Brian Warner dropped by today and we spent a good chunk of the day speccing out New PB. The New PB will resolve pretty much all the security issues I've come up with in the long purgatory of implementation-less contemplation of my previous work, plus it gives us a good place to define all *kinds* of wacky transport semantics that would otherwise have made the old infrastructure blow up.
In brief, every object that you want to publish remotely will have a schema or interface that specifies how it is serialized or referenced remotely. We will be trying to produce arbitrarily publish-able objects that have both state and methods, where you can say how you want to send things by default, but you can also switch it up in different situations without defining a bazillion classes.
The only lack of convenience is that we are going to spit out a near-continuous stream of warnings if you try to go for the "arbitrary graphs of objects" behavior that the previous version allowed. Sorry, folks, but that's just not safe in python and it can never be made safe :). However, we will still allow it for prototyping purposes, and maybe even add a mode where the system spits out an example schema after you run "trial" over unit tests that invoke the PB serializer on a particular set of classes.
We also discussed his "Pet Mail" project, which is a replacement for SMTP. It got me thinking about how poorly defined our shared vision for Q2Q is. We've really only started the very basic design discussions. Brian's project is a really good example of the kind of straightforward crypto work that we haven't had any time or inclination to do. However, it's (explicitly) got no deployment considerations, so if we can leverage some of the planned features of Q2Q and Quotient to get the base PetMail protocol widely deployed, we can establish a shared, clear basis for verified personal communication. Divmod can build more interesting applications on top of that, but it would give us a simplified transport layer to sell to other ISPs so that we don't need to spend all our processing power and disk on brute-force spam filtering.
1 day ago