[Cryptography] Threatwatch: CIN - Corruptor-Injector Network

[Sean Lynch]

On Mon, Aug 10, 2015 at 6:33 PM Bill Frantz <frantz at pwpconsult.com>
wrote:[snip]

> I think it is too late for capability model OSs. The change in
> thinking needed to program in the KeyKOS, CapRos, Coyotos, etc.
> model is too far from the way people put applications together
> with Apache, shell scripts etc. and the Unix file system and
> security models.
>
> Never mind the the capability model is almost exactly the object
> model without globally available objects, a model that most
> programmers have used. That's how you write a program, not
> integrate a system.
>

It seems to me that your second paragraph contradicts your first. In my
experience, there are plenty of programmers who don't know or care much
about the systems-level stuff anyway; they get devops people to handle it
for them. We get shell scripts, etc, *because* we don't have a system that
extends the object model down to the system level.

By and large the operating system is going away as a consideration for
deploying apps. If I want to deploy something, I write a Dockerfile and run
a couple commands to build the docker image and deploy it to the cloud.
There's no Apache config because the web server is built in to the
application. And there are no shell scripts because Docker handles starting
the application for me. Any changes to the OS would be handled by changes
to the base Docker image I depend on.

If anything, I think switching to an object-capability model at the OS
level would eliminate an impedance mismatch and make it easier for
developers to deploy code.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150814/947ea682/attachment.html>