, evildictait​or wrote

*snip*

Not wanting to rain on this kid's parade, but Singularity processes can't be trivially compared to Windows or Free BSD processes.

For one, as Bass points out, Singularity makes no serious attempt to enforce security boundaries between processes; a single memory corruption anywhere in the runtime gives root access to the system.

Similarly because there's no process separation, there's no protection against side-channel attacks in the kernel to leak crypto-secrets, passwords and other private events going on in the kernel or other processes.

As far as I understand, Singularity only allows execution of code it can prove to be well-behaved. If that works as advertised, any further check or protection mechanism is redundant. I'm not sure why this would be any less secure than any other insulation system.

...

All in all, I simply can't take Singularity seriously until it addresses the glaring problem: Singularity cannot run backwards-compatible apps, and until it decides to seriously address this issue, it simply isn't an OS that can be compared apples-to-apples with OSes like Windows, Mac and Linux, and instead probably deserves comparisons more akin to the XBox OS or microcontroller OSes.

I don't understand which backwards-compatible apps you are talking about here. I see this as a v1.0 OS (a singularity, indeed), so it's not surprising that it doesn't run old code. Why should this make it less of an OS?