
E Programming Language: Write Secure Distributed Software - jervisfm
http://wiki.erights.org/wiki/Main_Page
======
hellofunk
C and C++ are both powerful languages but D brings some new things to the
table. Then there's E, innovative yes, but why use E when we have F, or
better, F#? Personally, I've used G for a couple years now but I am betting
the future on the H language.

Some people are already skipping ahead to using K, but the guys I'm most
scared by are those who only use R.

~~~
jksmith
I'm disappointed that we have more letters to go before we get to the best
language ever developed. I'll probably be retired by then.

~~~
goldbrick
I'm disappointed that Z is already here and it's only incremental updates to
Bash.

------
inglor
For those wondering, this is Mark Miller, you probably know him from
JavaScript as he invented promises and wrote the prototype for the popular Q
library before Kris made it more ergonomic.

Edit: this is also a nice read
[http://www.erights.org/talks/thesis/](http://www.erights.org/talks/thesis/)

Some of his current work is about allowing safe execution in JavaScript, see:
[https://github.com/FUDCo/proposal-frozen-
realms/](https://github.com/FUDCo/proposal-frozen-realms/) and [http://www-cs-
students.stanford.edu/~ataly/Papers/sp11.pdf](http://www-cs-
students.stanford.edu/~ataly/Papers/sp11.pdf)

------
lbo1
For what it's worth, capnproto's RPC protocol is based on this.
([https://capnproto.org/rpc.html](https://capnproto.org/rpc.html))

~~~
kentonv
Not just that -- Mark Miller, designer of E, is also an advisor to
Sandstorm.io, the parent project of Cap'n Proto:

[https://sandstorm.io/about#advisors](https://sandstorm.io/about#advisors)

Cap'n Proto is very much E's distributed programming concepts "ported" to
other languages, and Mark helped me get the details right.

Interestingly, E takes a very different approach from standard distributed
systems practices today. Most distributed programming today emphasizes
stateless servers performing idempotent operations on a monolithic datastore.
Stateful servers are considered too hard to get right. What E did is actually
provide the vocabulary needed to be able to reason about stateful servers, so
you _could_ get them right. Stateful servers are able to achieve massively
better performance, especially in terms of latency, because they don't need to
hit persistent storage for every single operation. You obviously need some way
to deal with machine and network failures, but E provides that.

------
yvdriess
Outside of its security model, E is an interesting language to study because
of its actor/object system. Objects live in 'vats', an actor with a local
stack and an event loop thread/process. Objects can sequentially/locally
communicate with each other in the same vat, but have to communicate as actors
between vats.

AmbientTalk took it a few steps further, with a concept of near and far
references, future pipelining, reflection etc.

 _edit: Oops, E already had near /far references and promises. AmbientTalk
does add more on the reflection/meta-programming side of things and features
for mobile ad-hoc networks such as object discovery._

~~~
abecedarius
The near and far references and promise pipelining were already in E, unless
I'm misunderstanding -- I've only read one paper on AmbientTalk.

~~~
yvdriess
Yes, you are indeed right.

------
siscia
I quickly scan the book it is suggested "Walnut" but I didn't grasp why, or
how E is "secure" somebody can help?

~~~
inglor
E is written by Mark Miller and is based on "capability theory". In E you can
prove a piece of code is safe and capabilities are more explicit.

~~~
nv-vn
How do these proofs work if code has IO? For example, if I read a number from
the command line, how can I know that it's within a certain range? I'm only
very familiar with this type of thing through languages with explicit IO
(Idris, F* to an extent), so I'm interested in seeing how it works in
languages with implicit side effects.

~~~
abecedarius
For telling if a number's in a range, it has contracts (called guards).

Effects like I/O have to be explicit: code that wants to do I/O has to be
passed an object that can do I/O, it doesn't get any such objects by default
at the time it's loaded. Besides this means of control ('capability security')
there's also an 'auditors' mechanism for static analysis, e.g. to require some
code to have no side effects.

(I'm not endorsing the GP comment; it's not how I would've phrased things. The
auditing mechanism does enable proofs, but it was relatively new and
experimental, compared to the core capability-security ideas.)

Added:
[http://erights.org/talks/auditors/index.html](http://erights.org/talks/auditors/index.html)

------
0xCMP
Oh wow, I was just reading about this yesterday in Coders At Work[0]. Douglas
Crockford[1] worked on this at a company that was trying to do some
distributing computing work in the 90s-00s. They originally based it off the
JVM but SUN had issues with that so they turned it more in to what he
described as a scripting language "which is what we have today."

[0]: [http://www.amazon.com/Coders-Work-Reflections-Craft-
Programm...](http://www.amazon.com/Coders-Work-Reflections-Craft-
Programming/dp/1430219483) [1]:
[http://javascript.crockford.com/](http://javascript.crockford.com/)

~~~
evgen
So in the beginning Electric Communities was going to do large-scale,
distributed virtual worlds (think MMORPGs as shopping malls...) with real
security. The original plan was to use Joule, but negotiations didn't work out
and while waiting around a couple of engineers created a reasonable subset in
this new language called java. This subset eventaully because the original E
language. Crock was the slides and presentations guy of the core team, so
after knowing him for a while as mostaly a non-coder it was odd to see him pop
up again and have such a big impact on the javascript world.

------
mhd
Wasn't E a somewhat popular Amiga PL?

~~~
brakmic
Yes, the AmigaE compiler written by Wouter van Oortmerssen.

There's a 'portable' version available for several platforms.

[http://cshandley.co.uk/portable/](http://cshandley.co.uk/portable/)

------
poorman
I think I'll stick with Elixir.

