[cap-talk] Security and languages talk

[zooko]

On May 3, 2008, at 8:29 PM, Ivan Krstić wrote:

> * If this was your first brush with the relevant topics, what could
>    I say that would really pique your interest?

One interpretation of the resurgence of capability theory in the last  
decade is this:

For a long time, capability theorists tried to persuade security  
theorists:  "Hey, you guys really messed up, made some basic factual  
errors about capabilities in the 70's, and then you all built careers  
out of inventing alternatives to capabilities which alternatives, it  
turns out, aren't necessary.".

For some reason, this didn't go over very well, e.g. [1].  (I love  
the bit about the flaming sword.  That sounds like Ross Anderson's  
voice.)

Sometime in the early 21st century the capability theorists started  
telling programming language researchers: "You guys have developed  
these wonderful theories of how to build and manage abstractions and  
guess what?  Your ideas can solve security problems as well as  
solving the problems that you started out with.".  This was a much  
more popular pitch.  Security had already become important to  
programming language theorists by then because of the Web (i.e. the  
Mass-Market Internet).

So if I were a programming language expert who had not yet thought  
deeply about security, my interest would be aroused by the notion  
that good security can be implemented as an elegant extension or re- 
use of my favorite meta-abstractions.  This would come as a pleasant  
surprise, since I would have previously conceived of security as an  
aesthetic horror -- scarring and crippling my beautiful language, or  
else imprisoning it in a tiny cage -- to make sure that it isn't  
powerful enough to be dangerous.

Regards,

Zooko

[1] http://www.eros-os.org/pipermail/cap-talk/2003-March/001133.html