Squeak in commercial projects
Locked
12
12
 
|
Hi
How can I use Squeak in a commercial closed source project (whole image)? How about upgrades? I want to be able to send an upgrade to the customer which only contains the changed code. Thanks, JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
RE: Squeak in commercial projects
|
|
Hi JP,
This is not an easy question. There are a number of things that you need to consider. First you need to decide how secure the update needs to be. If you are not worried about security then you have a much easier job and many more options. In general Squeak is not secure, but it is also not less secure then many other tools that are sent to end users. So first answer some questions. Is your system likely to be used by people that are interested in cracking the system? Does your system have access to network facilities that attach to other installations of your system? Are you concerned that someone might try to build a patch and upload that code to your system installations? (i.e. spyware, worms, viruses) Are you trying to prevent users from using features of your system without authorization? (i.e. Try before you buy?) There are no easy answers but I do believe it is a very interesting discussion. Ron Teitelbaum President / Principal Software Engineer US Medical Record Specialists www.usmedrec.com Squeak Cryptography Team Leader > -----Original Message----- > From: [hidden email] [mailto:beginners- > [hidden email]] On Behalf Of Jens Pall > Sent: Tuesday, March 06, 2007 2:09 AM > To: Squeak Beginners > Subject: [Newbies] Squeak in commercial projects > > Hi > > How can I use Squeak in a commercial closed source project (whole image)? > > How about upgrades? I want to be able to send an upgrade to the customer > which only contains the changed code. > > Thanks, > JP > _______________________________________________ > Beginners mailing list > [hidden email] > http://lists.squeakfoundation.org/mailman/listinfo/beginners _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
Ron Teitelbaum wrote:
> Hi JP, > > This is not an easy question. There are a number of things that you need to > consider. First you need to decide how secure the update needs to be. If > you are not worried about security then you have a much easier job and many > more options. In general Squeak is not secure, but it is also not less > secure then many other tools that are sent to end users. > > So first answer some questions. > > Is your system likely to be used by people that are interested in cracking > the system? Some of the end-users might try this but most of them will not. They just want a system that works and does its job. We are working with partners who are distributing our software and I know that some of them will try to open up the software, modify it and, in some cases, try to sell it as their own if it is easy to get at the source. If the source is not available and it is a bit hard to get access to the developing interface then I believe this risk is greatly reduced. > Does your system have access to network facilities that attach to other > installations of your system? Yes. This is a distributed networked application. It lives and breathes on the network. > Are you concerned that someone might try to build a patch and upload that > code to your system installations? (i.e. spyware, worms, viruses) Well, not really. Our installations mainly run on private WAN networks owned by the customer but you never know what malicious internal users might do. We plan on being able to run this over the Internet where this is a major concern but will try to limit it by using secure network connections. > Are you trying to prevent users from using features of your system without > authorization? (i.e. Try before you buy?) Yes. We must be able to issue licenses for using features of the system. > There are no easy answers but I do believe it is a very interesting > discussion. It indeed is and one that needs to be addressed if Squeak is to be seriously considered as a commercial vehicle. It has huge potential in that area if the proper hooks are in place. As a side note I might mention that our current system is implemented in C++ and, if it turns out to be possible with respect to the topic of this thread, we are seriously considering porting it to Squeak. Croquet will also play a major role as the monitoring / management tool. > Ron Teitelbaum > President / Principal Software Engineer > US Medical Record Specialists > www.usmedrec.com > Squeak Cryptography Team Leader > > >> -----Original Message----- >> From: [hidden email] [mailto:beginners- >> [hidden email]] On Behalf Of Jens Pall >> Sent: Tuesday, March 06, 2007 2:09 AM >> To: Squeak Beginners >> Subject: [Newbies] Squeak in commercial projects >> >> Hi >> >> How can I use Squeak in a commercial closed source project (whole image)? >> >> How about upgrades? I want to be able to send an upgrade to the customer >> which only contains the changed code. >> >> Thanks, >> JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
You could buy impara's Plopp (made in Squeak), and if you find it
secure enough, contact them for how they did it: http://store.eSellerate.net/s.aspx?s=STR8699827788 - Bert - On Mar 6, 2007, at 21:10 , Jens Pall wrote: > Ron Teitelbaum wrote: >> Hi JP, >> This is not an easy question. There are a number of things that >> you need to >> consider. First you need to decide how secure the update needs to >> be. If >> you are not worried about security then you have a much easier job >> and many >> more options. In general Squeak is not secure, but it is also not >> less >> secure then many other tools that are sent to end users. >> So first answer some questions. >> Is your system likely to be used by people that are interested in >> cracking >> the system? > > Some of the end-users might try this but most of them will not. > They just want a system that works and does its job. We are working > with partners who are distributing our software and I know that > some of them will try to open up the software, modify it and, in > some cases, try to sell it as their own if it is easy to get at the > source. If the source is not available and it is a bit hard to get > access to the