9 Nov 03:32
Invitation to connect on LinkedIn
| |||||||||||||||||||||||||||||||||||||||||
_______________________________________________ e-lang mailing list e-lang@... http://www.eros-os.org/mailman/listinfo/e-lang
3 Nov 20:31
Lecture series on Web security by Mark Miller (Google)
Hi,
Last month, Mark Miller gave a series of talks at my university (University of Brussels, Belgium) on web security. The videos of the talks have now been made fully available on Youtube. I thought this may be of interest to some on this list. Abstracts follow:
Talk 1/2: Secure Distributed Programming with Object-capabilities in JavaScript
Until now, browser-based security has been hell. The object-capability (ocap) model provides a simple and expressive alternative. Google's Caja project uses the latest JavaScript standard, EcmaScript 5, to support fine-grained safe mobile code, solving the secure mashup problem. Dr. SES -- Distributed Resilient Secure EcmaScript -- extends the ocap model cryptographically over the network, enabling RESTful composition of mutually suspicious web services. We show how to apply the expressiveness of object programming to the expression of security patterns, solving security problems normally thought to be difficult with simple elegant programs.
Video: <http://www.youtube.com/watch?v=w9hHHvhZ_HY>
Talk 2/2: Bringing Object-orientation to Security Programming
Just as we should not expect our base programming language to provide all the data types we need, so we should not expect our security foundation to provide all the abstractions we need to express security policy. The answer to both is the same: We need foundations that provide simple abstraction mechanisms, which we use to build an open ended set of abstractions, which we then use to express policy. We show how to use EcmaScript 5 to enforce the security latent in object-oriented abstraction mechanisms: encapsulation, message-passing, polymorphism, and interposition. With these secured, we show how to build abstractions for confinement, rights amplification, transitive wrapping and revocation, and smart contracts.
Slides: <http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf>
Talk 2/2: Bringing Object-orientation to Security Programming
Just as we should not expect our base programming language to provide all the data types we need, so we should not expect our security foundation to provide all the abstractions we need to express security policy. The answer to both is the same: We need foundations that provide simple abstraction mechanisms, which we use to build an open ended set of abstractions, which we then use to express policy. We show how to use EcmaScript 5 to enforce the security latent in object-oriented abstraction mechanisms: encapsulation, message-passing, polymorphism, and interposition. With these secured, we show how to build abstractions for confinement, rights amplification, transitive wrapping and revocation, and smart contracts.
Slides: <http://soft.vub.ac.be/events/mobicrant_talks/talk2_OO_security.pdf>
Kind regards,
Tom Van Cutsem
_______________________________________________ e-lang mailing list e-lang@... http://www.eros-os.org/mailman/listinfo/e-lang
31 Oct 21:16
wiki.erights.org Downtime and IP address change
Hello Folks, Our office is moving, so as part of the move, the MediaWiki server wiki.erights.org will be offline for 1 to 2 days later this week. The current plan is to shut down everything Thursday at noon, CDT. The new IP address is planned to be 50.77.162.161, but this won't take effect until Friday at the earliest. I'll send out a reminder and more details as they develop. As usual, please discuss any issues by sending an email to this list. Now would be a good time to grab a copy of the current backup file... just in case. James
21 Oct 16:43
for-must-match
Continuing with our experimental syntax changes to improve the reliability of E, here's a patch that adds a "for-must-match" feature. http://gitorious.org/~tal-itinnov/repo-roscidus/it-innovation/commit/3ad4f5c3072447647c617fdb56738bf929cb8a1a (see also: http://wiki.erights.org/wiki/Surprise_list) Normally in E, this silently skips the third item: for a:int in [1, 2, "hi"] { println(a) } Now, it throws an exception: pragma.enable("for-must-match") for a:int in [1, 2, "hi"] { println(a) } To make a loop that skips non-matching items as before, use the "match" keyword. e.g. pragma.enable("for-must-match") for match a:int in [1, 2, "hi"] { println(a) } In our code-base of > 20,000 lines of E, I only found two places making use of the old behaviour (or at least, all the tests passed after I updated those two. In contrast, there have been many occasions where the old behaviour caused problems. Most commonly, someone is looping over some tuples: for [foo, bar] in tuples { ... } and someone changes the format to add an extra field. Since this doesn't cause any errors, it's hard to detect that anything is wrong. -- -- Dr Thomas Leonard IT Innovation Centre Gamma House, Enterprise Road, Southampton SO16 7NS, UK tel: +44 23 8059 8866 mailto:tal@... http://www.it-innovation.soton.ac.uk/
20 Oct 14:12
easy-when-binds-return
People often try to use return inside when blocks. Currently, this just
produces confusing "Ejector must be enabled" errors.
