Hacker News new | ask | show | jobs
by c0n5pir4cy 702 days ago
There are solutions in monolithic kernels for writing safe kernel space code now too. eBPF has been a thing for a while now (https://ebpf.io/what-is-ebpf/) and while it might not be as safe as microkernel it's available now and it works on both Windows and Linux.

I think a big question is why are things like CrowdStrike still written in raw C++ Kernel code? Is it the limitations of eBPF? Is it stagnations of the tech stack at these companies?
2 comments
sudhirc 702 days ago
Thanks for the pointer. I will give it a read later on. If I understood correctly, eBPF is a guard rail for writing relatively bug free code. But it will still run in the processor[0] ring 0 which essentially is the same level as the kernel itself.

[0] https://en.wikipedia.org/wiki/Protection_ring

link
fastest963 702 days ago
CrowdStrike uses eBPF on Linux but Windows doesn't support eBPF.
link
noisem4ker 701 days ago
Perhaps it's not sufficiently complete yet for CrowdStrike to use it, but Microsoft has been developing eBPF support for Windows since 2019:

https://github.com/microsoft/ebpf-for-windows/

link