Proposal: Squeak-E = Squeak x Kernel-E

cg at cdegroot.com cg at cdegroot.com
Mon Jan 27 08:34:14 UTC 2003


Lex Spoon <squeak-dev at lists.squeakfoundation.org> said:
>I disagree.  If you do it right, then the stuff you load is secure
>automatically. 

You're probably right there - missed a step. What you probably want is
an 'unsecure' bit (during the change-over) that autopunches all holes on
loading. At least, that's the idea I was trying to put on the table:
bottom-up, secure packages; however, be prepared to run in a totally
unsecure mode (maybe with the background flashing bright red ;-)) in
order to load legacy code. 

When loading an unsecure package (and if the VM allows to switch to
'unsecure' mode, probably some command line option), you probably open
up access to primitives and install some wide open version of
#Smalltalk. It's doable, I think, and probably the only way to
incrementally lock down things while keeping from forking too far or
having a low-quality user experience.

>I've punched  enough through that you can run BouncingAtomsMorph very slowly.
>
Clearly, that's not acceptable if we ever want to get this into the main
release. Which I think should be the goal if we ever want to make use of
OpenCroquet and whatever neat stuff hides in there in a public
setting...

>If an approach requires auditing everything, then the approach
>is too difficult to be useful for most purposes.  Who wants to
>audit all of Morphic?
>
Oh, I'm an optimist:
- We will adopt Traits;
- We will adopt modular Squeak;
- Someone, or hopefully lots of people, wants to refactor Morphic to
  Traits and a number of overseeable modules;
- The end result will be 'auditable'.

'auditing', as you correctly put, is only necessary for 'privileged'
code that needs access to primitives. But if you look at the base
packages, especially all the networking and multimedia stuff, that's
quite a bit of code. However, after a succesful Morphic refactoring, the
only bit of code you need to review is 'Morphic-Core', not the whole
load, you're absolutely right there.



-- 
Cees de Groot               http://www.cdegroot.com     <cg at cdegroot.com>
GnuPG 1024D/E0989E8B 0016 F679 F38D 5946 4ECD  1986 F303 937F E098 9E8B
Cogito ergo evigilo



More information about the Squeak-dev mailing list