Ron, would it be an easy process to add a second URL to the exception
paperwork. Pharo does have new ideas about code storage and distribution
that we would want to take advantage of. This would help a lot!

Then again, screw their paperwork requirements of us. Put my name as
responsible on the Pharo code and I'll take a trip to Cuba, if they need
a scape goat for their 20th century thinking. Crypto is already out of
the bag and everyone uses it freely. Just do it and ask permission later.

In thinking about consolidating crypto code between squeak and pharo, I
would guess there would be a thin capatibility layer for each system,
then the Crypto code in the main. My goal is to have compatibility,
crypto and plugins on both virtual platforms.

Thanks so much ^^

Robert

On 10/19/2015 05:17 PM, Ron Teitelbaum wrote:
> Hi Chris,
>
> The exemption is not for the location of the server but the URL where
> it is hosted.  I'm happy to help in any way I can but I don't have
> access to the Pharo Repos.  I have no issue with having Pharo
> packages on SqueakSource if that is what everyone agrees too.  We
> have multiple packages hosted there.  It's ok with me if we host some
> pharo code there too.
>
> All the best,
>
> Ron
>
>> -----Original Message----- From: Chris Muller
>> [mailto:ma.chris.m at gmail.com] Sent: Monday, October 19, 2015 3:59
>> PM To: Ron Teitelbaum Cc: Pharo Development List; The
>> general-purpose Squeak developers list Subject: Re: [Pharo-dev]
>> [squeak-dev] [Cryptography port to Pharo] RandomGenerator
>> class>>unpredictableStringsDo:
>>
>> Heh, well, since then SqueakSource itself was moved to a different
>> server in a different country.  I guess there was also a mirror of
>> SqueakSource hosted in Chile under a different URL for many years.
>>
>> I'm doubtful any of it matters, but we wouldn't want anyone to end
>> up in Gitmo over it.  If you're uncomfortable about hosting a copy
>> elsewhere, then please at least namespace-prefix the Pharo-specific
>> packages, to at least help keep it from becoming a tangled mess.
>>
>> On Mon, Oct 19, 2015 at 2:39 PM, Ron Teitelbaum <ron at usmedrec.com>
>> wrote:
>>> Hi All,
>>>
>>> Unless someone filed the proper paperwork I would suggest NOT
>>> moving
>> the cryptography code anywhere except for SqueakSource.  When we
>> started the project we spent time ensuring that we had a proper
>> exemption from the  U.S. regulations on exporting cryptographic
>> code.  If someone copied and forked the code that exemption may not
>> still apply to that new repository.
>>>
>>> I'm not personally involved with the code on Pharo, not sure who
>>> is doing
>> crypto there.
>>>
>>> All the best,
>>>
>>> Ron
>>>
>>>> -----Original Message----- From: Pharo-dev
>>>> [mailto:pharo-dev-bounces at lists.pharo.org] On Behalf Of Chris
>>>> Muller Sent: Monday, October 19, 2015 2:47 PM To: The
>>>> general-purpose Squeak developers list Cc: Pharo Development
>>>> List Subject: Re: [Pharo-dev] [squeak-dev] [Cryptography port
>>>> to Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>
>>>> Yes, if a common package for both Squeak and Pharo is
>>>> possible, that'd be great.  Otherwise, the Squeak and Pharo
>>>> versions should reside in separate repositories.  Squeak users
>>>> are still using squeaksource.com, Pharo moved to smalltalkhub
>>>> and beyond..
>>>>
>>>> On Mon, Oct 19, 2015 at 1:42 PM, Robert Withers
>>>> <robert.w.withers at gmail.com> wrote:
>>>>> hey Ron,
>>>>>
>>>>> It was actually the Pharo Cryptography team I was thinking
>>>>> of. Perhaps we can get the same package to work in both
>>>>> squeak and Pharo, with use of installable entropy sources or
>>>>> the like. In order to get SqueakElib running in Pharo I need
