Notes on Michael Doyle's dotNyet talk at Tcl2008.

"Exploit a handful of uniquely Tcl-powered technologies to provide as simple yet powerful platform for the easy development and safe deployment of secure platform-agnostic distributed Tcl applications over untrusted networks."

Tcl-powered technologies:


  • extracted and abstracted from the Tcl plugin
  • policies associated with mobile code
  • custom-tuned sandboxes (limit access to host computer)
  • host protected against malicious code (allow authenticated trusted code freedom to access resources)


  • Tcl binding to Cryptlib toolkit
  • allows dotNyet to tap into best-of-breed facilities for: file encryption, communication channel encryption, data integrity certification, user/code authentication


  • developed by jcw
  • messaging and control layer for distributed processing
  • treats the network as a data bus
  • share data and computations transparently
  • client applications propagate RPCs and program events through pools

dotNyet born of late night conversations between Michael Doyle and Steve Landers:

  • allows a safe and secure environment
  • applications span multiple locations
  • components move freely among locations
  • tap into selected resources across the network
  • Illustration: the Scatclogic approach

Scatclogic (name proposed by SEH):

  • Scattered Tcl Logic (scatalogical references aside)
  • pull together teams without cross-vendor incompatibilities and tie-ins
  • leverage and build upon existing infrastructure investment
  • work with familiar tools


  1. code snippet created in native app interface ("code snippet" refers to some piece of user created creative content, i.e., a paragraph in a word processor, formula in a spreadsheet, etc.)
  2. snippet extracted into the Tcl application layer
  3. signed by the appropriate cryptographic keys (via cryptkit)
  4. multicast out to all attached clients (via tequila)
  5. creator's public key is used to authenticate (via cryptkit)
  6. policy (bound to creator's public key) is invoked: mediates who can see, edit or execute the code (via PoliTcl)
  7. for authorized users, tcl code is pre-processed
  8. remaining (or output) code inserted into each target user's native application interface
  9. code executed by the native application

Proof of Concept: "Tcl Between the Sheets":

  • 3 users
  • user 1 sets permissions for range cells
  • user 2 gets r,x permission and user 3 gets r,w,x
  • permission specs determine the ranges: a policy automatically generated (or modified) and stored on the server
  • users open the spreadsheet project
  • user 1 enters a formula into a cell
  • formula encrypted by user 1's private owner key, and the policy's group (public) key
  • server decrypts the formula via the group private key
  • authenticates code via author's public key
  • the server re-encrypts code via policy private key and the group's "r" sub-key
  • server signs code with remaining group subkeys (x,w) ["x but not r" treated specially]
  • code multicast via the Tequila shared array
  • each client examines keys and signatures (to determine actions based on permissions)
  • actions performed on the code
  • result of any Tcl pre-processing inserted into spreadsheet [this is where "x but not r" special handling would occur]
  • spreadsheet executes the formula, and propagates recalculations throughout spreadsheet

This design allows for cross-brand application synchronization. Could be easily generalized to allow many other application types, such as:

  • Poor man's grid computer
  • turn a native word processor into a wiki environment
  • marshal vast computing and visualization resources in a rich collaborative network environment

Question about speed/performance; answer: The intent is to make it feel virtually realtime; achievable on the same subnet of a LAN, further research needed over wider Internet.