why isolated components

Chris Pressey cpressey@REDACTED
Fri Aug 22 19:05:15 CEST 2003 

On Fri, 22 Aug 2003 14:41:02 +0200 (CEST)
Joe Armstrong <joe@REDACTED> wrote:

> [...]
>   Normally we use  OS processes for precisely this  reason - processes
> provide "protection domains"  and the isolate the effects  on an error
> to the process where the error occurred.
> 
>   At least that's the  idea - no OS that I know  of has this property,
> and  some OSs  are better  than others.   Windows 98  for  example has
> appalling protection between processes  - doing something silly in one
> process can easily crash the  entire machine. The Linuxes are not much
> better - one process can essentially  do a denial of survive attack on
> other processes in the system, by thrashing the disk or something.
> [...]
>   Erlang tries to achieve this, it does somewhat better than mosts OSs
> but  still one  process could  attack  another process  by sending  it
> zillions of  messages. Erlang was  designed to protect  processes from
> accidental errors not malicious attack.

Um... Joe, are you implying that it's *possible* to construct a system
that is impervious to DoS/flooding?  Or are you just carping?

>   Memory protection  is *unnecessary*  in a language  without pointers
> and decent  garbage collector  (like Erlang, lisp,  prolog, smalltalk,
> ...)  but essential for C, C++.

And guess what almost all of those pointerless languages are written in!
At any rate, this is certainly a different analysis than the point of
view where it "doesn't matter" what language some component is written
in.

Basically I guess my point is this - coming out in favour of isolating
processes on this mailing list, is preaching to the converted.  Most
Erlang programmers really do understand the benefits.  So if you're
asking us what we think, yes of course it's a good idea - and I'm sure
as we need wrappers, we do construct them, on an ad-hoc basis.  On the
other hand if you're asking for help in your Crusade to Wrapperize the
Entire Planet, it would help immensely if you could provide a clear
framework for it *first*.  So if you're *really* convinced this is the
way to go, how about writing a paper on it?  I think that would have
more persuasive power in the long run than some mailing-list ramblings.

Just my $0.02 worth of mailing-list ramblings,
-Chris

More information about the erlang-questions mailing list