.exe), which sits in the background doing (apparently) nothing except leaking. It was leaking Paged Pool, Non-paged Pool, Commit and Handles earlier, although currently it only seems to be leaking Non-paged Pool and Handles. The 3 memory values were leaking at a combined rate of (approximately) 1.8MB/hour, and the handles at (approximately) 1700/hour. Yummy.

Finally, we come to the actual driver itself. The main deal. Which leaks entire processes through a really bizarre bug.

For this to make sense, I'll explain a few simple facts about the Windows Kernel:

• It has an Object Manager that tracks all objects in kernel-space and user-space.
• All objects have a "Handle Count" and "Pointer Count" - the former is for (obviously) any open handles to the object, which is mostly for user-space code, and the latter is for kernel code that simply has a pointer (it's a reference counter).
• When both counts reach zero, non-permanent (i.e. most) objects are removed and cleaned up.

When you start a new process, naturally there enters into existence a kernel "Process" object (along with all the shenanigans that go with that). I started the NVidia Control Panel for this test.

lkd> !process fffffadfb2fe2750 1
PROCESS fffffadfb2fe2750
    SessionId: 0  Cid: 14c4    Peb: 7fffffd4000  ParentCid: 0230
    DirBase: 9546c000  ObjectTable: fffffa80009c0580  HandleCount: 189.
    Image: nvcplui.exe
    VadRoot fffffadfb1996b30 Vads 202 Clone 0 Private 4739. Modified 240. Locked 0.
    DeviceMap fffffa800249dc10
    Token                             fffffa80077cbcf0
    ElapsedTime                       00:00:48.515
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         1287904
    QuotaPoolUsage[NonPagedPool]      16720
    Working Set Sizes (now,min,max)  (8402, 50, 345) (33608KB, 200KB, 1380KB)
    PeakWorkingSetSize                8698
    VirtualSize                       657 Mb
    PeakVirtualSize                   658 Mb
    PageFaultCount                    15774
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      5247

lkd> !object fffffadfb2fe2750
Object: fffffadfb2fe2750  Type: (fffffadfb5ab86c0) Process
    ObjectHeader: fffffadfb2fe2720
    HandleCount: 2  PointerCount: 74

Most of the above is not too important, but the Image: and two counts from !object are - notice it starts with 2 handles and 74 pointers (2 of which will be the 2 handles). These are all constant while I look around the control panel. Then I go to the "Adjust image settings with preview" page, which has a real live 3D animation. Big mistake! Only moments after going to it, the object has:

    HandleCount: 2  PointerCount: 2029

And it keeps going up, even after switching to another view! It was going up at something like 1000 pointers/second, although I don't have timestamps for my debugging log. By the time I closed the application, it was:

    HandleCount: 0  PointerCount: 21516

Notice that there's no handles - nothing in user-space cares about it any more. There's still over 21,000 pointers to it in kernel-space, though. Or so the Object Manager is lead to believe. One last look at the process object in detail gives:

lkd> !process fffffadfb2fe2750 1
PROCESS fffffadfb2fe2750
    SessionId: 0  Cid: 14c4    Peb: 7fffffd4000  ParentCid: 0230
    DirBase: 9546c000  ObjectTable: 00000000  HandleCount:   0.
    Image: nvcplui.exe
    VadRoot 0000000000000000 Vads 0 Clone 0 Private 253. Modified 769. Locked 0.
    DeviceMap fffffa800249dc10
    Token                             fffffa80077cbcf0
    ElapsedTime                       00:01:31.953
    UserTime                          00:00:11.593
    KernelTime                        00:00:02.734
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (6, 50, 345) (24KB, 200KB, 1380KB)
    PeakWorkingSetSize                11123
    VirtualSize                       80 Mb
    PeakVirtualSize                   670 Mb
    PageFaultCount                    27942
    MemoryPriority                    BACKGROUND
    BasePriority                      8
    CommitCharge                      0

Interesting points on this are that the ObjectTable, VadRoot and CommitCharge are now all zero. This means that the process' virtual address space has been cleaned up entirely. The process is not even in the session process table (list of processes for the logged in session), although it is in the overall kernel process table (which nothing in user-space can see - Task Manager can't see it).

So what's happened? Almost certainly, a driver (most likely the NVidia one, since this only happens with applications that use 3D acceleration and only since the driver upgrade) is adding a reference count to the process it is handling but not releasing it. Thus, leaking hundreds of reference counting points (there's unlikely to be any actual leaked pointers). A few of my Oblivion processes have over 3 million PointerCounts.

Excellent work, NVidia. You've managed to leak in such a special way that no-one will even notice. Except me and my wonderful friend windbg.

  <centity>
    <vcard>  BEGIN:VCARD   FN:Author   EMAIL;TYPE=INTERNET:author@email.com   END:VCARD   </vcard>
  </centity>

'Nuff said.

