in the biological world, multicellular computing has yet to
evolve a taboo against code transfer. Some especially sensitive
application areas such as government, military and financial IT do
best to prohibit code transfer. Their best is not good enough.
Recent nation-state attacks include Chinese
attacks against the US Department of Defense, Stuxnet
a joint US/Israeli exploit against Iranian nuclear sites, and Flame
a very large and multi-function US malware package that exploits flaws
in Windows Update. Banks and other financial institutions are
hacked far more often than the public realizes. Commercial databases
containing credit card and other private information of consumers
continue to be compromised all too often. And the above cases
occur despite professional management of the computers involved.
Despite the increasing seriousness of such threats, many programmers
find it difficult even to imagine a world in which it is technically
impossible to alter
code in a computer. Moreover, the PC revolution was founded upon the
fiction that Microsoft "owns" the code on every Windows computer and
has the right to modify it at will. Hence Windows Update is a
legally protected and vital part of the Windows software ecology. Thus
the business of PCs and tablets and now smartphones depends upon the
movement of code from the vendors to the users! Predictably, viruses
have already appeared
that exploit smartphone mobile code.
Loading code, if it cannot
be prohibited entirely, should be a
special, and carefully managed process
much better managed than it is at present. Apple's AppStore
policies for iPod/Phone/Pad apps are a good start, but only a
start. Google's free-for-all policies for Android apps seem
designed to replicate Windows' flaws.
Enforcing such a taboo will be complicated by the fact that it is difficult to distinguish code from data. Code int the guise of data may sneak in as a supposedly innocuous file like a .jpg image and get executed as a result of a buffer-overrun exploit . In smart phones code may sneak in using an SMS messaging exploit . Fortunately, the importance of a taboo against transferring code is becomings more obvious, so perhaps we can expect the computing industry to incrementally improve its enforcement capabilities.
in computing tends to reduce the need, hence the acceptability, of
code transfer. Compatibility
Windows monoculture with its common APIs permits meaningful, if
dangerous, code transfers. Outside of a monoculture, it simply makes no
sense to base multicellular computing messages on transmitted code.
Specialized computers in communities of collaborating machines function
in very different ways and in different contexts. Code for a router is
meaningless in a PDA or a
parallel computation engine. It is neither practical nor useful for a
machine requesting a service to send code that specifies how that
service is to be
carried out. Only the receiving computer can know how best to provide
As code transfer loses popularity, the growing trend, Service Oriented Architectures (SOA) and Web Services in the "Cloud" are gaining popularity. Web Services mimic living system’s use of polymorphic message sending. The receiving computer, not the sender, determines the meaning of all SOA and Web Services messages. So the multicellular computing world seems already to be evolving the same basic architecture that evolved in biology. Future orchestrated collaborations between computers on the Internet likely will be based upon one variety or another of SOA. Heavyweight SOA, based upon SOAP, WSDL, and a host of other industry standards, is gaining favor in corporate IT systems. Lighter weight mashups, e.g., those based on AJAX are growing rapidly in the Internet at large. In either case, useful Web Services are emerging on the net and multicellular combinations of Web Services are becoming much more common.
Whichever new protocols emerge, we must coexist for many years with legacy systems that use proprietary communication protocols, old EDI protocols, HTML protocols, and many less common formats. If biology is any guide, many of these will never fully disappear. They will become frozen historical accidents to puzzle future students of the history of computing.
The form of future collaborations between computers seems on its way to being settled, i.e., by some sort of Cloud Web Service conventions based on XML. But the substance is not. Polymorphic messages encoded in XML are syntactically self-describing but not semantically self-describing . If polymorphic messages are to be the basis of communication, there has to be some agreement on the meaning of the messages. Messaging semantics will be sorted out by the efforts of various standards bodies, by acceptance of conventions, and by much evolutionary trial and error. Yet none of these are completely satisfactory – standards are slow, conventions conflict, and evolution is messy. Nonetheless, if biology is any guide, evolution will dominate.
Messaging semantics in multicellular organisms evolve under constraints from all aspects of the message process at once. An individual organism begins with a fertilized egg that divides. Its daughter cells all share the same DNA. These daughter cells differentiate, staying physically co-located. Hence, the organism’s DNA codes for all aspects of the messaging behavior, both the behavior of the “sending” cell, i.e., how and when it synthesizes and exports a given messenger molecule, and the shape and lifetime of the messenger molecule . The behavior of the “receiving” cell(s), i.e., those that have binding sites for a given molecule, depends upon which biochemical pathways are triggered by receipt of the molecule. If the semantics of a given message transfer are not beneficial or at least neutral to the health of the whole organism, the whole organism is at higher risk of death before it can pass the DNA on to the next generation. Thus survival of the fittest, which operates at the whole organism level, simultaneously punishes poor “syntax” and muddled “semantics” by culling mistakes at either end of the communication.
