Friday March 15

Friday March 8

Friday March 1

  • Mark Miller gave a presentation to TC53, the standards committee for JavaScript applications on wearable devices/IoT, on SES and Jessie. Peter Hoddie of Moddable described it as an “amazing talk about a future where JavaScript code from multiple parties securely co-exists, where program logic is exchanged as easily as JSON data, and standard JavaScript works even better on constrained devices.”
  • Metamask presented their browserify plugin, sesify, at our weekly meeting on SES. Recording here.
  • We’ve been working on making our utility libraries usable as CommonJS modules, ES6 modules, and UMD files, so that they can easily be used in Node.js, the browser, and bundlers.

Friday Feb 22

  • We released a new version of the “SES” Secure EcmaScript library (0.4.0). This version adds a limited form of require() to the confined code, allowing it to perform a few specific module imports, fully controlled by the enclosing realm.
  • We also released new utility libraries (@agoric/nat, @agoric/make-hardener, and @agoric/harden), which used to be part of SES. By splitting these out into external modules, application code which uses them can be unit-tested either inside or outside of a SES environment. “Harden” performs a deep Object.freeze, to protect an API object from external tampering, facilitating safe interaction between mutually suspicious code.

Friday Feb 15

  • We’ve moved a couple of libraries out of SES so that they can be used outside of a SES environment.
  • One of them is Nat. Nat() can be used to check that a value is a safe integer and should be used on things like account balances and any kind of manipulation of value represented in JavaScript numbers.
  • Another library is makeHardener, which creates a function (harden) that performs a full “deep freeze” on JavaScript objects. More information on why you might want to “harden” an object here.

Friday Feb 8

  • SES-0.3.0 is released and up on npm. This release improves security and functionality and fixes all known confinement leaks. It also improves usability by allowing the user to turn on console.log and display uncaught exceptions.

  • This week we had a lot of great activity on ocapjs.org, the community forum for discussing object capabilities in JavaScript.

Friday Feb 1

Friday Jan 25

  • Mark Miller will be speaking at the Stanford Blockchain Conference on Agoric’s smart contract platform, including eventual-sends. Eventual-sends provide a solution to the reentrancy vulnerabilities that have been plaguing smart contracts.

  • Bill and Kate had a blast connecting with the larger JavaScript world at the ForwardJS Conference in San Francisco

  • We made good progress on one of the remaining security bugs for SES.

Friday Jan 18

  • This week was all about SES. In SES, you can run code in a featherweight compartment that has no access to things like window or document, keeping the data on your page safe from exfiltration. SES also can keep third party code from accessing other third party code, making it perfect for a plugin or module architecture. This week we:

  • Released 0.2.0 on npm

  • fixed a confinement bypass found by Matt Austin which enabled access to Date.now() and other forms of unsanctioned nondeterminism

  • fixed a security failure in the confined Function constructor, also found by Matt Austin

  • improved confinement of RegExp and platform-specific debugging functions

  • added options to control access to Math.random() and i18n nondeterminism

  • Also, we wanted to highlight an awesome MetaMask project that is in process. Sesify applies SES to browserify, keeping your code safe from the modules you might want to import.

Friday Jan 11

  • We’re doing a major overhaul of our planning document for Safe JavaScript Modules, adding a concrete example throughout the document.  It’s a great overview of how Realms and SES can load modules securely, and actually prevent incidents like the event-stream exploit. Feel free to check it out and add comments. We’re also discussing it on ocapjs.org.

  • This week we got the first version of our security kernel running on the XS JavaScript engine. This is huge because it means that the features of JavaScript that our security kernel and smart contract platform rely on are implemented in XS.

Friday Jan 4

  • Happy New Year! This week we worked with RMIT to release a medium post by economists Chris Berg, Sinclair Davidson, Jason Potts and our very own Bill Tulloh. It’s on “nanoeconomics,” meaning a layer below microeconomics, including a market in computational resources. This builds on the concepts in the original Agoric papers by Mark S. Miller and K. Eric Drexler.

  • We’ve just launched a new site for discussing object capabilities in JavaScript at Ocapjs.org. We were noticing a lot of people were exploring solutions for safe module loading, and we wanted a place to be able to discuss it. Feel free to join the discussion!

