[Haskell-cafe] OS design & FP aesthetics

[Jaap Weel]

> Every capability system I've seen works like Unix file descriptors.  The
> kernel assigns capability numbers, and since the numbers are only valid
> in one process, and the only valid capability numbers are to
> capabilities your have, there is no danger caused by guessing.

You know, when I typed that, I knew I really ought to qualify it a
bit, because the word capability is used in several ways. You are, of
course, right to say that this is a common implementation of
capabilities in operating systems with multiple memory spaces, but it
does not work in a single memory space design without language
security where user processes can access the kernel tables.

        /jaap