Thursday, January 19, 2006

Reading about Capabilities

I'm always on the lookout for cogent, concise and persuasive explainations of Capabilities... and I found another one today:

Most of today's computer platforms operate under a fundamental assumption that has proven utterly false: that if a user executes a program, the user completely trusts the program. This assumption has been made by just about every operating system since Unix and is made by all popular operating systems used today. This one assumption is arguably responsible for the majority of end-user security problems. It is the reason malware -- adware, spyware, and viruses -- are even possible to write, and it is the reason even big-name software like certain web browsers are so hard to keep secure. We need to stop making this assumption.

I use google to find things, along with Wikipedia, Technorati, Slashdot, and others. I like seeing how people found me, so I often scan my referral logs as provided by Sitemeter, which is how I found this one. One of you was reading about Evlan before coming here... so thanks for the pointer!

Evlan is a project which aims to take on security in steps, by allowing secure programs now, and a planned OS in the future. There seem to be a lot of nice ideas going into this particular pot, and I don't see any bad ones at this time. I wish them well.

Evlan is a functional programming system, which implies quite a few things, one of which is that there aren't allowed to be any side effects of a computation. This means that a function CAN'T do things to other parts of the program. This restriction alone means that quite a few of the normal things that go wrong in other languages get prohibited. It also means that you don't have to run a function as soon as it's declared... which takes some time to grok (and I haven't fully)... but seems to be a VERY powerful feature in terms of optimization.

Well... thanks again for your time.
--Mike--

No comments: