Other information on factories

See (gnosisdoc,old-factory,) for specifications of obsolete factories.

{arcane}{nonref}See (p3,fact-design) for Design notes.

See (p3,sdc) for ways for builder's to collect service fees subject to information flow rate limits acceptable to an object user.

See (rev-fact) about manifestly revokable requestor keys.

Keys to factories

There are four keys to a factory: the builder's key, requestor's key, fetcher key and copy key. "Factory key" elsewhere in this manual means "requestor's key".

Builder's keys are given out by a factory creator. Requestor's keys and fetcher keys appear when a factory is completed {(comfac)}. Copy keys arise as component three of new factories.

FCC - The Factory Creator Creator

FCC(0;SB,METER==>c;FC)
If c = 0 then FC is to a new factory creator with a factory-brander different from the factory-brander of any other factory creator. FC has both recall rights.

If c = 1 then SB is invalid or unprompt

If c = 2 then SB has insufficient resources.

FCC(kt; ==> X'FCC')

Calls on Requestor's Key: If RF is a requestor's key to a {complete} factory F then:

Calls on the Fetcher Key -- If F is a fetcher key to a factory then:

F(n;=>0;Cn) returns component n of the factory as key Cn for 0 <= n <= 18.

For order codes kt and -1, F behaves as a requestor's key.

For order code 66, F behaves as a builder's key.

For order codes 96 thru 96+18 a fetcher key behaves as a builder's key.

{"copy factory"} E(0,((4,max hole count)); PSB,,SB ==>c;E2) creates a new nascent factory whose builder's key is E2. Its factory-brand, starting address, ordinal, requestor-type and .holes are the same as E's. Its .components are {initially} the same as E's except for .component 3 which will be a copy key to the new factory. PSB must be an official prompt space bank which will be used to provide a small fixed amount of storage. If no string is provided then "max hole count" is 300 {and SB isn't used or checked}.
c=0 and E2 is the builder's key to the new factory or

c=1 and PSB isn't a prompt bank or

c=2 and PSB is prompt but insufficient or

c=3 and (max hole count) > 300 and SB isn't a bank or

c=4 and (max hole count) > 500,000 or

c=6 and max hole count was too small to contain the .holes.

The copy key also obeys order codes 96 thru 96+18 as defined for the builder's key {(getmis)}.

E(kt;==>x'021e';)

An Ex Factory Design Problem

This is a problem with an older factory design.

The factory code is currently obeyed by a factory domain using a meter provided by the factory creator. This is an illegitimate hole. It falls outside any definition of "covert channel" that I would like. We could make factories run on a system meter and close that hole but then a problem arises with custom domain creators.

Who shall provide the meter for the domain creator? We cannot allow arbitrary code to run on a system meter. If the domain creator runs on the factory builder's meter then information flows to the builder, which cannot be allowed. The domain creator might run on the requestor's meter but this might make the factory un-prompt.

One way out of this dilemma is to add function to a domain creator that would startup the created domain having endowed it with a bank, meter and address segment provided somehow by the requestor of the domain creator. The factory would have finished as it called the domain creator and would thus be prompt.

Suppose that the factory creates a node from the requestor's bank, and puts keys into it as currently described at (fac-slots). The following keys would also be included.: .program, .keeper, .symbol-table. This node is passed to the domain creator and might become part of the domain.

A common page would be available that normal domains might obey to achieve the effect of the later stages of current factory design. Either the domain creator or the resulting domain would be at liberty to use or re-sell the node.

There is a problem above: the domain creator may now be unprompt! In cases of interest, where the requestor does not trust the builder, the domain creator will itself be a factory. By the time the custom code of the domain creator runs it will be running on the original requestor's meter.