{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_bundle","feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","contains":"body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest","slug":"thinker-jack-dennis","urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle?format=markdown"},"how_to_use":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/thinker-jack-dennis/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/topology"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"ingest","name":"Ingest protocol","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","urls":{"write":"https://miscsubjects.com/api/protocol/ingest"}},{"id":"claim_post","name":"Claim post protocol","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"llm_manifest","name":"LLM manifest","what":"Machine-readable read/write contract for external LLMs.","urls":{"read":"https://miscsubjects.com/api/articles/llm-manifest"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","why":"Every feature is auditable collective intelligence","how":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle?format=markdown"},"imessage":null,"router":null,"related":[{"id":"topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."},{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"ingest","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node."},{"id":"claim_post","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by."},{"id":"llm_manifest","what":"Machine-readable read/write contract for external LLMs."}],"not_medical_advice":true},"bundle_version":1,"generated_at":"2026-07-15T06:05:08.157Z","slug":"thinker-jack-dennis","title":"Jack Dennis — The Forgotten Origin of Capabilities","url":"https://miscsubjects.com/a/thinker-jack-dennis","register":"standard","tags":["oip","kimi-import","self-explaining","voxel","thinkers","thinker-jack-dennis"],"posted_at":"2026-07-15T04:20:36.793Z","updated_at":"2026-07-15T04:20:36.793Z","body":"<!-- hierarchy:nav -->\n> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Thinkers](https://miscsubjects.com/a/oip-thinkers) › **Jack Dennis — The Forgotten Origin of Capabilities**\n>\n> **Shelf:** Thinkers · **Traversal:** self-explaining · hierarchical · voxel-ready\n> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)\n\n# Jack Dennis — The Forgotten Origin of Capabilities\n\n## §SELF — thinker-jack-dennis\n\n**What this page is:** A profile of Jack Dennis and his 1966 invention of capability-based addressing, the foundation of all capability security systems.\n**What it explains:** How Dennis's hardware memory protection model became the basis for modern software security architectures.\n**Why read it:** To understand where capability security came from and why separating access authority from program identity matters.\n\n### What Jack Dennis Is\n\nJack Dennis is a professor emeritus at the Massachusetts Institute of Technology (MIT — a university in Cambridge, Massachusetts, USA). He is a computer scientist who invented capability-based addressing in 1966. A \"capability\" (in computer security) is a token that grants permission to access a specific resource. The token itself carries the authority — whoever holds the token can use the resource.\n\n### Why It Matters\n\nBefore Dennis's work, computer security systems asked: \"Who are you?\" and then decided what you could access based on your identity. Dennis changed the question to: \"What do you hold?\" — meaning, what capability tokens do you possess? This separation of authority from identity became the foundation of capability security. Modern systems derived from Dennis's idea include: KeyKOS (a secure operating system built by Norm Hardy in the 1970s–80s), the E programming language (by Mark Miller, 1997), and seL4 (a formally verified operating system kernel, 2009). These systems are used in high-security environments because capability-based access control reduces the attack surface — there are fewer ways for an attacker to gain unauthorized access when permissions are tied to possession of specific tokens rather than to broad identity categories.\n\n### The Key Idea\n\nDennis's key idea, published in the 1966 paper \"Segmentation and the Design of Multi-Programmed Computer Systems,\" was: memory segments (contiguous regions of computer memory) should carry permission bits indicating whether the holder can read, write, or execute that segment. A program can only access a segment if it holds a capability — a hardware-protected reference to that segment. The hardware enforces this: if a program tries to access memory without holding the corresponding capability, the hardware blocks the access. This is different from identity-based systems where the operating system checks a user's credentials against an access control list.