So I was bored, and reading Faux's weblog archive, and found this one on mouseless use.

That got me thinking - just how many shortcuts does Windows have, that most people don't know? I'd wager it's more than you think.

The most well-known set are <Win> plus a letter. So here's the list for Windows XP Professional x64:

• <Win> - Start menu
• <Win>+B - Focus Shell Notification Area
• <Win>+D - Show Desktop (toggle)
• <Win>+E - Open Explorer
• <Win>+F - Open Find for Files
• <Win>+<Control>+F - Open Find for Computers
• <Win>+L - Lock Workstation
• <Win>+M - Minimise all windows (<Win>+<Shift>+M to undo)
• <Win>+R - Run dialog
• <Win>+U - Run Utility Manager (accessibility stuff lies this way)

<Win>+B took me by surprise, so I figure not everyone knows all of the above list, however common some of them are.

The others, people only seem to know a few, and I suspect there will be at least one new one here for everyone.

• <Win>+F1 - Open Help and Support Center
• <Win>+<Break> - System Properties
• <Win>+<Tab> - Focus and select taskbar programs (try this - you'll like it)
• <Control>+D - Delete in Explorer
• <Control>+<Esc> - Start menu for luser keyboards
• <Control>+<Shift>+<Esc> - Task Manager
• <Shift>+<Menu> - Extra context items (like Run As and Open With)
• <Shift>+F10 - Context menu (<Shift>+<Menu> for luser keyboards)
• <Shift>+[No] on Explorer dialogs - No to all

Those are all the ones I can remember and/or find right now. I am certain that there are more, but they will have to be documented another day.

The reason for all this was because Faux's description of using <Win>+D then <Tab> to get to the start menu button seemed excessive, and has the side-effect of minimising all running programs. <Win>, <Esc> is much easier to focus the button, but for what he's suggesting, you just need to hit <Win> and use the arrow keys. Or, if you want to play with your open applications, <Win>, <Esc> then <Tab> to the taskbar, though I prefer <Win>+<Tab> to do that directly.

Now if only my weblog had a shortcut for [Post]...

Fast User Switching, the Welcome Screen and <Control>+<Alt>+<Delete>

First of all, let's start with a brief explanation of Windows' multi-layered sand-boxing and separation of logins and the user's desktop.

The basic structure is thus:

• Windows kernel and Object Manager
• "Sessions"
• Window Stations
• Desktops
• Your desktop 'n' stuff.

I.e. the kernel can maintain any number of "sessions", all of which can have any number of window stations, all of which can have any number of desktops, all of which can have, well, the windows themselves.

Certain things are sand-boxed at different levels. Named kernel objects (e.g. events, critical sections, etc.) are stored in a session-specific location. Atoms and the clipboard, for example, are part of the Window Station, where as hooks are part of the Desktop. You can only send messages between processes with the same desktop, too.

All the sessions use the same setup:

• WinSta0 (Window Station)
  • Winlogon (Desktop) AKA "secure desktop"
  • Default (Desktop)

The login screen, locked dialog and <Control>+<Alt>+<Delete> dialog all run in WinSta0\Winlogon. All your applications run in WinSta0\Default.

It should be noted that applications can create their own Window Stations and Desktops; indeed, my main system currently has 5 extra Window Stations (created by services, like Task Scheduler).

Windows NT and 2000

With Windows NT and 2000, things were simple. Session 0 was the one and only local "interactive" session (the one attached to the physical display device, physical input devices, etc.). Remote Desktop created other sessions for each remote login, as you might expect.

Windows XP

With Windows XP, two things were done to make life easier for the home user - Fast User Switching, and the Welcome Screen.

As you might have guessed, Fast User Switching utilises the "sessions" layer, allowing completely isolated user sessions. Adding this local disconnect/connection required enough work on the session system for an entire book, but it's not relevant here - what is, though, is that any session may be connected to the local physical devices.

Now that the system can do this magic, a UI is needed. Enter the Welcome Screen. The Welcome Screen (logonui.exe) runs in the secure desktop (WinSta0\Winlogon) when necessary, such as when a user logs off or locks the computer. It is interesting to note that the actual process is started by these events and does not run all the time.

• Initial system
  • Active desktop: \Sessions\0\WinSta0\Winlogon
  • Welcome Screen running. No user's logged in.
• Initial login
  • Active desktop: \Sessions\0\WinSta0\Default
  • No secure desktop processes.

At this point, I will point out that Start > Log off > Switch Users does exactly the same thing as <Win>+L (Lock).

• Locking initial login
  • Active desktop: \Sessions\0\WinSta0\Winlogon
  • Welcome Screen running. One user logged in.
• Second login
  • Active desktop: \Sessions\1\WinSta0\Default
  • Welcome Screen creates new session and connects local system to it. No secure desktop processes afterwards.
• Locking second login
  • Active desktop: \Sessions\1\WinSta0\Winlogon
  • Welcome Screen running. Two users logged in.

