Hacker Read

phendrenad2 | karma 6687 | avg karma 1.55 · 2023-11-03 18:08:36

The only real difference seems to be in the kernel. And that one difference is that it's "capability-based", which in practice means that programs are given keys by the kernel, which they can use later to make syscalls. This theoretically makes security easier to reason about.

cududa | karma 3787 | avg karma 3.39 · 2023-11-03 18:28:02

There are tons of other differences and I'm not going to bother to list them all out here, but this is just not accurate.

xwowsersx | karma 4033 | avg karma 2.48 · 2023-11-03 18:38:48

How is this comment helpful if you won't list the differences or explain why it's not accurate?

LargeTomato | karma 1111 | avg karma 2.87 · 2023-11-05 19:47:39

I find it helpful.

"Warning: don't trust this"

reply

eviks | karma 2408 | avg karma 1.03 · 2023-11-04 02:28:55

Could you bother linking to a place listing them all out there?

johncolanduoni | karma 4429 | avg karma 2.63 · 2023-11-03 20:50:07

I think this is missing the forest for the trees: most of what would normally be a systemcall to the kernel in Linux is instead a capability-based IPC to other userspace processes with limited privilege. This includes device drivers, the networking stack, filesystems, etc.