[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Changing from L4 to something else...

From: Yoshinori K. Okuji
Subject: Re: Changing from L4 to something else...
Date: Fri, 28 Oct 2005 04:40:16 +0200
User-agent: KMail/1.7.2

On Thursday 27 October 2005 10:44 pm, William Grim wrote:
>  Yeah, possibly. I won't comment on this, because I don't fully understand
> all of the Hurd yet either. I think we should look forward, but we should
> be doing a cost-benefit analysis at the same time and base some of our
> decisions off of it. I can't speak for Alfred, but I think that's what he
> really wants. I think Alfred wishes to remain practical. Not that I think
> anyone else here is impractical, but I think a cost-benefit analysis is a
> practical way to determine if the project can be done in a reasonable
> amount of time with whatever goals we decide.


The recent debate in this list makes me very afraid of a possibility of 
extreme cost which never finish in a reasonable amount of time or human 
resource. No matter whatever design mistakes the Hurd has, the reason why it 
is nearly unusable even after 15 years is that most people have merely 
dreamed and never implemented their dreams. Those who have been hanging 
around for years, such as Marcus and Alfred, should know this fact. When I 
see people talking about an ideal future again and again, I must imagine that 
the same destiny would arrive.

What makes me scared the most is security paranoia (I'm sorry for my wording). 
Some people tend to desiring 100% security, but it is simply impossible or 
not feasible in reality. It is the same question as "How can I avoid a death 
with 100% promise?" The only possible answer is "Die. Once you are dead, you 
never die."

Security is a matter of a degree. The question is not if it is secure or not, 
but how much it is secure. With a good capability system, you may prevent 
malicious code from destroying all of your data, but you may not stop it 
doing all malicious behaviors, anyway. For example, if a plugin for a browser 
is to assist setting up a preference (in fact, there exist several plugins of 
this kind for Mozilla), you must allow the plugin to rewrite your 
configuration. Then, if the plugin is malicious enough, it can insert a proxy 
setting secretly.

I'm not planning to take part in design decisions, simply because I don't have 
time to read recent papers. But I wish Marcus and others would take it into 
account that the project must be feasible and realistic.

From an "indirect" contributor to Hurd,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]