Slashdot Mirror

It's getting very close to the time when I want to refuse all calls and email unless the other party has a token indicating that I have given permission.

What you describe is very similar to the capability security model. Check out EROS and E programming language for more info.

I used to know a bunch of fanatical libertarian theorists. the people behind Xanadu (a pre-WWW pay-per-view network), and this sounds like something they would come up with.

Some of the people from that group are working on the E programming language now if you're interested. Could be used in a similar application as Xanadu.

F# looks cool, I've been meaning to learn O'Caml for awhile. But I really want to see E#.

For the purposes of mind expansion you could do much worse :-) than lurking on the EROS and E language mailing lists. Decentralization is another good one, though much less focused.

If anything Unix needs to push it over the top as far as a secure server operating systems is the ability to tell the OS that "This File can never be deleted and can only be appended to by ...

More importantly, I think UNIX needs a better security model. Right now one of the big problems is that all of your executables have the same permissions that you do. In a capability based system, your email program may own capabilities for reading its configuration files, but an open() on a file owned by the user would require active user input to succeed. (Someone wrote a paper about using a Windows-like GUI to make capabities more understandable to the user, but I can't find the url at the moment.)

In any case, here are some links.
"E", a capability-secure language.
Capabilitiesvs. Microsoft's signed execuatables solution. (Part of a good introduction to capabilities).
Linux Kernel Capabilities vs. the standard definition of capabilities.

I'm excited about several potentially significant projects that may have their first "stable" releases next year. Everyone knows about OpenOffice, Apache 2 and Mozilla (I'm surprised that neither article mentioned the last two). Here are a few others:

• Subversion version control rethought, could replace CVS as free software tool of choice
• E capability secure programming
• Reptile reputation-based content aggregator

Fascinating, but I want the next generation platform to evolve, not out of Sun, Microsoft, IBM, HP, Exodus, etc., but out of Mojo Nation, E, Chord, FreeNet, etc.

Open source projects, with ambitious goals for self-healing, self-organizing networks, tolerant of diversity, resistant to any conceivable attack, and free from the manipulations that mega corps inevitably introduce in their unceasing quest to gain monopoly power.

True capabilities (as found in EROS or E) are completely different, more powerful, and older than the stuff that came out of the POSIX committee; it's unfortunate to see yet another article which confuses this issue.

True capabilities (as found in EROS or E) are completely different, more powerful, and older than the stuff that came out of the POSIX committee; it's unfortunate to see yet another article which confuses this issue.

I got really excited when I read that book. I gave my copy to Mark S. Miller, hoping it would excite him in the same way.

The author is thinking about changing the world through public policy initiatives, education of officials, and so forth. I'm thinking of changing the world by giving disenfranchised entrepeneurs powerful tools to link them together and to turn their resources into capital

Regards,

Zooko

If anyone's curious, more info on confinement and covert channels is here:

at erights.org

The computer security fact forum

(Unable to resist a blatant, albeit tasteless, self promotion opportunity, Jim Ray steps up to the plate, fully clothed head-to-toe in Nomex.)

Create an e-gold account (you won't quite be a Doe, but we'll never sell or give away information on customers like credit card companies do). Do an InExchange to buy some of the e-metal of your choice. Do a spend to account number 102948. Wish they had an e-gold option on their page. (Wait, no, that's my department, sorry.) Tell EFF you spent to their account, and that they can either use their e-gold or go do an OutExchange and get a check.

Feel good about yourself. Find other ways to have fun with our currency. :) There are lots of other good causes with e-gold accounts who actually have implemented our shopping cart on their pages, for one thing, and I keep offering to click a spot of FREE e-gold to members of the /. community who simply ask me for some. So far, no takers...Oh well.
JMR

(Unable to resist a blatant, albeit tasteless, self promotion opportunity, Jim Ray steps up to the plate, fully clothed head-to-toe in Nomex.)

