This is, as best as I can give right now, an exhaustive enumeration of all the different approaches to JavaScript security. Source Translation. Does a source-to-source translation of JS into a secure subset. The technique is used to jail an…
Devil in the details. I’d like to repeat an example (given my Mark Miller in his work on E), of two different ways to copy a file, and the security implications of each. First, shell$ cp foo.txt bar.txt This command…
In my information flow research, we have the objective of attaching a security label to every object/value within the running system of a JavaScript VM. Two approaches are immediately evident: Fat Values. We can extend the native encoding of values…
I was in the dining hall, and the TV there had some talking heads babbling about the stock market. I couldn’t really make out what they were saying, but it set the stage in my mind for some other thoughts….
One of my fellow lab-mates has already posted about const-correctness, because of some similar issues. My work today, takes it a tiny bit further into sheer insanity. If you don’t start your program off using a const-correctness discipline, it’s very…
I’m one of those Object Oriented programmers that consider type-inspection to be a design flaw. Much to my chagrin, I’ve found myself making occasional use of the Java instanceof keyword. In my most recent class lecture, we discussed Exceptions, and…
I’ve come across another programming language feature that I would like to have. The last one was a bit outlandish, and I’d really like to refine it a bit. Dress it up a little. Supposing you were asked to perform…
I was reading Steve Yegge’s drunken rant on The Emacs Problem. It wasn’t able to convince me that Lisp was a great language for text processing, but it did convince me that Lisp is a fantastic language for data interchange….
Today I had a long and philosophical discussion with one of my friends. He started the conversation with a baited question: “Have you ever met a Solipsist?”. How could I avoid that one? Of course the conversation delved into the…
I’ve been programming an alpha-beta AI to play variants of connect-k games. For example, connect-3 on a 3×3 board with gravity off is tic-tac-toe, connect-5 on a 19×19 board with gravity off is the basis of go-moku, while connect-4 on…