Profile

Cover photo
Gilad Bracha
Works at Google
530,451 views
AboutPostsYouTubeReviews

Stream

Gilad Bracha

Shared publicly  - 
 
1st Workshop on Meta-Programming Techniques and Reflection (META’16)

Co-located with SPLASH 2016
October 30, 2016, Amsterdam, Netherlands

http://2016.splashcon.org/track/meta2016
Follow us on twitter @MetaAtSPLASH
The Meta'16 workshop aims to bring together researchers working on metaprogramming and reflection, as well as users building applications, language extensions such as contracts, or software tools. With the changing hardware and software landscape, and increased heterogeneity of systems, ...
4
2
Add a comment...

Gilad Bracha

Shared publicly  - 
2
Add a comment...

Gilad Bracha

Shared publicly  - 
 
u
 
Why capabilities? Short statement for SOSP History Day.

SOSP History Day http://www.ssrc.ucsc.edu/sosp15/workshops/HistoryDay/ was a superb event. It was all recorded and the recordings will be made public. Capabilities were repeatedly mentioned in the presentations much more often than I expected, and mostly positively.

I was on a panel at the end of the day whose topic was 
"Is Security a Hopeless Quest?"
Each panelist opened with a 5 minute statement. I tried to boil down the case for capabilities into the shortest clearest statement I could for an informed audience. Here is what I said. Feel free to forward. 


In the ‘70s, there were two main access control models:
the identity-centric model of access-control lists
and the authorization-centric model of capabilities.
For various reasons the world went down the identity-centric path,
resulting in the situation we are now in.
On the identity-centric path, why is security likely a hopeless quest?

When we build systems, we compose software written by different people.
These composed components may cooperate as we intend,
or they may destructively interfere.
We have gotten very good at avoiding accidental interference
by using abstraction mechanisms and designing good abstraction boundaries.
By composition, we have delivered astonishing functionality to the world.

Today, when we secure systems, we assign authority to identities.
When I run a program, it runs as me.
The square root function in my math library can delete my files.
Although it does not abuse this excess authority,
if it has a flaw enabling an attacker to subvert it,
then anything it may do, the attacker can do.
It is this excess authority that invites most of the attacks we see in the world today.

By contrast, when we secure systems with capabilities,
we work with the grain of how we organize software for functionality.
At every level of composition,
from programming language to operating systems to distributed services,
we design abstraction boundaries so that a component’s interface
only requires arguments that are somehow relevant to its task.
If such argument passing were the only source of authority,
we would have already taken a huge step towards least authority.
If most programs only ran with the least authority they need to do their jobs,
most abuses would be minor.

I do not imagine a world with fewer exploitable bugs.
I imagine a world in which much less is at risk to most bugs.
2 comments on original post
7
1
Add a comment...

Gilad Bracha

Shared publicly  - 
 
Ignore the adversarial hype; we basically agree.  In any case, after a few decades, the world has caught up, and optional/gradual types are going mainstream. Live programming is next, and Newspeak style modularity will get there in time.  
 
Types for an untyped world... 
2 comments on original post
22
5
Gilad Bracha's profile photosomeman7's profile photoJan Vitek's profile photoSean McDirmid's profile photo
15 comments
 
I think people really do want types for some tasks, like code completion and documentation, but the whole types as proofs of correctness aspect just isn't valued as much. Gradual typing, hybrid typing, and other new approaches to typing, are really aiming at that new sweet spot. That debate is truly going on in the community today, but mostly passive aggressively since it is still a bit hard for many to swallow. 
Add a comment...

Gilad Bracha

Shared publicly  - 
 
Do you have an idea to improve programming? Do you want constructive criticism? Submit to the Future Programming Workshop! The Future Programming Workshop (FPW) invites ambitious visions, new approaches, and early-stage work of all kinds seeking to improve software development.
View original post
5
2
Add a comment...

Gilad Bracha

Shared publicly  - 
 
 
Pony being discussed on Hacker News,  
news.ycombinator.com/news
news.ycombinator.com/item?id=9482483

The language described at http://ponylang.org.
Actor Model, Low Latency, High Performance, Programming, Capabilities, Data-race free
1 comment on original post
10
1
Add a comment...

Gilad Bracha

Shared publicly  - 
 
 
Calling all Dartisans - Propose your session or case study for the Dart Developer Summit.

The Dart Developer Summit is your forum for meeting the Dart engineering team, Googlers using Dart, and your fellow Dartisans.  Our community has told us they want to hear how you are using Dart. What is your cool new pub package? How did you use Dart on the client or server? What are you tips and tricks?

