Mastodawn

Corbin May 29, 2024

@kellogh Like, from 2017, I went and found a PDF of a paper I submitted describing Monte, a Python-flavored E: https://github.com/monte-language/monte-talks/blob/master/corbin-ocap17-monte.pdf

I also presented a poster at PyCon 2016 covering the same material: here's Monte, it's like Python and E, etc. You can see the examples in that repository, and they are a standard slice of modern full-stack language usage: cube roots by hand, memoization, TCPv4 connections, private-key cryptography.

But in the paper, on p1, I give what I called "the 'hello world' of capability-safe languages", the E money-mint example. For capability theorists, a language is measured by its ability to formalize the same sorts of mutually-untrusting invariants which characterize financial transactions. I had to give this example or else I would not be recognized as a practitioner.

#CapabilityTheory

monte-talks/corbin-ocap17-monte.pdf at master · monte-language/monte-talks

Talks about Monte. Contribute to monte-language/monte-talks development by creating an account on GitHub.

GitHub

Show thread

Corbin May 23, 2024

@glyph @kjaymiller I discussed that ellipsis with my attorney when I first incorporated in 2016. It can be mitigated, carefully.

I was offering Tahoe-LAFS, which has the curious property that file-storage providers (my business) don't necessarily have the ability to read data uploaded by users (my customers). We discussed how this works, including the related example of Signal successfully convincing the USA that it cannot read its customers' text messages.

However, we still had to set up a basic conceptual pipeline for law-enforcement requests, even though I never received one. We assumed that a court *could* order me to destroy encrypted file data once they had identified it through other means, and also that DMCA requests could possibly be lawful but might be worth fighting depending on how poorly-filled-out they were.

I also had to publish terms of service. It's not enough to comply with the law; I also had to put customers on notice.

#TahoeLAFS #CapabilityTheory

Corbin Apr 21, 2024

Before I sign the open letter, can anybody reassure me that other folks are willing to carry forward the capability-theory torch? Regardless of my personal feelings about Eelco, I think that they've demonstrated attention towards least-authority and capability-oriented diesgn, and that's not very common among software engineers or FLOSS hackers. It would be a project-ending move to no longer have any technical leadership with that deep knowledge.

...Of course, one could argue that a true demonstration of POLA and caps would be delegating one's authority to the rest of the project, allowing people to collaboratively carry it forward without any one person having too much power or requiring too much trust.

#nix #NixOS #nixpkgs #CapabilityTheory

Corbin Apr 2, 2024

Okay, here's a #CapabilityTheory and #PLT / #PLDI hot take: be careful when accepting languages from research groups.

E's authors now work on Agoric; they are libertarians who pivoted to cryptocurrency. Pony's authors were supported by VC money. Yao's author, Gavin Howard, is an open fascist; Urbit's authors are cryptofascists.

It's not just them. I'm an open communist; you shouldn't use Monte (which I half-wrote) if you aren't okay with that, nor should you use my upcoming language Cammy. This isn't just a personality test; Cammy's toolchain embeds various communist beliefs, and similarly, systems like Rig and Urbit bake in various alt-right beliefs.

There are languages outside of this political dynamic. Waterken and Wyvern come to mind, and the latter is possibly ready to go mainstream.

Corbin Aug 26, 2023

I'm watching a documentary about a fraud involving multiple shell companies, improper circular ownership and payments, debt avoidance, multinational holdings, and more. I know that I'm showing my #CapabilityTheory and #ActorProgramming / #ocap roots here, but I'm imagining how this fraud would have been prevented by smart contracts.

I'm not talking about blockchains! I'm talking about capability-safe actors -- hunks of program code with limited enumerated rights -- ratifying the clauses of a contract as money and control changes hands. A smart contract could have detected and prevented about half of the improper transactions outright.