Puzzle: Adding domain-based security to Squeak.
Klaus D. Witzel
klaus.witzel at cobss.com
Wed Aug 9 06:18:32 UTC 2006
On Tue, 08 Aug 2006 18:04:07 +0200, Howard Stearns wrote:
> Klaus D. Witzel wrote:
>> On Tue, 08 Aug 2006 16:53:46 +0200, Howard Stearns wrote:
>>
>>> Imagine that a magic fairy comes and creates a system that works
>>> exactly as you prescribe.
>>> Now, how will you or your users guess that 64MB RAM / 100MB disk
>>> / 100MB traffic/day is appropriate for one application, while others
>>> use different figures?
>>
>> Would you say that the above is any different from a single computer
>> system with exactly the capacity limits you gave? If so, mind to
>> explain?
>
> I agree that they're the same. And I would never order a computer saying
> that it must not have more than 64MB, 100MB disk, nor allow more than
> 100MB traffic/day. Nor would I attempt to implement "safety" that way on
> a single or partitioned computer.
Then, how would you "implement" it?
>> BTW: in ancient (computer age) times we had to implement contingency
>> systems (sometimes mistakenly called accounting systems) because there
>> was only one computer for 1,000's of users, like for example here:
>
> Indeed, and there is good reason that computers are no longer
> implemented that way.
I don't believe that. Do you mean that you can upload your malicious code
to one of the grids
- http://en.wikipedia.org/wiki/Grid_computing
and it (the grid) will immediately allocate all its resources and all its
processing power that your code asks for?
Indeed, there *are* good reasons that computer (systems) *are* implemented
that way (regardless of the # of CPU's etc). And the grid is not an
exception: every OS constrains *all* available resources, one way or the
other, even its own resources. There is no way out.
The question in the original post was, how to do that with Squeak (cross
platform, of course!).
> While I certainly don't feel that "no body does it that way" is a valid
> argument that something should not be done, I do feel it is instructive
> to note that, while there are many projects to build distributed systems
> that allow resources to be shared among computers, the opposite does not
> appear to be true (e.g., hardware systems that segregate or cap
> resources).
But the physical "hard" limits of computer systems are indistinguishable
from "soft" (administrated) limits. There is no difference observable by
any piece of software of any kind.
> It's rather suspect that the original project spec of how to limit
> resource use on a single processor
My example below was about a *single computer system* with multiple CPUs
and tons of time-shared terminals for use by the students.
> should come out of a problem in distributed computing, which by
> definition is an attempt to gain overall system power and access by
> sharing resources between computers. There's a good heuristic: Don't
> create a feature requirement that contravenes the overriding project
> goal!
The project goal is that no student can crash the university's computer
system(s) and also can not dominate available resources. Every student
must be given the compiler, disk space, etc, in order that they can work
and can produce their malicious code (by chance or by using their free
will). This is the (typical) situation when you give Squeak to a user
(regardless of the institution and of the application).
>>
>> - http://www.unibw.de/
>>
>> on a B7800/B7900, the successor of the B5000.
>>
> Thanks for making my point!
NP.
/Klaus
More information about the Squeak-dev
mailing list
|