Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Crockford's Legacy: It's time for E! (Score 3, Interesting) 300

Okay, so this might be a bit of a ramble. Hi, I'm one of the developers of Monte https://monte.rtfd.org/, a new programming language based on E. E http://erights.org/ is a language from the 90s. Crockford worked on E. E's TermL mini-language became JSON. Another person who worked on E was Mark Miller. Miller's thesis project was formalizing and describing systems built with E. Crockford and Miller both are part of the committees that steer JS.

Now, to bring it all together: Object capability security is a security discipline based on the principle of least authority and perfect encapsulation. It allows us to build secure distributed computations with pretty good security properties; wf-stringe can prove that certain data cannot be exfiltrated, that certain I/O cannot happen, and that certain computations are arbitrarily safe to evaluate. It's not perfect, but it's a massive improvement on the state of things.

E and Monte, as well as a few other languages like Caja, Pony, and Waterken, are object-capability languages. Just like languages without manual memory management cannot misbehave in certain ways, these languages also promise that they cannot fail in certain desirable security-related ways.

Crockford, Miller, and others have been deliberately steering JS towards more capability-safe constructions. The object model has been tightened up, and tools like weakmaps, promises, and "template strings" (we call them quasiliterals in the literature) have been added. However, JS is still defined by its weak points, and those points are weak indeed.

Obviously, my bias is towards Monte. It's my preferred language and I want it to be popular. But, more importantly, I want the ideas that went into Monte to be popular. So, in that spirit, I'm going to give you a short list of questions. I want you to think, "How can I do that in my favorite language? Why would I want it?" Monte is meant to be the next Blub http://wiki.c2.com/?BlubParadox, the next language that is mediocre but built on a good foundation, and part of that is trying to see how Monte answers questions like:

  • The encapsulation problem: How do I produce an object which perfectly encapsulates a value; i.e. the object refers to a value but referring to the object is not sufficient to gain reference to the value?
  • The concurrency problem: How do I run two interacting plans of code at once?
  • The privacy problem: How do I prove, (in)formally, that a value cannot be exfiltrated from my program except through designated channels?
  • The confused deputy problem: What ambient authority is assigned to a "deputy", a program which can be fooled into misusing that authority?

...I've gotta stop writing blog posts on not-my-blog.

Comment Monte beat PHP by a year! (Score 2) 204

My beloved Monte https://monte.rtfd.org/ beat PHP to this by a wide stretch. While it's true that PHP is a big established language, that doesn't mean that they get to claim sudden leaps in innovation which didn't happen. I've tweeted at the author of the blog post https://twitter.com/corbinsimpson/status/834175224736157696 with timestamped commits from the Monte codebase.

Comment Object-Capability Security would have helped (Score 2) 44

Y'know, Ethereum's VM and their contract language, Solidity, are not especially great for this kind of verified contract work. It would have been great to see lessons learned from the E programming language and the object-capability security model in this whole misadventure. But no, they just took "smart contracts" and tried to interpret that in isolation without any of the literature that comes with it. Disappointing.

Comment I am completely unsurprised. (Score 3, Interesting) 118

I spent four damn years trying to have a dialog with Mojang and Bukkit about how to write good code and have a community that wants good code. The MC community literally does not want anybody participating if they have any sense of QA or planning for the future.

Remember, these are people that wrote their own cryptographic transport *three times* and called it good after nobody could post an exploit for it within a week. MC is not even willing to use standard things like TLS.

Comment Re:Linus Torvalds is his own worst enemy (Score 1) 786

Haha, you actually think that just going into the Control Panel is sufficient to get the resolution set on a Windows installation? Oh no. No no no, no, that's not all, my friend.

So, let's take as an example my TV. I have a computer attached via HDMI to the TV. It picks a 4:3 resolution and the entire picture is shrunken; it doesn't fill the entire screen. Annoying.

You go into Control Panel. Or perhaps you're a "power user" and you decide to directly right-click the Desktop and get at the Resolution settings. Either one. You scroll through the list of modes. There are three dozen. You try them all individually. None of them correctly fill the entire screen without letterboxing, and all of them look somewhat shrunken still.

You pull out the TV's manual, sighing. Flipping through the pages, you finally find the one that lists the rather arcane timing numbers for the TV. Sure enough, the widescreen mode that this particular TV would like is not listed. You go back to your Control Panel, and decide that it's time to go into the driver-specific settings, promising yourself a cold one later.

Scrolling through the entire driver's settings panels, you eventually find information on over/underscan. For some unknown reason, the system has decided that your TV needs its scan adjusted by 8%. Setting it back to 0% unshrinks the display. Excellent. However, the mode is still wrong.

You continue to hunt through the driver's configuration, finding two spots where resolution can be chosen from a dropdown but no way to enter in manual timings. Rolling your eyes, you go through each of the three dozen possible configurations again, manually noting how close each one comes to filling the display and how badly the fonts are misrendered. Finally you come to one that nearly works, and resign yourself to having a slight letterbox on the top and bottom of your screen.

Meanwhile, that Linux laptop you have correctly finds the resolution on the first try, without any configuration needed. Your Linux workstation has the same problems as the Windows machine, but with a couple minutes of xrandr and Google, you've found a way to turn those arcane timing numbers in the TV's manual into a mode, and saved a shell script to do it for you should the need arise.

tl;dr: How do you change your screen resolution for Linux with Xorg? You don't need to, usually! If you do, xrandr. That's all.

Comment Re:Calm before the hyperbole (Score 1) 566

Well, dairy farmers still use BGH, and this was over 12 years ago and most milk drinkers are not dead...

What a horrible misrepresentation of the truth. Many large retailers refuse to sell milk from dairies where bST is used. For example, here in Oregon, Tillamook products have no bST. Neither does any milk sold at Safeway or Wal-Mart, two of the biggest grocery chains in the area, and many other grocers like Albertson's, Fred Meyer, Market of Choice, and so forth promote and market bST-free milk. I don't actually know where I would go if I wanted to obtain milk from a bST-using dairy.

This stuff's banned in the rest of the modernized world. Banned in the EU, banned in Canada... Over half of all milk sold in the USA is bST-free, too.

While you might be technically accurate on the rest of your post (which I highly doubt but don't feel like getting into), you are straight-up wrong on BGH/bST.

Comment Re:What is Mesa? (Score 2) 80

MesaGL is an implementation of the GL API that can use any of several backends to do its actual work, including a couple software renderers and also hardware renderers for many Intel, AMD/ATI, and nVidia chipsets. Your distribution probably splits each renderer into its own package for historical reasons.

Comment Re:More important (Score 1) 148

The nuclear power plant in-show represents Weyerhaeuser ( https://en.wikipedia.org/wiki/Weyerhaeuser ), a large paper company for whom just about everybody worked in the 80s. Either you worked for them, your spouse worked for them, or your parent worked for them. This was the big industry in the Eugene/Springfield area when Groening was young. I imagine he went with a nuclear power plant instead because of the comedic opportunities.

Slashdot Top Deals

Your computer account is overdrawn. Please see Big Brother.

Working...