On Friday 12 August 2011 21:23:23 BGB wrote:
> newer Linux distros also seem to do similar to Windows, by default
> running everything under a default user account, but requiring
> authorization to elevate the rights of applications (to root), although
> albeit with considerably more retyping of passwords...
Just thought I'd point out that, although Linux and Windows both seem to
prompt the user in the same way, there's a distinction in *why* the user is
prompted. With Windows the prompt is "Do you really want to do this?", with
Linux the prompt is "Prove that you are userX" (with sudo at least; some
distros still prefer su, in which case it's "Prove that you are root").
Also, from working on Web sites with a lot of user generated content, I
thought I'd point out that the permission-checking approach of BGB ends up
full of guards: either "if (has_permission(...))", and an equal number of
"else" blocks to recover in case of failure; or "throw
PermissionDeniedException(...)" and an equivalent number of "catch" blocks (or
a smaller number of catches *if* the cleanup is straightforward, but this
smells of GOTO).
Either way, there's a lot of code paths to worry about, and rolling back in
the case of failure. Worlds would be useful here (except for I/O) and the "if
(has_permission(...))" pattern could be represented by the Maybe monad (where
"foo(Nothing) = Nothing") .
The object capability model wouldn't require as many checks, as the calls are
always made, even if they're to dummy objects. This is similar to the Maybe
monad in that "foo(Nothing) = Nothing" and "dummy.foo() {return}".
Cheers,
Chris
_______________________________________________
fonc mailing list
fonc@vpri.org
http://vpri.org/mailman/listinfo/fonc
