Posts in category learning

Learning Object Capability Security with the Online Python Tutor

In Everything Is Broken, Quinn Norton presents an alarming, though witty, case that heartbleed is really just the tip of the iceberg when it comes to computer security problems.

The best weapons I've seen are (a) certified programming with dependent types, and (b) Robust Composition with capabilties.

And on that front, there's great news: sel4, a formally verified, capability based microkernel written in optimized C, is going open source. That's the very lowest layer. At the other end, secure ecmascript lets us use Javascript as an object capability language. Distributed Electronic Rights in JavaScript tells the story at a high level, including which bits are available and which are still in progress. Stuff like the SES node package seems to work pretty well.

Meanwhile, we're a mostly python shop. I've been playing with some python capability idioms for a while. Some of them are a bit obscure, and I've been wondering how to explain our CodeReviewNotes about explicit authority to new developers.

Then I discovered the online python tutor. Perfect!

I hope that trying it out on encap.py will provide enlightenment on the encapsulation aspect of capabilities discussed in From Functions To Objects`. Copy and paste encap.py into the editor and add something like this at the end:

# test
s1 = makeSlot('apple')
print s1.get()
s1.put('orange')
print s1.get()

Then try walking through sealing.py to see how rights amplification works though the motivating example, money.py should be integrated in order for it to really make sense.