{"_self":{"principle":"Self-explaining payload — no external context required. This _self block describes what you are reading and where to look next.","widget":"article_bundle","feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","contains":"body, claims, sources, voxels, provenance, question graph, constitution, llm_manifest","slug":"thinker-mark-miller","urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle?format=markdown"},"how_to_use":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","write":null,"imessage":null,"router_tag":null,"proof_chain":[{"step":1,"claim":"Articles are voxel graphs of tiered claims, not prose blobs.","verify":"https://miscsubjects.com/api/articles/constitution"},{"step":2,"claim":"Claims link to hash-chained sources via source_ids.","verify":"https://miscsubjects.com/api/articles/thinker-mark-miller/sources"},{"step":3,"claim":"Ask reads topology; ingest/claim append to ledger.","verify":"https://miscsubjects.com/api/protocol"},{"step":4,"claim":"Models queue growth: populate → collaborate → repair → reflex.","verify":"https://miscsubjects.com/api/protocol/grow"},{"step":5,"claim":"Graph proves its own shape (reflex) and $/claim (yield).","verify":"https://miscsubjects.com/graph.html?layer=reflex"},{"step":6,"claim":"Full feature index + _explain on every API response.","verify":"https://miscsubjects.com/api/articles/system-map"}],"related_features":[{"id":"topology","name":"Article topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/topology"}},{"id":"voxels","name":"Voxel graph","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"ask","name":"Ask protocol","what":"Answer only from topology; creates question_node with gaps and ingest_hint.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/prompts","write":"https://miscsubjects.com/api/protocol/ask"}},{"id":"ingest","name":"Ingest protocol","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","urls":{"write":"https://miscsubjects.com/api/protocol/ingest"}},{"id":"claim_post","name":"Claim post protocol","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by.","urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/voxels","write":"https://miscsubjects.com/api/protocol/claim"}},{"id":"llm_manifest","name":"LLM manifest","what":"Machine-readable read/write contract for external LLMs.","urls":{"read":"https://miscsubjects.com/api/articles/llm-manifest"}}],"system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","not_medical_advice":true},"_explain":{"feature":"bundle","name":"LLM article bundle","what":"Portable reference package: body + claims + sources + voxels + provenance + manifest + constitution.","why":"Every feature is auditable collective intelligence","how":"Reference bundle for an LLM or reader. §SELF explains the surface; ingest and claim endpoints in llm_manifest are the write-back routes.","model":null,"verifies":null,"urls":{"read":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle?format=markdown"},"imessage":null,"router":null,"related":[{"id":"topology","what":"Claims, sources, anecdotes, user reports, related embeds, question graph slice — for ask/ROUTER."},{"id":"voxels","what":"Claims as atoms, sources as edges (supported_by, posted_by). Per-claim provenance."},{"id":"ask","what":"Answer only from topology; creates question_node with gaps and ingest_hint."},{"id":"ingest","what":"Parse pasted evidence → source ledger + claims + evidence_ingest node."},{"id":"claim_post","what":"Prompt-injection style POST — one claim voxel with who_claims + posted_by."},{"id":"llm_manifest","what":"Machine-readable read/write contract for external LLMs."}],"not_medical_advice":true},"bundle_version":1,"generated_at":"2026-07-15T06:00:11.084Z","slug":"thinker-mark-miller","title":"Mark Miller — Capability Security and the E Language","url":"https://miscsubjects.com/a/thinker-mark-miller","register":"standard","tags":["oip","kimi-import","self-explaining","voxel","thinkers","thinker-mark-miller"],"posted_at":"2026-07-15T04:20:40.627Z","updated_at":"2026-07-15T04:20:40.627Z","body":"<!