Let's move away from binaries (Score 1)

Folks, this has been said before, but bears repeating. Microkernels vs. monolithic kernels is a valid debate, but not *the* debate. Instead of allowing arbitrary binary code, and trying to figure out how to build complicated tricks to verify that it does not break security, we should be working on an operating system based on a virtual machine with a high level bytecode, a JIT, and a bytecode verifier to ensure that only code with predictable semantics is allowed to execute. With such an OS, the whole thing could run in supervisor mode with no traps at all, thus offsetting whatever performance is lost due to the bytecode execution (which I think would be minimal anyway since we have really good JITs these days).