Notes Alternatives

notes reviews and mentions

• A Study of Malicious Code in PyPI Ecosystem
  4 projects | news.ycombinator.com | 8 Sep 2023

  It's (partially) a fundamental problem with Python and most other programming languages. The majority of libraries don't need more authority than doing (some) computation, yet any Python script can access anything and everything by default.

  https://en.wikipedia.org/wiki/Capability-based_security is the solution for this, yet Python will probably never be capable of this kind of internal encapsulation, it's too much of a fundamental change - and even if some sort of sandboxing ability is accomplished, creating separate/recursive sandboxes (needed when importing more, separate libraries) will probably require another interpreter instance (as with WebAssembly).

  I hope current and future language designers will take this into account, and construct their compilers, virtual machines and interpreters accordingly. Python was created before the internet as we know it now existed, so perhaps its lack of security mechanisms shouldn't be surprising. But it and any new developments that fail to consider this aspect of computation will be fundamentally flawed from the beginning.

  https://github.com/void4/notes/issues/41

• The Insecurity Industry
  1 project | news.ycombinator.com | 27 Jul 2021

  Not if done correctly. Have a look at this link: https://github.com/void4/notes/issues/41

  There is no issue with just limiting resources (unless there is unpredictable overhead). It doesn't have to be hardware resources either, it could be abstract/higher level resources like interpreter steps or managed memory slices.

  I'm creating a series of VMs to show that this is possible, like rarVM, the recursively sandboxable virtual machine: https://esolangs.org/wiki/RarVM

  Showcase: https://www.youtube.com/watch?v=MBymOp6bTII

  When calling a function you can specify how many interpreter steps it can run until it aborts (and optionally gives you a continuation so you can "refill" and resume it later).

  Stackless Python can do this too, but unfortunately due to the reasons discussed above will never be a safe language, this specific mechanism works only in trusted environments since the called function has the ambient authority to increase its own resource limits: https://stackless.readthedocs.io/en/2.7-slp/library/stackles...

• SSL: Stupid Stack Language
  1 project | news.ycombinator.com | 13 Mar 2021

  Another approach would be to have a counter (or several) that limit the number of instruction steps, like the Stackless Python programming language (https://stackless.readthedocs.io/en/latest/library/stackless...) or the KeyKOS operating system (https://github.com/void4/notes/issues/41) did

• he hacked the database 😱
  1 project | /r/masterhacker | 4 Mar 2021
• An engineer wiring an early IBM computer, 1958. Photo by Berenice Abbott
  1 project | /r/interestingasfuck | 22 Feb 2021

  Ann Hardy programmed one of the first mainframe operating systems, and certainly the most secure one: KeyKOS

• I am planning on creating a programming language for my Informatics Bachelor Thesis. What are your ideas for such a project?
  3 projects | /r/ProgrammingLanguages | 21 Feb 2021

  There are syntactic and semantic aspects. Personally, I think algebraic effect systems and capability security seem to be very worthwhile areas of research because they provide abilities and guarantees that just aren't possible with currently popular languages due to their architecture.

• Incompatible Timesharing System
  3 projects | news.ycombinator.com | 22 Jan 2021

  This might be of interest to you: "Why KeyKOS is fascinating" - https://github.com/void4/notes/issues/41

• Resource limited chess engine competition
  1 project | /r/ComputerChess | 24 Dec 2020
• Resource limited chess engine competition using WebAssembly
  1 project | /r/chessprogramming | 24 Dec 2020
• A note from our sponsor - SaaSHub
  www.saashub.com | 3 May 2024

  SaaSHub helps you find the best software and product alternatives Learn more →