How about requiring the use of "return" to return a value from a when block?
There are a few places where this would be useful:
- Often you will move a whole block in to or out of a when() block. It's
useful if you don't have to change all return lines when you do this.
- People sometimes don't notice that the value of the last expression is
used, and put something after it.
e.g. they change
return when (foo) -> {
foo.invoke()
}
to
return when (foo) -> {
foo.invoke()
traceln("here")
}
and then wonder why they're getting null pointer exceptions elsewhere.
- You can accidentally return a value, when all you intended was to tell
the caller when you were done.
Patch to add #pragma.enable("easy-when-binds-return"):
http://gitorious.org/~tal-itinnov/repo-roscidus/it-innovation/commit/c10e7bc99bbfbabbbb28ea714e19855fbca8c389
--
--
Dr Thomas Leonard
IT Innovation Centre
Gamma House, Enterprise Road,
Southampton SO16 7NS, UK
tel: +44 23 8059 8866
mailto:tal@...
http://www.it-innovation.soton.ac.uk/
6 Oct 12:35
Interfaces / data types in E
We've got quite a few methods that take or return maps. e.g.
to purchase(customerDetails :Map[String,any]) {
... customerDetails["name"] ...
...
if (problem) {
notify(customerDetails["email"])
}
...
}
The problem is that it's not obvious from the method signature what keys
need to be present. Often someone fails to include a mapping, and the
system only fails later in some case where it needed that value.
What I think I'd like to do is something like:
def CustomerDetails := makeNamedTuple([
"name" => String,
"email" => String,
])
...
to purchase(customerDetails :CustomerDetails]) {
... customerDetails["name"] ...
}
So that:
- if the caller fails to provide "name" and "email" then it fails the guard
- if I try to access a field I didn't define (e.g. "fax") then I get an
error, whether or not the client provided it, so I'm forced to keep the
interface up-to-date
Ideally it should handle fields being added later (e.g. if two parties
are running different versions of the software it should ignore fields
it doesn't understand).
Any ideas on the best way to do this? Maps? TermTrees?
Some of the other systems using this are written in Java, so ideally it
should be easy to use from there too.
--
--
Dr Thomas Leonard
IT Innovation Centre
Gamma House, Enterprise Road,
Southampton SO16 7NS, UK
tel: +44 23 8059 8866
mailto:tal@...
http://www.it-innovation.soton.ac.uk/
29 Sep 10:22
Patch to the lexer to accept "1e+1"
JSON allows "1e+1" as well as "1e1": http://www.json.org/ However, E's JSON parser rejects it: ? def surgeon := <elib:serial.deJSONKit>.makeSurgeon() ? surgeon.unserialize("1e+1") # value: 10.0 new syntax error: Missing exponent # 1e+1 # ^^ This patch fixes it: http://gitorious.org/~tal-itinnov/repo-roscidus/it-innovation/commit/a2bf52beff24defc63bd8fe5cf1f8cfe85547c23 Note: a side-effect is that it also allows this syntax in regular E code. I assume that's not a problem? -- -- Dr Thomas Leonard IT Innovation Centre Gamma House, Enterprise Road, Southampton SO16 7NS, UK tel: +44 23 8059 8866 mailto:tal@... http://www.it-innovation.soton.ac.uk/
27 Sep 11:25
Remove the binary distributions?