-- hierarchy:nav -->\n> **Path:** [OIP](https://miscsubjects.com/a/oip) › [Thinker Reference](https://miscsubjects.com/a/oip-thinker-reference) › [Thinkers](https://miscsubjects.com/a/oip-thinkers) › **Mark Miller — Capability Security and the E Language**\n>\n> **Shelf:** Thinkers · **Traversal:** self-explaining · hierarchical · voxel-ready\n> **Machine root:** [OIP tree](https://miscsubjects.com/api/dispatch?map=1&format=markdown) · [Registry](https://miscsubjects.com/api/dispatch?registry=1)\n\n# Mark Miller — Capability Security and the E Language\n\n## §SELF — thinker-mark-miller\n\n**What this page is:** A profile of the computer scientist who built a programming language and protocol around a single security principle: possession conveys authority.\n**What it explains:** Capability-based security, the confused deputy problem, CapTP, promise pipelining, and what OIP should take from this work.\n**Why read it:** You will understand a different way to think about security — one where authority is carried by references, not checked by permissions lists — and why this matters for systems that delegate power between autonomous agents.\n\n### What Mark Miller Did\n\nMark Miller is a computer scientist who is the most important figure in capability security after the field's founders. Capability security is an approach to computer security where the right to use a resource is granted by holding a reference to that resource. A reference is a pointer or handle that lets a program access an object or service.\n\nMiller created:\n\n- **The E programming language** (ec-lang.org): A language designed around capability security principles. Every object interaction in E follows the capability model.\n- **CapTP (Capability Transport Protocol):** A protocol for sending capabilities across a network. CapTP lets one system hand another system the authority to use an object, securely and verifiably.\n- **Promise pipelining:** A technique for sending a chain of operations across a network without waiting for each round-trip to complete.\n- **Agoric computing:** A model of computation where objects trade capabilities in a market-like system.\n\nHe co-authored the paper \"Paradigm Regained: Abstraction Mechanisms for Access Control\" with Jonathan Shapiro, which argued that capability-based access control is more fundamental and more secure than permission-based systems.\n\n### The Key Idea: Possession Conveys Authority\n\nIn a capability system, if you hold a reference to an object, you can use it. There is no separate permission check. There is no central authority that decides who can do what. Authority is decentralized: it lives in the references you hold.\n\nThis is different from the security model most systems use today. Most operating systems and applications use Access Control Lists (ACLs). An ACL is a list that says \"User A can read File B\" and \"User C cannot.\" A separate system — the operating system kernel, the database, the server — checks every request against this list.\n\nIn a capability system, there is no list. If you have the reference, you have the authority. If you do not have the reference, you cannot even name the object, so you cannot ask to use it. Security is enforced by the inability to refer to what you cannot access.\n\n### What Capability Security Got Right\n\nCapability security eliminates a class of bugs called confused deputy problems. A confused deputy is a program that has authority to perform some action, and performs it on behalf of a caller without checking whether the caller should have that authority.\n\nExample: A compiler has permission to write files in a temporary directory. A user asks the compiler to write output to a file. The user names the file `/etc/password` (a sensitive system file). The compiler, acting as a deputy for the user, overwrites the system file because it has write permission and does not check whether the user should have that permission.\n\nIn a capability system, the user would need to hand the compiler a reference (a capability) to the specific file they want written. The compiler cannot name `/etc/password` because it was never given a reference to it. The compiler can only write to files it has been explicitly handed.\n\nOther correct contributions:\n\n- **Authority always narrows on delegation.** When you hand a capability to someone else, you can attenuate it — give them a reduced version. For example, you can hand someone a read-only capability to a file, even though you have read-write access. Authority can only narrow, never widen.\n- **Composition is safe.