[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Broken dream of mine :(

From: Jonathan S. Shapiro
Subject: Re: Broken dream of mine :(
Date: Sun, 4 Oct 2009 11:13:07 -0700

On Tue, Sep 29, 2009 at 9:49 PM, arnuld uttre <address@hidden> wrote:
> Now I wonder why Viengoos was created as an alternative if Coyotos was fine.

This is a question that Neal should answer for himself, but I think it
is fair to say that Neal wanted to explore the cost/benefit of
cooperative resource management, and he believed that Coyotos was not
designed to do this. I believe that the experiment could have been
done on Coyotos, but sometimes buildling fresh is a better way to
understand issues.

Cooperative resource management is a promising idea, and it is
particularly important as the world moves toward heavier use of safe
languages. Unfortunately, it conflicts directly with notions of
program isolation, and therefore with security and robustness. The
conflicts can be managed, but they *need* to be managed. So far, very
little work has looked at managing those conflicts.

Coyotos moves very strongly in the opposite direction. We favor
isolation over everything else. This decision was based on empirical
evidence of real [mis]behavior in real systems in real production
scenarios. But with safe languages gaining acceptance, I think we now
would need to re-examine that.

I think that cooperative resource management needs to be explored, and
Viengoos is one of several systems that is doing that. I would
hesitate very strongly at this point to build a production system on
top of a kernel/system designed to explore cooperative resource
managment. The security implications are serious, and not yet
adequately understood.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]