[squeak-dev] The Inbox: Compiler-ct.473.mczLauren Pullen drurowin at gmail.comFri May 6 05:38:07 UTC 2022
Hi Christoph, On 5/5/22 19:08, Thiede, Christoph wrote: > While we are talking about special characters in source code already, would Compiler-ct.462 be a good merge candidate as well? It detects and warns about Trojan Source attacks<https://trojansource.codes/>. :-) +1 for forcing interactive override Even if Squeak doesn't interpret Bidi control codes for display today, we should still catch their potential abuse for tomorrow. I'd not heard of the abuse potential with the Bidi control codes... ... I was surprised to learn how flexible they were, especially with nesting Isolates to flip entire chunks of text. I thought they'd written text under erasure. -1 for noise potential If it comes up too frequently, users will become complacent*. This would put the users who work with Bidi text the most at the most risk. I think it would be better to add it as a postcondition to tokenization: 'a single token will revert text direction if it changes it'. It should be okay to compile things like doThing: אוסף "Operate on the אוסף" אוסף do: [:ea | ea thingToDo] without complaint since each token sets LTR for every RTL, but starting RTL outside a comment then putting the ending LTR in a comment is fishy. * A coworker one day said they installed a virus on their computer the night before because they ignored the SSL validation failure message because the websites they go to often fail it, and then proceeded to ignore the built in antivirus check because it always complains, and then ignored the Windows UAC message saying it wasn't produced by the intended vendor because companies frequently use names unknown to the normal consumer. It's important to note this coworker was my direct supervisor, whose job involves paying attention to details to see how much of a merit raise to give me. The irony was not lost on them. -------------- next part -------------- A non-text attachment was scrubbed... Name: trojanSourceLiterals.txt.png Type: image/png Size: 14913 bytes Desc: not available URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20220506/17dc5cb6/attachment.png>
More information about the Squeak-dev mailing list |
