Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×

Comment Crockford's Legacy: It's time for E! (Score 3, Interesting) 300

Okay, so this might be a bit of a ramble. Hi, I'm one of the developers of Monte https://monte.rtfd.org/, a new programming language based on E. E http://erights.org/ is a language from the 90s. Crockford worked on E. E's TermL mini-language became JSON. Another person who worked on E was Mark Miller. Miller's thesis project was formalizing and describing systems built with E. Crockford and Miller both are part of the committees that steer JS.

Now, to bring it all together: Object capability security is a security discipline based on the principle of least authority and perfect encapsulation. It allows us to build secure distributed computations with pretty good security properties; wf-stringe can prove that certain data cannot be exfiltrated, that certain I/O cannot happen, and that certain computations are arbitrarily safe to evaluate. It's not perfect, but it's a massive improvement on the state of things.

E and Monte, as well as a few other languages like Caja, Pony, and Waterken, are object-capability languages. Just like languages without manual memory management cannot misbehave in certain ways, these languages also promise that they cannot fail in certain desirable security-related ways.

Crockford, Miller, and others have been deliberately steering JS towards more capability-safe constructions. The object model has been tightened up, and tools like weakmaps, promises, and "template strings" (we call them quasiliterals in the literature) have been added. However, JS is still defined by its weak points, and those points are weak indeed.

Obviously, my bias is towards Monte. It's my preferred language and I want it to be popular. But, more importantly, I want the ideas that went into Monte to be popular. So, in that spirit, I'm going to give you a short list of questions. I want you to think, "How can I do that in my favorite language? Why would I want it?" Monte is meant to be the next Blub http://wiki.c2.com/?BlubParadox, the next language that is mediocre but built on a good foundation, and part of that is trying to see how Monte answers questions like:

  • The encapsulation problem: How do I produce an object which perfectly encapsulates a value; i.e. the object refers to a value but referring to the object is not sufficient to gain reference to the value?
  • The concurrency problem: How do I run two interacting plans of code at once?
  • The privacy problem: How do I prove, (in)formally, that a value cannot be exfiltrated from my program except through designated channels?
  • The confused deputy problem: What ambient authority is assigned to a "deputy", a program which can be fooled into misusing that authority?

...I've gotta stop writing blog posts on not-my-blog.

Comment Monte beat PHP by a year! (Score 2) 204

My beloved Monte https://monte.rtfd.org/ beat PHP to this by a wide stretch. While it's true that PHP is a big established language, that doesn't mean that they get to claim sudden leaps in innovation which didn't happen. I've tweeted at the author of the blog post https://twitter.com/corbinsimpson/status/834175224736157696 with timestamped commits from the Monte codebase.

Submission + - Malibu Media stay lifted, motion to quash denied

NewYorkCountryLawyer writes: In the federal court for the Eastern District of New York, where all Malibu Media cases have been stayed for the past year, the Court has lifted the stay and denied the motion to quash in the lead case, thus permitting all 84 cases to move forward. In his 28-page decision (PDF), Magistrate Judge Steven I. Locke accepted the representations of Malibu's expert, one Michael Patzer from a company called Excipio, that in detecting BitTorrent infringement he relies on "direct detection" rather than "indirect detection", and that it is "not possible" for there to be misidentification.

Comment Re:Actually 3rd point was agreement with trial jud (Score 1) 23

Actually whoever the new guy is, I don't find the site to be "improved" at all; seems a little crummy. The story was butchered and incorrectly interpreted, and the all important software for interaction seems less interactive.

But what do I know?

As to my absence I've been a bit overwhelmed by work stuff, sorry about that, it's no excuse :)

Comment Object-Capability Security would have helped (Score 2) 44

Y'know, Ethereum's VM and their contract language, Solidity, are not especially great for this kind of verified contract work. It would have been great to see lessons learned from the E programming language and the object-capability security model in this whole misadventure. But no, they just took "smart contracts" and tried to interpret that in isolation without any of the literature that comes with it. Disappointing.

Comment Actually 3rd point was agreement with trial judge (Score 4, Informative) 23

The story as published implies that the ruling overruled the lower court on the 3 issues. In fact, it was agreeing with the trial court on the third issue -- that the sporadic instances of Vimeo employees making light of copyright law did not amount to adopting a "policy of willful blindness".

Submission + - Appeals court slams record companies on DMCA in Vimeo case

NewYorkCountryLawyer writes: In the long-simmering appeal in Capitol Records v. Vimeo, the US Court of Appeals for the 2nd Circuit upheld Vimeo's positions on many points regarding the Digital Millenium Copyright Act. In its 55 page decision (PDF) the Court ruled that (a) the Copyright Office was dead wrong in concluding that pre-1972 sound recordings aren't covered by the DMCA, (b) the judge was wrong to think that Vimeo employees' merely viewing infringing videos was sufficient evidence of "red flag knowledge", and (c) a few sporadic instances of employees being cavalier about copyright law did not amount to a "policy of willful blindness" on the part of the company. The Court seemed to take particular pleasure in eviscerating the Copyright Office's rationales. Amicus curiae briefs in support of Vimeo had been submitted by a host of companies and organizations including the Electronic Frontier Foundation, the Computer & Communications Industry Association, Public Knowledge, Google, Yahoo!, Facebook, Microsoft, Pinterest, Tumblr, and Twitter.

Comment Re:Righthaven (Score 1) 67

What is right wing about filing a lawsuit to unmask a doe, suing that person, then settling for a much smaller amount. It seems this is used by many different trolls, and likely doesn't have any political ideology behind it. It is sleazy though. Filing a lawsuit with the intention of settling just to get a payout is wrong. It is short circuiting the justice system for personal profit.

Yeah that's neither right nor left, it's the universal language of greedy bloodsuckers.

Comment Re:Righthaven (Score 3, Interesting) 67

What is right wing about that process? The Democrats support the movie industry, not the Republicans.

The fact that Democrats support something doesn't negate the possibility of something being right wing. The Democrats are not ideologically pure, or ideologically homogenous, and very few of them can be considered "left".

To me, pretending that copyright is only about property rights, and ignoring the fact that copyright was also supposed to be about free speech and about making material available for free to the public after a limited time, is definitely "right wing".

Slashdot Top Deals

If you think the system is working, ask someone who's waiting for a prompt.