why isolated components

[Scott Lystig Fritchie]

I can't recall if I've already mentioned this to the erlang-questions
crowd, so forgive me if I'm repeating myself.

>>>>> "ja" == Joe Armstrong <joe@REDACTED> writes:

ja> In a paper on Java by Czajkowski and Dayn\`{e}s [1], from Sun
ja> Microsystems, say:

ja> The only safe way to execute multiple applications, written in the
ja> Java programming language, on the same computer is to use a
ja> separate JVM for each of them, and to execute each JVM in a
ja> separate OS process.

The Software Infrastructures Group at Stanford is taking this exact
approach to provide the sort of software component isolation that Joe
is talking about.  See http://swig.stanford.edu/public/projects/roc/
for lots of papers.  "By concentrating on reducing Mean Time to Repair
(MTTR) rather than increasing Mean Time to Failure (MTTF), [Recovery
Oriented Computing] reduces recovery time and thus offers higher
availability."

They've cooked up a system for applications distributed across
multiple JVMs that *very* closely resembles the Erlang/OTP supervisor
behavior.

I love the title of one of their papers: "Crash-Only Software".

-Scott

P.S.  I hope to see many of you in Uppsala next week.