[Oberon] Windows Kill vs Oberon Free (was: Oberon for a C++ user)

Sat Oct 8 02:11:46 CEST 2016

Chris:

> Clicking on System.Free on an arbitrary module in Oberon

Your point is well taken. Trying to unload an arbitrary module should not be rewarded with a system crash. The module should either unload gracefully, or refuse to unload if it is not safe to do. A system, which crashes after the user performs an allowed action, is not a well designed system. 

> is like opening Task Manager in Windows and killing an arbitrary process.

Again a well taken point. Windows is not a yardstick of security. 

> I would no more consider attempting to do that than I would:
> * attempt to unload a module in Oberon that I was not in the process of developing myself

Unloading any module which is not imported is a legal user action. A legal user action should not crash a well designed system. Whether or not the user knew the module is besides the point. If the user was allowed to perform some action, then this action should not crash the system.

> * try to shoot myself in the foot
> * try to saw through a branch that I was sitting on

OK, let me give you a realistic example. As you know, I keep designing boards. Let's assume that I ship you my board that can run Oberon. I include a +5V power supply in the shipment, and you quickly discover that it does not fit the wall outlet in Australia. (I am not sure what kind of outlets you use down there). No problem. You grab one of many power supplies from your desk. Most of them use the same 2.1 mm barrel plug these days, so you stick it into my board and "psst". The power regulators blow up because they are rated up to 6 Volts, and your power supply happened to deliver +12V.

Whom should you blame? Yourself of me? Technically speaking, the warranty is void if you used your own supply. So I owe you nothing. But this is wrong. I insist that it was my obligation to deliver you a robust board that can take this kind of abuse. There are many ways of securing the power input. It was my obligation not to cut the corners. If I shipped you a board that you can easily damage with a common mistake, the my product was not well designed.

In case you wonder, it did happen to me. I fried one of my own boards in exactly this way. Since then I provide the overvoltage protection on the power jack.

> However, in all of these cases I do not expect or want safeguards getting in
> my way just in case I have a real good reason to 'do something stupid'

It sounds like the C/Unix mantra "the user knows what s/he is doing, and if not, it is the user's fault". If we adopted this point of view then the topic of this thread should be "How to make Oberon resemble C++". I thought NW spent his career trying to prevent this from happening. 

Cheers,
W.