Capabilities

Introducing Myco: a secure JS runtime

A few months back I wrote about Log4Shell and its implications for language design. Since then I've worked on a number of language concepts based around these ideas, but always hit a wall. There is so much to build when you're starting a language from scratch, and I never made it…

Read more...

Effects, Capabilities, and Log4Shell

One year ago, the Log4J logging library, which is widely used in the Java ecosystem, was hit by the Log4Shell vulnerability.1 This bug allowed attackers to execute arbitrary code on a server running Log4J by sending a carefully crafted log message. The vulnerability was caused by…

Read more...