[Squeak-e] Programming the VM

cg at cdegroot.com cg at cdegroot.com
Mon Feb 3 08:08:17 CET 2003 

Colin Putney <squeak-e at lists.squeakfoundation.org> said:
>My question to Mark, Rob and the other Squeak-E enthusiasts then is, we 
>can reconcile these two virtues? 

That, indeed, is the most important question. "Can we integrate the
security of E into Squeak without losing Squeakness?". The answer: I
don't know. I think that's why we are all here - no-one is interested in
throwing out the baby with the bathwater. 

As I see it now, and as I have brought it up - as an image - elsewhere,
we're likely to end up with a system not unlike a classical OS with
three rings:
- The inner ring can do literally anything, it is the Squeak VM;
- The intermediate ring can do a lot, and be quite harmful, it is
  SqueakAsWeKnowIt;
- The outer ring will be safe, probably in a language that looks a lot
  like Squeak but have some syntax changes (eventual sends, I hope) and
  semantics changes (globals etcetera), this is where Squeaklets will
  live. 

The goal is to move as much code to the outer ring as possible, of
course. But, similary to what E did with Java, we can bootstrap a lot. 

Now, as far as UI goes, I'm confident that the ideas between CapDesk
will work in Squeak. If you haven't seen it, the short version is that
it is as transparent as possible. If a program wants a capability, it
can explicitely ask the user; however, often user actions will
implicitely grant capabilities: a Squeaklet would ask the underlying
system for a read capability on some file (e.g. in answer of the user
clicking 'open'), and by selecting a file, the user would grant read
capability on that file to that Squeaklet. The gestures therefore are
the same, it's 'just' the semantics that are different: in the
'classical' case, the user could point to 'readme.txt' and the editor
could nevertheless open 'secrets.txt' because it posesses all the user's
authority to the filesystem, in the 'Squeak-E' case, the user would
point to 'readme.txt' and that's the only capability the editor would
ever get back from the (privileged) file choosing system. 


-- 
Cees de Groot               http://www.cdegroot.com     <cg at cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD  1986 F303 937F E098 9E8B
Cogito ergo evigilo

More information about the Squeak-e mailing list