And the list has been idle since then: https://sourceforge.net/p/capros/mailman/capros-devel/
I wonder if something has happened to him? I hope he's okay.
This was easily one of my most memorable lectures from undergrad, and it really helped to show me that even your operating system is just more software that you can read and understand.
1. https://github.com/vsrinivas/coyotos/blob/c68719b851e253aa11...
For people who understand OO, capabilities are the simplest model in the world. You hand out objects. You can call methods on the object. What that method call has access to depends on the permissions on the object, not your permissions. Entire classes of security mistakes (most notably the "confused deputy" become impossible.
The only commercial success that was a true capability system was the AS/400. Not coincidently, single stand alone machines averaged 99.99%-99.999% uptime. And it never had a significant security compromise. (Individual systems did, of course, have problems due to weak passwords and poor configuration. But they were still remarkably resistant.
Capability systems work so well that when people wanted to improve security on Linux, they called it capabilities. Even though it wasn't.
Unfortunately, the world went with ACLs. That's baked in to the design of things like Windows and POSIX. Which means that all of the consumer software out there expects ACLs. In order to get them to run on a pure capability system, you have to do things like create a POSIX subsystem. At which point, you've just thrown away the whole reason to use capabilities in the first place.
It’s like sharing google doc link. You configure the link to be read only or read/write.
Now imagine you can create as many links as you want with all possible permission combinations. Then you have a capability based system
mikewarot•1h ago
kragen•59m ago
ratmice•39m ago
That's probably not true, for anything relying on drivers since user mode drivers are basically processes there... but in the way that people might think of a process.
kragen•22m ago
The problem has gotten a lot easier since the EROS days, thanks to Xen, QEMU, UEFI (?), and the explosion of cheap hardware, but it looks like maybe Charlie got sick or lost interest or something?
ratmice•5m ago
When he had resumed his work on it, I personally had been going through a back injury. I still feel bad that I didn't get a chance to contribute any of the hardware ports and software I wrote for it.
kragen•3m ago
spencerflem•37m ago
It’s capable of dynamic flows, adding and removing programs, has ports of Chromium and Virtual Box. The devs daily drive it :)
wmf•31m ago