[cap-talk] Capability-based Projects - theory vs. practice

Jonathan S. Shapiro shap at eros-os.com
Fri Aug 3 10:17:06 EDT 2007

On Thu, 2007-08-02 at 18:52 -0700, Jed Donnelley wrote:
> You've definitely hit a critical point there.  Whether in some sense
> 'we' want to refer to such systems as "capability" systems (e.g.
> because they can provide a POLA environment for running programs -
> without access to the ACL interface), I certainly consider them as
> dysfunctional regarding their use of capabilities...

Well, in the case of Mach, I don't think the assessment of dysfunction
needs to be limited to the capability issue.

Chorus, in its day, was a fine design. Looking back now, there are more
things that I might criticize, but I remember being impressed with it
then, and reading the Chorus docs in the context of their time I am
still impressed.

> I admit that I've never seen any sort of a Mach interface other than
> Unix, but when I consider that network server for Mach:

To my knowlege, the only major subsystems that were ever built natively
on Mach were the Camelot/Avalon transaction processing system, the
original AFS file system, and the UNIX servers. Perhaps the network
extension could be listed as a fourth case. Once the UNIX environment
existed, people basically stopped programming to the Mach interface.

There is something instructive in that.


More information about the cap-talk mailing list