Hi
Norman-
you wrote: "Sure, it is possible to run a guest OS on top of Genode. But what would
be the benefit for Sandstorm users?"
to clarify, here, I was suggesting that Kenton might want to consider running SandStorm UNDER Genode, potentially providing a development path towards better security for SandStorm.io in the longer run... Norman I'm not sure why you would see the value that Genode would bring to SandStorm's longer term growth path... You certainly have put in the effort.. to make Genode a great security oriented foundation upon which to build.. I'm sure Kenton see's the real security concerns surrounding the all to large TCB of Linux, even after Kenton's team as whittled the Linux Kernel down a bit.
Once Sandstorm is running UNDER the Genode OS, I would gather that one would utilize the opportunity to incrementally migrate part of Snadstorm's security orientated service infrastructure to run under the Genode API, without relying on the Linux Kernel as part of it's fully trusted code base..
Norman I take encouragement from your suggestion that I "get your hands dirty, e.g., by building a prototype", but then perhaps you have overlooked the note that I sent that started this thread..
.. I'm already in the thick of it, But in all honesty, I really don't want to be put in the position of having to pick which platform to use during early development.. That is: If you want Genode to claim center stage as THE security orientated OS to build our future on... Working with Kenton and his team might be just the way to help make it happen... That is what I am asking...
My hunch is that if Kenton...ends up liking what he see's in Genode's underlying design.. he will Likelty have good things to say to other's who might see the wisdom in further financial support for Genode Labs... (ie. a potential contract to help address the security oriented aspects of Sandstorm's longer term development path...
As for my own (rather significant) in the computational aspects of Information/Game Theoretic Social Decision Systems theory... I will continue to do most of my work in Python and C++, while doing my best to avoid counting on much from the underlying target platform, that is... until I can see that both Genode and Sandstorm..are doing well enough that the longer term development of both is a sure bet (I think the odds are good) in the longer run, you have to admit it is about sharing some vision about development directions.
It is fairly likely, that Capt'n Proto will come into the picture as the more demanding computations in my code (Strategic VnM ranked Ballot Tallying) scale up via network distributed computation..
My hunch is that most people would not take kindly to nation states (surveilling the (supposedly privet, personal) input data of such a system.. and thus I take the need for security the system that will ultimately run this code... For this reason, I am doing my best to encourage SandStorm.io and Genode Labs to consider the benefits of working together... I.e... My code, will need what both combined together would offer...
To this end... I write both suggesting a dialog as to how these systems could grow in the same directions.. That Kenton, might give some thought with the support of Genode Labs, as to how Sandstorm.io, over time could further secure its TCB via a migration path where Genode's API would become fairly easy to assess... I also see that Capt'n Proto, might bring about some real value to the Genode OS... and yes, when I get the chance, I will see about what it might take to port Capt'n Proto to Genode... but in all honesty... I rather that the financial minds supporting SandStorm.io.. might see the wisdom in the security orientated migration path for SandStorm... so hopefully I can keep my own focus on the Game Theoretic aspects of the Social Decision systems problem...
all the best
-Peter (SaxMan) Lindener