Re: Hygiene for a computing pandemic: separation of VCs and ocaps/zcaps

I want one or more agents that are as self-sovereign to me as any identity
/ persona they represent. Hosting these agents in a confidential computing
service like Intel SGX is worse than hosting them in my physical possession
but a reality today. Hosting my agent as a app platform like DigitalOcean
seems like table stakes these days. I’m hoping the app platform hides both
the OS and the file system as well as the sysadmin role.

Adrian

On Sun, Dec 6, 2020 at 9:26 AM Christopher Lemmer Webber <
cwebber@dustycloud.org> wrote:

> +1, well said.
>
> Mark S. Miller writes:
>
> > We want a VM / kernel to be a neutral simple predictable framework of
> > rules, facilitation the ability of diverse, separately interested players
> > to cooperate while protecting themselves from each other’s misbehavior.
> >
> > All discretionary judgement should be by diverse players of the system,
> > none of which are privileged by the system.
> >
> > The rule of law-like systems.
> >
> >
> > On Sat, Dec 5, 2020 at 6:38 PM Christopher Lemmer Webber <
> > cwebber@dustycloud.org> wrote:
> >
> >> Christopher Lemmer Webber writes:
> >>
> >> > But let's think about why the moving-forward-in-time VM execution is
> >> > separated from the allegations-of-information retrospective that is
> >> > "claims" and "credentials".  And it comes down to this phrase:
> >> >
> >> > Your VM is dumb.
> >>
> >> This might be misread as an insult against whatever virtual machine you
> >> think I think you're implementing or using.  It isn't; it's actually
> >> kind of arguing that we embrace this as a feature; the virtual machine
> >> doesn't know about and doesn't care about making
> >> identity-judgement-reasoning calls as it runs.  But things that do can
> >> *hook into* the system, as entry and exit points.
> >>
> >> Hope that's clearer.
> >>
>
>

Received on Sunday, 6 December 2020 16:48:09 UTC