Posted by
CmdrTaco
on from the from-the-research-center-that-brought-us-everything-else dept.
Sandeep writes " PARC announces a new software architecture , named Obje, to establish a device-independent networking system. Essentially, it allows two devices to teach each other how to talk amongst themselves. It does this by sending actual code over the network."
Whats wrong with generated code?
by
SkunkPussy
·
· Score: 4, Interesting
There is nothing wrong with generated code if you trust the sender. Plus if the code sent over the network is executed in a sandbox/jvm it shouldnt be incredibly risky (obviously a lot of potential for DoS attacks).
Code can be a very concise way to express an algorithm.
-- SURELY NOT!!!!!
Re:Only two possible outcomes.
by
Dachannien
·
· Score: 4, Interesting
DMCA and other viruses
by
buckhead_buddy
·
· Score: 4, Interesting
The propogation of code is worrisome, but I'm also unsure of the legal implications of allowing your code to accept the code and restrictions of others by automatically allowing it to run.
This may be a neat new way to logically propogate code, but once all the kinks are worked out it seems like it simply opens new doors for lawyers to battle out THEIR logic.
Brrrr
Sounds safe to me - pwned
by
orthogonal
·
· Score: 3, Interesting
It does this by sending actual code over the network.
Nothin' to worry about here!
I "can'tse" any way this could develop into a security hole bigger than the goatse guy's famous anus.
This reverses years of tradition -- Microsoft is supposed to steal its "innovations" from from PARC, not the other way around.
And doesn't this sound like what goes way too wrong in Vernor Vinge's A Fire Upon the Deep, or an Iain Banks novel?
Could be horribly insecure
by
moberry
·
· Score: 3, Interesting
Almost everyone knows that if it can be protected, it can be cracked. There could be horrible implications to this, just imagine sending actual code across a network. It will take some "1337" hacker just a couple of hours to crack the system wide open. And if he/she can send raw code to tell the network how its going to work, and tell the devices connected to it how they work. he/she could essentially control them a lot easier than todays more "traditional" methods.
Parc = Real PnP
by
SunCrushr
·
· Score: 5, Interesting
So from what I've read in the article, this looks to be Plug'n'play as it was meant to be:
Devices which use simple initial aggreed upon standard to extend their various servcies to each other without all the protocols having to be aggreed upon ahead of time, just a few simple initial protocols which are used to communicate and extend the other protocols and services between the devices. If this is applied correctly by the industry, it could change computing a lot, opening more complex systems to users with less experience and requiring less support resources. I'll be watching this closely.
Re:Parent should be "Insightful," not "Funny"
by
Short+Circuit
·
· Score: 4, Interesting
Perl supports "tainting" of data, so you don't do accidentally anything stupid with information that isn't secure. (Including exec'ing it.)
I imagine this would be a similar set up.
Or it could be done inside a virtual machine ala JVM, with a stream output to the part of the device that actually uses whatever the communication is intended to transmit in the end.
Re:Parent should be "Insightful," not "Funny"
by
jilles
·
· Score: 5, Interesting
With Java you can do this. Just run the code in a sandbox. Alternatively you can use some trusted third party and signatures. Or you can do both (authenticate other party and allow verified and validated code to do whatever it is authorized to do). The JINI architecture works along these lines (although it seems rather dead nowadays). It can be very secure if you set it up properly.
--
Jilles
Re:Parent should be "Insightful," not "Funny"
by
BlueTooth
·
· Score: 5, Interesting
and then the sytem decides what you are based on your capabilities and treats you accordingly.
This assumes that the system already knows about all possible capabilities and that it knows how to talk to everyone else.
I think the idea is that devices teach each other of their existence. It would be like if I bought a USB device (say a camera) that Windows didn't support, the camera would be able to bootstrap Windows with some drivers from its own firmware. The only thing that has to be prearanged is a protocol for this transaction. I don't need to maintain an extensive driver library for this to work.
-- SPAM
Re:Sun already tried this
by
NSash
·
· Score: 3, Interesting
This sounds like what Sun tried to do with Jini. Judging buy the success (or lack there of) of Jini, I don't believe this will be successful.
On the contrary, a sign of a great idea is that even if the market doesn't accept it at first, it keeps on returning until its time has come.
