[E-Lang] MintMaker with ACLs

Tyler Close tclose@oilspace.com
Thu, 1 Feb 2001 19:40:48 -0000


Hal wrote:
> That's all that Tyler wrote which I didn't include.  There
> was an example
> of doing delegation which I didn't think was necessary; one
> paragraph
> which mentions code size but also talks about subjective
> feelings toward
> security; and another paragraph alluding to the delegation example.
>
> Tyler says that these are some of the more important points
> he wanted
> to make.  I did not realize that in responding to his
> article and so I
> am sorry that I neglected to include them.
>

...

> I don't know the right solution
> in general,
> but for future conversations in this forum I will be careful not to
> eliminate any text unless I am fully in agreement with it.

It is not necessary to do this on my account. In the context that I
made the comment, I was thinking about the deleted point about code
size. I was a little perturbed that I was responding yet again to this
minor point about storage, when the point had just been an add-on to a
more important point. This wasn't very clear.

I understand now why you skipped the code size point, though I
disagree. I think discussion of how programmers will be inclined to
view, and use, their tools is highly relevant. When discussing
software security with non-security minded programmers, I often get
the argument that the security is not important, and too much work. I
think they think this because of the ACL model of software security
and the duplication that it imposes.

In your counter-argument:
> I do agree that much of the functionality here is devoted to dealing
> with security.  But that is because the non-security functionality
> is so trivial, just incrementing and decrementing balances.

Yes, I agree, but this is not as clear cut in the case of your
getBalance() method. I can very easily imagine getting grief from some
programmers here.

I also found it a bit strange the way the entire delegation/Confused
Deputy point disappeared without a trace, though I now understand why.
You might have explained how you thought your solution evaded the
problem. Note that it does not, and that this point is still open.

I've found your email contributions to be among the most valuable in
this discussion. I certainly don't want to say anything to discourage
your participation on this list.

Tyler