On Friday, 31 October 2014 at 21:06:49 UTC, H. S. Teoh via
Digitalmars-d wrote:
This does not mean that process isolation is a "silver bullet"
-- I
never said any such thing.
But made it sound that way:
The only failsafe solution is to have multiple redundant
processes, so when one process becomes inconsistent, you
fallback to
another process, *decoupled* process that is known to be good.
If you think a hacker rooted the server, how do you know other
perfectly isolated processes are good? Not to mention you
suggested to build a system from *communicating* processes, which
doesn't sound like perfect isolation at all.
You don't shutdown the *entire* network unless all redundant
components have failed.
If you have a hacker in your network, the network is compromised
and is in an unknown state, why do you want the network to
continue operation? You contradict yourself.
