Our Manifesto (Please Read)

Pierpaolo Bernardi bernardp@cli.di.unipi.it
Fri, 9 May 1997 15:00:17 +0200 (MET DST)

   From: "Chris Bitmead uid(x22068)" <Chris.Bitmead@Alcatel.com.au>

   me>As Martin Cracauer has already pointed out, the Manifesto is not the
   me>place for Microsoft bashing

   Chris> I thought every place is a place for Microsoft bashing? :-) :-)

Ok, ok.  I retire this objection.   8-)

   >> How we Intend to Achieve Our Goals
   >>         We will start small and work our way up.  Currently there are
   >>         2 branches of work.  One is on a Lisp Virtual Machine, for the
   >>         efficient execution of Lisp (and possibly other dynamic languages).
   >>         This virtual machine will use a portable byte code format, and
   >                                                   ^^^^^^^^^
   me>This has not been agreed upon, and I would object to this.

   Chris> I presume this means you are in favour of native code?


   Chris>  The problem I can see with that, is that since all processes in a
   Chris> lispOS are "trusted", and share the same address space, then having
   Chris> native binaries opens the way for hackers to write rogue programs.

Well, I won't load native binaries on my machine.  I'll load sexprs.
My compiler can check that the code is not malicious.

In Lisp there's no problem with low-level security such as buffer
overruns, dangling pointers, wild casts and such.  For high level
security, Java's security managers mechanism may be used as an
example.  Not that this is rocket science, anyway.  And maybe this can
be implemented in CLOS as is, shadowing any dangerous function and
wrapping it with around methods.  

   Chris>  Or maybe something can be done with trusted keys to ensure a
   Chris> particular binary is trusted???

I don't know very much on this techniques, but I won't trust them very
much, especially in a free, hacker's os (see recent postings on
comp.risks for details)

Pierpaolo Bernardi.