"I have a mind like a steel... uh... thingy." Patrick Logan's weblog.

Search This Blog

Loading...

Friday, July 29, 2005

Tiger and Termite

I installed Tiger this week on my Mac. I had Jaguar and skipped Panther, so this is a big step up... I love it. Dashboard, Spotlight, I have to spend more time with the Mac.

Ugh. Gambit Scheme (and so Termite) just compiles on my Linux box. I expect it not to compile all that well on Cygwin. It does compile but I need to track down things like getting libuuid to work right. Dynamic loading may never work right I suppose.

But I did expect Gambit to compile more easily on MacOSX which is just a Unix. Gambit really likes Linux apparently. The compile went OK, but the tests are breaking in the most unexpect places... like fairly simple interpreter tests.

I am eager to run Termite on Linux, MacOSX, and Windows concurrently and migrate processes around the horn just for kicks.

BTS 2006

This is good news from Don Box on Biztalk Server 2006. The current installation process is desperately painful.

Simple default installation will get more people playing and learning, which is needed to understand the pros and cons of BTS. Let's hope some other usability issues have been similarly addressed. Unless you *like* programming in the lower right hand corner of your screen. 8^)

Thursday, July 28, 2005

Concurrency-Oriented Programming Languages

Chris Double is implementing a concurrency model for Factor based on Erlang and Termite. This could catch on.

But hey!

Now I found this interesting. I knew that TBL initially developed on NeXT with Objective-C, but...

HTTP was designed as a distributed realization of the Objective C (originally Smalltalk) message passing infrastructure
...hey!

(via Mark Baker)

Wednesday, July 27, 2005

Fundamentals of A Security Hole

I hope no one is surprised about the "Greasemonkey Crisis".

Most closed source and open source running applications, middleware, and basic services on the internet or anywhere else are based on a fundamentally flawed concept of security. Greasemonkey is no different; moreover Greasemonkey is especially dangerous sinces its raison de'tre is dynamic customization over the internet.

Things could be different without too much trouble, but the first step is to recognize the real problem and well-known solutions.

Jon followed up with some important questions and implications. And so I should qualify my claim of "without too much trouble".

That should read "without too much *technical* difficulty". The challenging problem I stated above is the that the core problem is so pervasive: in our current systems, but also in our current thinking. A mindshift is needed to recognize the technical problem, realize there are existing technical solutions that are already out of the lab, and that the problem can be tackled one web site and one client application at a time. Not ideal, but much more practical than the ideal.

Some existing solutions that have escaped the labs already: Jon mentioned the E programming language, which if nothing else demonstrates the problem can be addressed on the current Java Virtual Machine. The DARPA Browser illustrates how to use E in a large, real application. The Waterken web application server and the Waterken browser illustrate how to apply the same concept at the level of HTTP and URI's.

The Squeak programming language (Smalltalk) and the Oz programming language are both being extended with E-like capabilities. Objects, virtual machines, web servers are all related concepts (see Mark Baker's recent note and the referenced observation about Smalltalk and HTTP) and all happen to provide a good foundation for capability-based security.

I'll also toss into the mix that concurrency-oriented (pdf) languages like Erlang and Termite are amenable to the same solutions. Capability-based security is just around the corner from our current thinking and our current tools. Capability-based systems can be released onto the internet incrementally, and already have been. Objects, the web, and shared-nothing message passing are all fundamentally doing the same thing... referencing resources and passing around representations of resources that refer to other resources. Just squint a bit to see the similarities and read about capabilities to understand the security aspects of design.

Blog Archive

About Me

Portland, Oregon, United States
I'm usually writing from my favorite location on the planet, the pacific northwest of the u.s. I write for myself only and unless otherwise specified my posts here should not be taken as representing an official position of my employer. Contact me at my gee mail account, username patrickdlogan.