Posted by
CmdrTaco
on from the from-the-research-center-that-brought-us-everything-else dept.
Sandeep writes " PARC announces a new software architecture , named Obje, to establish a device-independent networking system. Essentially, it allows two devices to teach each other how to talk amongst themselves. It does this by sending actual code over the network."
Whats wrong with generated code?
by
SkunkPussy
·
· Score: 4, Interesting
There is nothing wrong with generated code if you trust the sender. Plus if the code sent over the network is executed in a sandbox/jvm it shouldnt be incredibly risky (obviously a lot of potential for DoS attacks).
Code can be a very concise way to express an algorithm.
-- SURELY NOT!!!!!
Re:Only two possible outcomes.
by
Dachannien
·
· Score: 4, Interesting
DMCA and other viruses
by
buckhead_buddy
·
· Score: 4, Interesting
The propogation of code is worrisome, but I'm also unsure of the legal implications of allowing your code to accept the code and restrictions of others by automatically allowing it to run.
This may be a neat new way to logically propogate code, but once all the kinks are worked out it seems like it simply opens new doors for lawyers to battle out THEIR logic.
Brrrr
Parc = Real PnP
by
SunCrushr
·
· Score: 5, Interesting
So from what I've read in the article, this looks to be Plug'n'play as it was meant to be:
Devices which use simple initial aggreed upon standard to extend their various servcies to each other without all the protocols having to be aggreed upon ahead of time, just a few simple initial protocols which are used to communicate and extend the other protocols and services between the devices. If this is applied correctly by the industry, it could change computing a lot, opening more complex systems to users with less experience and requiring less support resources. I'll be watching this closely.
Re:Parent should be "Insightful," not "Funny"
by
Short+Circuit
·
· Score: 4, Interesting
Perl supports "tainting" of data, so you don't do accidentally anything stupid with information that isn't secure. (Including exec'ing it.)
I imagine this would be a similar set up.
Or it could be done inside a virtual machine ala JVM, with a stream output to the part of the device that actually uses whatever the communication is intended to transmit in the end.
Re:Parent should be "Insightful," not "Funny"
by
jilles
·
· Score: 5, Interesting
With Java you can do this. Just run the code in a sandbox. Alternatively you can use some trusted third party and signatures. Or you can do both (authenticate other party and allow verified and validated code to do whatever it is authorized to do). The JINI architecture works along these lines (although it seems rather dead nowadays). It can be very secure if you set it up properly.
--
Jilles
Re:Parent should be "Insightful," not "Funny"
by
BlueTooth
·
· Score: 5, Interesting
and then the sytem decides what you are based on your capabilities and treats you accordingly.
This assumes that the system already knows about all possible capabilities and that it knows how to talk to everyone else.
I think the idea is that devices teach each other of their existence. It would be like if I bought a USB device (say a camera) that Windows didn't support, the camera would be able to bootstrap Windows with some drivers from its own firmware. The only thing that has to be prearanged is a protocol for this transaction. I don't need to maintain an extensive driver library for this to work.
-- SPAM
Re:Parent should be "Insightful," not "Funny"
by
goatwhip
·
· Score: 5, Interesting
What portion of detecting whether code sent to you over the network is doing something 'strange', do you find simple?
I hate it when people preface comments with "Simply enough" or "Obviously". It automatically makes anyone who doesn't understand what the person is talking about, feel stupid.
It seems like this offers a way of embedding the device's driver. - Just having the driver doesn't bypass any other security mechanisms already in place. Depending upon how it's used, it may not open any new security holes. Being able to just plugin the latest printer and have it work without installing any drivers is not a Bad Thing.
If Microsoft had "innovated" this we'ld be seeing printers being distributed with Windows binaries drivers in firmware, that only Windows machines could make use of. Coming from Parc, it will be available for multiple platforms but unfortuantely they're not making this an open standard.
<Paranoid Speculation>: Microsoft will copy the idea, but their standard will only communicate with Windows (and it's mobile derivatives) and give it away to hardware vendors. Free stuff from MS that will make your device truly PnP for 95% of computer users is an eash choice.</Paranoid Speculation>
Slashdot Mirror
There is nothing wrong with generated code if you trust the sender. Plus if the code sent over the network is executed in a sandbox/jvm it shouldnt be incredibly risky (obviously a lot of potential for DoS attacks).
Code can be a very concise way to express an algorithm.
SURELY NOT!!!!!
About 34 years too late.
The propogation of code is worrisome, but I'm also unsure of the legal implications of allowing your code to accept the code and restrictions of others by automatically allowing it to run.
This may be a neat new way to logically propogate code, but once all the kinks are worked out it seems like it simply opens new doors for lawyers to battle out THEIR logic.
Brrrr
So from what I've read in the article, this looks to be Plug'n'play as it was meant to be:
Devices which use simple initial aggreed upon standard to extend their various servcies to each other without all the protocols having to be aggreed upon ahead of time, just a few simple initial protocols which are used to communicate and extend the other protocols and services between the devices. If this is applied correctly by the industry, it could change computing a lot, opening more complex systems to users with less experience and requiring less support resources. I'll be watching this closely.
Perl supports "tainting" of data, so you don't do accidentally anything stupid with information that isn't secure. (Including exec'ing it.)
I imagine this would be a similar set up.
Or it could be done inside a virtual machine ala JVM, with a stream output to the part of the device that actually uses whatever the communication is intended to transmit in the end.
tasks(723) drafts(105) languages(484) examples(29106)
With Java you can do this. Just run the code in a sandbox. Alternatively you can use some trusted third party and signatures. Or you can do both (authenticate other party and allow verified and validated code to do whatever it is authorized to do). The JINI architecture works along these lines (although it seems rather dead nowadays). It can be very secure if you set it up properly.
Jilles
and then the sytem decides what you are based on your capabilities and treats you accordingly.
This assumes that the system already knows about all possible capabilities and that it knows how to talk to everyone else.
I think the idea is that devices teach each other of their existence. It would be like if I bought a USB device (say a camera) that Windows didn't support, the camera would be able to bootstrap Windows with some drivers from its own firmware. The only thing that has to be prearanged is a protocol for this transaction. I don't need to maintain an extensive driver library for this to work.
SPAM
What portion of detecting whether code sent to you over the network is doing something 'strange', do you find simple? I hate it when people preface comments with "Simply enough" or "Obviously". It automatically makes anyone who doesn't understand what the person is talking about, feel stupid.
It seems like this offers a way of embedding the device's driver. - Just having the driver doesn't bypass any other security mechanisms already in place. Depending upon how it's used, it may not open any new security holes. Being able to just plugin the latest printer and have it work without installing any drivers is not a Bad Thing.
If Microsoft had "innovated" this we'ld be seeing printers being distributed with Windows binaries drivers in firmware, that only Windows machines could make use of. Coming from Parc, it will be available for multiple platforms but unfortuantely they're not making this an open standard.
<Paranoid Speculation>: Microsoft will copy the idea, but their standard will only communicate with Windows (and it's mobile derivatives) and give it away to hardware vendors. Free stuff from MS that will make your device truly PnP for 95% of computer users is an eash choice.</Paranoid Speculation>
--Aaron Greenberg