I think this can make a lot of sense, because there are many situations, in particular in embedded systems, where you can and should confine at a much smaller scale than jails are really convenient for.

It will also be interesting to see if "Cells" can make inroads in the territory the original ACL abandoned, because writing the rules was so complex that it amount to parallel meta-anti-software development.

Hat tip to Matthias from here.

I am a well known FOSS developer.

At one point code I had written protected half the passwords on the entire Internet, and today around a quarter of all HTTP(S) traffic on the internet goes through software I have written ("Varnish").

That, and the fata morgana of retirement shimmering on my horizon, makes it my considered opinion that FOSS is the gift EU does not deserve, and runs a great risk of destroying on first contact.

However, closed source as we know it, is not compatible with an open, free and fair society, so I am more than aboard with the EU's long overdue recognition of FOSS as the way forward and out of the grubby, greedy claws of "Big Tech" and their endless enshitification of our lives.

The kind of FOSS software relevant to this discussion is usually rock steady and dependable in ways much commercial closed software, precisely because of the secrecy, can never be or become.

But the human communities which produces the FOSS software are fragile, fractious, and as a general rule, composed of people who may be great programmers, but who have absolutely no experience, and no interest, in fostering and stewarding stable human communities.

This is literally why there are who knows how many, different "distributions" of the Linux operating system, "window managers", "web-site frameworks" and programming languages.

Therefore the absolutely most important thing for EU to understand about FOSS, is that it probably is as close to the "ideal market", in the sense of economic theories, as anything will ever come: It literally costs nothing to become a competitor.

But that also means that if the EU member countries were to pick, no matter how fair and competently, a set of FOSS software to standardize on, and pour money into the people behind it, to provide the necessary resources to support and sustain the need for IT systems, for all the administrations in the EU countries, that software would instantly stop being FOSS - no matter what words the license might contain, because it would no longer be part of the market.

In other words: EU cannot "switch to FOSS", it would no longer be FOSS if EU did.

At the most fundamental level, the EU has three options:

1. Pick and bless a set of winners, consisting of:

a) Operating system, portable to any reasonable computer architecture. b) Text-processing, suitable for tasks up to a book. c) Spreadsheet d) Email client. e) Web Browser f) Accounting software, suitable for small organizations.

and fund organizations to maintain, develop and support the software for the future as open source, turning that software into infrastructure like water, power and electricity, free for all, individuals, startups and established companies alike, to use and benefit from.

2. Continuously develop/pick, bless and meticulously enforce open standards of interoperability, and then "let the competition loose".

3. Both. By providing a free baseline and de-facto reference implementations for the open standards, "the market" will be free to innovate, improve and compete, but cannot (re)create walled gardens.

To everybody, me included, option two seems the ideologically "pure" choice, because we have all been brought to believe that "governments should not pick winners".

But governments have always picked winners. Today all of EU has 230VAC electrical grids, because EU picked that as a winner, thereby leveling the market to everybody's benefit.

Therefore I will argue, that the wise choice for EU is option three.

First, it will be incredibly cheap, as in just tens of millions of Euro per year, to provide all EU citizens with a free and trustworthy software platform to run on their computers.

Second, it can be done incredibly fast: From EU makes the decision, the first version can be release in a matter of months, if not weeks.

Third, it will guarantee interoperability of data.

Sincerely,

Poul-Henning Kamp

That's not to say that iAPX432 would have succeeded under better management, but only to say that you cannot point to some random part of the design and say "That obviously does not work"

Ideas can be good, but fail because they are premature, relative to the technological means we have to implement them. (Electrical vehicles will probably be the future text-book example of this.)

The interesting detail in the R1000's memory model, is that it combines segmentation with pages, removing the need for segments to be contiguous in physical memory, which gets rid of the fragmentation issue, which was a huge issue for the archtectures you mention.

But there obviously always will be a tension between how much info you stick into whatever goes for a "pointer" and how big it becomes (ie: "Fat pointers") but I think we can safely say that CHERI has documented that fat pointers is well worth their cost, and how we are just discussing what's in them.

(Intel is objectively the most lucky semiconductor company, in particular if one considers how utterly incompetent their own "green-field" designs have been.

Think for a moment how luck a company has to be, to have the major competitor they have tried to kill with all means available, legal and illegal, save your company, when you bet the entire farm on Itanic ?)

This is one of those things, where 99.999% of all IT people have never even heard or imagined that things can be different than "how we have always done it." (Obligatory Douglas Adams quote goes here.)

This makes a certain kind of people, self-secure in their own knowledge, burst out words like "clueless", "fail miserably" etc. based on insufficient depth of actual knowledge. To them I can only say: Study harder, this is so much more technologically interesting, than you can imagine.

And yes, neither the iAPX432, nor for that matter Z8000, fared well with their segmented memory models, but it is important to remember that they primarily failed for entirely different reasons, mostly out of touch top-management, so we cannot, and should not, conclude from that, that all such memory models cannot possibly work.

There are several interesting memory models, which never really got a fair chance, because they came too early to benefit from VLSI technology, and it would be stupid to ignore a good idea, just because it was untimely. (Obligatory "Mother of all demos" reference goes here.)

CHERI is one such memory model, and probably the one we will end up with, at least in critical applications: Stick with the linear physical memory, but cabin the pointers.

In many applications, that can allow you to disable all the Virtual Memory hardware entirely. (I think the "CHERIot" project does this ?)

