I answered that one.

And how does that solve the problem of whom to trust with mounting? Or with
configuring a network interface? If someone has access to, say, eth0 then
they have access to eth0. No amount of private namespaces keeps them from
reading everything that goes through eth0, including other users'
unencrypted traffic.

Plan 9's model says if you have physical access to a terminal there is no
way to secure _that_ terminal against your mischief. Therefore, it totally
trusts you _that_ terminal. However, your home computer doesn't run only a
terminal. To be usable, it has to run at least a cpu and an auth, in
addition to a term. Now, where is the difference between running
authentication on the same machine as the terminal and the traditional UNIX
way of keeping authentication/authorization databases on each machine? Or
from Kerberos' distributed authentication model?

On Wed, Aug 20, 2008 at 8:56 PM, Eris Discordia
gmail.com> wrote:

You don't care who mounts what where, because the rest of the system
doesn't notice the namespace change. But it sounds like what you're
really talking about is who to trust with device access, so lets roll
with that.

As Pietro demonstrated, no interface configuration is necessary here.

i don't think this is accurate.

You only need a cpu server if you want to let /multiple users/ run
processes on your machine. You only need an auth server if you
want to /authenticate/.

you don't need multiple machines to authenticate. (you can authenticate
to a fs running on the local machine. you can authenticate via imap
locally.) you don't need multiple users to need a cpu server. you need
a cpu server to run services such as smtp or cron.

- erik

On Thu, Aug 21, 2008 at 2:58 AM, erik quanstrom coraid.com> wrote: