Re: Potential use case for opaque space bank: domain factored network stack

[Jonathan S. Shapiro]

On Mon, 2007-01-08 at 04:26 +0100, Marcus Brinkmann wrote:

> Jonathan proposes that we make a paradigm shift in who controls the
> computational resources of a machine.  Instead of giving this control
> to the rightful owner of the device, he wants to give this control to
> the authors of the programs and data that is put into these machines.
> That is a radical paradigm shift, which is aligned with the interests
> of big businesses but hardly anybody else.  We have so far only seen
> weak attempts to push this change into the world, and already it is
> causing considerable distress and harm.

Jonathan proposes nothing of the sort.

First, Jonathan does not believe in pissing up a rope. Pragmatically,
the developer *always* controls what is going to be executed. [You may
be able to use a binary editor, but this is not useful enough in
practice to alter my statement significantly.] This means that the
developer has very substantial control already.

Second, Jonathan has no objection to having a constructor that
implements methods

  createYield()
  createTranslucentYield()

with the difference being that the second returns a process capability
to the invoker. Holding the process capability is sufficient (with a bit
of helper code that does not need to know anything about the subject
application) to ensure transitive translucency.

The difference between this proposal and Marcus's proposal is that the
application can refuse to be constructed transparently. You, as a user,
are free to say "I don't want to run anything that I cannot
(transitively) inspect". I, as a developer am free to say "I do not
choose to let you inspect my programs, but you are free not to run them
at all."


> This is justified, according to Jonathan, because eventually there
> will be a world where the mechanisms are used for good and rightful
> purposes instead of being abused.

I have no idea where you got this, but it didn't come from me. Please do
not attribute motives to me that are not mine.


My design objectives do not match yours. I do not seek to invert the
balance of power in computational systems to place it entirely in the
hands of the user. I seek to design systems in which users and service
providers can negotiate the terms that *they* choose to negotiate.

I do argue that in robust systems there are parts of the software that
normal users should not poke their fingers into. I do not choose to
favor the interests of developers over the safety of users and the
robustness of their compute experience.

I emphasize that these are choices, and they result from an aesthetic
opinion about what the best way to build a computing system is. Your
goals and views also derive from a design aesthetic. Our aesthetics are
different.


Of course, it goes without saying that mine is superior in all respects.
I also shit gold and urinate fine brandy.


-- 
Jonathan S. Shapiro, Ph.D.
Managing Director
The EROS Group, LLC
+1 443 927 1719 x5100