[Cryptography Team] New Members

Ron Teitelbaum Ron at USMedRec.com
Wed Oct 4 14:48:45 UTC 2006 

Hi Bill,

It's nice to talk to you again.

See comments inserted.

> From: Bill Schwab
> Sent: Tuesday, October 03, 2006 10:25 PM
> 
> Ron,
> 
> ===============================
> New Team Members,
> 
> I see we have a few new members.  If you feel so inclined please
> introduce
> yourself and let the team know what areas you are interested in.  This
> team
> is small so we try to encourage as much participation as possible.
> 
> Welcome,
> ===============================
> 
> My interest in Squeak can be summarized in a few words: open, portable,
> Smalltalk.  I have long believed that I will eventually need to leave
> Windows, and want an escape valve (which must of course involve
> Smalltalk); for now, I am not in a hurry.  Having time on my side,
> Squeak might be worth some work and some waiting.
> 
> So what is missing from or wrong with Squeak?  Good access to SSL is
> critical to many uses I envision, and this group will hopefully fill
> that void.  I also have some reservations about the user interface, and
> suspect that you (Ron) will share at least some of them due to your
> focus on medical software.  It would be nice to see some
> cleanup/consistency in socket streams.  I am also convinced that Dolphin
> and VW are correct to signal errors on stream exhaustion, and would like
> to see Squeak do the same.  A fix for underscore snags would be helpful
> (more below).  I realize that the focus here is on cryptography, and
> moving that forward would be worth the price of admission; it would be
> better still to find some like-minded Squeakers who can push for some
> other changes that IMHO would be very good for Squeak.

==================================
I agree there is much to be done.  I've been working with interfaces.  I'm
working with wxWidgets (wxSqueak) which I think is very nice.  I'm also
looking at strongtalk but obviously that's further out.  What I think I like
the most right now is Seaside.  I'm seriously considering using web browsers
for everything.  

Also I'm not having the same problems with sockets.  What problems are you
having?  Protocol size headers Tag Size Value works pretty well to allow you
to handle socket issues.
==================================

> 
> Re Squeak's GUI, the look of the interface is not a big deal to me, nor
> are native widgets, but the current feel is a problem.  Clerks enter
> data that can be _very_ valuable, and they type; lists grabbing focus on
> mouse-over would be complete deal-breaker.  Tabbing between fields is
> essential for them to accept software.  Modal dialogs are essential to
> keep the majority of my users out of trouble.  Fixing the problems is
> not necessarily very difficult; my concern is that once I fix them, I am
> on my own unless the required changes are accepted into the base GUI, if
> only as options.
> 
> Re underscores, the main reason I care about them is interfacing with
> relational databases.  I am not a big user of RDBs.  However, when the
> goal is to find Robert Smith among hundreds of thousands or more of his
> peers, an RDB is the tool of choice.  Field names tend to contain
> underscores, and field names become natural choices for selectors in
> proxies (if only via DNU).  The recent unicode changes have at least
> gotten rid of the errant back arrows in file names, etc.  That's
> progress, but I keep hoping for more.

===============================================
I agree with this and I really need to spend some time on this.  When Rob
and I were working on SSL we had problems with underscores.  What's odd is
that I've been using underscores frequently and have had no problems at all
with 3.9.  At some point I need to figure out why it works for me and fails
for others.
===============================================

> 
> Back to cryptography, (FWIW) I would prioritize OpenSSL over Microsoft
> libraries.  Things implemented in Squeak would be nice too, but I have
> had good experience with OpenSSL.  My hunch (I could be wrong) is that
> C/C++ binaries are preferred for cryptographic number crunching, at
> least for the grunt work of processing incoming and outgoing data
> streams.  For the occasional public key operation, Smalltalk's ability
> to handle large integers is hard to ignore, and performed reasonably
> (even surprisingly) well the last time I gave it a try.

===============================================
Here are my thoughts on the issue.  I would like to support OpenSSL but
there have been some concerns raised about how to secure the interface
between squeak and the openSSL libs.  Also it was much more an attractive
proposition when OpenSSL was FIPS certified.  The fact that Microsoft's
CryptoAPI is FIPS certified makes it an attractive option.  It has been
mentioned here that if we follow the common criteria that the benefit to
FIPS certification diminishes some.  I would really like to focus on
standard tests for native squeak cryptography.  The problem is I don't have
much time right now to do it myself.  We need help!

As for my own projects, we just filed our patents.  We are looking for
funding, and I expect that our products are at least a year out.  Hopefully
once we have a working prototype you will consider helping us with
Anesthesiology Medical Records.  Nice to hear from you Bill!

Ron Teitelbaum
================================================

> 
> Bill
> 
> 
> 
> Wilhelm K. Schwab, Ph.D.
> University of Florida
> Department of Anesthesiology
> PO Box 100254
> Gainesville, FL 32610-0254
> 
> Email: bills at anest4.anest.ufl.edu
> Tel: (352) 846-1285
> FAX: (352) 392-7029
> 
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list