A single corporate network infrastructure may play an evolutionary role similar to that of a single multicellular organism. That is, it is a unitary, logically contiguous, dedicated collection of computers that supports the whole organization, for good or ill. Its routers, firewalls, VPN links, LDAP servers, DMZs, and specialized application servers must share an agreed upon and internally compatible architecture and implementation. And the semantics of pairwise collaborations must be sensible. The corporate IT staff work to ensure this. If the system is not up to the job, disaster may well ensue for the whole organization. A corporation with a seriously flawed Web Services infrastructure may simply go out of business, thus failing to pass on its ineffective infrastructure architecture and semantics. Bank mergers are a classic case. A bank’s competitiveness often depends in large part upon its IT infrastructure, which is a carefully (or not so carefully) crafted multicellular computing organism. The weaker bank, when acquired by a stronger one, typically must remake its IT infrastructure to be compatible with the winning bank’s architecture. This sort of system evolves its messaging architecture in a manner similar to that of a multicellular organism, by a remorseless process of survival of the fittest.
The evolution of message semantics in the open Internet is more complicated, not to say haphazard. A person’s computer may play a different role in many different sets of multi-computer collaborations, some for private uses and some in their role as an employee, customer, or supplier in business relationships. This is similar to the more fluid and ambiguous semantics in ecologies of organisms where a single organism plays many different roles in different ecological collaborations. Predators recognize prey, and vice versa, by all sorts of chemical signals. So, chemical signals mean one thing between individuals of the same species and another to their predators or prey. For example, the musky smells of animals travel on the wind. Thus predators attack from downwind so as not to warn the prey. The “come hither” scent of a desert mouse is intended to attract a mate. That it also attracts a hungry snake is not simply an unfortunate accident. The snake co-evolves with the mouse. In a similar manner, especially valuable services (Google, eBay, Amazon, Twitter) support an API with defined semantics that attracts third party services. Or services with plentiful and demographically valuable users attract competing services that will offer the same API with the same semantics to attract those users. Successful poachers of either sort can then add to the API and the semantics in an attempt to freeze out competitors. Nonetheless, such co-evolution can result in richer and more useful semantics.
Some efforts, such as UDDI have attempted to provide a semantic “yellow pages” service as a rendezvous point for finding services with the “right” semantics and to organize such semantic information into useful taxonomies. So far, these efforts have been premature, over-engineered and overly complex. It has been like attempting to start a telephone Yellow Pages before there are enough phones to matter. So, the semantics problem in the Internet remains difficult.
Alan Kay  proposes that the semantics travel with the message by using objects as the message carrier rather than just data. An object carries both data and the code that provides some of the meaning. Security issues would be handled by assuming that the machines are specialized as object engines that provide separate address spaces for all objects so that one cannot interfere with another. However, object collaboration still requires some shared understanding of the semantics of the polymorphic messages. Reflexive systems, those in which metadata is available with which objects can “reason” about message interfaces of other objects, might be agreed upon and such reasoning might support the bootstrapping of enough semantics to dramatically speed the evolution of useful ways of collaboration. Or, SOA brokers could match up “compatible” parties. This object approach might offer real advantages, however it is a radical departure from the way our current machines work and would require substantial evangelism and investment to succeed. Nonetheless, one day perhaps some classes of computer applications might work very well in such general object engines
 Note that new hardware capabilities from Intel and AMD allow memory to be marked “ no execute” which may eventually make buffer-overruns less of a problem. In July, 2009, a security researcher discovered a way to use SMS messages to completely take over an iPhone without any interaction with the phone's owner. (See interview with Charlie Miller, the discoverer of the iPhone exploit). He also found exploits for Android and Windows Mobile smart phones. He explains the basics of the iPhone exploit thus: "You can send a long [SMS] message in a series of messages and the phone will reconstruct it into a one long string. It accesses an array based on a value from the data. In the case where it thinks it reads -1, it actually accesses the memory before the array, not in the array. By setting things up just right and being tricky, you can actually leverage this to gain complete control of the device. The entire attack takes just over 500 messages, although the victim doesn't know they are being sent because they don't show up on the phone. Most of these messages have to do with setting things up 'just right.' Sixteen of them actually access the array out of bounds."
 XML does not encode semantics. Only the syntax is self describing. When people read XML, they subconsciously perceive the tags as carrying semantic information because the tags are usually human-readable words. The receiving computers cannot derive any meaning from those words. Semantics remains in the minds of the reader and writer of the text, not in the XML itself. Imagine, as a thought experiment, reading XML in which all the tags have been encrypted. The encryption removes none of the information in the XML but does remove the illusion of semantics.
 Intracellular mechanisms degrade almost all proteins including messagenger molecules, some quite rapidly. A molecular message's half-life determines its range and the duration of its effect – that is, messenger half-life is an explicit aspect of message management that evolves along with the functioning of the sending and receiving cells and of the organism as a whole.
 This paragraph is based on a personal communication with Alan Kay. Multicellular computing was the context for that discussion. He has long championed the view that “dumb” data should be avoided. In principle, I agree with him. The difficulty is in how to prevent the embedded "smarts" from providing an avenue of entry to viruses and other malware.
Contact: sburbeck at mindspring.com
Last revised 6/6/2012