  • We wanted to give a shoutout to two members of the community:

  • Michael Fig has started to build an amazing tool called Jessica, which is a Jessie (one of our subsets of JavaScript) runtime environment created using only Jessie modules, containing also translators from Jessie to other languages.

  • Bradley Farias has done a significant amount of work on a tool that analyzes the use of authority in JavaScript packages. He says that the tool will include “listing all potential resource authority usages. This is the full set of all free variables and dependencies a resource can obtain directly.”

Friday Dec 21

  • We got the XS JavaScript engine compiled to WASM and got “hello world” running on XS on WASM on Node.js. This is super exciting because it’s the first step to run our smart contracts on chains that support WASM.

  • Our least authority module system for JavaScript now has a planning document that is in progress. It’s a great overview of how Realms and SES can load modules securely. Feel free to check it out and add comments. We will be making some major changes in the near future to the later sections of the document.

Friday Dec 14

  • This week, we continued work on the least authority module system for JavaScript with partners from academia and industry.

  • We also continued work on compiling XS (Moddable’s JavaScript engine) into WASM for use with the Substrate runtime system.

  • We updated our eslint config package for Jessie (our subset of JavaScript for smart contracts) to include better error messages and tests. We also built a testing utility for eslint configs that can be used separately.

Friday Dec 7

  • We are working with the Moddable team to retarget their XS JavaScript engine to WASM. We can use this tiny and reliable embedded JS engine for smart contracts!

  • We are working with partners at Salesforce, Node.js, Carnegie Mellon, and others to design a module system for JavaScript that enables bringing in third party code safely.

Friday Nov 30

  • We published a piece on the recent npm package event-stream incident. At Agoric, we think that the incident was entirely preventable - if you enforce the principle of least authority (POLA), which says that code should be granted only the authority it needs and no more. Read about how enforcing POLA would change Node.js and prevent these kinds of attacks here.  

  • TC39, the JavaScript Standards committee, had their November meeting, which Mark Miller of Agoric presented at.

  • Given the recent event-stream exploit, Mark presented on a module system that would have granted modules least authority and would have prevented the exploit.

  • Mark presented on Jessie, our secure subset of JavaScript for smart contracts

  • Mark and Alan Schmitt of JSCert planned how to proceed towards a mechanized formalization of Jessie.

  • Dean and Mark and Till Schneidereit of Mozilla refined the weak references API.

Friday Nov 16

  • We’ve added updated versions of the Agoric Open Systems papers to the website, including pdfs and the full text of each of the three papers! These papers are listed as part of Andreessen Horowitz’s Crypto Canon, so we’re glad to get them updated.

  • We’re continuing to make progress on hardening our proof of concept, exploring use cases and talking with entrepreneurs looking to write smart contracts, and building developer tools.

Friday Nov 9

Friday Nov 2

  • Our Chief Scientist, Mark Miller, is the co-author on a new paper, “Abstract and Concrete Data Types vs Object Capabilities.” The paper explores how abstract data types can be implemented in an object-capability language. A number of the examples in the paper involve the exchange of digital assets. Download here.

  • We’ve released an eslint package for Jessie, a Turing complete minimal subset of JavaScript designed for smart contract programming. Jessie is designed to yield small programs that are easy to review both formally and informally, enabling programmers to write non-trivial, non-exploitable smart contracts.

  • We are making steady progress on integrating with Parity Substrate.

Friday Oct 26

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.”

  • Mark Miller and Bill Tulloh are organizing this year’s OCAP Workshop during SPLASH in Boston on November 6th. The workshop is designed to explore the latest developments in the theory and practice of the object-capability approach, and provide a forum for knowledge exchange and collaboration.

Friday Oct 19

  • We made progress towards parachain design, specifically in terms of serializing our JavaScript contract objects as merklized data structures.

  • Dean will be speaking on “The Duality of Smart Contracts and Electronic Rights” at the Web3 Summit on Tuesday October 23rd at 14:15.

  • Our in-house economist, Bill Tulloh, will be presenting at Research and Practice on Blockchain October 27th, on “A Principal-Agent Approach to Securing Smart Contracts.” You can see more upcoming events on our events page.

Friday Oct 12

  • We had a blast meeting everyone during SFBW. Mark Miller has uploaded a recording of his talk about secure smart contracts to the SF Cryptocurrency Devs which can be listened to here. Video coming soon!