This is where things get more interesting. The Welcome Screen can unlock either session, but is currently still connected to the second login. This has a bearing on, for example, sound - which is still connected, so your music will keep playing when you lock the computer (as it always has done). If you unlock the initial login, however, it will be disconnected.

• Unlock initial login
  • Active desktop: \Sessions\0\WinSta0\Default
  • Welcome Screen connects to session 0, and unlocks. No secure desktop processes afterwards.

Just for fun, you can also disconnect the local session (from Task Manager, f.e.), which starts a new session just for the Welcome Screen:

• Disconnect local session
  • Active desktop: \Sessions\2\WinSta0\Winlogon
  • Welcome Screen running. Two users logged in.

There are two UI points that change other than the login screen:

• Security (<Control>+<Alt>+<Delete>) dialog.
• Locked Workstation dialog.

Most people will see that the Locked Workstation dialog is counter-productive when Fast User Switching is enabled, and thus you get the Welcome Screen instead of it.

The Security dialog is a slightly different story. Winlogon uses GINA modules show various login UI. This includes all the classic login dialogs, the locked workstation dialog and the security dialog. The GINA module can be replaced with a 3rd-party one, such as NetWare's login screens and there is no telling what a 3rd-party security dialog might do. This means that the <Control>+<Alt>+<Delete> behaviour must still exist for non-local situations, and it makes sense (for consistency) to keep showing it when you also have the classic login UI.

In other words, although being in a domain or other network environment does mean sacrificing the Welcome Screen, there is no hard and fast reason for not having the <Control>+<Alt>+<Delete> dialog when using the Welcome Screen. It's just nicer not too. ;-)

Windows Vista

With Windows Vista, things change again. GINA modules are gone, presumably replaced with something else. This is what allows it to present the Welcome Screen for domain setups, and a pretty version of the classic security dialog has been added too. Nice one.

Disclaimer: all reasons behind design decisions, why X does Y, etc. are all based on 2nd-hand data, debugging and intelligent guesswork. I make no claims to them being strictly accurate.

I was recently reading a weblog post on Linux and measuring memory used by individual applications, and it reminded me just how complex most OSes' memory management really is. Just when you think you've got it, another spanner hits you on the shin. So, let's have a look at Windows' memory management:

1. Non-paged pool
2. Paged pool
3. Driver code
4. Kernel code
5. System cache
6. Applications
7. "Available"

All physical memory (available to the OS - we're ignoring anything that the BIOS is owning here) is used by one of the 7 categories above. Applications and "available" are the most interesting ones, and there is a reason I'm quoting "available", which I'll come to later.

Items 1-5 are all kernel memory, and the remaining two user memory.

1 Non-paged pool

Drivers are allowed to allocate memory from two pools; this is the lesser-used one, and for good reason - all memory allocated from the non-paged pool is, not surprisingly, never paged out. It is useful for operations that require this, such as DMA transfers, but not a very good thing to use for normal driver allocations.

You can see the size of this pool in Task Manager (Kernel Memory, Nonpaged) or with Performance Monitor (counter \\.\Memory\Pool Nonpaged Bytes).

2 Paged pool

The normal driver memory pool; all this memory can be paged out at the kernel's whim, and is ideal for storing driver structures that aren't used by hardware.

You can see the total allocated size of this pool in Task Manager (Kernel Memory, Paged) or with Performance Monitor (counter \\.\Memory\Pool Paged Bytes). You can see the currently paged-in size with Performance Monitor (counter \\.\Memory\Pool Paged Resident Bytes).

3 Driver code

This is the pageable memory being used to hold drivers, both their code and data pages.

You can see the size of this with Performance Monitor (counters \\.\Memory\System Driver Total Bytes and \\.\Memory\System Driver Resident Bytes).

4 Kernel code

This is the pageable memory being used to hold the kernel's own code (e.g. nsoskrnl.exe, hal.dll, boot drivers and boot file systems).

You can see the size of this with Performance Monitor (counters \\.\Memory\System Code Total Bytes and \\.\Memory\System Code Resident Bytes).

5 System cache

This is the area of kernel memory used for caching, mostly the file cache. This memory is never paged out, it is just freed (paging out a cache would be rather pointless).

You can see the size of this with Performance Monitor (counters \\.\Memory\System Cache Resident Bytes).

6 Applications

This area is defined by one book as "total memory minus the other 6 components", which is hardly surprising - it is a really hard number to track, and for various reasons there is no Performance Monitor counter for this. |\.\Process(_Total)\Working Set will usually come close, but can just as easily be larger than the real applications usage as it can smaller.

