On 19 Sep 2014, at 2:05 am, Gordon Cichon selfinterest@lists.cichon.com [self-interest] <self-interest@yahoogroups.com> wrote:

On 09/17/2014 05:15 AM, Russell Allen mail@russell-allen.com [self-interest] wrote:

(2) complete lack of security within a Self world. ie code can do abominations like "0 _Quit" 

why "0 _Quit" and not just "_Quit"?
,_._,___

Because I was conflating two things in my head and failed to communicate both of them :)

1st is the primitive issue - anyone can send _Quit to themselves for example. We could maybe solve this by capability tokens?  ie _Quit: token and then we make sure only the objects we want to be able to _Quit can get their hands on the token

2nd is the issue of objects importing lobby (and thus the whole image) as a parent slot. So if we had a "rot13: theString" method, which took only a string and rot13'd it, that method can go "theString lobby" and voila has access to everything. Best I can think at the moment is to re-engineer a core of 'safe' objects including booleans, strings, collections etc so that you can't get to the main lobby from them, only to a 'core lobby'

Russell