== Problem: Containerize Activities or Instances? ==  #none

  We're presently on the fence about whether to isolate different instances of
  activities from one another.

Situation:

  Ivan doesn't think it's worth it; Noah is concerned about controlling the
  spread of viral documents.

  Michael doesn't feel strongly about it; he doesn't see much difference in
  implementation difficulty.

  Michael thinks the usability issue is going to come down to the fact that we
  rate-limit by container. If instances are packed into one container, then
  long-running background downloads could really mess up your browsing
  experience. If they're allocated per-instance, though, we don't (at the
  moment) have any hard bounds on allowable resource usage.

  Either way, if the user is going to rely on Rainbow (as opposed to the app
  itself) to do rate-limiting, then we might find ourselves constantly
  twiddling limits in order to make a decent browsing experience.

  Also, do we ever need to firewall instances, or just activities as a whole?

  (Incidentally, how *are* we going to rate-limit activity startup?)

Plan:



Followup: