Backfitting Security into Programming Languages

Eric at Ward's Wiki pod shared his security work backfitting security into FedWiki plugins through ES6 frames. I met Mark Miller after reprising his work in Vancouver, BC after Ocap at Splash 2017.

YOUTUBE j5SuqIrgRJU Mark Miller: Agoric and the Decades-Long Quest for Secure Smart Contracts

Previously, I had worked on a project that destroyed considerable value (hundreds of jobs and comparably million dollars in lost revenues) because we unable to solve a fundamental messaging issue between plugins with security in a post-PC era web desktop for enterprise ecommerce.

In 2007-2009, I spent time visiting Microsoft Redmond working with Windows engineering and made presentations at Microsoft Mountain View to show our problem and tell our dilemma. Alas, in caring about this nexus of web top security as an enterprise software priority we were not: > Top of the list Head of the heap King of the hill

Microsoft found the issue interesting but not shocking, the slow effort of trying to trace the beginning of the issue had started.

A decade later, after spending a long day with Mark Miller at OCAP's 2017. After reading all his papers and presentations that I could find, and reprising his PhD paper Presenting Robust Composition. I was working with the Dart team and Dartlang and able to deduce he was working with the DART team to solve the messaging problem Eric has solved by constructing plugins by coding frames with ES6 for resilient security, see Disappearing Frame Origin. Effectively, I think Eric is self-arranging the AST underpinning wiki plugins to secure frames.

After chatting with Ward, I know that many developers are too busy and uninformed about proglang internals to code for resilient security.

The methods must be back-fitted into enterprise frameworks and preferably into programming languages. Blockchain and consensus is a fork at accomplishing this in a database system, but it is only as secure as the operating system, processor and programming language used to construct applications, and frameworks.

Thus I came across Jae Kwon's work with Cosmos and Gno, by way of Mark Miller's influence and the project. Gnolang appears to be Golang back-fitted for security. The philosophy here page

Back when Brad Fitzpatrick was on the core Golang team, I had asked Brad at a conference about the possibility of Golang 2.0 taking steps to be a first class OCaps programming language, I think the conference video with Q&A is available (I will try to post a link) -- Brad's answer is probably gone past that point. So its good to learn about Gno github .