[Cryptography Team] New Members

Ron Teitelbaum Ron at USMedRec.com
Wed Oct 4 19:50:58 UTC 2006 


> -----Original Message-----
> From: cryptography-bounces at lists.squeakfoundation.org
> [mailto:cryptography-bounces at lists.squeakfoundation.org] On Behalf Of Bill
> Schwab
> Sent: Wednesday, October 04, 2006 2:44 PM
> To: cryptography at lists.squeakfoundation.org
> Subject: [Cryptography Team] New Members
> 
> Ron,
> 
> ================================
> It's nice to talk to you again.
> ================================
> 
> Ditto!
> 
> 
> ================================
> I agree there is much to be done.  I've been working with interfaces.
> I'm
> working with wxWidgets (wxSqueak) which I think is very nice.  I'm also
> looking at strongtalk but obviously that's further out.  What I think I
> like
> the most right now is Seaside.  I'm seriously considering using web
> browsers
> for everything.
> ================================
> 
> Browsers are great for many things, and Seaside is a fascinating
> technology.
> However, I still think that some things are a poor fit to a browser.  My
> recordkeeper (Dolphin based) runs quite nicely on 500MHz Celerons with
> win2k.  The user interface is fairly dynamic/data driven, and there were
> places where I had to move away from native widgets to boost the speed.
> The native stuff is great for dialog boxes, but it falls short when
> displaying hundreds of active cells, etc.  

===================================

I'm hoping that this is not the case, the UI for me is still in flux but I'm
still very happy with seaside.  Have a look at www.dabbledb.com which is
written entirely in seaside.  With the live update pieces I've seen
(seasideAsync) which allows for portions of the page to be updated without
reloading the whole page, it is really snappy!

===================================

> I have not yet tried similar
> things in Morphic.  I can either map my widgets onto morphs, or if I did
> something truly unique (which I doubt), I could create a morph that
> becomes the parent to the widgets in question.
> 
> 
> 
> ===============================================
> I agree with this and I really need to spend some time on this.  When
> Rob
> and I were working on SSL we had problems with underscores.  What's odd
> is
> that I've been using underscores frequently and have had no problems at
> all
> with 3.9.  At some point I need to figure out why it works for me and
> fails
> for others.
> ===============================================
> 
> Do you use underscores in selectors?  

================================================
Yes and it worked fine but broke for Rob.  I must have loaded the patch you
are talking about previously, or I saw the problem and fixed it myself and
it's in my own code.  I need to find it.
================================================

> In my tests, it has not yet
> worked.  There has long been a patch to allow underscores everywhere
> except the first character of a selector (I could live with that), but
> the community has refused to fold it into the mainstream release.  I
> really don't get it.
> 
> Elsewhere in the image, the underscore situation has improved
> dramatically.  At least some of the selector hangup is probably related
> to problems that arose with the underscore fix code.  Hopefully that
> will happen, and the special status of $_ will be removed.  I have no
> objection to a single key shortcut for assignment, but I have always
> maintained that it should be an optional feature of the editor, not a
> hack in the compiler and sources.
> 
> 
> 
> ===============================================
> Here are my thoughts on the issue.  I would like to support OpenSSL but
> there have been some concerns raised about how to secure the interface
> between squeak and the openSSL libs.
> ===============================================
> 
> Is that unique to OpenSSL, or would the same apply to any DLL?  

=================================================
It would apply to all DLL's so communication in and out should be encrypted
which doesn't work well if you want plain text sent back into the image.
The image itself is safer since the memory is protected, although it's not
much more protection since debugging tools can still be used to dump the
memory.  Bruce Schneier has a lot of suggestions about handling internal
memory that I would like to add into Squeak.
=================================================
> 
> 
> ===============================================
> Also it was much more an attractive
> proposition when OpenSSL was FIPS certified.  The fact that Microsoft's
> CryptoAPI is FIPS certified makes it an attractive option.  It has been
> mentioned here that if we follow the common criteria that the benefit to
> FIPS certification diminishes some.  I would really like to focus on
> standard tests for native squeak cryptography.  The problem is I don't
> have
> much time right now to do it myself.  We need help!
> ===============================================
> 
> To clarify, are you saying that OpenSSL lost its certification?  

=================================================
Yes they had the certification but other for profit companies have been
fighting against it.  They had something but it was revoked.  I went to find
the status and it looks like they are still on track: 

FIPS 140-2 for OpenSSL (validation completed -- March 21, 2006)          
  
Program Status: Phase 1 COMPLETED (March 21, 2006) 
VALIDATION Status: NIST FIPS 140-1 and FIPS 140-2 Prevalidation List
(UPDATED) 

Program Overview: OSSI has been working with various DoD and industry
organizations to secure the National Institute of Standards and Technology
(NIST) FIPS 140-2 validation for OpenSSL. We currently waiting for a final
decision from NIST and CSE on the final validation of the FIPS 140-2
validation for OpenSSL. 

=================================================
> My understanding is that it was certified in January or thereabouts.
> Hopefully that has not been reversed.
> 
> 
> ===============================================
> As for my own projects, we just filed our patents.  We are looking for
> funding, and I expect that our products are at least a year out.
> Hopefully
> once we have a working prototype you will consider helping us with
> Anesthesiology Medical Records.  Nice to hear from you Bill!
> ===============================================
> 
> Good luck with your efforts.  We would have to learn more about what you
> want to do and how, but I know a little about anesthesia records<g> and
> might indeed be interested.  Beyond intraoperative records, we can help
> with ICU flow sheets, H&P, billing, etc..  Please keep us in mind.

=======================================
Thank you I will take you up on that!

Ron
=======================================

> 
> Bill
> 
> 
> 
> Wilhelm K. Schwab, Ph.D.
> University of Florida
> Department of Anesthesiology
> PO Box 100254
> Gainesville, FL 32610-0254
> 
> Email: bills at anest4.anest.ufl.edu
> Tel: (352) 846-1285
> FAX: (352) 392-7029
> 
> _______________________________________________
> Cryptography mailing list
> Cryptography at lists.squeakfoundation.org
> http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography

More information about the Cryptography mailing list