[cap-talk] Capabilities and Freedom vs. Safety
Jonathan S. Shapiro
shap at eros-os.com
Sun Jul 22 18:44:32 EDT 2007
On Sun, 2007-07-22 at 15:55 +1000, James A. Donald wrote:
> The you have to download music, then run another program
> to play what you just downloaded - you the human has to
> transport information between these two programs by
> hand.
James:
You have to do that anyway. In current music players, the download code
and the playback code are in different libraries. The question is not
whether you have to run two programs. The question is whether a music
player can sensibly be structure *internally* such that each of these
constituent programs is protected from the others, obeys POLA, and
communicates by a limited number of channels having a well-specified
protocol and the the smallest protocol that is pragmatically sufficient.
None of this alters what the user sees in the slightest, and NONE of it
requires collection of authority into a single program. Indeed, the
whole point of capability systems is that they *don't* require this sort
of aggregation, because they support POLA directly.
Jonathan
More information about the cap-talk
mailing list