[cap-talk] "Immutable Law" #1 is alive and well at Microsoft

David Hopwood david.hopwood at industrial-designers.co.uk
Sun Oct 7 07:40:20 EDT 2007 

Jed Donnelley wrote:
> At 12:59 PM 10/5/2007, Mark Miller wrote:
>> On 10/5/07, Jed Donnelley <capability at webstart.com> wrote:
>> > I disagree.  It isn't a fine point for the few world class security
>> > experts that we need to pound home.  We need to communicate (inform,
>> > sell) to the computer hoi polloi.  Even at a conference like the
>> > Usenix Security conference I would say the majority had not
>> > heard/conceived of systems like CapDesk or Plash or Polaris where
>> > applications can run under POLA.
>>
>> You're missing my point. How many of 'em haven't heard of Javascript
>> in browsers?
> 
> All I would say.  However, as ?!ng and DavidH suggested (hope I'm
> not speaking out of turn for others), they don't consider
> Javascript running browsers 'real' programs.

I didn't say that. I consider anything written in a Turing-complete
language [*] to be a "program", and I think this is well-established
terminology.

I also think that whether Javascript programs are "real" applications
is basically beside the point -- since the so-called "Immutable Law #1"
doesn't qualify what programs it applies to. Besides, Microsoft people
presumably don't actually believe that an operating system cannot in
principle enforce local security boundaries. As I said, they just don't
care to express what they do believe with sufficient accuracy.

IOW, I basically agree with MarkM's position on this issue.


[*] At least; there may also be a case for including texts in
    languages that are not strictly Turing complete, but have many
    of the same characteristics, such as standard SQL (such languages
    are often implemented with Turing-complete extensions, anyway).
    I wouldn't consider a text in a pure data description language,
    such as HTML without scripts, to be a program.

    Note that a program can only be considered as such in the context
    of some language, e.g. a string that is not a program when
    considered as JSON, may be one when considered as Javascript.

-- 
David Hopwood <david.hopwood at industrial-designers.co.uk>

More information about the cap-talk mailing list