All posts published during .
In this year's holiday lull, I got closer to a "capabilities all the way down" workstation using Genode, an OS framework with...
After 15 years at W3C and 10 years at KUMC, my next gig is at Agoric.
A lot of the friction around my blog has been running the build step: re-constituting python dependencies, running the build,...
I got seL4 running on my Raspberry Pi 3B tonight. Even though I worked with Dale Dougherty in the early '90s, I've been on the...
Computers are getting faster, smaller, more connected, and more capable, but when it comes to security, everything is broken. Along...
The consequences of hooking stuff up to the Internet without sufficient care are going up all the time: Iranian Cyber Attack on New...
seL4 is open source, sandstorm.io is coming, and Rserve has an ocap mode.
To get from objects to capabilities, we need absolute encapsulation: From outside an object, one must not be able to gain access to...
Module-level code uses only authority passed to it by callers. Only the top level script environment is trusted with the full authority of the python standard library.
A couple months ago, I inherited some Java code and took on the task of fixing a bug in it. The bug turned out to be a consequence...
I think WebID is headed in the wrong direction. It separates authorization from authentication, which is widely believed to be a...
There's a lot of wisdom in what Crockford continues to say about HTML5 and web security: The HTML5 proposal does not attempt to...
Social standards and coding fugues I got <a href="http://en.wikipedia.org/wiki/Cryptonomicon">Cryptonomicon for Christmas; chalk...
At the August PAW meeting, I dropped a pointer in IRC to sshAuth.py, my attempt to use sshagent to make digital signatures. I...