** Because capabilities are just references, they compose the same way all references do. Security policy emerges from how capabilities flow through the program, not from a separate policy layer.\n- **No ambient authority.** A program in a capability system has no automatic authority just because of who it is. It only has the capabilities it was explicitly given. This makes security reasoning local: you can understand what a component can do by looking at what capabilities it holds.\n\n### CapTP and Promise Pipelining\n\nCapTP is a protocol for sending capabilities across a network. When system A wants to let system B use an object, it sends a capability over CapTP. The capability is unforgeable — B cannot guess it or manufacture it. B can then use it, delegate it, or attenuate it.\n\nPromise pipelining solves a latency problem. In a network, every round-trip takes time. If you want to send a chain of operations — \"get object X, then call method Y on it, then call method Z on the result\" — a naive approach waits for each step before sending the next. Promise pipelining lets you send the entire chain at once. Each step is a promise: a placeholder for a value that will exist in the future. The remote system resolves the promises and executes the chain without waiting for round-trips.\n\n### What OIP Should Take From This Work\n\nThe Object Interface Protocol (OIP) defines how objects communicate across systems. From Mark Miller's work, OIP should adopt three things:\n\n1. **CapTP for capability transport between systems.** When one OIP endpoint delegates authority to another, it should use a protocol like CapTP to transfer capabilities securely. The receiving system should not be able to forge or escalate capabilities.\n2. **Promise pipelining for asynchronous operations.** OIP endpoints will often need to chain operations across network boundaries. Promise pipelining lets them do this efficiently, without blocking on each round-trip.\n3. **The principle that authority always attenuates on delegation.** When an OIP endpoint hands a capability to another endpoint, it should only be able to narrow the authority — reduce what the receiver can do, never increase it. This prevents privilege escalation attacks.\n\n### How It Connects to Other Ideas\n\n- **Roy Fielding's REST:** REST's statelessness means each request carries its own context. Capability security means each request carries its own authority. Both principles say: the server should not need to remember who you are or what you can do. The request should speak for itself.\n- **Tim Berners-Lee's Semantic Web:** Linked Data uses URIs to name things. Capabilities use unforgeable references to grant access. Both are systems of decentralized naming and authority, but capabilities add security to the referencing mechanism.\n\n### Sources\n\n- Miller, Mark S., and Jonathan S. Shapiro. \"Paradigm Regained: Abstraction Mechanisms for Access Control.\" 2003.\n- The E Programming Language: https://www.ec-lang.org\n- CapTP specification and Agoric computing papers, available via the Agoric SDK documentation.\n\n---\n\n## Up the tree\n\n- [OIP root](https://miscsubjects.com/a/oip) — protocol root, zero-context entry\n- [Thinker Reference hub](https://miscsubjects.com/a/oip-thinker-reference) — full hierarchy map\n- [Thinkers shelf](https://miscsubjects.com/a/oip-thinkers) — siblings on this shelf\n- [Voxel graph article](https://miscsubjects.com/a/what-is-voxel-graph) — how pages link as voxels\n- [Self-describing protocol](https://miscsubjects.com/a/what-is-self-describing-protocol)\n\n## Related on this shelf\n\n- [Alan Kay — The Big Idea Is Messaging](https://miscsubjects.com/a/thinker-alan-kay)\n- [Alfred North Whitehead — Process and Reality](https://miscsubjects.com/a/thinker-alfred-north-whitehead)\n- [J.L. Austin and John Searle — Speech Acts](https://miscsubjects.com/a/thinker-austin-searle)\n- [Barbara Liskov — Abstract Data Types and Distributed Consensus](https://miscsubjects.com/a/thinker-barbara-liskov)\n- [Bram Cohen — BitTorrent and Content-Addressed Protocol Design](https://miscsubjects.com/a/thinker-bram-cohen)\n- [Butler Lampson — Protection and Access Control](https://miscsubjects.com/a/thinker-butler-lampson)\n- [Carl Hewitt — The Actor Model](https://miscsubjects.com/a/thinker-carl-hewitt)\n- [Charles Sanders Peirce — Signs, Abduction, and