On 30 Oct 2008, at 00:23, Benjamin M. Schwartz wrote: > 1. Bitfrost requires that each instance be isolated from every other. > Each instance only has access to the Journal items to which the user > has > explicitly granted it access. Allowing multiple "apparent > instances" to > share data behind the scenes represents a privilege-combining attack. > This is especially apparent if one instance has been launched with > P_NETWORK but not P_CAMERA, and the other has been launched with the > reverse privileges. > > 2. A key feature of the Sugar Activity system is that writing > Activities > is _easy_. The goal is to minimize the amount of work required to > write > an Activity. Asking Activity authors to juggle multiple virtual > instances > creates tremendous complexity that is likely to produce bugs even when > performed by experts (e.g. Browse), for no user-visible gain. > > 3. Two separate Activity instances already share a great deal, > because > the Linux kernel automatically uses CoW to keep only one copy of > read-only > memory needed by multiple processes. Each Write instance uses no > CPU when > idle, so RAM is the only overhead.
And a No 4. I'd like to add to Benjamins list. Stability. If one blows I'd hate to loose documents in other instances. I'm sure all us multi- tab power web surfers have the whole stack fall out from under us from time to time due to one flakey web site (I was so glad when Safari offered a 'reopen all windows from last session' option). --Gary _______________________________________________ Devel mailing list Devel@lists.laptop.org http://lists.laptop.org/listinfo/devel