Conversation

Last year, npm was compromised, and everybody had their own "easy", "obvious" solution. Looks like RubyGems was just compromised in a similar way. Back in Jan I wrote an 8,000 word postmortem on why none of the easy obvious solutions work:

hillelwayne.com

STAMPing on event-stream

The goal of a STAMP-based analysis is to determine why the events occurred… and to identify the changes that could prevent them and similar events in the future. 1 One of my big heroes is Nancy...

100

Wes

@weskerfoot

Replying to

@hillelogram

Regarding the stuff about Realms in Javascript, I wonder if there is actually a usable implementation of them yet. I think it's stuck in some kind of standards limbo Maybe

@marksammiller

knows more?

11:17 PM · Aug 20, 2019Twitter Web App

Replying to

and

Definitely look at ponylang.io and monte-language.org for languages that have full implementation of the idea though, if you haven't

Replying to

and

github.com/Agoric/realms- is usable. Both Agoric and MetaMask are using it. The Moddable XS engine has a configuration that is a standalone SES machine blog.moddable.com/blog/securepri as specified at github.com/Agoric/SES/blo