\n\nDennis co-authored with Earl Van Horn the 1965 paper \"Programming Semantics for Multiprogrammed Computations,\" which provided the theoretical foundation for this model by defining formal semantics (precise mathematical rules) for how concurrent programs interact with shared resources.\n\n### What He Got Right\n\n- **Separating access authority from program identity.** In Dennis's model, a program's ability to access a resource depends only on whether it holds the capability for that resource — not on who created the program or what user account it runs under. This means capabilities can be transferred between programs freely without changing any central authority database.\n- **Hardware enforcement.** Dennis designed the protection mechanism to be enforced by the computer's hardware (specifically, the memory management unit), not by software checks. Hardware enforcement cannot be bypassed by software bugs or malicious code.\n- **Fine-grained permissions.** Each capability carries specific permissions (read, write, execute) for a specific memory segment. This is more precise than broad categories like \"administrator\" or \"user.\"\n\n### What He Got Wrong or Left Unfinished\n\n- **Hardware capability machines were never mass-produced.** Dennis's design required specialized hardware that was not built commercially. General-purpose computers used simpler memory protection schemes. Without the hardware, capability-based security remained a theoretical concept for decades.\n- **Software implementations were necessary but came later.** Because the hardware was not adopted, researchers had to implement capability semantics in software. Norm Hardy's KeyKOS (built at Key Logic in the 1980s) was the first practical pure-capability operating system. Mark Miller's E language (1997) brought capabilities to distributed programming. These implementations proved the model works but required decades of additional engineering.\n- **No solution for capability revocation.** Dennis's original model did not specify how to take back a capability once granted. If Program A gives Program B a capability to access a file, how can A later revoke that access? This problem was solved in later systems (KeyKOS used a mechanism called \"segment keys\" that could be invalidated), but Dennis's original paper did not address it.\n\n### How It Connects to Other Ideas\n\n- **Access control lists (ACLs).** ACLs are the alternative to capabilities. In an ACL system, each resource has a list of who can access it. In a capability system, each subject has a list of what it can access. The two models are mathematically equivalent in expressive power but differ in practical properties: capabilities are easier to delegate (you hand over the token), while ACLs are easier to audit (you check one list to see who has access). Dennis's work established the capability side of this fundamental divide.\n- **Object-capability security (ocap).** Modern secure programming languages like E and Caja use \"object capabilities\" — the same principle as Dennis's memory capabilities, but applied to software objects rather than hardware memory segments. An object can only call methods on another object if it holds a reference (capability) to it. This is a direct conceptual descendant of Dennis's 1966 design.\n- **OIP capability tokens.** The Open Integrity Protocol (OIP) uses capability tokens as a web-native expression of Dennis's idea. In OIP, possession of a token grants access to a resource, and the token's permissions are scoped (limited in what they allow). This is the same structure as Dennis's hardware capabilities — a protected reference with embedded permissions — implemented as cryptographic tokens on the web instead of hardware memory references.\n\n### Sources\n\n- Dennis, J. B. (1966). \"Segmentation and the Design of Multi-Programmed Computer Systems.\" *Journal of the ACM*, 12(4), 589–602.\n- Dennis, J. B., & Van Horn, E. C. (1966). \"Programming Semantics for Multiprogrammed Computations.\" *Communications of the ACM*, 9(3), 143–155.