[self-interest] Quiet in Self land?
mail at russell-allen.com
Fri Sep 19 03:25:09 UTC 2014
On 19 Sep 2014, at 2:05 am, Gordon Cichon selfinterest at lists.cichon.com [self-interest] <self-interest at yahoogroups.com> wrote:
> On 09/17/2014 05:15 AM, Russell Allen mail at russell-allen.com [self-interest] wrote:
>> (2) complete lack of security within a Self world. ie code can do abominations like "0 _Quit"
> why "0 _Quit" and not just "_Quit"?
Because I was conflating two things in my head and failed to communicate both of them :)
1st is the primitive issue - anyone can send _Quit to themselves for example. We could maybe solve this by capability tokens? ie _Quit: token and then we make sure only the objects we want to be able to _Quit can get their hands on the token
2nd is the issue of objects importing lobby (and thus the whole image) as a parent slot. So if we had a "rot13: theString" method, which took only a string and rot13'd it, that method can go "theString lobby" and voila has access to everything. Best I can think at the moment is to re-engineer a core of 'safe' objects including booleans, strings, collections etc so that you can't get to the main lobby from them, only to a 'core lobby'
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Self-interest