[E-Lang] Other languages with secure capabilities

[Marc Stiegler]

> I just think all these groups should be interacting more than they appear
to
> be doing.

Markm can correct anything I write here, but in an effort to keep him
focused on com, I will reply:

Markm had an extensive series of discussions with the Oz/Mozart people a
while back, which is why they are so well informed about E, and I believe
this is a reason their approach looks so much like E's, because they were
just starting to think about distributed security when markm informed them
about how to do it. Markm is (at least was a while ago) comparably informed
about Oz/Mozart. One of the big differences between E and Mozart is E's
marketing orientation, which leads to decisions such as using a C/C++
syntax. Mozart is, as nearly as I can tell, an academic language for
academics (at least one of the guys working on it expressed an attitude that
lines up with this assessment pretty exactly, others on the project may have
grander hopes, though there was no indication of it in the decisions they
were making).

The simplification configurations with trusted nodes and untrusted networks
is an interesting twist, but I do not find it compelling for E at this time.
In the course of my E development, I have come to be a tremendous believer
in POLA, even for parts of the system that could nominally all be declared
TCB. POLA is not just a good security idea, it is a good modular software
development idea. The only place in E where I currently violate POLA fairly
regularly and flagrantly is in building emaker library packages for parts of
the TCB, wherein I will pass in all of swing rather than passing the six
different swing classes needed by the package. Markm and I have discussed
improvements to E that would strongly reduce the need for this exception as
well, but I try very hard not to let him think about these things till the
comm system is done :-)

--marcs