Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin nakedsecurity.sophos.com/2019/

Hi, do you believe me when I say we need ocap security yet

@cwebber sorry to be the one to ask but what does "ocap" refer to here
Follow

@opal "object capabilities". It doesn't really have much to do with "objects" in that it doesn't require object oriented programming, and originally they were just called "capabilities", but "capabilities" got overloaded as a term (eg, what the Linux kernel calls capabilities are nothing like object capabilities). ocap is shorthand, refers to a specific paradigm: your security model isn't who you are, but what references you hold onto.

@cwebber @opal I really need to spend more time learning this.

Sign in to participate in the conversation
Octodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!