\n\n---\n\n## Up the tree\n\n- [OIP root](https://miscsubjects.com/a/oip) — protocol root, zero-context entry\n- [Thinker Reference hub](https://miscsubjects.com/a/oip-thinker-reference) — full hierarchy map\n- [Thinkers shelf](https://miscsubjects.com/a/oip-thinkers) — siblings on this shelf\n- [Voxel graph article](https://miscsubjects.com/a/what-is-voxel-graph) — how pages link as voxels\n- [Self-describing protocol](https://miscsubjects.com/a/what-is-self-describing-protocol)\n\n## Related on this shelf\n\n- [Alan Kay — The Big Idea Is Messaging](https://miscsubjects.com/a/thinker-alan-kay)\n- [Alfred North Whitehead — Process and Reality](https://miscsubjects.com/a/thinker-alfred-north-whitehead)\n- [J.L. Austin and John Searle — Speech Acts](https://miscsubjects.com/a/thinker-austin-searle)\n- [Barbara Liskov — Abstract Data Types and Distributed Consensus](https://miscsubjects.com/a/thinker-barbara-liskov)\n- [Bram Cohen — BitTorrent and Content-Addressed Protocol Design](https://miscsubjects.com/a/thinker-bram-cohen)\n- [Butler Lampson — Protection and Access Control](https://miscsubjects.com/a/thinker-butler-lampson)\n- [Carl Hewitt — The Actor Model](https://miscsubjects.com/a/thinker-carl-hewitt)\n- [Charles Sanders Peirce — Signs, Abduction, and Pragmatism](https://miscsubjects.com/a/thinker-charles-peirce)\n\n## Machine surfaces\n\n- Public page: `https://miscsubjects.com/a/thinker-jack-dennis`\n- JSON article: `https://miscsubjects.com/api/articles/thinker-jack-dennis`\n- OIP ask: `https://miscsubjects.com/api/dispatch?ask=Jack%20Dennis%20%E2%80%94%20The%20Forgotten%20Origin%20of%20Capabilities`\n","claims":[],"sources":[],"voxels":{"slug":"thinker-jack-dennis","counts":{"voxels":0,"sources":0,"edges":0},"note":"slim bundle — full voxels at /api/articles/thinker-jack-dennis/voxels"},"constitution":{"url":"https://miscsubjects.com/api/articles/constitution"},"provenance":[{"action":"write","model":"kimi-agent-import","ts":"2026-07-15T04:20:36.793Z","hash":"249e53442ba9d9e6","tokens_in":0,"tokens_out":0}],"contributions":[],"topology":null,"slim":true,"ledger_totals":{"claims":0,"sources":0,"exported_claims":0,"exported_sources":0},"question_graph":{"slug":"thinker-jack-dennis","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"verification":{"provenance":{"valid":true,"entries":1,"head":"249e53442ba9d9e644e0bfb7825cc29f7c212528e0ff822b81c2d9a5ed3a50f5"},"sources":{"valid":true,"entries":0,"head":"genesis"}},"counts":{"claims":0,"sources":0,"provenance":1,"contributions":0,"questions":0,"evidence_ingests":0,"voxel_edges":0},"transport":"Open every URL in this bundle with your browser or web / URL-fetch tool. Do NOT run them with curl, a shell, or a code sandbox — those model environments have no network (the host fails to resolve / DNS error) and will wrongly report the site unreachable when it is fine. Opening the link IS the call.","llm_manifest":{"version":"1","site":"https://miscsubjects.com","purpose":"Peptide evidence articles with hash-chained source ledgers, tiered claims, and a question graph. LLMs should READ bundles/URLs and WRITE back via ingest — never invent doses.","read":{"human_page":"https://miscsubjects.com/a/thinker-jack-dennis","bundle_json":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/thinker-jack-dennis/topology","question_graph":"https://miscsubjects.com/api/articles/thinker-jack-dennis/question-graph","sources":"https://miscsubjects.com/api/articles/thinker-jack-dennis/sources","provenance":"https://miscsubjects.com/api/articles/thinker-jack-dennis/provenance","contributions":"https://miscsubjects.com/api/articles/thinker-jack-dennis/contributions","graph_topology":"https://miscsubjects.com/api/articles/thinker-jack-dennis/graph-topology?question={question}","voxels":"https://miscsubjects.com/api/articles/thinker-jack-dennis/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","health":"https://miscsubjects.com/api/articles/thinker-jack-dennis/health","repair":"POST https://miscsubjects.com/api/protocol/repair","list_articles":"https://miscsubjects.com/api/articles","graph_canvas":"https://miscsubjects.com/graph.html?slugs=thinker-jack-dennis","graph_yield":"https://miscsubjects.com/api/graph?slugs=thinker-jack-dennis&layer=yield","obsidian_vault":"https://miscsubjects.com/api/articles/obsidian-vault?slugs=thinker-jack-dennis","graph_query":"https://miscsubjects.com/api/v1/query?from=thinker-jack-dennis&kind=claim&where=tier=human"},"ask":{"description":"Answer only from topology; creates a question_node with gaps.","api":"POST https://miscsubjects.com/api/protocol/ask","body":{"slug":"{slug}","question":"string"},"imessage":"thinker-jack-dennis|your question","router_tag":"[ARTICLE_ASK]thinker-jack-dennis|question[/ARTICLE_ASK]","auth":"x-terminal-key header for API; iMessage/WhatsApp via miscsubjects build"},"ingest":{"description":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","api":"POST https://miscsubjects.com/api/protocol/ingest","body":{"slug":"{slug}","evidence":"paste text","question_node_id":"optional qn_..."