Hello (Distributed) World: Designing Software that Spreads P2P (opens in new tab)

Just out of curiosity, is there any new progress in the collision discovery of SHA1? Can you provide some references so that I can dig into?

From the footnotes: "In addition, we will be transitioning to SHA-256 in the future. "

Remember, it's basically only Linux distros that have the capability to upgrade a third-party library like that (ironically, distro maintainers actually have the source code required to recompile everything if they wanted!).

Mac and Windows applications ship bundled versions of third party libraries all the time. Managing a complex web of name+version based dependencies is much harder in a decentralized software ecosystem, so bundling starts to look attractive.

For our purposes, the benefit of a system where software is more reliable, predictable, and accountable is greater than the cost of asking developers to recompile in unusual circumstances.

Security holes present an interesting challenge. Since we allow authors to blacklist their code at the uuid level, it's possible to issue a network-wide advisory that revokes execution rights for that specific uuid.

This can instantly close the hole until a patch is released. This keeps users safe and gives application authors time to test against their application with the new library before re-publishing.

In many cases, application authors are the only people that are qualified to test interactions between their applications and the updated library.

A step backwards compared to what? Are you thinking about a specific alternative approach?

Here's some basic syntax.

  values = '[1, 2, 3]
  incremented = values.map({ n | n + 1 })
  summary = incremented.join(", ")

  summary.starts-with?("1").then({
    fail("Increment failed.")
  })

What sort of examples would you be most interested in seeing?

Generally speaking, we don't connect directly to unknown computers, but there are other reasons for that.

Security is addressed at a few levels (here are 6 of them).

1. Access to native resources requires specific permission.

2. All processes (including those with access to native resources) can only be addressed by their 288-bit process identifier (128-bits of which are random). The only identifiers known to a process are its own, those of its children, and ones explicitly given to it.

3. The Actor model means each process can independently decide which messages to reply to, which to ignore, and how long to wait for a response (if at all).

4. Each node has a unique RSA key-pair. The 160-bit fingerprint of the public key is the non-random part of every process identifier. This allows nodes to verify the remote processes they communicate with. (And if necessary, encrypt messages sent to them.)

5. Hash-based distribution makes it easy to blacklist poorly-written or maliciously-crafted code, once it's been identified as such.

6. System services in Skynet are always kept current with live, on-the-fly updates.

Without making any promises, it's hard to imagine any programming system becoming successful without being largely open source.

What release? It's another blog post.

We don't build any in, but the same strategies (ie, requiring a license key, etc) that work for regular applications like Microsoft Word also work for fluid applications. The bits can be copied easily, but the same is true for traditional software.

Crazy strategies, like CDs that physically can't be copied and must be in the drive or kernel extensions obviously won't work, but that's probably a good thing. =)