[cap-talk] Need a citation for "Fearless Distributed Programming"

[Marc Stiegler]

So, I'm putting together a tech report with a new approach to
explaining why some of our stuff (in particular the waterken server)
is good. There's a section on sequentiality hazards, to make the point
that sequentiality isn't perfect either, to set up the case that
concurrent systems can eliminate some hazards.

In the section below, I reference the security breach in FireFox from
some years ago that was based on a script's ability to get added to
the notification list on a page change, and it would throw an
exception and prevent the security system from getting notified (since
the security system was at the tail of the notification queue for
security reasons :-)

I have no clue how to find a reference to this breach/bug. Does anyone
happen to know a good citation for it?

--marcs

The standard sequential observer pattern gives an example of
interesting risk in sequentiality[Lee06]. In this example, a group of
listeners are being notified that the observed value has changed:

public void setValue(Object newValue) {
    myValue = newValue;
    for (int i = 0; i < myListeners.length; i++) {
        myListeners[i].valueChanged(newValue);
    }
}

In this ordinary example, there is an inappropriate sequential
dependency among the listeners. The risk becomes evident when one
considers what happens if one of the listeners throws an exception –
the loop notifying the listeners is immediately exited, and listeners
later in the list are not notified. This is not a common failure, but
it can have severe consequences – a critical security breach of
Firefox exploited exactly this weakness[???].