This is my public diary.
Reading a few articles about capability based security1 as preparation for my lecture on the topic on Tuesday. I am fascinated by ideas that have a strong theoretical and practical advantage, but somehow end up not being adopted by the majority, and capabilities seems to be one of them.
The essential idea of capabilities is that when exerting a priviledge you also have to justify why you can exert it. A capability is a reference to an object together with a list of allowed operations, and when performing an operation, you present the capability. In this way, you are not only saying “I want to do X to object Y.” but rather that “I want to do X to object Y, and this is why I can.”.
Once capabilities have been introduced, the fundamental question seems to be how to manage them. They are not unlike references in programming languages in that respect. I wonder if something like linear logic could be applied to capabilities? Some relevant references seem to be here.
Changed back to Murmur from µMumur today. Now SSL certificates works again. Hopefully also the dice bot.
Building Murmur on OpenBSD was almost painless. The compiler complained about lack of
setenv, so I included
For a while I have been using Keybase to chat with people. The keybase client is a modern application, which means it takes huge amounts of RAM and crashes frequently. Luckly the underlying system seems robust enough that unless I was trying to write something when it crashed, data is not lost.
I really like the way keybase authentication works. In order to use it on a new device you have to enter a code from the new device into an old one. This prevents a weak password from breaking the security completely.
Updated KDE on my stationary laptop, and decided to give it a whirl again. I usually prefer tiled WMs like WMII or XMonad, but I am also quite happy with my KDE setup. Except for terminal, I rarely run more than one window per (virtual) screen anyways.
I like KDE’s concept of activities, and only wish they would have individual panels for activities as an option. I have a special activity for writing. The point is to have an activity without distractions, and then it would be nice to remove the panel there.
A feature I didn’t see before was the encrypted vaults, I should look into their security at some point. It is a front end for a couple different folder encryption systems, but there is not yet much documentation of the vault feature itself. All I could find was the source code and a note in the 5.11 announcement.
The introduction from EROS is a good place to start reading about capabilitites.↩