Friday Oct 5

  • Mark has been writing smart contracts using our proof of concept. We are particularly excited about the covered call option contract, which demonstrates the ability of our smart contract framework to allow access to contracts to be traded as easily as native tokens. This ability to derive new rights from positions in contracts and use them in other contracts will be necessary for a vibrant crypto-economy. The code is still a work in progress, but feel free to take a look!

  • We have two events during SF Blockchain Week: Dean is talking about Authority in Smart Contracts at SFBW Epicenter on October 8th at 2:20pm and Mark is presenting on the Agoric platform and framework on October 10th at 7pm. For more information, see our events page. Hope to see you there!

Friday Sept 28

  • We sent out our first newsletter this week! Sign up here to get on our email list.

  • We have a number of events coming up during SF Blockchain Week:

  • Dean is giving a talk on “Authority in Smart Contracts” at the Titans of Tech stage at SFBW Epicenter on October 8th at 2:20pm

  • Mark is speaking about the Agoric approach to smart contracts at the SF Cryptocurrency Devs Meetup October 10th at 7pm. There are only 8 spots left, so RSVP today!

Friday Sept 21

Friday Sept 14

  • We continued to improve our proof-of-concept, and hope to release it to the public next week.

  • To let people know where we’ll be headed and where we will be speaking, we’ve created a new upcoming events page on our website. Check back after events for links to recordings and slides!

  • As part of SF Blockchain week, we will be doing an overview of the Agoric platform and approach to smart contracts at the SF Cryptocurrency Devs meetup on October 10th at 7pm in San Francisco. Additionally, Dean will be giving a talk during Epicenter (Oct 8th 2:20PM - 2:45PM) on “Authority in Smart Contracts” and the problems of identity-based access control in smart contracts.

Friday Sept 7

  • The first proof-of-concept implementation of our smart contract execution engine (the “Vat”) is now feature-complete. It exercises secure libp2p-based messaging between both solo and quorum (replicated) Vats, durable state checkpointing via deterministic replay of inbound messages, small-scale distributed consensus about message delivery order, and downstream enforcement of the consensus rules for messages emitted by quorum Vats.

  • Based on a previous conversation between Mark Miller and the Node Security Workgroup, Bradley Meck has put together a draft document that “proposes a way to introduce a set of features to Node.js in order to achieve a reasonable security model based upon the Object-Capability Model and verification of resources loaded by Node.js”

Friday Sept 2

  • We’ve been working hard on the end-to-end proof of concept. In addition to porting over all of the contracts from Distributed Electronic Rights In Javascript, the proof of concept includes communication between “vats”, a term that comes from the influential programming language E and refers to separate computational subworlds that can proceed forward simultaneously. More on this to come.

  • If you’re attending ETHBerlin or live in the area, be on the lookout for Kate and Dean this upcoming week. You can reach them on Twitter

Fri Aug 24

  • Mark gave a talk to the Node.js Security Workgroup about SES (Secure ECMAScript, the secure subset of JavaScript) and the membrane programming pattern.

  • Agoric released a new version of SES. SES-0.1.3 adds utility functions and fixes an accidental vulnerability in the web-based demonstration code.

Fri Aug 17

Fri Aug 10

Fri Aug 3

Fri Jul 27

  • We announced the release of SES, a secure subset of JavaScript. SES enables untrusted JavaScript programs to execute in the same environment safely.

  • To showcase SES’s ability, we’ve released a SES Challenge. A random code is generated, and we invite you to put SES to the test with various attacks and guess the code! Any security-sensitive issues can be reported using our vulnerability disclosure process.

  • At the TC39 meeting, Mark Miller of Agoric presented on the results of the Realms shim security review. Realms is a standards track proposal for JavaScript that SES builds on.

  • Brian Warner of Agoric will be speaking at the Decentralized Web Summit. Hope to see you there!

Fri Jul 20

  • Set a goal of 100% code coverage of the Realms shim code

  • Passed 90% coverage of the Realms shim code

Fri Jul 13

  • Announced that Agoric has officially joined TC39, the JavaScript standards working group.

  • Filed all issues from the Realms shim security review for reconciliation with the proposed specification.

Fri Jul 6

  • Worked with Salesforce to do a careful line-by-line security review and revision of the Realms shim, which is our security kernel in modern JavaScript.

  • Led a workshop on secure smart contracts and object capabilities at Zcon0