On Friday 12 August 2011 21:23:23 BGB wrote: > newer Linux distros also seem to do similar to Windows, by default > running everything under a default user account, but requiring > authorization to elevate the rights of applications (to root), although > albeit with considerably more retyping of passwords...
Just thought I'd point out that, although Linux and Windows both seem to prompt the user in the same way, there's a distinction in *why* the user is prompted. With Windows the prompt is "Do you really want to do this?", with Linux the prompt is "Prove that you are userX" (with sudo at least; some distros still prefer su, in which case it's "Prove that you are root"). Also, from working on Web sites with a lot of user generated content, I thought I'd point out that the permission-checking approach of BGB ends up full of guards: either "if (has_permission(...))", and an equal number of "else" blocks to recover in case of failure; or "throw PermissionDeniedException(...)" and an equivalent number of "catch" blocks (or a smaller number of catches *if* the cleanup is straightforward, but this smells of GOTO). Either way, there's a lot of code paths to worry about, and rolling back in the case of failure. Worlds would be useful here (except for I/O) and the "if (has_permission(...))" pattern could be represented by the Maybe monad (where "foo(Nothing) = Nothing") . The object capability model wouldn't require as many checks, as the calls are always made, even if they're to dummy objects. This is similar to the Maybe monad in that "foo(Nothing) = Nothing" and "dummy.foo() {return}". Cheers, Chris _______________________________________________ fonc mailing list fonc@vpri.org http://vpri.org/mailman/listinfo/fonc