[E-Lang] Security Breach: Nominee for the Stock Exchange Prize

[Tyler Close]

At 03:39 PM 4/18/01 -0700, Marc Stiegler wrote:
>(though it sounds like one ramification is that a bidder
>cannot burn his capability to his agentMaker onto a cd-rom and consider his
>access backed up--every time he makes a bid, his "backup" is a freshly
>minted capability. If he uses the capability he snagged off yesterday's
>backup tape, he is out of timeline and in a world of hurt for which I still
>need to write application-specific recovery software. Is this correct?).

Yes, this would be a problem. I guess the solution would be to immediately 
fork references that are "pasted" into the Vat, before using them. That 
way, the original copy of the cap sitting on the cd-rom would still be good.

There are also some other problems with the "paste a cap" style recovery. 
Allowing the unconfirmed cap to mark that cap as smashed is too much 
authority. The authority to terminate a message timeline would have to be 
passed through the archash. This recover URI would have to include the cap 
and the archash of the last message for all timelines that you wish to 
terminate. Embedding this information into a single URI seems feasible for 
one or two timelines, but not more. So you could get the definitive status 
of your last "bid" message, but not recover a large set of transactions.

How exactly the "paste" operation is done also seems like an important 
detail. If it happens over a high bandwidth channel, then just moving the 
whole Vat state to the new machine seems like the better solution. My 
handheld can't get through to the Market Vat, so I want to try my desktop. 
Do I copy a URI over to my desktop, or do I hot sync my handheld to my 
desktop and carry on from there?

Tyler