Create an e-gold account (you won't quite be a Doe, but we'll never sell or give away information on customers like credit card companies do). Do an InExchange to buy some of the e-metal of your choice. Do a spend to account number 102948. Wish they had an e-gold option on their page. (Wait, no, that's my department, sorry.) Tell EFF you spent to their account, and that they can either use their e-gold or go do an OutExchange and get a check.

Feel good about yourself. Find other ways to have fun with our currency. :) There are lots of other good causes with e-gold accounts who actually have implemented our shopping cart on their pages, for one thing, and I keep offering to click a spot of FREE e-gold to members of the /. community who simply ask me for some. So far, no takers...Oh well.
JMR

First let me say that I'm not a programmer (I'm a mouth) and that the following could easily be interpreted as totally self-interested, and to top it off they aren't even Linux-specific. Moderate me down, see if I care. :)

The guys at http://www.cryptix.org/ are my favorites. Cryptix(tm) is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java. Without them, the cool stuff that's happening at: http://www.webfunds.org/ Webfunds (some of it indirectly involving my company) would not be possible.

Along some of the same lines, what's going on at: http://www.erights.org/ E involving a secure distributed object platform and scripting language for writing Capability-Based Smart Contracts is also exceptionally cool, and somewhat related is Tyler's http://www.waterken.com/ Waterken (which isn't a charity, but which is very cool IMO). Disclaimer: I like all the principals of these 4 groups as friends, and all 4 groups tend to "get" what I sell, which is e-gold, which currently uses too much closed-source stuff (that may change in the future, /. assistance appreciated). Obligatory Commercial: Anybody on Slashdot who wants to try e-gold today can e-mail me with an account number.

Something to keep in mind is the old adage "follow the money." It's as true in trying to supplant M$ as it is in politics, IMO. Good luck, choose well, and above all have fun.
JMR
[Speaking only for myself, YMMV, etc. etc.]

• The 390 has a killer instruction set for doing I/O more efficiently (with fewer CPU cycles) than any other cpu out there. Sure AIX/irix/slolaris can do XXX TB/second i/o but what good is it if the cpu is 100% busy? The mainframe can do this I/O wich the cpu 99% idle.
• The 390 allows the disk drive cables to be hundreds of meters long and so you can fill a whole room with disk. You can't do this with an SP/2. You can try using NFS disk servers, or a SAN fabric running SCSI but you'l surrender performance, or number of peripherals.
• The Linux/390 page says it all: 65536 devices and all of them busy
• LPAR allows you to boot multiple operating systems. This allows you to create test regions and production regions on the same box, and acheive uptimes that are out of the ballpark.
• You don't have to reboot the OS to add more disk or even add more CPU's. Does your favorite unix box even allow you to plug in a CPU without turning off power?
• Address spaces: the instruction set allows 16+ address spaces that all have access to priveldged (kernel) instructions. This allows kernel deamons and kernel modules to each run in thie own address space, without corrupting other parts of the kernel. They could even do an OOPS without taking down the rest of the kernel with them. Its kind of like having "capabilities" designed into the CPU instruction set. There is no other unix/risc-box on the planet that allows you to install a kernel module without compromising the security of the kernel itself. This is exactly how some recent Linux security breaches ahve occured: some cracker got root shell and installed a secret back door as a kernel module.
• The multiple-address space ability can make client-server and corba really really blaze. No other CPU out there has this ability. All the other CPU's require you to use pipes or sockets or shared mem to do stuff like this. Imagine having a 100% secure syscall without the overhead of pipes/semaphores/mutex's/shmat's!

P.S. lets give credit to the website where this work is happeneing: Linux/390 Its nice that IBM is hyping this, but IBM is *not* pumping actual $$$ into this, the way that e.g. SGI is pumping $$$ into Linux. They're just taking all the credit :-|

I'd like to second that recommendation. Marc based his book on a lot of the ideas that have swirled around this group (hypertext, idea futures, real computer security, smart contracting, etc.).

By the way, bidirectional linking is not new to the Web. It was new in 1997, when it was introduced by CritLink. I encourage you to check that out, too. It lets anybody annotate any public web page using any browser -- no software required.

-- ?!ng