[E-Lang] what is good about E?

Bill Frantz frantz@pwpconsult.com
Tue, 31 Jul 2001 21:46:26 -0700 

At 2:17 PM -0700 7/25/01, Marc Stiegler wrote:
>> At 12:49 PM Wednesday 7/25/01, Marc Stiegler wrote:
>> >The directX question raises some interesting questions in a capability
>> >system, since if you upgrade from the SimCopter package, you are trusting
>> >the SimCopter people in addition to the Microsoft folks wrt the integrity
>of
>> >the directX being installed.
>>
>> I have no idea how Toontalk or SimCopter actually arrange for a DirectX
>> upgrade, but it doesn't need to be *this* bad.  You should be able to get
>> the code from Microsoft, or verify that the code came from Microsoft, so
>> you're only making yourself vulnerable to / trusting / relying on
>Microsoft;
>> not both Microsoft and SimCopter / Toontalk.
>
>Yes, the question is how to handle this pleasantly in the user interface.
>The traditional approach is to include the MS code on your cd, which is not
>acceptable. I'd guess a pleasant and reliable user interface can be designed
>(no tricking the user into going to a site that is not actually MS's site
>allowed :-), but I haven't thought it through yet (and won't in the near
>future :-).

The short answer is that digital signatures can go a long way toward
ensuring that an update comes from the source you think it comes from.
(But I seem to remember reading about Microsoft losing control of a code
signing key, so nothing is perfect.)

The more interesting issue is when your software needs a newish version of
a "system" component.  If the component is such that multiple versions can
run at the same time, the capability model is very well suited to
connecting the correct version to your code, while allowing other codes to
use their own versions.

If the version is naturally a singleton, I think of the KeyKOS/EROS space
bank, or the window manager managing the display, then the upgrade issues
become much more severe.  The risk of breaking existing applications is
very real and all too common.

Perhaps the best answer is to make back out of the new version easy.  If
something breaks, try reverting the software it depends on to the version
last observed to work.  The same logic applies to authority.  If people
decide that email agents should have full file system access, and then read
about email viruses that pick random files and send them to random people,
they might decide to rescind that full file system access.  When I have to
make decisions like this one, I almost never make it correctly the first
time.

Cheers - Bill


-------------------------------------------------------------------------
Bill Frantz           | The principal effect of| Periwinkle -- Consulting
(408)356-8506         | DMCA/SDMI is to prevent| 16345 Englewood Ave.
frantz@pwpconsult.com | fair use.              | Los Gatos, CA 95032, USA