<br><br><div class="gmail_quote">On Wed, Dec 16, 2009 at 2:24 PM, Bert Freudenberg <span dir="ltr"><<a href="mailto:bert@freudenbergs.de">bert@freudenbergs.de</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div style="word-wrap:break-word"><div><div class="im"><div>On 16.12.2009, at 18:43, Eliot Miranda wrote:</div></div><div class="im"><br><blockquote type="cite"><div class="gmail_quote">
<div>In the bright rosy future concoct a convincing story around capabilities or mirrors which carefully modulate use of these facilities so they can't be misused.</div></div></blockquote><br></div></div><div>That's exactly my point - I don't see how you could do a safe capability-based system with those primitives that can work around any encapsulation and hence can circumvent any capabilities.</div>
<br><font color="#888888"><div>
<span style="border-collapse:separate;border-spacing:0px 0px;color:rgb(0, 0, 0);font-family:Lucida Grande;font-size:12px;font-style:normal;font-variant:normal;font-weight:normal;letter-spacing:normal;line-height:normal;text-align:auto;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px"><div style="font-family:Helvetica">
<span style="font-family:Helvetica">- Bert -</span></div></span></div></font></div></blockquote></div><br><div>Implementing a proper capability based system in squeak is likely to be an exercise in futility. However, in a system built from the ground up with a capability based security model, this is a non issue. Any code that should not have access to these primitives would not have access to them. In such a system, you would not be able to freely turn any method into a primitive as you can in squeak...you would need access to a compiler that had those capabilities...and, invocation of such primitives would require having a reference to some kernel object that implements those primitive method...which you would only offer to code that you trusted, or under circumstances where that level of security wasn't required (i.e. development or debugging).</div>
<div><br></div><div>- Stephen</div>