[cap-talk] Selling capabilities programming
Sandro Magi
smagi at higherlogics.com
Fri Jul 20 10:38:23 EDT 2007
James A. Donald wrote:
> Secure systems typically come under attack at the weakest link - the
> user (who is usually also the system administrator). If it was not for
> those dang end users, it would be easy to make a 100% secure system. :-)
Understandable, but it could be easily argued that users are *not* the
weakest link *yet*. Viruses and worms propagate on their own quite
easily without user intervention.
> You don't present a language to end users. You present a language to
> developers, who may develop, or fail to develop, a system that will be
> presented to end users and used by end users. The trouble with any
> capabilities language is that we are *not* going to rewrite the world's
> software into that language, thus capabilities languages cannot address
> the present crisis.
To be honest, I used to buy that argument, but I don't find it that
persuasive anymore. The more expressive and the safer your language, the
more easily you can rewrite existing software. MarkM demonstrated this
with his implementation of the Doughnut Lab. OCaml, Ruby and Python have
been growing in popularity and supplanting existing software in C, C++
and Java.
Granted it takes time, and there are definitely uses for interim
solutions such as Plash in the meantime which can embed the existing
software into a safer environment.
> Writing multithreaded, multiprocessor software is a hard problem, and we
> need a language to make it considerably easier. Writing secure software
> is an easy problem.
It's easy once you understand what makes software insecure. Explaining
and fully understanding those problems are the hard part IMO.
Sandro
More information about the cap-talk
mailing list