Top 10 hits for composing monads on.. 1. Building Interpreters by Composing Monads - Steele ( ... 2. Composing monads - Mark, Duponcheel, December (ResearchIndex) 3. Citation details: Building interpreters by composing monads - ... 4. Building Interpreters by Transforming Stratified Monads - ... 5. Composing Monads 6. Composing monads 7. From Inheritance to Feature Interaction or Composing Monads 8. Monads and Arrows: Theory and Applications 9. Monads and Arrows: Theory and Applications 10. David Espinosa  5/30/02; 11:25:37 PM.

currently subscribed to:

Patrick Beard (rss)

A Frog in the Valley. Communication + Technologies (rss)

Aaron Swartz: The Weblog (rss)

Advogato (rss)

All Things Distributed (rss)

bOing bOing (rss)

Dave Winer: Radio UserLand (rss)

David McCusker (rss)

Digital Identity (rss)

Doc Searls Weblog (rss)

Eclectic (rss)

Flutterby! (rss)

freshmeat.net (rss)

From the Desktop of Dane Carlson (rss)

Hack the Planet (rss)

Inspirational Technology (rss)

iRights (rss)

Joel on Software (rss)

John Robb's Radio Weblog (rss)

Jon's Radio (rss)

Lambda the Ultimate (rss)

Living Code (rss)

mac.scripting.com (rss)

osOpinion (rss)

Patrick Logan's Radio Weblog (rss)

Privacy Digest (rss)

Robot Wisdom (rss)

Roland Tanglao's Weblog (rss)

saladwithsteve (rss)

Scobleizer (rss)

Scripting News (rss)

Sjoerd Visscher's weblog - w3future.com (rss)

TidBITS (rss)

Tomalak's Realm (rss)

Transhumanism (rss)

WebTransmission (rss)

Wired News (rss)

Workbench (rss)

xmlhack (rss)

YACCS Comments for It's Like Déjà Vu All Over Again (rss)

Here's how this works.

Sunday, March 10, 2002

Running untrusted code. Olegs recommended this newsgroup posting, which lucidly explains the issues of running untrusted code. I agree that this has a great deal to do with programming languages. Indeed, we mentioned some of the theory concerned in the past (e.g., PCC). [Lambda the Ultimate] A sandbox is a good idea. But do problems occur when the system has not been designed for sandboxes from the bottom up? I should be able to take some code and run it in a VM that is completely trusted. Full CPU, full filesystem, full reflection, etc. Then I should be able to take that same code and run it in a more restricted VM: the "CPU" is governed, the filesystem is restricted or even in-memory for read/write, reflection cannot access or change sensitive information. Are there problems with sandboxes in general, or with retrofitted implementations? Applying a sandbox to some code is just another kind of lambda. I haven't read about this yet, but will get to it. [Patrick Logan's Radio Weblog] Ah, Patrick, so you're about to discover Capability Security. Excellent. The short answer to the question "can I run untrusted code" is "yes," and the surprising thing is that this answer has been known for around 30 years! Your intuition that you're going to need "sandboxing" to be pervasive is correct. There are some other qualifications as well, such as the need for an abstract store with unforgeable references, lexical scoping, and first-class functions. If you want this security to work in a distributed fashion, you need some interesting crypto protocols on the wire. The best place to learn about this at the language level is at the E project. The best place to learn about it at the OS level is at the EROS project. The bottom line is that in an era when every new e-mail trojan horse/virus/worm is worse than the one before, we desperately need people to take this material seriously, learn it, understand it, and implement it. Otherwise people will demand that we revert the Internet to a balkanized set of barely-connected islands to avoid these attacks. Finally, it's important to note that Capability Security is the only way to perform certain important functions, such as implementing Smart Contracts, across trust boundaries on the Internet. 10:20:05 AM

© Copyright 2002 Paul Snively. Last update: 5/30/02; 11:28:45 PM. Comments by: YACCS