It's a context. It contains threads.
On talos, kernel space is shared by all process. So, the term "process" means a userspace. And, It contains one or more tasks.
It means "non-supervisor tasks".
It means "supervisor tasks".
talos has a extreme-monolithic kernel. It contains functions that is contained in applications at normal system. A decisive merit for some existing systems to mention later is drawn naturally by this characteristic.
talos kernel schedules tasks by simple preemptive/FCFS policy except lowest priority tasks. Lowest priority tasks are scheduled by round robin policy. And, Usertasks have always lowest priority.
talos is an operating system that kernel includes shell like XML browser. User tasks are implemented as plugins corresponding to each data.
At talos, You can create item like text and picture on anywhere, except on only a few places. For example, You can scribble on desktop. And, No "This file is the type foo" at talos. Usually, talos recognizes data type every item.
So-called "Application"(application model process) brings only harm. The reason will be mentioned by section The reason why talos is secure and About shared libraries. Application is the process can open and create files, open socket and talk to other nodes, touch other process and/or open windows.
Such a system is not only complicated idly but also bleached for crisis. In talos, There're no API to do such a thing.
WYSIWYG is abbreviation of "What You See Is What You Get". It's a policy that -for example- the thing which is printed and the thing is displayed by a screen are totally same. It can be felt look good at a glance. And, It really spread (for example, a PDF document is WYSIWYG-ed). However, It's not so good...It may be said BAD. Because, It ignores the characteristic of each device.
Imagine you handle a PDF document on a screen. And, How it does it turn out if you narrow the window displaying a PDF document? You'll see "the contents become smaller" or "only a part of each line is displaying", don't you?
We realize high convenience by talos that distinguish data itself and its expression. For example, the document is laid out like a web browser does if you narrow a window. It is similar about the print too, and, for example, the document is laid out automatically like TEX does.
The figure shows the range of the user mode in each OS. The range of the user mode stands out in comparison with the other OS's in talos, and it is designed narrowly. talos is the secure greatest reason this.
At first usertask cannot create and open a file. The handle of a necessary file is handed at the boot time of the process instead by a kernel. Even if a pertinence process was cracked of in this, the damage is limited to the file which opened at that time. Because viruses cannot spread when the virus does not renew other files, viruses cannot propagate for a similar reason.
It(usertask cannot create and open) is not only about files but also about sockets. Because usertasks cannot make a socket, the usertask cannot communicate with somewhere by itself. Kernel opens the socket instead and hands the handle of the socket to a process at boot time. Because usertasks cannot create sockets even if the process is cracked -like a case of files-, It cannot connect any other nodes. You can imagine easyly how it is difficulty to transmit a file with this and the former property that "the user task cannot make a file, and cannot open" without permission in total. In other words, You can prevent to leak the information to the network if you use talos.
Furthermore, this property that "usertask cannot appoint a resource" extends to windows resource on the screen. A kernel opens the window and hands it to a process at boot time like a case of file and socket. This minimizes the event that a usertask must handle. And, for example, usertasks are impossible of realization key logger and screen capture.
The talos kernel UI starts its work from the operation of the user (and/or system events). Therefore, There're no limitations for users except their authority itselves. It's contrastive with the incomplete mechanism of "capability" -it depends on completeness of the setting for security and it imposes limits on users-.
Because a userprocess is a single function in talos, functions does not need to duplicate like other system. And, in talos, shared libraries are not needed except basic functions like interface to kernel and/or mathematics. For example, Shared libraries like libgcc and libm are still needed in talos too, But functions like libjpeg are implemented by userprocess (not shared libraries) in talos.
So dependence of shared libraries becomes very simple and does not need management.