:Running out of swap can be easily done by normal user privilege.
:Non-overcommiting system can run important application on the system
:which has a normal user, because it never lose critical data, even if
:a user on the system make a mistake. (The application might stop,
:but it never lose data.)
:
:4.4BSD derived system cannot do this, and have to use different
:machine for such applications.
:...
:
:8x or more?
:That's wrong. It depends.
:--
:soda

    If you are talking about a user intentionally attempting to run a system 
    out of swap, it is fairly easy to do whether the system uses an overcommit
    model or not.  The user has any number of ways of blowing the server up
    too - for example, by making thousands of connections to it or running
    many huge queries in parallel.

    A machine which is running a critical server is not a multi-user machine
    by definition, precisely because of this point.  No reservation model 
    will save you from a user hell-bent on screwing your machine up, there 
    are too many ways to do it.

    The reality is, again, that a properly configured system will not run out
    of swap.  Reliability is a statistical function... if the chance of
    a system running out of swap is 1 hour of down time per thousand years,
    that is a probability that can be ignored because there are plenty of
    other potential problems that will result in more down time.

    					-Matt
					Matthew Dillon 
					<dillon@backplane.com>