<br><br><div class="gmail_quote">On Mon, Jul 7, 2008 at 5:24 AM, Jason Johnson <<a href="mailto:jason.johnson.081@gmail.com">jason.johnson.081@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="Ih2E3d">On 7/5/08, Michael van der Gulik <<a href="mailto:mikevdg@gmail.com">mikevdg@gmail.com</a>> wrote:<br>
><br>
> These Namespaces are not for Squeak. They are for a fork of Squeak I'm >making, called SecureSqueak.<br>
<br>
</div>I'm not sure I have ever understood your use of the word "security"<br>
here. When I think of security (as relates to technology) I think of<br>
firewalls, access rights and the like. Is something like this what<br>
you mean, i.e. that unknown users can inject code into the image but<br>
it has no rights unless someone grants them, etc.?<br>
<br>
</blockquote></div><br><br>Okay; some background:<br><br>I'm currently working on a project, called the "Unnamed Grand Project". It doesn't have a name yet because I can't think of a good one. Suggestions welcome :-).<br>
<br>The "Unnamed Grand Project" (1) is kind of like a web browser for something like Squeak "Projects" on the Internet [by "Projects", I'm referring the Morphic projects you can load from a .pr file]. I call these "Sites". Each "Site" is loaded from another computer, and contains bytecodes which are executed locally. In other words, I'm making a better World Wide Web using replicated objects(7).<br>
<br>These remotely loaded bytecodes (aka classes and methods) are untrusted and need to run in a locked-down sandbox of sorts, and local services that these bytecodes have access to need to be very defensively coded so that this untrusted code can't do anything other than draw on the screen, play sounds, and so forth.<br>
<br>By "security", I mean that remotely loaded code does not have access to any more of your system (image, VM and OS) than it needs to run. Remotely loaded bytecodes shouldn't be able to destructively modify the image or lock it up. It should not have access to the operating system except through carefully controlled, secure interfaces. It shouldn't be able to get references to objects it does not need, even through malicious tactics. Remotely loaded code should have resource controls placed on it(2) for CPU, memory, and external services it may have access to like disk access or network access. <br>
<br>So, my active projects are:<br><br>SecureSqueak(3) is a fork of Squeak that's be specially designed to run untrusted bytecodes;<br><br>Namespaces(4) and Packages(5) are a way of organising code in SecureSqueak so that it can be transferred between machines (as well as other features);<br>
<br>Subcanvas(6) is the 2-D API which is passed to remotely loaded code so that the code can draw stuff on the screen and react to events. <br><br>(1) <a href="http://gulik.pbwiki.com/Unnamed+Grand+Project">http://gulik.pbwiki.com/Unnamed+Grand+Project</a><br>
(2) <a href="http://gulik.pbwiki.com/Dominions">http://gulik.pbwiki.com/Dominions</a><br>(3) <a href="http://gulik.pbwiki.com/SecureSqueak">http://gulik.pbwiki.com/SecureSqueak</a><br>(4) <a href="http://gulik.pbwiki.com/Namespaces">http://gulik.pbwiki.com/Namespaces</a><br>
(5) <a href="http://gulik.pbwiki.com/Packages">http://gulik.pbwiki.com/Packages</a><br>(6) <a href="http://gulik.pbwiki.com/Canvas">http://gulik.pbwiki.com/Canvas</a><br>(7) <a href="http://www.gulik.co.nz/dpon_design.pdf">http://www.gulik.co.nz/dpon_design.pdf</a><br>
<br>Gulik.<br><br>-- <br><a href="http://people.squeakfoundation.org/person/mikevdg">http://people.squeakfoundation.org/person/mikevdg</a><br><a href="http://gulik.pbwiki.com/">http://gulik.pbwiki.com/</a>