[cap-talk] Capabilities and Freedom vs. Safety

Sam Mason sam at samason.me.uk
Sun Jul 22 08:51:06 EDT 2007 

Pierre THIERRY wrote:
>  > Why wouldn't I just have the following separated
>  > programs:
>  >
>  > - one to play music (only authorities: reading files I
>  >   ask to play and sound output),
>  > - one to organize my music (authority: reading all my
>  >   music files, maybe some kind of powerbox to delete
>  >   them),
>  > - one to download music (authority: restricted network
>  >   access and adding new files to an incoming directory),

James A. Donald wrote:
> The you have to download music, then run another program
> to play what you just downloaded - you the human has to
> transport information between these two programs by
> hand.

Why does me "the human" have to do this, just because we've got lots
programs involved doesn't mean that a human needs to manually initiate
each step of the procedure.

> An all in one program provides substantial convenience.

And is something computer science has been battling with for a long,
long time.

> More convenient to play as it is being downloaded, and
> after the song is finished, decide to add it to your
> file collection, or not.  And then of course you want to
> browse your file collection.  Inconvenient to switch
> programs at that point.

This could all be arranged to happen using multiple programs behind the
scenes, each one operating under the POLA.  I think it may be easier
to download the file into your collection and after playing decide
whether to actually keep it.  If this is presented in the way that you
described, i.e. the default being to remove the file, doesn't seem to be
much of a problem.

> You could browse it with the
> standard file powerbox, in which case the program would
> only detect copyrighted music when asked to play it,

Only the music player would need to use the powerbox to get a capability
to a file you wanted to play and only then when one wasn't already
provided by, say, the music organiser.

> though that would be bad enough, but it is useful to
> browse your music file collection organized as music, in
> which case the program would need to be empowered to
> detect all of it.

The music organiser would have access (probably read-only) to all of
your music files and would be free to display them however it wanted
to.  When you selected a song you wanted to play, a capability to this
file would be passed on to the music player and the music player would
be able to play the file---the music player would, by default, have a
capability to do audio output.

I'm not entirely sure why Pierre separated the music player from the
organiser.  It doesn't seem to buy you much and the two components would
be rather intimately intertwined, assuming we want them to look anything
like how music players do now.


  Sam

More information about the cap-talk mailing list