[erlang-questions] Erlang offensive paper

zxq9 zxq9@REDACTED
Wed Jun 1 16:06:56 CEST 2016


On 2016年6月1日 水曜日 09:51:43 Eric des Courtis wrote:
> I would be nice if BEAM could address these issues (not Erlang) so that new
> more secure languages could be implemented on the BEAM.
> 
> I think it will be done sooner or later. The sooner the better IMO if BEAM
> is to remain relevant in the long term.

At what point would this become like desiring to have, say, Akka actors live within a MAC scheme, or Twisted threads adhere to an access control policy?

I think this is the wrong place to start looking to employ a security scheme.

There are other issues raised by the paper that have nothing to do with disterl, and these are valid. But disterl cookies being a security thing instead of an identity and segregation token within a trusted environment is, imo, wrong.

If the docs say "security" (I didn't check, but the author of the referenced slides says they do) that should be changed because it is in conflict with everything else written about disterl, the capabilities of the mechanism itself and the way it is used in practice.

-Craig



More information about the erlang-questions mailing list