>>>>> crypto and we may as
>> well do it right.
>>>>>
>>>>> Cheers, Robert
>>>>>
>>>>>
>>>>> On 10/19/2015 02:28 PM, Ron Teitelbaum wrote:
>>>>>>
>>>>>> Hi Robert,
>>>>>>
>>>>>> You are already on the Cryptograph repo on SqueakSource.com
>>>>>> as an
>>>> admin.
>>>>>> Please feel free to reorg if you like.
>>>>>>
>>>>>> Let me know if you have trouble resurrecting your account.
>>>>>>
>>>>>> All the best,
>>>>>>
>>>>>> Ron
>>>>>>
>>>>>>> -----Original Message----- From:
>>>>>>> squeak-dev-bounces at lists.squeakfoundation.org
>>>>>>> [mailto:squeak-dev- bounces at lists.squeakfoundation.org]
>>>>>>> On Behalf Of Robert Withers Sent: Monday, October 19,
>>>>>>> 2015 1:53 PM To: squeak-dev at lists.squeakfoundation.org
>>>>>>> Subject: Re: [squeak-dev] [Pharo-dev] [Cryptography port
>>>>>>> to Pharo] RandomGenerator class>>unpredictableStringsDo:
>>>>>>>
>>>>>>> This is great guys. Is there a way to get this from the
>>>>>>> image? Good to get
>>>>>>
>>>>>> it
>>>>>>>
>>>>>>> with an FFI/OSProcess call or something.
>>>>>>>
>>>>>>> Thank you, Robert
>>>>>>>
>>>>>>> On 10/19/2015 08:58 AM, Louis LaBrunda wrote:
>>>>>>>>
>>>>>>>> Hi Guys,
>>>>>>>>
>>>>>>>> How about getting the CPU temperature.  I think most
>>>>>>>> CPUs support "Digital Thermal Sensor" (I'm not sure
>>>>>>>> about ARM).  I think it is seven bits.  The real range
>>>>>>>> should be less than that but it may be enough to help
>>>>>>>> add some entropy.
>>>>>>>>
>>>>>>>> Lou
>>>>>>>>
>>>>>>>> On Mon, 19 Oct 2015 07:39:19 -0400, Robert Withers
>>>>>>>> <robert.w.withers at gmail.com> wrote:
>>>>>>>>
>>>>>>>>> Hi Ron , nice to see you too! It has been a number of
>>>>>>>>> years, hasn't
>> it?
>>>>>>>>> Crypto is timestamped back in 2010, so there is is. I
>>>>>>>>> hope these have been kind years to you, as they have
>>>>>>>>> for me.
>>>>>>>>>
>>>>>>>>> I love the idea of optional sources of entropy,
>>>>>>>>> depending on the deployed capabilities. So there are
>>>>>>>>> our mouse points and such, because they ought to be
>>>>>>>>> optional.
>>>>>>>>>
>>>>>>>>> What are some reliably present sources in the most
>>>>>>>>> minimal
>>>> situation?
>>>>>>>>> If we could define minimal as an image with no image
>>>>>>>>> level I/O beyond file I/O, I would think we'd have:
>>>>>>>>> Kernel, System, Collections, Compiler and FFI. Some
>>>>>>>>> intransitives in that scope for entropy would be
>>>>>>>
>>>>>>> grand.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I was thinking to take 5 millisecondClockValues,
>>>>>>>>> separated by 4 non-secure random intervals: take the
>>>>>>>>> low order byte of the 4 intervals and reverse &
>>>>>>>>> concat them, as a entropic source.
>>>>>>>>>
>>>>>>>>> I can coordinate these changes. Ron, could you add me
>>>>>>>>> to the Cryptography team so I can upload the Pharo
>>>>>>>>> Cryptography
>>>>>>>
>>>>>>> #bleedingEdge?
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Thanks and I look forward to more, :)
>>>>>>>>>
>>>>>>>>> Robert
>>>>>>>>>
>>>>>>>>> On 10/18/2015 02:38 PM, Ron Teitelbaum wrote:
>>>>>>>>>>
>>>>>>>>>> Hi Robert,
>>>>>>>>>>
>>>>>>>>>> Nice to see you!
>>>>>>>>>>
>>>>>>>>>> Looks interesting I know that Chris did something
>>>>>>>>>> gathering sources of
>>>>>>>
>>>>>>> entropy.  Seems like the more the better.  Could you just
>>>>>>> make the entropy sources optional such that if they exist
>>>>>>> we use them? I would have to go back and see what Chris
>>>>>>> did but he was following suggestions from Schneider in
>>>>>>> his secureRandom.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> All the best,
>>>>>>>>>>
>>>>>>>>>> Ron Teitelbaum
>>>>>>>>>>
>>>>>>>>>>> -----Original Message----- From: Pharo-dev
>>>>>>>>>>> [mailto:pharo-dev-bounces at lists.pharo.org] On