The R1000 model is different, but as far as I can tell equally valid, but it suffers from a much harder "getting from A to B" problem than CHERI does, yet I can see several kinds of applications where it would totally scream around any other memory model.

But if people have never even heard about it, or think that just because computers look a certain way today, every other idea we tried must be definition have been worse, nobody will ever do the back-of-the-napkin math, to see if would make sense to try it out (again).

I'm sure there are also other memory concepts, even I have not heard about. (Yes, I've worked with IBM S/38)

But what we have right now, huge flat memory spaces, physical and virtual, with a horribly expensive translation mechanism between them, and no pointer safety, is literally the worst of all imaginable memory models, for the kind of computing we do, and the kind of security challenges we face.

There are other similar "we have always done it that way" mental blocks we need to reexamine, and I will answer one tiny question below, by giving an example:

Imagine you sit somewhere in a corner of a HUGE project, like a major commercial operating system with al the bells and whistles, the integrated air-traffic control system for a continent or the software for a state-of-the-art military gadget.

You maintain this library, which exports this function, which has a parameter which defaults to three.

For sound and sane reasons, you need to change the default to four now.

The compiler wont notice.

The linker wont notice.

People will need to know.

Who do you call ?

In the "Rational Environment" on the R1000 computer, you change 3 to 4 and, when you attempt to save your change, the semantic IDE refuses, informing you that it would change the semantics of the following three modules, which call your function without specifying that parameter explicitly - even if you do not have read permission to the source code of those modules.

The Rational Environment did that 40 years ago, can your IDE do that for you today ?

Some developers get a bit upset about that when we demo that in Datamuseum.dk :-)

The difference is that all modern IDEs regard each individual source file as "ground truth", but has nothing even remotely like an overview, or conceptual understanding, of the entire software project.

Yeah, sure, it knows what include files/declaration/exports things depend on, and which source files to link into which modules/packages/libraries, but it does not know what any of it actually means.

And sure, grep(1) is wonderful, but it only tells you what source code you need to read - provided you have the permission to do so.

In the Rational Environment ground truth is the parse tree, and what can best be described as a "preliminary symbol resolution", which is why it knows exactly which lines of code, in the entire project, call your function, with or without what parameters.

Not all ideas are good.

Not all good ideas are lucky.

Not all forgotten ideas should be ignored.

Bandwidth is the only limit...

Your right to encrypted communication, if there is such a thing, ends well before it is used to stage a coup or plan a bank robbery.

It's really very simple: NO human rights are absolute.

ChatControl is a proposed new law, in compliance with the EU Treaty.

... Unless the EU courts find the law unconstitutionally broad.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

We had a number of cases in Denmark over the recent years which pushes this agenda:

In addition to the obvious child abuse, there have been a case where video of a high-school girls private sexual activities where spread wildly on asocial media, fake-porn of various public figures and several cases of organized crime using various end-to-end encrypted services.

None of the Danish politicians I have communicated with like the ChatControl proposal very much, but there is nothing else on the table, which isn't much worse in terms of privacy invasion, so their only choice is ChatControl or doing nothing.

My personal opinion:

No human right is absolute, not even the right to life itself.

The demands of upholding the civilized society limit all human rights, and this limitation has always included intrusions of privacy in order to solve crimes.

I far prefer Dan Geer's proposal (See his black-hat keynote):

Companies on the Internet get to choose one of these two business models:

A) Common-carrier. Handles all content as opaque data, makes no decisions about what users see. No responsibility for the legality of the content. (= how telephone companies and postal carriers are regulated)

B) Information provider: 100% responsible for all content, no matter where they got it from. (= how newspapers are regulated)

The current "the algorithm did it" excuse for making illegal material go viral, to maximize profits, is incompatible with a civilized society.

I've asked the politicians whey they do not do that and the answers is "We do not want to piss off USA", in recent months that concern seems to be fading.

The machine actually has both an ALU as we know it, called the "VAL" board, but it also has a second unit, which runs in parallel on the "TYP" board, which does checks and operations on the data types of the data on the VAL board.

That means that the compiler can just emit a "ADD" instruction, and leave it to the microcode to figure out if it is adding two floating point numbers, two integers or a floating-point plus an integer and if the numeric type has a range, the result will be checked to fit inside that range.

So the comparison to the Itanic is not helpful. Itanic was a pretty standard CPU which forced a lot of constraints and complexity into the compiler.

The R1000 does the opposite: The compiler gets to emit code which operates on the types as the Ada language defines and knows them, and the hardware+microcode translates that into action.

Grady Booch donated some internal documents to us, and they contain a couple of references to "Incredibly Complex Instruction Set Computer" and they're not half wrong about that.

But if I were the pilot in an F-22 or the Space Shuttle, I probably would want it to be even more rigid :-)

It's important to keep in mind the context of this machine and the software it was used to develop.

On an Apple M2 CPU it runs around the same speed as the real hardware now.

(The first version based on the unaltered hardware schematics ran 4000 times slower than real hardware, it's been quite a journey :-)

It is a truly astonishing software development environment which with a a single key-press can answer questions like "what other code is affected if I change the default value of a parameter to this function". (Think about that one for a second!)

It processes 64bit data and 64 bit type information about that data in parallel, in hardware.

It is also object oriented in hardware, there is no linear address space or VM-tree,

Three left in the world, plus one mostly empty chassis.

My Covid19 project was writing a software emulation of it, starting from 400 pages of schematics, because the instruction set is not documented.

And yes, I'm way behind on documenting it, because I also have a life :-)