This paper by Neal Walfield describes ‘the Hurd’ more clearly than I have seen before. The author has read the capability literature and writes from that perspective. The paper describes a system built on capabilities much like Keykos. See my notes on Mach (too).

I am skeptical about early introduction of “support for identity-based access control” as it seems unlikely that one can recover later (at higher levels) from the insecurities it introduces.

In the critique at the end (section 3) he reveals that each application holds the capability to the ‘user’s’ entire file hierarchy. He concludes that this is unacceptable and compares with Polaris and Plash.

His references at the end are well chosen.

Section 2.2 explains how Hurd plans to restart as the system lacks persistence. I do not understand this yet.


Hurd Status, Hurd Lore,
Reference Manual This actually sounds like a programming manual which I had not seen before.
A Critique of the GNU Hurd Multi-Server Operating System

A map between Hurd and Keykos

HurdKeykos
TaskDomain
Differences
HurdKeykos
Messages are addressed to portsMessages are addressed to domains.
Kernel queues messagesMessages do not persist in kernel. They are delivered in the same instant they are created.
data passed by reference to immutable memory. data passed by copy; limited in size.