[Squeak-e] Islands is level 4

Lex Spoon lex at cc.gatech.edu
Fri Feb 14 17:28:21 CET 2003

"Joshua 'Schwa' Gargus" <schwa at cc.gatech.edu> wrote:

> Evolving Squeak to meet the requirements for "level 4" security promises
> to be even more disruptive to the average programmer.  On the other hand,
> it is my belief that this level of security is necessary for Squeak/Croquet
> to achieve their dream of revolutionizing personal computing.

What does Islands miss in order to be level 4?  It allows you to make
your own capabilities within the SafeSqueak subset that the Islands
compiler runs in by default.  As an example, I showed how to do the
purses+mints problem, and it was pretty straightforward.  Did I miss an
email pointing out some hole in my solution?

The annoying part of Islands is the dynamic variables.  If you don't
trust a capability you are invoking, you have to swap out your island
before you invoke it.  Likewise, if you are a capability and you don't
trust the guy who called you, then you have to swap in a private island
during your work.

However, while this swaping code is annoying, it is also straightforward
and short.  Note that *all* of the dynamic environment gets swapped at
once.  Thus, while having the dynamic island-wide table of variables is
annoying, let it not pass that it transitions Squeak from level 0 to
level 4.

This said, there is plenty of room for improvement on Islands.  A safe
debugger would be great.  A way to statically bind to classes would be
great.  Just please use a different description of the weaknesses of
Islands than saying "not level 4".  Not only are user-written
capabilities available and secure in Islands, but they have been there
since early in the project.

As has oft been repeated, the capabilities are the easy part.  The hard
part is getting the library updated.

Lex Spoon

More information about the Squeak-e mailing list