Michael van der Gulik <squeakml at gulik.co.nz> writes:
> Hi all.
> 
> Does anybody have code (particularly VM modifications) which allow
> Capabilities in Squeak?
> 
> In particular, I'm referring to code that implements stuff described
> on this page:
> http://minnow.cc.gatech.edu/squeak/uploads/2074/sandbox.html

This is my old "Islands" project, done during an summer internship
with the Squeak group in 2000.  The group was just starting to work on
sharing EToy's.  For example, that was when the SuperSwiki and the
web-browser plugin were developed.

I had recently been "Millered", and was fascinated by the possibility
of object references and message sending being your security kernel.
So, I attempted to use this approach so that you could run untrusted
EToy's inside Squeak without needing a special VM mode.  You could
then email someone an EToy and they could read play with it right in
Celeste.

I got so far as getting BouncingAtomsMorph to run in a sandbox, but
then ran out of time.  I went back to hammering on type inference,
which was engrossing and sucked away all of my next 6 years.


Full information about Islands is available at this page:

    http://minnow.cc.gatech.edu/squeak/2074

It includes the rationale, the source code, a pre-built image, and
notes about updating it to newer Squeaks.


I still think the basic approach is good.  The next thing I would do,
were I to continue, would be to get rid of the dynamically bound
global variables, and instead to have separate, static namespaces.
The reason for the current approach--i.e. all global references are
bound indirectly through the currently active island--is that compiled
code can be reused across multiple islands.  In retrospect, it would
be better to maintain conceptual pruity and simply recompile any
reused code.


More broadly, I still think the object capabilities approach is
important and worth giving a good look in any new language.  It is a
feature you cannot very well add late.


-Lex