@lispi314 @Suiseiseki @p @jeffcliff @scathach
> With a language providing no direct memory access semantics, it is impossible to wrongly access resources without either a broken implementation (for which formal verification methodology is available) or broken hardware (this is a more complicated issue).
Sure, but the language's semantics shouldn't matter. A process shouldn't have to give away the resources you don't need, but whatever you get your hands on you should be able to do with what you please. If you're just sending blunt data it's not even a problem.

> Re-implementing that with near zero-cost would require RDMA and trust for all involved nodes (may be impossible in a lot of cases)
Sort of what I thought. Not that I believe in security anyway.

> This means the implementation can encapsulate resources in opaque structures which cannot be interfered with.
Sounds proprietary. :absolutely_proprietary: