[cap-talk] Persistence as a cap value (was: Re: ...PLASH discussion)

[Raoul Duke]

>  And an argument can be made that process persistence is the wrong
>  default. To the extent that programs are known to be buggy, it may
>  actually be important to restart them periodically purely to clear out
>  accumulated muck. Persistence adds a lot of pressure for correctness,
>  and human programmers don't seem to be very good at that.

the "crash only" approach to thinking about software design has always
intrigued me, especially since i've heard of interesting, good, robust
uses of it in industrial applications (airplane software, telecoms).
there are a few different versions of the approach. some have the
processes restarting every so many milliseconds!

it would seem to me potentially safer to 'prove' that something
short-lived is safe vs. hoping that you don't go off into the
statespace weeds over the days, months, years of uptime.

sincerely.