Declarative and Minimalistic Computing
Why everyone needs to know some coding: last-mile sandboxing
<p>We'd all like to use computers to their fullest capability. However, we'd also like to restrict the capability of computers to do things we don't intend. These constraints present a problem: how our computers should determine our intention, when the software we use is written by others. Most programming languages ignore this problem, by running untrusted programs with completely open doors. Browsers run programs with a single policy that is mostly hard-coded (no file system access) but also complex, so that it's often unclear what is protected. In this talk I'll describe my attempts to come up with a model that is both flexible and easy to understand.</p>
This talk will:
- elaborate on what makes sandboxing difficult (code is data),
- outline past approaches to sandboxing (web browsers), and
- summarize the problems of past approaches (who watches the watchers?)
It will then describe a new approach that replaces the hard-coded coarse-grained protections of browsers with declarative fine-grained protections organized by the real-world effects of computers (syscalls). In outline, the approach separates untrusted software in apps from a tiny set of programmable policies. Each policy is advice that applies to a single syscall and decides whether to permit the syscall or not.
This approach is implemented in a fork of Lua for purely text-mode apps. The browser provides default policies, but tries to gradually empower each person over time to take ownership of the policies on their browser without any mediation from others. In the process, it hopes to educate people on some basic aspects of programming.
The talk will describe the new challenges posed by this approach, including:
- educating people to never paste in code into policies without understanding it
- educating people on the value of minimalism in policy code (and indeed all code)
- educating people on the need for policy code to itself be side-effect-free
- coaching people on good and poor changes to policy code when intended uses are disallowed by policies
Additional information
| Type | devroom |
|---|
More sessions
| 2/6/22 |
<p>Welcome to the Declarative and Minimalistic Computing Devroom.</p> <p>In this year's virtual conference we will honour the late Professor John McCarthy as the founder of AI and the inventor of LISP. McCarthy with his work pioneered artificial intelligence, developed the Lisp programming language family and kickstarted our modern computing world. Lisp is one of the two oldest computer languages in use today.</p>
|
| 2/6/22 |
<p>Metaprogramming is a technique that allows the creation of data and control structures during runtime. This gives adaptiveness and expressiveness to languages, allowing the creation of data structures with complex behavior, and adapted to the environment or to the data used. In this talk we will talk about general metaprogramming techniques, with examples in Raku and other modern languages.</p>
|
| 2/6/22 |
<p>In this presentation I share my 1-year journey with RISC-V and how I started from nearly zero and I ended up porting Guile's JIT library to RISC-V and starting the RISC-V port of Stage0. This journey is full of uncertainties and chaos but that's what finally made this happen. During this talk we'll discuss how embracing chaos can lead to great change and how we can become the source of positive chaos in people around us.</p>
|
| 2/6/22 |
<p>How can we use DSLs in our applications as a replacement for databases? CSVs? configuration files?</p>
|
| 2/6/22 |
<p>Functional programming becomes more popular and widespread, it allows to make simplier, and more robust software, which is easier to maintain. Similar patterns and approaches are applicable for deploying or distributing software, managing infrastructures or even personal computers.</p> <p>We will discuss how to treat your computing environment as a simple software project written in functional language and how to manage operating system, services, configurations, user software, dotfiles in a ...
|
| 2/6/22 |
<p>GNU Guix is a transactional package manager and an advanced distribution based on a minimalistic language: GNU Guile.</p> <p>While users can choose to build everything from sources, the project is providing binary substitutes. Building and distributing those substitutes is a real challenge, involving a 20 GiB database and more than thirty machines.</p> <p>In this talk I will present the architecture of the continuous integration system, how it is maintained, the current limitations as well as ...
|
| 2/6/22 |
<p>You need a lot of hubris to design your own programming language. As a result, new languages are often engineered (or "over-engineered") for that glorious future where millions of programmers spend their lives working with the language, and a small army is maintaining the compiler and related tools. But how would you design a language that assumes this bountiful future will never arrive? A language that, even in the best of circumstances, will always be obscure and secondary? Futhark is a ...
|
