It strikes me that there's a duality of sorts in any kind of remote application:

* the app stays on someone else's computer, you send your data to it: PRIVACY RISK

* the app comes to your computer, you run it there: SECURITY RISK

I think #2 is the best option, because once you send data anywhere you have lost all privacy forever, while you can restrict what foreign code does

but to get there, we need to have languages which are *really* secure against arbitrary untrusted foreign code.

and no, throwing up our hands and saying "but but the halting problem means we can't do any security checks whatsoever!" is not an answer.

The Halting Problem only applies if you're doing unrestricted self-modifying code with GOTOs everywhere. Are you doing that? Then you shouldn't.

If the Halting Problem applies to your code, *you have written code that you yourself have no way of knowing what it does*.

You should not actually write code that you yourself have no way of knowing what it does.

@natecull What about emulators? They run games/homebrew that the developer may not know about, but it's okay in that sandboxed (hopefully) location.

@devinprater

Right. Emulators are good because they're not subject to the (pure) Halting Problem, because it's knowable what the emulator can (and especially what it can't) do.

If you have some kind of emulator or debugging mode or kernel or hypervisor, you're no longer an unrestricted Turing Machine scrolling off to infinity. The computation CAN and WILL halt because the outermost loop will go 'nope, that's enough CPU cycles for you' and pull the brakes.

Sign in to participate in the conversation

A fun, happy little Mastodon/Hometown instance. Join us by the fire and have awesome discussions about things, stuff and everything in between! Please read our rules before doing that, though; applications without the password that confirms you have done so will be rejected. Admins: Talon and Mayana.