On Tue, Sep 29, 2009 at 9:49 PM, arnuld uttre <[email protected]> wrote: > > Now I wonder why Viengoos was created as an alternative if Coyotos was fine.
This is a question that Neal should answer for himself, but I think it is fair to say that Neal wanted to explore the cost/benefit of cooperative resource management, and he believed that Coyotos was not designed to do this. I believe that the experiment could have been done on Coyotos, but sometimes buildling fresh is a better way to understand issues. Cooperative resource management is a promising idea, and it is particularly important as the world moves toward heavier use of safe languages. Unfortunately, it conflicts directly with notions of program isolation, and therefore with security and robustness. The conflicts can be managed, but they *need* to be managed. So far, very little work has looked at managing those conflicts. Coyotos moves very strongly in the opposite direction. We favor isolation over everything else. This decision was based on empirical evidence of real [mis]behavior in real systems in real production scenarios. But with safe languages gaining acceptance, I think we now would need to re-examine that. I think that cooperative resource management needs to be explored, and Viengoos is one of several systems that is doing that. I would hesitate very strongly at this point to build a production system on top of a kernel/system designed to explore cooperative resource managment. The security implications are serious, and not yet adequately understood. shap
