On Tue, Sep 08, 2015 at 10:39:36AM +0200, Norman Feske wrote:
- The complexity of the client does not matter because we would instantiate one client per guest, don't we? The client can merely talk to the nitpicker GUI server but has no special privileges. It does not even interact with the network, disk, or other devices. Hence, from Genode's perspective, the client does not need to be trusted.
That's what I've figured. Thinking more about it, I suppose I'm coming at it from a GNU/Linux situation where you have to divide a system up in to containers and you'd have to trust the client in dom0. Securely reusing complex projects seems to be a great trait of Genode.
- The mechanism relies on the network as communication channel. This raises the question of how to connect the client with the server running in the guest. Should there be a dedicated virtual network for this purpose? If the guest uses networking (e.g., when running a browser), we seem to need special routing tweaks and set up the VM with two NICs. This is a bit inconvenient but certainly not a big issue.
I'd be interested in having a way to chain together Genode systems and share data, much like a distributed system. You could then have a network interface run in the client with Genode itself as a daemon. Perhaps overkill.
- Compared to the Qubes approach, the use of Xpra involves copying the pixel data. One could argue that this copy affects the performance in a negative way. However, on my 5-years old machine, the memory throughput is > 3 GiB per second. Copying an entire full-HD frame with 1920x1080 at 32-bit color depth (circa 8 MiB of data) takes less than 3 milliseconds. In my opinion, these costs are acceptable for the gain in simplicity (compared to setting up shared memory between the application running in the guest and the nitpicker GUI server).
I figured that too, though it also supports compression and remote OpenGL which could be something to look at in the future.
In short, I find the project very interesting. A port might also be useful for scenarios where a Genode system is used as a thin client.
Sounds like a plan then. When my interest piques up in to Genode again I might take a stab at it.
Cheers Norman
Cheers, Jookia.