Sunday, 30 September 2012

When I think of Trillions, I think of Source Code Blocks

The guys at MAYA when they talk/write about Trillions they are thinking of information package like a container , tagged with a U-Form UUID and with liquid properties

But for me, what I'm thinking of is Source Code Blocks (Methods, Classes, Modules, Assemblies) and what they do (parsers, filters, data transformation, data presentation, business-logic activities, workflows, user interfaces, etc....)

One of the problems with have with the 'software-driven applications' that we create every day is that after a while, there is nobody that really understands how the whole system actually behaves.

And the reason is simple: Too much Complexity.

Unless an application is built in Assembly, the code written by the programers is executed against a number of abstraction layers, each with its own behaviour, reality and side-effects.

And since we currently don't have a way to model that behaviour, we end up with the current situation where we 'Code and Execute it to see what happens (i.e. see if it does what the programmer/manager/architect/buyer is thinking that it will do)'.

SAST technology and run-time-analysis are the key since we need to be able to model an application's behaviour and create rules that describe the expected (or not expected) traces, activities, practices, etc...

But for that we need to approach application behaviour analysis (which is what SAST is doing) in a different way.

We need to apply the Trillions concepts and look at a piece of software that has trillions of nodes (i.e. code blocks).  And like the the MAYA guys like to say, this has already been done by nature , we just need to apply the same concepts :)

Btw, I really like the idea of applying UUIDs to bits of code. This is one of the key missing pieces of the current Sandboxing puzzle and one of the ways we can scale.