Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin https://nakedsecurity.sophos.com/2019/07/09/backdoor-discovered-in-ruby-strong_password-library/
Hi, do you believe me when I say we need ocap security yet
@cwebber I think this problem could have been solved with a purely functional programming language. Although the compiler would need an option to disable any unsafe* functions (like the ones in haskell).
Side-effects are really dangerous, this proves it.
@cwebber If the library's interface doesn't return any monad (for example, isPasswordStrong has type String -> Bool) then there is no need to give access to any monad, everything is pure.
This library seems like a good fit for a pure library. If it needed some types of side-effects (but not all) you could return the FileAccess monad, or something similar.
All the code has access to all the monads. Executing them is another story.
@jorge_jbs You may be right that this is protecting the right behavior/safety. The way you described it, you can only perform side effects if you've explicitly been handed the reference, does sound like exactly the reference-based-ocap-security stuff I'm talking about. That approach isn't limited to purely functional languages, but you've correctly identified a purely functional way to do it.
@cwebber I don't know how ocap works, but yeah, it looks we're saying the same thing but implemented in different ways.
@jorge_jbs I suspect you would enjoy reading http://mumble.net/~jar/pubs/secureos/secureos.html :)
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!