Hacker News new | ask | show | jobs
by Technotroll 1150 days ago
> An OS should be providing higher-level data management, and insisting that is what is used.

This assertion seems normative. Could you please expand upon how higher-level data management improve the overall performance and efficiency of the system? Or could you point me in the direction of some good sources? Also what are the benefits of an OS providing higher-level data management instead of relying on lower-level data management solutions? Doesn't abstraction lead to less fine control? That is to say, how does insisting on using higher-level data management provided by an OS affect the development and maintenance of applications? I've seen some object-centric systems adopt this approach and find it very interesting.
2 comments
sparkie 1150 days ago
I think the OS should begin with a lower level abstraction - object capabilities, and build out from there.

Rather than a loss of control, capabilities enable fine-grained control over authorization, because a capability is both designates a resource and provides authority to use it.

But pathnames are not useful as capabilities, because they can be easily forged. So at best a pathname could serve to discover resources for which you could then request a capability to access.

link
ElectricalUnion 1150 days ago
Isn't Windows built this way?

Everything in Windows is an object, on a centralized resource broker Ob.

Windows uses capabilities based access to enable fine-grained control. It is EAL4 - Methodically Designed, Tested and Reviewed.

This by itself doesn't prevent Windows from having security issues.

link
sparkie 1150 days ago
Windows does not have the kind of capabilities I'm referring to.

With proper capabilities, the capability itself provides the authority. There's no need to have separate access control lists or some kind of central resource broker. Each process manages its own capabilities, can create new capabilities and can delegate them to others. And importantly, capabilities can always be revoked, at any time.

See: http://www.erights.org/elib/capability/overview.html, https://en.wikipedia.org/wiki/Capability-based_security

Also see seL4 for an example of this done right.

link
drpixie 1150 days ago
You seem to be answering your own questions :)

Of course, "abstraction lead[s] to less fine control" - at the the lowest (assembly) level, you can do almost anything - and make all the mistakes imaginable. Sometimes you want to genuinely maximise performance, or do things otherwise difficult - fine, use assembly and hit the hardware. But most of the time, software is made to be read, to be trouble free, to build on other's work, and to be written easily - that's when abstraction is valuable.

link