The reason it is so hard to calculate this value is simple: shared memory. This is the same reason that ps is "wrong" on Linux, as explained pretty well in the article I mentioned at the start of this post. For exactly the same reasons, Task Manager and Performance Monitor will "lie" about the memory usage.

Shared memory can be an executable (EXE, DLL, etc.) loaded into more than one process space, or specially allocated "shared memory" which is sometimes used for inter-process communications.

Each process has a working set (counter \\Process(*)\Working Set) which reports the total amount of physical memory used by that process. Task Manager calls this column "Mem Usage". Some of this memory is almost certainly shared with other processes, and thus the total of all working sets will be greater than the actual amount used.

Each process also has private bytes (counter \\Process(*)\Private Bytes) which reports the amount of allocated memory specific to this process, e.g. malloc and other direct allocations. Task Manager calls this column, rather confusingly, "VM Size". None of this memory is shared, but you also cannot tell how much of the working set is private bytes, and how much is shared bytes. (Note that a DLL loaded into a single process is still 'shared' memory, and not private bytes, because it can be shared.)

Process Explorer tries to help things by listing "WS Private", "WS Shareable" and "WS Shared", which it does by collecting data from all processes via a kernel driver. In this case, WS Private + WS Shareable = Working Set. WS Shared is just how much of the memory that can be shared is actually being shared.

I should also note that drivers can allocate memory which falls into this group, and is impossible to track as far as I know. Very few can, or do; the most notable example is Virtual PC, which allocates the VMs' memory like this.

7 "Available"

You can see the size of this group in Task Manager (Physical Memory, Available) or with Performance Monitor (counter \\.\Memory\Available Bytes).

It is not, however, as simple as it appears. Not all of the "available" memory is free memory, and therein lines the subtlety.

"Available" memory is made up 3 types:

• Standby List
• Free List
• Zeroed List

In Windows Vista, there are some new Performance Monitor counters to measuring the size of these three types, \\.\Memory\Standby Cache Core Bytes, \\.\Memory\Standby Cache Normal Priority Bytes, \\.\Memory\Standby Cache Reserve Bytes and \\.\Memory\Free & Zero Page List Bytes).

When Windows want to trim a process' working set, the trimmed pages are moved (usually) to the Standby List. From here, they can be brought back to life in the working set with only a soft page fault (much faster than a hard fault, which would have to talk to the disk). If a page stays in the standby List for a long time, it gets freed and moved to the Free List.

In the background, there is a low priority thread (actually, the only thread with priority 0) which takes pages from the Free List and zeros them out. Because of this, there is usually very little in the Free List.

All new allocations always come from the Zeroed List, which is memory pages that have been overwritten with zeros. This is a standard part of the OS' cross-process security, to prevent any process ever seeing data from another. If the Zeroed List is empty, Free List memory is zeroed and used or, if that is empty too, Standby List memory is freed, zeroed, and used. It is because all three can be used with so little effort that they are all counted as "available".

Observed Behaviours

With all that above information, you might now be able to guess what it going on when you minimize an application and see "Mem Usage" in Task Manager drop by a large amount, and why restoring the application soon after doesn't usually involve any disk paging.

Different people have different opinions on the whole Fora (forums) vs. mailing lists vs. newsgroups thing. Here I lay out my reasons.

Fora

• Have topic and sub-topic groups.

Mailing Lists

• Archived off-line.
• Archived on-line, often.
• Real "From" contacts (i.e. can look up people in your address book, etc.).
• Real threading (usually; some lists fuck this up).
• Individual message "read" state.

Newsgroups

• Full tree hierarchy of topics.
• Archived off-line, if configured.
• Archived on-line, for most public groups.
• Real "From" contacts (i.e. can look up people in your address book, etc.).
• Real threading.
• Individual message "read" state.
• Ignore and watching of threads.
• Subscription is all done in the client, and thus more reliable.

Now, before you get all flaming toasty on my arse, I will point out that not all these points are always restricted to the items I've put them under. For example, some fora do do 'real' threading, but I've yet to see one that does it as well as an off-line client.

The Result

As you can see, I rate both mailing lists and newsgroups much better than fora. It's a bit of a toss-up which of those two win, though I prefer newsgroups for discussion (pull), and mailing lists for notifications (push) generally.

You may remember my previous post about NVidia's (then) latest drivers have some issues; in particular, the leaking of kernel-space objects being the most serious.

Since then, I'd upgraded to 91.47 to no avail, but today I upgraded to 93.71 and it is no longer leaking them!

Start NVidia control panel:

lkd> !object fffffadfb4fbc060
Object: fffffadfb4fbc060  Type: (fffffadfb5ab86c0) Process
    ObjectHeader: fffffadfb4fbc030
    HandleCount: 2  PointerCount: 87

Close it again:

lkd> !object fffffadfb4fbc060
fffffadfb4fbc060: Not a valid object (ObjectType invalid)

W00t.