Re:Why even have a network?
by
truthsearch
·
· Score: 3, Interesting
If code is instruction for a computer, why not send instruction over the network? As opposed to pure data ("Here's a packet of info"), it makes sense to send "I'm here and I'm a device of type X. When Y happens, send me Z." If the code is limited in its abilities, and isn't just run arbitrarily, the network itself can contain much logic. Devices could then use the network is much more logical and efficient ways.
Re:Parent should be "Insightful," not "Funny"
by
goatwhip
·
· Score: 5, Interesting
What portion of detecting whether code sent to you over the network is doing something 'strange', do you find simple?
I hate it when people preface comments with "Simply enough" or "Obviously". It automatically makes anyone who doesn't understand what the person is talking about, feel stupid.
It seems like this offers a way of embedding the device's driver. - Just having the driver doesn't bypass any other security mechanisms already in place. Depending upon how it's used, it may not open any new security holes. Being able to just plugin the latest printer and have it work without installing any drivers is not a Bad Thing.
If Microsoft had "innovated" this we'ld be seeing printers being distributed with Windows binaries drivers in firmware, that only Windows machines could make use of. Coming from Parc, it will be available for multiple platforms but unfortuantely they're not making this an open standard.
<Paranoid Speculation>: Microsoft will copy the idea, but their standard will only communicate with Windows (and it's mobile derivatives) and give it away to hardware vendors. Free stuff from MS that will make your device truly PnP for 95% of computer users is an eash choice.</Paranoid Speculation>
--
--Aaron Greenberg
Active Networks - deja vu all over again
by
decoy999
·
· Score: 3, Interesting
More power to the network !!! Wunderbar ! What the active networks community has been trying to solicit for all these (well, not all that many) years.
Of course most fashionably cynical geeks obviously have strong opinions about "new" technologies (e.g. MDA etc. etc.) because they know everything that there is to know... right ?
I once read an article in Spectrum or something about degrees of ignorance (about not knowing something, or not even knowing that one doesn't even know and stuff) well all these meta-models are a little difficult to digest if you've spent the last 40 of the 50 or so yeas of the computer age reinventing and relabeling technologies over and over again and patting each other on the back.
Dammit, GUIs (ala windowing intfcs) haven't changed in 40 years, basic networking hasn't changed in 30 years... simply because un-insightful programmers heavily dependent on psuedo-geeky-techno-jargon-crap feeding idiots hype up brain dead hacks as "bleeding edge technology" (ever notice how happy we feel relabeling or re-"inventing" design patterns ?)
So of course, the lesser mortals who compare malicious viruses to mobile code, obviously don't appreciate the nuances of responsible meta-models. I think PARC has a good thing going. I wish them luck...hopefully Steve Jobs and/or Bill Gates will productize this one too:-)... and shame on you non-abstract thinking pseudo-geeks...
Slashdot Mirror
There is nothing wrong with generated code if you trust the sender. Plus if the code sent over the network is executed in a sandbox/jvm it shouldnt be incredibly risky (obviously a lot of potential for DoS attacks).
Code can be a very concise way to express an algorithm.
SURELY NOT!!!!!
About 34 years too late.
The propogation of code is worrisome, but I'm also unsure of the legal implications of allowing your code to accept the code and restrictions of others by automatically allowing it to run.
This may be a neat new way to logically propogate code, but once all the kinks are worked out it seems like it simply opens new doors for lawyers to battle out THEIR logic.
Brrrr
It does this by sending actual code over the network.
Nothin' to worry about here!
I "can'tse" any way this could develop into a security hole bigger than the goatse guy's famous anus.
This reverses years of tradition -- Microsoft is supposed to steal its "innovations" from from PARC, not the other way around.
And doesn't this sound like what goes way too wrong in Vernor Vinge's A Fire Upon the Deep, or an Iain Banks novel?
Opinions on the Twiddler2 hand-held keyboard?
Almost everyone knows that if it can be protected, it can be cracked. There could be horrible implications to this, just imagine sending actual code across a network. It will take some "1337" hacker just a couple of hours to crack the system wide open. And if he/she can send raw code to tell the network how its going to work, and tell the devices connected to it how they work. he/she could essentially control them a lot easier than todays more "traditional" methods.
