[cap-talk] A better reference for the "capabilities propagate too easily" argument

Jonathan S. Shapiro shap at eros-os.com
Wed Aug 1 10:03:24 EDT 2007

On Wed, 2007-08-01 at 13:57 +0100, David Hopwood wrote:
> Jed Donnelley wrote:
> > At 09:12 AM 7/31/2007, Mark Miller wrote:
> >> On 7/30/07, Jed Donnelley <capability at webstart.com> wrote:

> >> What about Grasshopper
> > 
> > Looks very interesting.  I wasn't aware of Grasshopper before.  Also not
> > in the US, but still seems to be an unabashedly capability system.
> The papers on Grasshopper published at the time (at least the ones I
> was aware of) never really brought out that it was a capability system;
> as far as I remember they were all very much focussed on the
> implementation of, and motivation for, orthogonal persistence.

Alan Dearle and John Rosenberg became aware of the EROS work at the POS
workshop in 1996. They were aware of KeyKOS from the 1992 USENIX
workshop article, but that didn't talk much about persistence.

One of their students later noted that Grasshopper never really worked
very well, and if they had understood half of what KeyKOS had done to
achieve efficient checkpointing, they would have architected their
system in a completely different way.

In this context, the lack of archival publications from the KeyKOS/EROS
work is frustrating. I've tried in some measure to correct that, but
there is still a lot to say. It is sometimes uncomfortable, because I am
often placed in the position of writing about other people's ideas that
I have merely refined in some small way. I have no ego problem with
this, but the academic publication system doesn't have a model for this
type of publication.


More information about the cap-talk mailing list