>>>>>>>>>>> Behalf Of Robert Withers Sent: Sunday, October
>>>>>>>>>>> 18, 2015 5:00 AM To: The general-purpose Squeak
>>>>>>>>>>> developers list; Pharo Development List Subject:
>>>>>>>>>>> Re: [Pharo-dev] [Cryptography port to Pharo]
>>>>>>>>>>> RandomGenerator class>>unpredictableStringsDo:
>>>>>>>>>>>
>>>>>>>>>>> I'm sorry, I forgot the code. I list the existing
>>>>>>>>>>> method, followed by my modified Pharo method
>>>>>>>>>>> below. I welcome any
>>>> feedback.
>>>>>>>>>>>
>>>>>>>>>>> Regards, Robert
>>>>>>>>>>>
>>>>>>>>>>> --- Existing: unpredictableStringsDo: aBlock
>>>>>>>>>>> "Enumerate sources of information from my
>>>>>>>>>>> environment that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess." | time | time :=
>>>>>>>>>>> Time millisecondsToRun: [ aBlock value: World
>>>>>>>>>>> imageForm bits compressToByteArray ; value:
>>>>>>>>>>> Sensor mousePoint x asString ; value: Sensor
>>>>>>>>>>> mousePoint y asString ; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray ; value: Date
>>>>>>>>>>> today asString ; value: Time now asString ;
>>>>>>>>>>> value: Display extent asString. 100 timesRepeat:
>>>>>>>>>>> [ aBlock value: UUID new ]. #(vmVersion
>>>>>>>>>>> platformName primVmPath imageName
>>>>>>>
>>>>>>> platformSubtype
>>>>>>>>>>>
>>>>>>>>>>> datedVersion lastQuitLogPosition
>>>>>>>>>>> vmStatisticsReportString imageName) collect: [ :
>>>>>>>>>>> each | aBlock value: (SmalltalkImage current
>>>>>>>>>>> perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ]. aBlock value: time asByteArray; "maybe the
>>>>>>>>>>> pointer has moved, hit it again." value: Sensor
>>>>>>>>>>> mousePoint asString ; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>> --- Pharo port: unpredictableStringsDo: aBlock
>>>>>>>>>>> "Enumerate sources of information from my
>>>>>>>>>>> environment that
>>>>>>>
>>>>>>> should
>>>>>>>>>>>
>>>>>>>>>>> be generally hard to guess."
>>>>>>>>>>>
>>>>>>>>>>> | time | time := Time millisecondsToRun: [
>>>>>>>>>>> aBlock value: Time millisecondClockValue
>>>>>>>>>>> asByteArray ; value: Date today asString ; value:
>>>>>>>>>>> Time now asString. 100 timesRepeat: [ aBlock
>>>>>>>>>>> value: UUID new ]. #(version primImagePath
>>>>>>>>>>> imagePath datedVersion lastQuitLogPosition)
>>>>>>>>>>> collect: [ : each | aBlock value: (SmalltalkImage
>>>>>>>>>>> current perform: each)
>>>>>>>
>>>>>>> asByteArray
>>>>>>>>>>>
>>>>>>>>>>> ] ]. aBlock value: time asByteArray; value: Time
>>>>>>>>>>> millisecondClockValue asByteArray
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> On 10/18/2015 04:23 AM, Robert Withers wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> This is a message intended for anyone who was
>>>>>>>>>>>> on the Cryptography
>>>>>>>
>>>>>>> team.
>>>>>>>>>>>>
>>>>>>>>>>>> I recently ported it to Pharo and had to make
>>>>>>>>>>>> changes to
>>>>>>>>>>>
>>>>>>>>>>> RandomGenerator
>>>>>>>>>>>>
>>>>>>>>>>>> class>>unpredictableStringsDo:. This certainly
>>>>>>>>>>>> removed some class>>uncertainty from the
>>>>>>>>>>>> results of this message. My question is what
>>>>>>>>>>>> should I do about that? This method seems to
>>>>>>>>>>>> require non-headless, as it is checking the
>>>>>>>>>>>> mouse point and such. This being a crypto
>>>>>>>>>>>> cornerstone, what the best answer here.
>>>>>>>>>>>>
>>>>>>>>>>>> Thank you, Robert
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>> -----------------------------------------------------------
>>>>>>>>
>>>>>>>>
Louis LaBrunda
>>>>>>>> Keystone Software Corp. SkypeMe callto://PhotonDemon
>>>>>>>> mailto:Lou at Keystone-Software.com http://www.Keystone-
>>>> Software.com
>>>>>>>>
>>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>
>>>
>
>