So from what I've read in the article, this looks to be Plug'n'play as it was meant to be:
Devices which use simple initial aggreed upon standard to extend their various servcies to each other without all the protocols having to be aggreed upon ahead of time, just a few simple initial protocols which are used to communicate and extend the other protocols and services between the devices. If this is applied correctly by the industry, it could change computing a lot, opening more complex systems to users with less experience and requiring less support resources. I'll be watching this closely.
Perl supports "tainting" of data, so you don't do accidentally anything stupid with information that isn't secure. (Including exec'ing it.)
I imagine this would be a similar set up.
Or it could be done inside a virtual machine ala JVM, with a stream output to the part of the device that actually uses whatever the communication is intended to transmit in the end.
tasks(723) drafts(105) languages(484) examples(29106)
With Java you can do this. Just run the code in a sandbox. Alternatively you can use some trusted third party and signatures. Or you can do both (authenticate other party and allow verified and validated code to do whatever it is authorized to do). The JINI architecture works along these lines (although it seems rather dead nowadays). It can be very secure if you set it up properly.
Jilles
and then the sytem decides what you are based on your capabilities and treats you accordingly.
This assumes that the system already knows about all possible capabilities and that it knows how to talk to everyone else.
I think the idea is that devices teach each other of their existence. It would be like if I bought a USB device (say a camera) that Windows didn't support, the camera would be able to bootstrap Windows with some drivers from its own firmware. The only thing that has to be prearanged is a protocol for this transaction. I don't need to maintain an extensive driver library for this to work.
SPAM
On the contrary, a sign of a great idea is that even if the market doesn't accept it at first, it keeps on returning until its time has come.
If code is instruction for a computer, why not send instruction over the network? As opposed to pure data ("Here's a packet of info"), it makes sense to send "I'm here and I'm a device of type X. When Y happens, send me Z." If the code is limited in its abilities, and isn't just run arbitrarily, the network itself can contain much logic. Devices could then use the network is much more logical and efficient ways.
Developers: We can use your help.
What portion of detecting whether code sent to you over the network is doing something 'strange', do you find simple? I hate it when people preface comments with "Simply enough" or "Obviously". It automatically makes anyone who doesn't understand what the person is talking about, feel stupid.
It seems like this offers a way of embedding the device's driver. - Just having the driver doesn't bypass any other security mechanisms already in place. Depending upon how it's used, it may not open any new security holes. Being able to just plugin the latest printer and have it work without installing any drivers is not a Bad Thing.
If Microsoft had "innovated" this we'ld be seeing printers being distributed with Windows binaries drivers in firmware, that only Windows machines could make use of. Coming from Parc, it will be available for multiple platforms but unfortuantely they're not making this an open standard.
<Paranoid Speculation>: Microsoft will copy the idea, but their standard will only communicate with Windows (and it's mobile derivatives) and give it away to hardware vendors. Free stuff from MS that will make your device truly PnP for 95% of computer users is an eash choice.</Paranoid Speculation>
--Aaron Greenberg
More power to the network !!! Wunderbar ! What the active networks community has been trying to solicit for all these (well, not all that many) years.
... right ?
... simply because un-insightful programmers heavily dependent on psuedo-geeky-techno-jargon-crap feeding idiots hype up brain dead hacks as "bleeding edge technology" (ever notice how happy we feel relabeling or re-"inventing" design patterns ?)
:-) ... and shame on you non-abstract thinking pseudo-geeks ...
Of course most fashionably cynical geeks obviously have strong opinions about "new" technologies (e.g. MDA etc. etc.) because they know everything that there is to know
I once read an article in Spectrum or something about degrees of ignorance (about not knowing something, or not even knowing that one doesn't even know and stuff) well all these meta-models are a little difficult to digest if you've spent the last 40 of the 50 or so yeas of the computer age reinventing and relabeling technologies over and over again and patting each other on the back.
Dammit, GUIs (ala windowing intfcs) haven't changed in 40 years, basic networking hasn't changed in 30 years
So of course, the lesser mortals who compare malicious viruses to mobile code, obviously don't appreciate the nuances of responsible meta-models. I think PARC has a good thing going. I wish them luck...hopefully Steve Jobs and/or Bill Gates will productize this one too