[cap-talk] A comment on James v Jed

Jonathan S. Shapiro shap at eros-os.com
Mon Jul 9 23:22:58 EDT 2007 

On Tue, 2007-07-10 at 12:53 +1000, James A. Donald wrote:
> You neglect the middle ground - we not only need the capability to run 
> legacy software, but also to utilize legacy source code.

Well, yes. I did neglect it in that posting, but it *is* something that
I have given some thought to.

There are many ways to satisfy that middle ground, and they carry a
range of engineering trade-offs.

> The question then becomes:  What are the minimum changes from Single 
> UNIX Specification necessary to provide safety.

I understand why you believe that this is the right question. From a
compatibility standpoint there are many reasons to find this question
extremely attractive. Mark Seaborn, I think, may have gone furthest in
this direction so far (with PLASH). Certainly he has gone much further
in this direction than I ever really believed was practical.

What follows is my *opinion*. Some others here probably share it, but I
won't presume to speak for them.

I'm very torn about this approach. From a short-term survival
perspective I think it would be wonderful if someone figured out how to
pull this off. From a long-term survival perspective, I really hope it
is impossible.

The problem is that this approach has all the failings of the "nicotine
patch". It supports the bad addiction without eliminating the bad
behavior (which is writing unstructured programs). Ultimately, what *I*
want to accomplish is to change the way that programs are written so
that monolithic programming is relegated to an historical reference
found only in wikipedia.

I do not believe that it is impossible to introduce a successful new
programming API, because I have seen too many new APIs successfully
introduced over the years. They happen every few years. I have also seen
a number of "near success" failures, and one common element of those
"interesting" failures is that they attempted to compromise with
existing practice, did so semi-successfully, and thereby succeeded in
obscuring their own novelty by failing to grab hearts and minds.

At the end of the day, adoption of capabilities is a social engineering
problem as well as a technical engineering problem. I think people can
legitimately have different views about how to accomplish that social
engineering goal.

Because of my views, it is much more important to me to work out a
viable membrane pattern for OS's than it is to make POSIX safe for
humanity (or at least for UNIX geeks :-).

shap

-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC

More information about the cap-talk mailing list