[cap-talk] Failure isolation

[Jed Donnelley]

On 3/17/2008 4:45 PM, Raoul Duke wrote:
>>  A "first step" that, sadly,
>>  modern computer systems are no where near
>>  achieving.
> 
> i agree it is sad when a great idea is apparently difficult to
> achieve.

Certainly not difficult to achieve, as there have been many
implementations of POLA systems.  I think perhaps you mean
"difficult" to get to become widespread, as a generally
accepted (software) engineering practice?

> but at the same time i wonder if sometimes people see an idea
> as simple, but fail to see that yes the devil really is in the
> details.

The above can't be disputed.

> so, are there polas which have worked stupendously well in a
> non-software situation?

Hmmm.  I'm not sure why you feel it's important, but I don't
know of any.

Certainly the military "need to know" has a lot of similarity
to the POLA concept, but the differences may be more important
than the similarities and it's success is questionable.

I think it's not too much of a stretch to suggest that human
societies generally work on a POLA basis.  I don't think any
of us willingly give up any authority without "need"ing
to.  How well do human societies work?  I believe better
than they would without the POLA that they have.

> if so, what makes them different than the software case?
> is it just our legacy of crappy mainstream os's?

I don't consider our mainstream OS's "crappy".  They
were just designed at a time when flexibility and
performance were so much more important than security
and reliability that they emphasized aspects of
system design that perhaps would be treated differently
in an environment like today's.

Unfortunately, the interfaces that they provide have
made it difficult to change to anything more effective.
As I often note, I still have hope that the solution to
the access control problem for the Internet will provide
for POLA discipline - as other aspects of human societies
do.

--Jed  http://www.webstart.com/jed/