},"imessage":"ingest thinker-jack-dennis|q:{node_id}|paste evidence","router_tag":"[ARTICLE_INGEST]thinker-jack-dennis|evidence[/ARTICLE_INGEST]","tiers":["human","preclinical","anecdotal","mechanistic","speculative"]},"claim":{"description":"Prompt-injection style POST — one claim voxel with who_claims + posted_by provenance.","api":"POST https://miscsubjects.com/api/protocol/claim","body":{"slug":"{slug}","text":"one assertion","tier":"human|preclinical|anecdotal|mechanistic|speculative","who_claims":"study author, platform, or model id","source_ids":"optional [s1]"},"imessage":"claim thinker-jack-dennis|tier|assertion — who claims it?","router_tag":"[ARTICLE_CLAIM]thinker-jack-dennis|tier|assertion[/ARTICLE_CLAIM]","slots":["what_it_is","who_claims_what","what_is_known","what_is_unknown","mechanism","limitations","disclaimer"]},"tiers":{"human":0.8,"preclinical":0.5,"anecdotal":0.3,"mechanistic":0.3,"speculative":0.1},"invariants":["Self-explaining — every API JSON has _self; every paste widget has §SELF; root index at /api/articles/system-map","Append-only — revisions preserved at ?rev=n","Source chain verifies integrity, not truth","Answers must cite claim ids and source ids from topology","Not medical advice"],"constitution":{"version":1,"principle":"Articles are voxel graphs of claims — not prose blobs. Every assertion is a claim atom with tier, weight, source_ids, and posted_by provenance.","slots":[{"id":"what_it_is","required":true,"answers":"What is this peptide/stack/condition?"},{"id":"who_claims_what","required":true,"answers":"Who claims what — study authors, platforms, n=?"},{"id":"what_is_known","required":true,"answers":"What is known with tier labels (human/preclinical/anecdotal)"},{"id":"what_is_unknown","required":true,"answers":"What is NOT known — explicit gaps"},{"id":"mechanism","required":false,"answers":"Proposed mechanism (mechanistic tier only)"},{"id":"limitations","required":true,"answers":"Limits of evidence — no dose advice"},{"id":"disclaimer","required":true,"answers":"Not medical advice"}],"claim_rules":["One claim = one falsifiable assertion. No compound claims.","Every claim must declare tier: human|preclinical|anecdotal|mechanistic|speculative|system.","system tier = architecture/design axioms (not biological mechanism). Use for protocol self-definition.","Sourced claims must cite source_ids from the hash-chained ledger.","Unsourced claims must set source_status: unsourced and why_material.","posted_by is mandatory on every new claim (model id, human, or channel).","No medical advice, no doses, no 'you should take'.","Bad information is retracted (status:retracted), never deleted — retraction event stays on ledger.","Adversary challenges link via challenges[] / challenged_by[] — target may be downweighted.","Leaked secrets are scrubbed to [REDACTED:secret-leak] with scrub_events tombstone — honest audit trail."],"source_rules":["Every source is a voxel edge: type, url, exact quote, summary, found_by, accessed_at.","Sources hash-chain — prev/hash on append.","Anecdotal sources must name platform (reddit|x|youtube|imessage|user_entry)."],"ontology_rules":["Peptide articles (bpc-157, tb-500) are tree roots.","Condition articles (bpc-157-glp1-gut-damage) branch from peptides.","Stack articles (wolverine-stack-glp1) compose peptides — never duplicate peptide mechanism prose.","If an article has no parent embeds and is not a root peptide → sprawl candidate.","Misstep = duplicate scope with another slug; merge or reparent via embeds."],"post_protocol":{"claim":"POST /api/protocol/claim","source":"POST /api/protocol/sources","ingest":"POST /api/protocol/ingest","webhook":"POST /api/articles/<slug>/webhook {kind:claim|source}","imessage_claim":"claim {slug}|{tier}|your assertion — who claims it, source?","imessage_ingest":"ingest {slug}|evidence paste"}},"this_article":{"slug":"thinker-jack-dennis","url":"https://miscsubjects.com/a/thinker-jack-dennis","bundle_url":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle?format=markdown"}},"api_urls":{"bundle":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/thinker-jack-dennis/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/thinker-jack-dennis/topology","voxels":"https://miscsubjects.com/api/articles/thinker-jack-dennis/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","question_graph":"https://miscsubjects.com/api/articles/thinker-jack-dennis/question-graph","ask":"https://miscsubjects.com/api/protocol/ask","ingest":"https://miscsubjects.com/api/protocol/ingest","claim":"https://miscsubjects.com/api/protocol/claim","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown"}}