Re: Design principles and ethics (was Re: Execute without read (was [...]))

[Marcus Brinkmann]

At Fri, 28 Apr 2006 14:45:32 +0200,
Pierre THIERRY <address@hidden> wrote:
> 
> [1  <multipart/signed (7bit)>]
> [1.1  <text/plain; us-ascii (quoted-printable)>]
> Scribit Marcus Brinkmann dies 28/04/2006 hora 01:47:
> > Maybe you should wait for me to formalize my arguments until you jump
> > to conclusions about why I am rejecting this.  So far I only gave you
> > the summary.
> 
> I was about to ask you if you give us the whole story, indeed.

I am not yet ready to formalize the whole argument, sorry.  But I gave
you all the important information, the rest is just deduction and
application to specific cases.

> > I would recommend that Alice and Bob go to a keg party and have a beer
> > over their differences.
> > 
> > I would further educate Alice about [...]
> > 
> > Furthermore, I would talk to Bob and warn him about [...]
> 
> That's a faithful commitment to social progress in the world, and I can
> only promote it, but it does not solve the problem here.

Say Joe wants to shoot Sue, so Joe asks me for a gun.  If I don't give
him a gun to shoot Sue, but explain him why shooting Sue is really a
bad idea, I have not solved the problem?  Maybe, but then it was the
wrong problem Joe was trying to solve :)

There is one thing I didn't tell you yet, and this is the idea that
user freedom also has to be secured.  The mechanism that allow to do
what you described are a security threat to the user's freedom to
inspect his resources.  So, now you have a conflict of goals: The
freedom to do something, and the security to not lose the freedom to
do something.  These are always difficult situations, and will always
involve a judgemement decision.  In this case, my decision is that
protecting the user's freedom has priority, and that a user should be
required to do some conscious action (like, install extra software) to
compromise his freedom.

In the end, it will be at the discrimination of the machine owner if
he allows to do such an operation or not, just as it is at the
discrimination of the machine owner if he enables the DRM chip in the
computer or not.  For the Hurd, I don't want to make use of this
feature, but that doesn't mean you can't add it if you really want to.

> Your conclusions about the fact that reverse engineering is harder than
> writing from scratch, that NDA are dangerous and than educating people
> instead of limiting them are, at best, true in the general case.
> 
> But building principles on the general or, worse, ideal case is a very
> dogmatic position, IMHO.

You seem to think that a principle and a dogma are two different
things.  I don't see why.  They seem to differ mostly in what people
connotate with them.

> In fact, you do with the OS what you would tell Alice not to do with her
> source code, I think. You should not prevent people to do morally
> objectionable uses of the system. You should go educate them so they
> don't want anymore.

Who said I prevent anybody?  Even if I wanted to, I couldn't.  Even
the DRM clause in the GPL v3 has only a very limited effect of
preventing DRM, just enough to not allow somebody to compromise the
copyleft.

> > It's really sad that some students have swallowed up the story of
> > "everybody against everybody" so early in childhood that they bring
> > this attitude to university.  It's something that we should work
> > against, not support.
> 
> That's not the matter here. The people I love around me somethimes have
> to protect me from myself, and I sometimes have to protect them form
> themsleves. And we are generally wery grateful that we did that to each
> other. That could be the case between Alice and Bob here.

Yes, but that is a social contract between Alice and Bob, and I don't
think that's a good guiding principle for an operating system design.
Or rather: I don't even know how to express such a relationship in an
operating system.  Probably it would mean that both, Alice and Bob,
have access to each other's user account (and this is the opposite of
what you wanted originally).

Alice and Bob can achieve the goal you described in a number of
different ways, by the way.  For example, Alice could show a life
demonstration of her program to Bob.  Or Alice could run the program
in her own account, and provide capabilities to it to Bob, which Bob
could use to display and interact with the program.  In this case,
Alice would run her program as a service.  That's OK with me.

Thanks,
Marcus