[squeak-dev] The Inbox: Compiler-ct.473.mcz

Lauren Pullen drurowin at gmail.com
Fri May 6 05:38:07 UTC 2022

Hi Christoph,

On 5/5/22 19:08, Thiede, Christoph wrote:
> While we are talking about special characters in source code already, would Compiler-ct.462 be a good merge candidate as well? It detects and warns about Trojan Source attacks<https://trojansource.codes/>. :-)
+1 for forcing interactive override

Even if Squeak doesn't interpret Bidi control codes for display today,
we should still catch their potential abuse for tomorrow.

I'd not heard of the abuse potential with the Bidi control codes... ...
I was surprised to learn how flexible they were, especially with nesting
Isolates to flip entire chunks of text.  I thought they'd written text
under erasure.

-1 for noise potential

If it comes up too frequently, users will become complacent*.  This
would put the users who work with Bidi text the most at the most risk.

I think it would be better to add it as a postcondition to tokenization:
'a single token will revert text direction if it changes it'.  It should
be okay to compile things like

doThing: אוסף
	"Operate on the אוסף"
	אוסף do: [:ea | ea thingToDo]

without complaint since each token sets LTR for every RTL, but starting
RTL outside a comment then putting the ending LTR in a comment is fishy.

* A coworker one day said they installed a virus on their computer the
night before because they ignored the SSL validation failure message
because the websites they go to often fail it, and then proceeded to
ignore the built in antivirus check because it always complains, and
then ignored the Windows UAC message saying it wasn't produced by the
intended vendor because companies frequently use names unknown to the
normal consumer.  It's important to note this coworker was my direct
supervisor, whose job involves paying attention to details to see how
much of a merit raise to give me.  The irony was not lost on them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: trojanSourceLiterals.txt.png
Type: image/png
Size: 14913 bytes
Desc: not available
URL: <http://lists.squeakfoundation.org/pipermail/squeak-dev/attachments/20220506/17dc5cb6/attachment.png>

More information about the Squeak-dev mailing list