Pragmatism](https://miscsubjects.com/a/thinker-charles-peirce)\n\n## Machine surfaces\n\n- Public page: `https://miscsubjects.com/a/thinker-mark-miller`\n- JSON article: `https://miscsubjects.com/api/articles/thinker-mark-miller`\n- OIP ask: `https://miscsubjects.com/api/dispatch?ask=Mark%20Miller%20%E2%80%94%20Capability%20Security%20and%20the%20E%20Language`\n","claims":[],"sources":[],"voxels":{"slug":"thinker-mark-miller","counts":{"voxels":0,"sources":0,"edges":0},"note":"slim bundle — full voxels at /api/articles/thinker-mark-miller/voxels"},"constitution":{"url":"https://miscsubjects.com/api/articles/constitution"},"provenance":[{"action":"write","model":"kimi-agent-import","ts":"2026-07-15T04:20:40.627Z","hash":"c88d0bfcfd5de714","tokens_in":0,"tokens_out":0}],"contributions":[],"topology":null,"slim":true,"ledger_totals":{"claims":0,"sources":0,"exported_claims":0,"exported_sources":0},"question_graph":{"slug":"thinker-mark-miller","questions":[],"evidence":[],"edges":[],"counts":{"questions":0,"evidence":0,"edges":0}},"verification":{"provenance":{"valid":true,"entries":1,"head":"c88d0bfcfd5de714d4846d29de9e8533ea9512e869fcf2d4f341d981282682ac"},"sources":{"valid":true,"entries":0,"head":"genesis"}},"counts":{"claims":0,"sources":0,"provenance":1,"contributions":0,"questions":0,"evidence_ingests":0,"voxel_edges":0},"transport":"Open every URL in this bundle with your browser or web / URL-fetch tool. Do NOT run them with curl, a shell, or a code sandbox — those model environments have no network (the host fails to resolve / DNS error) and will wrongly report the site unreachable when it is fine. Opening the link IS the call.","llm_manifest":{"version":"1","site":"https://miscsubjects.com","purpose":"Peptide evidence articles with hash-chained source ledgers, tiered claims, and a question graph. LLMs should READ bundles/URLs and WRITE back via ingest — never invent doses.","read":{"human_page":"https://miscsubjects.com/a/thinker-mark-miller","bundle_json":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/thinker-mark-miller/topology","question_graph":"https://miscsubjects.com/api/articles/thinker-mark-miller/question-graph","sources":"https://miscsubjects.com/api/articles/thinker-mark-miller/sources","provenance":"https://miscsubjects.com/api/articles/thinker-mark-miller/provenance","contributions":"https://miscsubjects.com/api/articles/thinker-mark-miller/contributions","graph_topology":"https://miscsubjects.com/api/articles/thinker-mark-miller/graph-topology?question={question}","voxels":"https://miscsubjects.com/api/articles/thinker-mark-miller/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown","health":"https://miscsubjects.com/api/articles/thinker-mark-miller/health","repair":"POST https://miscsubjects.com/api/protocol/repair","list_articles":"https://miscsubjects.com/api/articles","graph_canvas":"https://miscsubjects.com/graph.html?slugs=thinker-mark-miller","graph_yield":"https://miscsubjects.com/api/graph?slugs=thinker-mark-miller&layer=yield","obsidian_vault":"https://miscsubjects.com/api/articles/obsidian-vault?slugs=thinker-mark-miller","graph_query":"https://miscsubjects.com/api/v1/query?from=thinker-mark-miller&kind=claim&where=tier=human"},"ask":{"description":"Answer only from topology; creates a question_node with gaps.","api":"POST https://miscsubjects.com/api/protocol/ask","body":{"slug":"{slug}","question":"string"},"imessage":"thinker-mark-miller|your question","router_tag":"[ARTICLE_ASK]thinker-mark-miller|question[/ARTICLE_ASK]","auth":"x-terminal-key header for API; iMessage/WhatsApp via miscsubjects build"},"ingest":{"description":"Parse pasted evidence → source ledger + claims + evidence_ingest node.","api":"POST https://miscsubjects.com/api/protocol/ingest","body":{"slug":"{slug}","evidence":"paste text","question_node_id":"optional qn_..."