[E-Lang] defense in depth

Jonathan S. Shapiro shap@eros-os.org
Wed, 24 Jan 2001 12:27:25 -0500

> I have become convinced that the underlying material of capability
> security--the capabilities themselves--can indeed be made truly perfect.
> make them perfect, you must have them implemented by people like Norm,
> Jonathan, and Markm. There are not many people like them in the world, but
> the good news is, there are enough of them to make a perfect OS kernel and
> perfect language kernel.

Hmm. My reactions, in order, are: "ouch", "oh shit", "thanks", and "for
small values of perfect".

"ouch" and "oh shit" because if the list is this small we better none of us
get hit by trucks.

That said, I want to add that even if we achieve what you say, it isn't
enough. I am *desperately* trying to get out of the kernel on the EROS
project, because the real need is to investigate how we build manageable
user software in this world. If we are unable to translate this style of
software into something that relatively ordinary developers can use with a
high probability of success, we have failed. I had some experience with this
in the development of C++. It is part of why I am very pleased that MarkM is
working on E.

Our real problem is achieving critical mass across the board. Development
work is about to explode on EROS, and we will soon (i.e. in a few weeks)
desperately need people who are willing to "pitch in", both on paid and
unpaid basis (my apologies for the plug). If you are possibly interested in
doing so, please subscribe to the eros-arch and/or eros-port lists.

> >There's no magic bullet (no, not even capabilities!)...

Oh well. At least there is still a magic carpet and a magic eight ball.
There is some comfort in that.