. how to assure that IPC ability is fair?
need to keep a rough count of each process's
use of message-sends,
if things are getting bogged down,
and someone is out-mailing a lot,
then need to alert user to the app
for ideas about why that app might need to out-mail so much .
6.29: addx/malloc/privacy assurance:
. when doing mem alloc,
privacy could be done with minimal erasing
if each sensitive domain
did its own recycling .
. also if the next domain is trusted (the os)
then erasing would not be needed,
suggesting that erasure not be done until
the block is reallocated .
. on most practical systems though,
addx will be a system on an untrusted system,
so then you'd need to erase as soon as possible,
and still not be sure of privacy!