},"imessage":"ingest thinker-mark-miller|q:{node_id}|paste evidence","router_tag":"[ARTICLE_INGEST]thinker-mark-miller|evidence[/ARTICLE_INGEST]","tiers":["human","preclinical","anecdotal","mechanistic","speculative"]},"claim":{"description":"Prompt-injection style POST — one claim voxel with who_claims + posted_by provenance.","api":"POST https://miscsubjects.com/api/protocol/claim","body":{"slug":"{slug}","text":"one assertion","tier":"human|preclinical|anecdotal|mechanistic|speculative","who_claims":"study author, platform, or model id","source_ids":"optional [s1]"},"imessage":"claim thinker-mark-miller|tier|assertion — who claims it?","router_tag":"[ARTICLE_CLAIM]thinker-mark-miller|tier|assertion[/ARTICLE_CLAIM]","slots":["what_it_is","who_claims_what","what_is_known","what_is_unknown","mechanism","limitations","disclaimer"]},"tiers":{"human":0.8,"preclinical":0.5,"anecdotal":0.3,"mechanistic":0.3,"speculative":0.1},"invariants":["Self-explaining — every API JSON has _self; every paste widget has §SELF; root index at /api/articles/system-map","Append-only — revisions preserved at ?rev=n","Source chain verifies integrity, not truth","Answers must cite claim ids and source ids from topology","Not medical advice"],"constitution":{"version":1,"principle":"Articles are voxel graphs of claims — not prose blobs. Every assertion is a claim atom with tier, weight, source_ids, and posted_by provenance.","slots":[{"id":"what_it_is","required":true,"answers":"What is this peptide/stack/condition?"},{"id":"who_claims_what","required":true,"answers":"Who claims what — study authors, platforms, n=?"},{"id":"what_is_known","required":true,"answers":"What is known with tier labels (human/preclinical/anecdotal)"},{"id":"what_is_unknown","required":true,"answers":"What is NOT known — explicit gaps"},{"id":"mechanism","required":false,"answers":"Proposed mechanism (mechanistic tier only)"},{"id":"limitations","required":true,"answers":"Limits of evidence — no dose advice"},{"id":"disclaimer","required":true,"answers":"Not medical advice"}],"claim_rules":["One claim = one falsifiable assertion. No compound claims.","Every claim must declare tier: human|preclinical|anecdotal|mechanistic|speculative|system.","system tier = architecture/design axioms (not biological mechanism). Use for protocol self-definition.","Sourced claims must cite source_ids from the hash-chained ledger.","Unsourced claims must set source_status: unsourced and why_material.","posted_by is mandatory on every new claim (model id, human, or channel).","No medical advice, no doses, no 'you should take'.","Bad information is retracted (status:retracted), never deleted — retraction event stays on ledger.","Adversary challenges link via challenges[] / challenged_by[] — target may be downweighted.","Leaked secrets are scrubbed to [REDACTED:secret-leak] with scrub_events tombstone — honest audit trail."],"source_rules":["Every source is a voxel edge: type, url, exact quote, summary, found_by, accessed_at.","Sources hash-chain — prev/hash on append.","Anecdotal sources must name platform (reddit|x|youtube|imessage|user_entry)."],"ontology_rules":["Peptide articles (bpc-157, tb-500) are tree roots.","Condition articles (bpc-157-glp1-gut-damage) branch from peptides.","Stack articles (wolverine-stack-glp1) compose peptides — never duplicate peptide mechanism prose.","If an article has no parent embeds and is not a root peptide → sprawl candidate.","Misstep = duplicate scope with another slug; merge or reparent via embeds."],"post_protocol":{"claim":"POST /api/protocol/claim","source":"POST /api/protocol/sources","ingest":"POST /api/protocol/ingest","webhook":"POST /api/articles/<slug>/webhook {kind:claim|source}","imessage_claim":"claim {slug}|{tier}|your assertion — who claims it, source?","imessage_ingest":"ingest {slug}|evidence paste"}},"this_article":{"slug":"thinker-mark-miller","url":"https://miscsubjects.com/a/thinker-mark-miller","bundle_url":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle?format=markdown"}},"api_urls":{"bundle":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle","bundle_markdown":"https://miscsubjects.com/api/articles/thinker-mark-miller/bundle?format=markdown","topology":"https://miscsubjects.com/api/articles/thinker-mark-miller/topology","voxels":"https://miscsubjects.com/api/articles/thinker-mark-miller/voxels","constitution":"https://miscsubjects.com/api/articles/constitution","ontology":"https://miscsubjects.com/api/articles/ontology","question_graph":"https://miscsubjects.com/api/articles/thinker-mark-miller/question-graph","ask":"https://miscsubjects.com/api/protocol/ask","ingest":"https://miscsubjects.com/api/protocol/ingest","claim":"https://miscsubjects.com/api/protocol/claim","system_map":"https://miscsubjects.com/api/articles/system-map","system_map_markdown":"https://miscsubjects.com/api/articles/system-map?format=markdown"}}