Re: Potential use case for opaque space bank: domain factored network stack

[Marcus Brinkmann]

At Mon, 08 Jan 2007 00:02:20 -0500,
"Jonathan S. Shapiro" <address@hidden> wrote:
> I accept that you have a different view of what security policies are
> important. I may not agree with your view, but that does not mean that
> your goals are invalid. The problem right now is that I don't understand
> your system and I therefore cannot understand if *any* security policies
> can be enforced in your system. It is surprisingly easy to design a
> system in which security enforcement is impossible. The overwhelming
> majority of current general-purpose operating systems fall into this
> category. When someone (you, but also anyone else) proposes a new OS
> structure, I am therefore very skeptical that it will turn out to be
> securable in any sense at all. This skepticism is very well motivated by
> history.

Ok.  However, as you say yourself, this is true for just about any
system, with few exceptions, and must be true for anything that is in
development, and thus necessarily incomplete.  This includes all Hurd
designs, *ever*, and is not particular to my proposal at all.

> > > I completely support Marcus in his view that the "transparent memory"
> > > proposal is worth exploring, but in my opinion it would be irresponsible
> > > to design this assumption into a widely deployed system until its
> > > implications are more fully understood.  My concern is that I do not see
> > > the necessary design work occurring that would determine that. This may
> > > be simply because that discussion is not occurring here.
> > 
> > Jonathan, I couldn't have said it any better, but for the system
> > design you propose to be widely deployed, and referring to its social,
> > policital and economic implications as well as technical ones.
> 
> There is significant merit to this part of your response. The difference
> between our positions (as I see it) is this:
> 
> My design is compatible with the current trend of legal and social
> opinion concerning intellectual property. To the extent that this is
> true, it fits directly into the current political environment and
> economic framework. However, it also seeks to restore to the user a
> balance of power by ensuring that end users can apply all of the same
> tools that content providers can.
> 
> Your design proposes to undermine and attempt to redefine both the
> current political and the current economic framework. It seeks reversal,
> not balance.
> 
> I do not assert that either view is "better". Each view, in my opinion,
> has significant merits, risks, benefits, and costs.

We are clearly looking at very different parts of the political
landscape.  However, it seems to me that everyone is pushing ahead and
tries to undermine and redefine the opposition.  If what I am trying
can be described as reversing the culture to a read-write society
pre-20th century (and I would agree), then one can just as well
describe the intensifying grasp at control over information flow as an
attempt to reverse the emerging trends of the peer-to-peer connected
society.  In that light, these labels appear to be rather arbitrary.

> > However, please note
> > that virtually all systems widely deployed today do have "transparent
> > memory", do you know any exceptions?
> 
> The overwhelming majority of systems deployed today do not. I refer, of
> course, to set-top boxes, game machines, music players, refrigerators,
> disk drive controllers, and so forth.

Point taken.  The PC will be crippled last.

Thanks,
Marcus