Dan Connolly's tinkering lab notebook

Introducing Capabilities to the Next Generation

The consequences of hooking stuff up to the Internet without sufficient care are going up all the time:

As an open source advocate, I initially bristle at this...

These sectors may be particularly vulnerable to cyberattack because they rely on open-source software or hardware, third-party utilities, and interconnected networks

but it is a factor: it lets people hook their stuff up to interconnected networks without going up the management chain to authorize a purchase.

Meanwhile, it's going to get worse before it gets better, from every indication I see. This sort of accountability might actually be healthy:

I can imagine demand for software audits will increase as a result. Perhaps that provides an opportunity, since object capability discipline facilitates software audits. The effort to get the value of ocap recognized widely in the security and compliance community is daunting, but I sure hope it happens.

I managed to do a bit. I was invited to speak to a small C.S. class at a nearby college while the regular professor was away. I took the opportunity to review and re-package two of Mark Miller's talks from 2011, prefaced with the "giant bags of mostly water" slides. It was fun!