1. 17
  1. 5

    Can it be less ambient?

    A recent topic in capability theory is whether Dataspaces’ way of modeling ambient shared scratchpads (the “data spaces” themselves) needs to have its exemption from capability-safety. At the same time, a common complaint of systemd/D-Bus/GNOME/etc. is that there is an ambient message bus which has many powerful clients connected by default. These have the same taste to me, when imagining a capability-aware language being used to implement PID 1; is there some ambient authority that could be removed here?

    I might well not understand Dataspaces, and I’m happy to learn more about your plan.

    1. 4

      Absolutely. So the theory up until recently had exactly one dataspace as execution context & communications medium for each actor in a tree.

      But now I’ve reworked things to include capabilities, I’ve also moved away from that perspective. Now a dataspace is an object-in-a-vat like any other. Capabilities secure access to dataspaces or to any other object-in-a-vat.

      There’s no longer exactly one privileged dataspace per actor. My early impressions of this new style of “syndicated actor” programming are that it will lead to many more smaller more tightly-focussed task- or domain-specific dataspaces interconnected in a loose web, within and among machines.

      Programs connect to a server and upgrade access from Macaroon-like datastructures (basically sturdyref-like) to more ephemeral references.

      There’s a little (completely undocumented) proof-of-concept in https://git.syndicate-lang.org/syndicate-lang/novy-syndicate.

      Hang on, I’ll do a quick screencast and post it here.

      1. 3
    2. 2

      This is a very nice project! Now I feel very curious about what a deamon soup looks like in Syndicate-lang, and about the extension of object-capabilities to syndicated actors. The latter may have suggestions for many system designs outside the current scope of your project – I was just reading about Matrix Spaces which seem to be trying to couple spatial intuitions with access/permissions, and I wonder what Chris Webber wonderings about ocaps in the Fediverse.

      1. 1

        Yes indeed! I’m excited to find out what it will be like.

        I’ve actually been discussing all this stuff somewhat regularly with Chris Webber. I really like his stuff and our discussions are always useful and interesting.