Damien Katz

This was one of the things that kicked my ass (and continues to in some cases!) when writing Tornado server. Because Tornado is a web app server, each time a user requests a page, and action (Java class) is created and run. If you make a goober mistake (like I regularly do!) and build an infinite loop, you can't actually kill the thread. This sucks bigtime. You used to be able to, but Thread.kill() has been deprecated in later releases of Java because it is "unsafe". I say infinite loops are more dangerous than the ability to murder a thread.

Infinite loops are murder on a server and killing threads is quite dangerous in Java, largely because of the shared state threading model.

I think this may be why hosted Java is so rare compared to PHP. PHP is far safer and simpler to host for an ISP.

Agreed, especially concerning the doobledy gook plier frakers. However, it's not necessary to construct domain specific languages to get many of the benefits you mention.

Python and Ruby systems usually have just one server application per operating system process, giving system administrators a simple way to control each application's use of CPU, memory and IO. It also removes the complications of Java's much-abused security model. Unfortunately, Java's per-process memory overhead means that this always isn't an option, and the Java standards are going to have to continue to attempt to support multiple applications per JVM.

Indeed. I investigated a hosted version of Tornado but due to the restrictions mentioned above, it's not easy to completely isolate each application instance.

I use some custom classloaders so there is a level of protection, but not enough isolation that I would recommend it in a hosted environment. It does work brilliantly where you trust all your programmers ;-)

Currently, the right way to limit CPU, memory and I/O is to get help from the kernel. Virtual servers (like http://linux-vserver.org) are pretty good at enforcing limits.

You've got to have fully isolated processes before you can safely recover from infinite loops, excessive or infinite recursion, excessive memory consumption, excessive swapping, native library bugs, filesystem errors, kernel bugs, and so on. Java creates an illusion that its simple thread model approaches the beauty of isolated processes. Don't believe it! Rely more on processes and less on threads, and make the processes fail gracefully when they can't talk to each other.

I agree entirely. I'm actually working on a domain-specific language for network code in my spare time. My next question: what other low-hanging problems could be attacked with a domain-specific programming language?