[cap-talk] A comment on James v Jed

Jonathan S. Shapiro shap at eros-os.com
Mon Jul 9 21:03:41 EDT 2007 

Subject changed primarily so that James receives this, and my suggestion
is that neither James nor Jed should reply to this.

James:

Jed and I have had our disconnects as well. Invariably they are rooted
in differing assumptions. Jed and I rarely come to agreement, because he
and I tend to be looking at different cases with legitimately different
outcomes. Our exchanges are sometimes pointed and frustrating.

That said, I feel (and from private exchanges I think Jed agrees) that
they are worthwhile. The reason they are worthwhile is that they tend to
reveal what the differing root assumptions were, and *that* is fairly
well priceless. Jed and I also agree that we both wish we could find a
better way to navigate the email exchanges on occasion.

So: I think it is possible that you are throwing away some real value.
That being said, it is certainly your decision to make.

On to your specific key statement:

> the real world, where people
> can and should write C++ programs with extensive access
> to the net, to the user, and to system resources,

If this is an accurate summation of your view, then capabilities are not
for you. The primary value of capabilities lies in the ability to create
*structured* systems. The type of system you are describing is (rather
aggressively) unstructured. Unstructured programs are, in principle,
indefensible.

Nobody on this list will claim that these programs are going away any
time soon, but we all hope that we can assist their demise with all
deliberate speed. The more of them we write, the longer it will take to
make computing systems survivable in the hands of normal users.

It is not an objective of capability-based systems to favor such
designs. In my opinion, the *difficulty* of creating such designs in a
well-articulated capability system is one of the great benefits of
capabilities. Creating that particular breed of irresponsible crap
software is a decidedly unnatural act in a capability system, and it
*should* be an unnatural act.

I do not dispute the need to run legacy environments and programs. I do
not dispute that people can and will and are actively encouraged to
write crap unstructured software.

Thankfully, they will be forced to discover new forms of crap in a
capability based world. What remains to be seen is whether the new crap
will smell like roses. :-)


shap

More information about the cap-talk mailing list