Tuesday, August 30, 2005

Paranoid by Default

Capablities based systems are Paranoid by Default.

The ONLY things a program are allowed to do are specified by the capablities handed to it.

The main problem in making any point (including capabilties) is that you have to simplify things to the point where someone can grok an example. The downside is that it's deliberately trivialized, so the tendency is to poke holes in the example, and think they scale... which they don't.

Cases of this that I've seen in the past include the arguments for and against pretty much any new technology, including:
  • Structured coding
  • Object Oriented Coding
  • Information Hiding
  • Garbage Collection
  • Strong Typing
All of these have been attacked at the example level. There are benefits to all of them, and yes... you could write in assembler, but it's more efficient for the programmer to write in a higher level structured manner. Etc, etc.

I need to make a better case for Capabilities (and for the BitGrid, for that matter), and I WILL do so.


No comments: