[sayhello]

Good point. The current widely used kernels seem to make some assumptions about ‘owning’ the hardware and implicitly trust any running programs at a certain level.

There is a need, however, for some pragmatism.

While a capabilities-based OS could be the right solution, it doesn’t exist today.

What we have is code built for some flavor of POSIX. People demand cost efficiency today.

So, engineers do what’s practical: build a multi-tenant system running code that expects to be the owner of the hardware.

It works good enough! For most people, the cost efficiency math works out. The sand boxing overhead is worth it, as it pales in comparison to the headcount required to manage your machines, or even VMs, if you replace them with Serverless products.