On Mon, 2007-01-08 at 04:26 +0100, Marcus Brinkmann wrote: > Jonathan proposes that we make a paradigm shift in who controls the > computational resources of a machine. Instead of giving this control > to the rightful owner of the device, he wants to give this control to > the authors of the programs and data that is put into these machines. > That is a radical paradigm shift, which is aligned with the interests > of big businesses but hardly anybody else. We have so far only seen > weak attempts to push this change into the world, and already it is > causing considerable distress and harm.
Jonathan proposes nothing of the sort. First, Jonathan does not believe in pissing up a rope. Pragmatically, the developer *always* controls what is going to be executed. [You may be able to use a binary editor, but this is not useful enough in practice to alter my statement significantly.] This means that the developer has very substantial control already. Second, Jonathan has no objection to having a constructor that implements methods createYield() createTranslucentYield() with the difference being that the second returns a process capability to the invoker. Holding the process capability is sufficient (with a bit of helper code that does not need to know anything about the subject application) to ensure transitive translucency. The difference between this proposal and Marcus's proposal is that the application can refuse to be constructed transparently. You, as a user, are free to say "I don't want to run anything that I cannot (transitively) inspect". I, as a developer am free to say "I do not choose to let you inspect my programs, but you are free not to run them at all." > This is justified, according to Jonathan, because eventually there > will be a world where the mechanisms are used for good and rightful > purposes instead of being abused. I have no idea where you got this, but it didn't come from me. Please do not attribute motives to me that are not mine. My design objectives do not match yours. I do not seek to invert the balance of power in computational systems to place it entirely in the hands of the user. I seek to design systems in which users and service providers can negotiate the terms that *they* choose to negotiate. I do argue that in robust systems there are parts of the software that normal users should not poke their fingers into. I do not choose to favor the interests of developers over the safety of users and the robustness of their compute experience. I emphasize that these are choices, and they result from an aesthetic opinion about what the best way to build a computing system is. Your goals and views also derive from a design aesthetic. Our aesthetics are different. Of course, it goes without saying that mine is superior in all respects. I also shit gold and urinate fine brandy. -- Jonathan S. Shapiro, Ph.D. Managing Director The EROS Group, LLC +1 443 927 1719 x5100 _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
