[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Design principles

From: Pierre THIERRY
Subject: Re: Design principles
Date: Tue, 16 Jan 2007 06:51:13 +0100
User-agent: Mutt/1.5.13 (2006-08-11)

Scribit Marcus Brinkmann dies 15/01/2007 hora 10:26:
> From my point of view, the flip side is also true: Pervasive use of
> the EROS design pattern seems to make it impractical to recover the
> full control of the user over their resources.

That depends vastly from the POV from which you consider practicality.
From the OS or performance POV, as gaining full control on a resource
imposes an additional procotol, possibly complex, it is impractical.
However, from the user POV, it can be straightforward. Moreover, the
question remains which you typically wants the more often: the benefits
of your proposal or those of EROS patterns.

For example, it seems that the EROS patterns in the case of opacity
favour usage patterns that are more efficient and less vulnerable to
denial of service (opaque memory is easily given to a confined process
newly instantiated, instead of using a service shared by many subjects).
And the need for memory inspection occurs, it seems to me, far less
often than the need for speed and robustness.

To summarize, I think that the EROS patterns indeed make some use cases
impractical in a way that should not even be measurable by the user,
whereas your design has the potential to make use cases that user could
want impractical from their point of view.

Maybe I'm really too developer-centric, but as an example, when thinking
in my bath, some minutes ago, I was trying to design a better version of
Hitman, a First-Person Shooter game where you plan a assassin. In an
object-oriented OS like Coyotos, I would design such a game to take
capabilities to programs to "play" the various people in the game (one
for the bodyguards, another for nurses, etc.). What would really be
fantastic would be that some other user on my system could hand me a
capability to such a program he designed himself. But what if wouldn't
want to let me know how he achieved it, for example because he is trying
to sell it, if he didn't want to pay for the storage or CPU needed to
operate it, and I didn't want him to know when I play and how? In
Coyotos, this is trivially achieved, and even in a way probably trivial
for users to set up (even non developers, like in the case of a friend
of that game developer that has an account on my system, and to let me
try the agent).

OpenPGP 0xD9D50D8A

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]