Security Lost and Recovered (1)

April 26, 2014

What have I learned in the 15 years I have been active in the Security profession? One thing, centrally: that Security must be complete or it will be meaningless. I need to explain what the term “complete” means in this context, first to avoid misunderstandings, but also to introduce a qualitative approach to Security. In […]

Read the full article →

Alexander: “Independent Regions”

April 24, 2014

For many years, the following text from Christopher Alexander (A Pattern Language: Towns, Buildings, Construction, 1977) has been a fundamental reference for my understanding of the problems of human development.   “INDEPENDENT REGIONS “Metropolitan regions will not come to balance until each one is small and autonomous enough to be an independent sphere of culture. Therefore: […]

Read the full article →

Duality of the IT Function

April 24, 2014

Many times in conversation or debate it is useful to “step back” from the immediate matters at hand and look at the context. Having written that, I am even inclined to say that this is always the case, especially when addressing technology strategy. If we do so we will notice there are obvious problems with […]

Read the full article →

“A less trusting Erlang”

March 12, 2014

Searching for Erlang Security topics you necessarily find the work done by Lawrie Brown, Dan Sahlins and others in the late 90’s, and their proposed changes to the Erlang implementation. This work was to some extent parallel and closely related to academic research by Gustaf Naeser, Rickard Green and Bertil Karlsson on the SafeErlang project […]

Read the full article →

On the Limits of the “Possible”

March 11, 2014

A look at Erlang-OTP quickly reveals the limits it has in terms of Security principles and concerns. A brilliantly conceived platform is diminished by the exclusive focus on performance and availability goals. In the same way, important applications like the innovative CouchDB and the standards-based RabbitMQ are boxed-in by the flaws in the platform. As […]

Read the full article →

The Hewitt Actor Model and the Labyrinth of Metaphysics

March 7, 2014

There is a philosophical sense in which all entities (beings) should be comprehended (not only re-presented) as bundles of actions or “activities.” In turn, every action should be understood as a perception. To that end, Carl Hewitt’s Actor Model has been the obligatory point of reference for any discussion of concurrent computation and concurrent hardware […]

Read the full article →

“Using Erlang in a Web Start-up”

March 6, 2014

  In “Using Erlang In A Web Start-Up,” Gordon Guthrie (hypernumbers.com) summarises the structural problem that Erlang environments bring to the Solution and the Security Architect: “Security is the  Achilles heel of Erlang. Due to the trusted nature of telephony networks (at least compared to the internet)Erlang has no security.  All nodes in an Erlang […]

Read the full article →

Fault-Tolerance without Security?

March 6, 2014

A key text to understand Erlang and the Erlang community “world view” is Joe Armstrong’s thesis, titled “Making reliable distributed systems in the presence of software errors,” (final version with correction updated on November 20th 2003). This is a brilliant and historic text not only for Erlang, but also for the space of programming languages […]

Read the full article →

Other Erlang References

March 6, 2014

I am sure that the following list omits many important Erlang materials. This list is here for the sake of completeness and does *not* include the books and papers that I will review in detail.  The texts listed below either are too limited in the subject they cover or else omit Security principles and requirements […]

Read the full article →

On the Road to Nowhere

March 5, 2014

The following three books are probably on the desks of every practicing Erlang specialist: – “Erlang Programming,” by Francesco Cesarini and Simon Thompson, O’Reilly, 2009 – “Erlang and OTP in Action.” by Martin Logan, Eric Marritt and Richard Carlsson, Manning, 2011 – “Building Web Applications with Erlang,” by Zachary Kessin, O’Reilly, 2012 “Erlang and OTP […]

Read the full article →

“Erlang has no locks and no keys”

March 4, 2014

There is perhaps no better source to understand and learn the Erlang language than the book “Programming Erlang” by Joe Armstrong (“Programing Erlang, Second Edition”, The Pragmatic Bookshelf, 2013). This is detailed, authoritative exposition of the language covering all aspects of it, from the design principles to the procedures to build an application. Regrettably this […]

Read the full article →

Security Taken Lightly

March 4, 2014

In “Learn You Some Erlang for Great Good” by Fred Hébert, published in January 2013 by No Starch Press, San Francisco, we have a strange mixture of apparently humoristic remarks about the Erlang Security capabilities; but –at the same time— some good information that may help the prospective (or committed) Erlang developers and architects to […]

Read the full article →

On the Actor Model and “mailboxes”

March 2, 2014

Carl Hewitt clarified the relationship between his formulation of the Actor Model and one particular version of it (Karmani & Agha, 2011). The following is a message from Hewitt sent to Lambda The Ultimate in 2013 (http://lambda-the-ultimate.org/node/4853 ). This is a good reference to better understand the Actor Model and how it can be “implemented.” […]

Read the full article →

“A Swindle”

March 1, 2014

“Men do not know how to make themselves important and make themselves great. Thus there are no lengths (of evil) they don’t go to. Since they do not make themselves important, things become important and their own state of being becomes unimportant. Since they do not make themselves great, things become great and their own […]

Read the full article →

Erlang & Application Security

March 1, 2014

“Application Security of Erlang Concurrent System” (2008) is the title of a paper written by Kenji Rikitake and Koji Nakao (the first author is associated with the Network Security Incident Response Group, Japan). This was the first paper I found with an explicit and committed focus on Security requirements and principles. Mr Rikitake is also known […]

Read the full article →

Hubo Historia, pero ya no la hay

February 28, 2014

In his book “Infanza e Storia” – 1978  (“Infancia e Historia – Destruccion De La Experiencia Y Origen De La Historia” , translated by Silvio Mattoni into Spanish and published by Adriana Hidalgo in 2004), Giorgio Agamben writes: “ “En la  actualidad,  cualquier discurso sobre la  experiencia debe  partir  de la  constatación de  que  ya  […]

Read the full article →

Elementary Security in Erlang-OTP

February 28, 2014

Other texts I have reviewed: – “Thinking in Erlang” – version 0.9 dated January 31st, 2007, by Robert Baruch – “OTP Design Principles” – version 5.10.4,  http://www.erlang.org/doc/design_principles/users_guide.html  – “Making reliable distributed systems in the presence of software errors” – final version updated November 2003, by Joe Armstrong, http://www.sics.se/~joe/thesis/armstrong_thesis_2003.pdf – “Concurrent Programming in ERLANG”, second edition, […]

Read the full article →

“For the Few and the Rare”

February 27, 2014

A fragment from “Contributions to Philosophy” – M. Heidegger, translated by Parvis Emad and Kenneth Maly, Indiana University Press, 1999. “5. For the Few and the Rare “For the few who from time to time again ask the question, i.e., who put up anew the essential sway of truth for decision. “For the rare who […]

Read the full article →

Security and “Information Flow”

February 27, 2014

From the beginning of the Information “era” the Security disciplines already had the hierarchical imprint that is now current, centring it around the protection of “informational assets.” Although not directly relevant to the subject of Erlang Security, I want to quote here a paper by Bhavani Thuraisingham (MITRE Corporation) published in 1993 by the ACM. […]

Read the full article →

Trust (Maybe)

February 27, 2014

Continuing with my research I see that Security “concerns” (although not *requirements*) may be present in the Erlang literature, but in such a way that whatever is said about Security remains in the periphery and ultimately disappears from view. This happens even in cases where (as we will see below) the subject addressed seems to […]

Read the full article →