SaaSHub helps you find the best software and product alternatives Learn more →
Notes Alternatives
Similar projects and alternatives to notes
-
ponyc
Pony is an open-source, actor-model, capabilities-secure, high performance programming language
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
packj
Packj stops :zap: Solarwinds-, ESLint-, and PyTorch-like attacks by flagging malicious/vulnerable open-source dependencies ("weak links") in your software supply-chain
notes reviews and mentions
-
A Study of Malicious Code in PyPI Ecosystem
It's (partially) a fundamental problem with Python and most other programming languages. The majority of libraries don't need more authority than doing (some) computation, yet any Python script can access anything and everything by default.
https://en.wikipedia.org/wiki/Capability-based_security is the solution for this, yet Python will probably never be capable of this kind of internal encapsulation, it's too much of a fundamental change - and even if some sort of sandboxing ability is accomplished, creating separate/recursive sandboxes (needed when importing more, separate libraries) will probably require another interpreter instance (as with WebAssembly).
I hope current and future language designers will take this into account, and construct their compilers, virtual machines and interpreters accordingly. Python was created before the internet as we know it now existed, so perhaps its lack of security mechanisms shouldn't be surprising. But it and any new developments that fail to consider this aspect of computation will be fundamentally flawed from the beginning.
https://github.com/void4/notes/issues/41
-
The Insecurity Industry
Not if done correctly. Have a look at this link: https://github.com/void4/notes/issues/41
There is no issue with just limiting resources (unless there is unpredictable overhead). It doesn't have to be hardware resources either, it could be abstract/higher level resources like interpreter steps or managed memory slices.
I'm creating a series of VMs to show that this is possible, like rarVM, the recursively sandboxable virtual machine: https://esolangs.org/wiki/RarVM
Showcase: https://www.youtube.com/watch?v=MBymOp6bTII
When calling a function you can specify how many interpreter steps it can run until it aborts (and optionally gives you a continuation so you can "refill" and resume it later).
Stackless Python can do this too, but unfortunately due to the reasons discussed above will never be a safe language, this specific mechanism works only in trusted environments since the called function has the ambient authority to increase its own resource limits: https://stackless.readthedocs.io/en/2.7-slp/library/stackles...
-
SSL: Stupid Stack Language
Another approach would be to have a counter (or several) that limit the number of instruction steps, like the Stackless Python programming language (https://stackless.readthedocs.io/en/latest/library/stackless...) or the KeyKOS operating system (https://github.com/void4/notes/issues/41) did
- he hacked the database 😱
-
An engineer wiring an early IBM computer, 1958. Photo by Berenice Abbott
Ann Hardy programmed one of the first mainframe operating systems, and certainly the most secure one: KeyKOS
-
I am planning on creating a programming language for my Informatics Bachelor Thesis. What are your ideas for such a project?
There are syntactic and semantic aspects. Personally, I think algebraic effect systems and capability security seem to be very worthwhile areas of research because they provide abilities and guarantees that just aren't possible with currently popular languages due to their architecture.
-
Incompatible Timesharing System
This might be of interest to you: "Why KeyKOS is fascinating" - https://github.com/void4/notes/issues/41
- Resource limited chess engine competition
- Resource limited chess engine competition using WebAssembly
-
A note from our sponsor - SaaSHub
www.saashub.com | 3 May 2024
Stats
Popular Comparisons
Sponsored