Our sessions are live streamed and recorded to help you get the word out. The summit is April 28th-29th in San Francisco, California. Call for Proposals closes on Jan 30th!

See you there!

https://docs.google.com/a/google.com/forms/d/1pEL1f_b7eE3ZWKqbGlSbxH8H9wL05qTY2sZZSGlIlTc/viewform
Drive
Dart Summit - Call for ProposalsPlease submit your Call for Proposal before Jan 30th 2015. We will review all sessions in February and send confirmation emails beginning/mid March 2015. If you have any questions, email dart-summit-questions@googlegroups.com. Keep yourself updated on the Dart Summit at https://www.dartlang.org/events/2015/summit/
3 comments on original post
3
Gilad Bracha's profile photoSean McDirmid's profile photo
3 comments
 
Cool, I just saw the dates were close (I treat G+ too much like Facebook).
Add a comment...

Gilad Bracha

Shared publicly  - 
 
 
Save the date! We're looking forward to meeting you in Munich for the annual Dart developer summit.
Two days of sharing insight and experience building and deploying apps with Dart. Learn about the platform from Dart' s founders and engineers, and connect with your fellow Dartisans.
1 comment on original post
10
krupal shah's profile photo
 
Dart 2.0 please! with breaking good changes:-)
Add a comment...

Gilad Bracha

Shared publicly  - 
 
My book on Dart is available in physical form today. Thanks to all that made it finally happen after so many delays.
89
31
Gilad Bracha's profile photoAnders Holmgren's profile photoSean McDirmid's profile photoKao peter's profile photo
22 comments
 
Congratulations! 
Add a comment...

Gilad Bracha

Shared publicly  - 
 
At ECOOP, I'll be participating in a discussion about optional types: where they came from,   what they are, where they're going.

http://2015.ecoop.org/event/stop2015-types-for-an-untyped-world
In a typeless world, our discussants have spent two decade trying to bring order, and perhaps even soundness, by democratizing types and pushing them where, according to many, they didn't belong. Matthias Felleisen worked on soft typing for Scheme, semantic contracts, and Typed Racket.
25
4
Gilad Bracha's profile photoJames Noble's profile photoShriram Krishnamurthi's profile photo
13 comments
 
Debate's over, +James Noble!
Add a comment...

Gilad Bracha

Shared publicly  - 
 
ub
 
In context of Fletch, we're experimenting with making it easier to write parallel code in Dart. The experiment builds on the ability to stop execution in one process (read: isolate) while waiting for n sub-processes to run their code in parallel. For now, we're calling the primitive that takes care of this Process.divide and we imagine building all sorts of interesting functionality on top of it.

Process.divide allows passing down deeply immutable data structures without copying them -- and we allow the sub-processes to return mutable data structures as the result of their computation. Sometimes you can get away with passing down integers and returning them like this:

int fib(int x) {
  if (x <= 1) return x;
  return parallel.map(fib)([x - 1, x - 2]).reduce((a, b) => a + b);
}

but in a lot of cases, it's really quite powerful to be able to send large immutable structures down to sub-processes that in return construct mutable object graphs and send them back. Wouldn't it be nice to be able to decode lots of JSON strings in parallel?

To construct a deeply immutable object, you call a 'const' constructor and pass other deeply immutable objects as the only arguments. You are free to call the constructor using 'new' so you're not bound by the very restricting limitations we have for compile-time constants. Even closures can be deeply immutable if all they capture is other deeply immutable objects by value.

As always, we welcome and appreciate feedback!

#dartlang  
12 comments on original post
5
1
Sean McDirmid's profile photo
 
How about speculative parallelism rather than waiting all the time? I guess I'm just too impatient. 
Add a comment...

Gilad Bracha

Shared publicly  - 
 
For all of you who didn't get Newspeak and Hopscotch the first time.
14
Alessandro Warth's profile photoOsvaldo Doederlein's profile photoMark Miller's profile photo
3 comments
 
LOL. :)
Add a comment...
Story
Introduction
Basic Information
Gender
Male
Relationship
Married
Work
Employment
  • Google
    software engineer, 2011 - present
It's been almost 30 years since I did my undergraduate studies in computer science at BGU, but I had a great time and got an education that has served me well. BGU was small enough to be pleasant and intimate - probably still is, if a little less so. It's great to see it on street view. I always loved the unusual architecture.
Public - 4 years ago
reviewed 4 years ago
1 review
Map
Map
Map