[cap-talk] Terminology, soap box, the Hurd, Mach, capabilities rising

Jed Donnelley jed at nersc.gov
Thu Aug 10 15:11:34 EDT 2006 

At 11:23 AM 8/10/2006, David Hopwood wrote:
>Mark S. Miller wrote:
> > Karp, Alan H wrote:
> >>Ian G wrote:
> >>
> >>>Here's my soap box response:  capabilities is indistinguishable
> >>>from the concepts (not the practice) of object orientation.
> >>
> >>I agree for object capabilities, but there are other possibilities,
> >
> > I agree so far.
> >
> >>e.g., c-lists.
> >
> > Huh? All object-capability systems are c-list systems. (Though 
> not all c-list
> > systems are object-capability systems.)
>
>I think you're identifying "c-list systems" with partitioned capability
>systems, while Alan is using a more restrictive understanding of
>"c-list system", based on an implementation technique that is normally
>used in capability operating systems.

I'm afraid I'm really lost in the above.  I hope somebody can explain
where Alan and Mark seem to be disagreeing.  Does David have it right?

However with regard to:

>Unlike the situation for languages, object-based concepts in operating
>systems failed to make any significant headway at all -- rather than
>just failing to go the last mile to become capability systems. Since there
>are very much fewer successful operating systems than successful languages,
>and since backward compatibility has had a much more stifling effect on
>OS design, this is perhaps not surprising.

Good point.  I think partly this brings up the thought of just what is an
"operating system".  For example (since it's fresh in mind), what about
Mach in regards to the Hurd and Mac OS?  I could easily imagine a
situation where we have an OS kernel that uses objects and communicates
permissions to them at a low level ("micro kernel" - I hesitate to use that
term, but there it is), but by the time the human user sees it we have ambient
authority and a Unix or MacOS or Windows user/application experience
and interface.  This is exactly what happened to the NLTSS "operating
system":

http://en.wikipedia.org/wiki/NLTSS

though there the dominant OS model of the time (libraries and
applications) was the preceding "LTSS" system.  We were never
able to find a way to get capabilities to the surface, except where
they were already at the surface in the interface to our Mass storage
system.

This clash of models seems to me largely dictated by the library and
application level software (e.g. Gnu or Windows).  I wonder if Stallman
imagined that by building GNU on Unix (a path to success - no doubt)
he would be freezing the Unix OS design (and to some extent Windows
after it)?

How pinned down are we really?  What would it take to get the (a)
base capability model up to the point that it could be useful to
users (e.g. launch POLA applications, share permissions with other
applications and users using POLA via capabilities)?  Perhaps there's
something to learn from the cap desk experience here?  How much
of Unix could run on cap desk?  How much of cap desk could run
on Mach?  Is there something fundamentally "wrong" with the Mach
capability model that we should oppose it in its current form or try
to revise it on the oft chance that it could become "successful"?
How can the Mach ports rise up through the Hurd to be visible to
users?

Whew.  Tough issues.  Pretty unrelated to the base capability model
I think.

--Jed http://www.webstart.com/jed/

More information about the cap-talk mailing list