There's quite a lot of complexity (and slowness) in the E build for producing platform-specific releases (e.g. E-win32-x86-0.9.3a.zip). Is anybody using these? The build process seems to be: - src/bin/* contains various SWT binaries (presumably out-of-date by now; last update was Feb 2008) - just the binaries for the building platform get copied to dist/bin/$osdir - dist gets copied to export/dist - export/dist gets copied to export/puredist - export/puredist/bin/$osdir is deleted How would people feel about having a single E release (just puredist), without any jars? This means that people writing SWT applications would be responsible for distributing swt.jar with their application somehow (e.g. using a Maven pom.xml, a 0install feed, or bundling a copy). However, you already have to do that anyway if: - You're producing non-Windows releases - You're producing 64-bit Windows releases - You're producing 32-bit Windows releases using an up-to-date SWT - You want to use other libraries We could make the rune "run" command depend on SWT in the 0install feed so that the SWT example scripts continue to work without extra effort (for people using 0install). That would avoid making every E program depend on SWT (e.g. headless servers). People not using 0install or a distribution package manager would need to install SWT for their platform manually. -- -- Dr Thomas Leonard IT Innovation Centre Gamma House, Enterprise Road, Southampton SO16 7NS, UK tel: +44 23 8059 8866 mailto:tal@... http://www.it-innovation.soton.ac.uk/
21 Sep 15:37
Patch for review: show updoc errors immediately
One problem I frequently hit with updoc is that it doesn't report errors until the script finishes. But, often, the error prevents the script from finishing. Then you have to bisect the script manually until you see the error. As a simple test case, consider: ? def a ? bind a = 3 ? interp.waitAtTop(a) ? a # value: 3 This script (which contains a syntax error on the second line), will silently hang: $ rune demo.updoc updoc: started /tmp/demo.updoc:.. [ hangs ] With this patch, it reports the error: $ rune demo.updoc updoc: started /tmp/demo.updoc:... at: <file:/tmp/demo.updoc#:span::3:4::3:13> expr: bind a = 3 missing original syntax error new syntax error: use ':=' for assignment, or '==' for equality Another side-effect of this is that if the abortEarly flag is set by a test case, the tests do actually abort. Patch: http://gitorious.org/~tal-itinnov/repo-roscidus/it-innovation/commit/dca612f2a472451881c00ea02e290a398a92b22e -- -- Dr Thomas Leonard IT Innovation Centre Gamma House, Enterprise Road, Southampton SO16 7NS, UK tel: +44 23 8059 8866 mailto:tal@... http://www.it-innovation.soton.ac.uk/
19 Sep 11:24
Patch for review: don't report errors twice
Simple patch to fix E error reporting: http://gitorious.org/~tal-itinnov/repo-roscidus/it-innovation/commit/c9a58031350e65d0b721f9b865dba821327703ba Without the patch exceptions get reported twice: $ cat test.e foo $ rune test.e # problem: Failed: Undefined variable: foo # # @ </home/tal/tmp/test.e#:span::1:0::1:2> # - EExpr#evalToPair(Scope) # . e`foo`.evalToPair(<a Scope>) # @ evalToPair/1: <jar:file:/opt/src/e/dist/e.jar!/org/erights/e/elang/cmd/cmdMakerMaker.emaker#:span::128:57::128:66> # problem: Failed: Undefined variable: foo # # @ </home/tal/tmp/test.e#:span::1:0::1:2> # - EExpr#evalToPair(Scope) # . e`foo`.evalToPair(<a Scope>) # @ evalToPair/1: <jar:file:/opt/src/e/dist/e.jar!/org/erights/e/elang/cmd/cmdMakerMaker.emaker#:span::128:57::128:66> # - static Ref#fulfillment(Object) # . <makeRef>.fulfillment(<ref broken by problem: Failed: Undefined variable: foo>) # @ fulfillment/1 -- -- Dr Thomas Leonard IT Innovation Centre Gamma House, Enterprise Road, Southampton SO16 7NS, UK tel: +44 23 8059 8866 mailto:tal@... http://www.it-innovation.soton.ac.uk/
26 Aug 16:48
Anybody read Ukrainian?
A volunteer recently translated the "what is a capability, anyway?" essay into Ukrainian. I'm looking for someone to check the translation. Know anyone who might be able to do this?
_______________________________________________ e-lang mailing list e-lang@... http://www.eros-os.org/mailman/listinfo/e-lang
RSS Feed