On Tue, Sep 08, 2015 at 10:39:36AM +0200, Norman Feske wrote: > * The complexity of the client does not matter because we would > instantiate one client per guest, don't we? The client can merely > talk to the nitpicker GUI server but has no special privileges. > It does not even interact with the network, disk, or other devices. > Hence, from Genode's perspective, the client does not need to be > trusted.
That's what I've figured. Thinking more about it, I suppose I'm coming at it from a GNU/Linux situation where you have to divide a system up in to containers and you'd have to trust the client in dom0. Securely reusing complex projects seems to be a great trait of Genode. > * The mechanism relies on the network as communication channel. This > raises the question of how to connect the client with the server > running in the guest. Should there be a dedicated virtual network > for this purpose? If the guest uses networking (e.g., when running > a browser), we seem to need special routing tweaks and set up the > VM with two NICs. This is a bit inconvenient but certainly not a > big issue. I'd be interested in having a way to chain together Genode systems and share data, much like a distributed system. You could then have a network interface run in the client with Genode itself as a daemon. Perhaps overkill. > * Compared to the Qubes approach, the use of Xpra involves copying the > pixel data. One could argue that this copy affects the performance in > a negative way. However, on my 5-years old machine, the memory > throughput is > 3 GiB per second. Copying an entire full-HD > frame with 1920x1080 at 32-bit color depth (circa 8 MiB of data) > takes less than 3 milliseconds. In my opinion, these costs are > acceptable for the gain in simplicity (compared to setting up > shared memory between the application running in the guest and > the nitpicker GUI server). I figured that too, though it also supports compression and remote OpenGL which could be something to look at in the future. > In short, I find the project very interesting. A port might also be > useful for scenarios where a Genode system is used as a thin client. Sounds like a plan then. When my interest piques up in to Genode again I might take a stab at it. > Cheers > Norman Cheers, Jookia. ------------------------------------------------------------------------------ _______________________________________________ genode-main mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/genode-main