developing interface then I believe this risk is > greatly reduced. > >> Does your system have access to network facilities that attach to >> other >> installations of your system? > > Yes. This is a distributed networked application. It lives and > breathes on the network. > >> Are you concerned that someone might try to build a patch and >> upload that >> code to your system installations? (i.e. spyware, worms, viruses) > > Well, not really. Our installations mainly run on private WAN > networks owned by the customer but you never know what malicious > internal users might do. We plan on being able to run this over the > Internet where this is a major concern but will try to limit it by > using secure network connections. > >> Are you trying to prevent users from using features of your system >> without >> authorization? (i.e. Try before you buy?) > > Yes. We must be able to issue licenses for using features of the > system. > >> There are no easy answers but I do believe it is a very interesting >> discussion. > > It indeed is and one that needs to be addressed if Squeak is to be > seriously considered as a commercial vehicle. It has huge potential > in that area if the proper hooks are in place. > > As a side note I might mention that our current system is > implemented in C++ and, if it turns out to be possible with respect > to the topic of this thread, we are seriously considering porting > it to Squeak. Croquet will also play a major role as the > monitoring / management tool. > >> Ron Teitelbaum >> President / Principal Software Engineer >> US Medical Record Specialists >> www.usmedrec.com Squeak Cryptography Team Leader >>> -----Original Message----- >>> From: [hidden email] >>> [mailto:beginners- >>> [hidden email]] On Behalf Of Jens Pall >>> Sent: Tuesday, March 06, 2007 2:09 AM >>> To: Squeak Beginners >>> Subject: [Newbies] Squeak in commercial projects >>> >>> Hi >>> >>> How can I use Squeak in a commercial closed source project (whole >>> image)? >>> >>> How about upgrades? I want to be able to send an upgrade to the >>> customer >>> which only contains the changed code. >>> >>> Thanks, >>> JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Uploading Patches and Enabling Features in Commercial Systems
|
|
In reply to this post by Jens Pall
Hi JP,
OK before answering let me say that these are only suggestions and you are responsible for taking suggestions as suggestions. In other words I can not be responsible for anything that goes wrong on your system, use my suggestions at your own risk. THE OPINION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE OPINION OR THE USE OR OTHER DEALINGS IN SOFTWARE. I'm sure all that goes without saying but now it is said. The first question you asked was: how does a system update itself? Here are the issues as I see them. 1) A system must be able to ensure that it is updating itself from a trusted location. 2) A system must be able to ensure that only the trusted system can ask it to update itself. 3) A system must be able to ensure that it can securely store an update location. 4) A system must be able to securely change the update location. 5) All communications must be encrypted. 6) A System must be able to verify patches before applying them. 7) A System must be able to automatically load the patch. 8) A System should be able to update without restarting the application. 9) A System must be able to report back success or failure of patch installation. 10) A System must be able to recover from a failed patch. Ok so basic caveat, I just made these up and I'm sure I left something out. The second question is how you can limit functionally in your system unless and until payment is received. 1) A system must be able to enable features for a single instance and prevent those features from being shared to other systems. 2) A system could be able to detect features being used inappropriately 3) A system could be able to periodically check for permission (trial software) Ok so since I ran out of time I'll try to take each point one at a time starting tomorrow. Does this list help the conversation? Can you add to the list things that you think the system needs to do? Ron Teitelbaum President / Principal Software Engineer US Medical Record Specialists Squeak Cryptography Team Leader > From: Jens Pall > Sent: Tuesday, March 06, 2007 3:10 PM > > Ron Teitelbaum wrote: > > Hi JP, > > > > This is not an easy question. There are a number of things that you > need to > > consider. First you need to decide how secure the update needs to be. > If > > you are not worried about security then you have a much easier job and > many > > more options. In general Squeak is not secure, but it is also not less > > secure then many other tools that are sent to end users. > > > > So first answer some questions. > > > > Is your system likely to be used by people that are interested in > cracking > > the system? > > Some of the end-users might try this but most of them will not. They > just want a system that works and does its job. We are working with > partners who are distributing our software and I know that some of them > will try to open up the software, modify it and, in some cases, try to > sell it as their own if it is easy to get at the source. If the source > is not available and it is a bit hard to get access to the developing > interface then I believe this risk is greatly reduced. > > > Does your system have access to network facilities that attach to other > > installations of your system? > > Yes. This is a distributed networked application. It lives and breathes > on the network. > > > Are you concerned that someone might try to build a patch and upload > that > > code to your system installations? (i.e. spyware, worms, viruses) > > Well, not really. Our installations mainly run on private WAN networks > owned by the customer but you never know what malicious internal users > might do. We plan on being able to run this over the Internet where this > is a major concern but will try to limit it by using secure network > connections. > > > Are you trying to prevent users from using features of your system > without > > authorization? (i.e. Try before you buy?) > > Yes. We must be able to issue licenses for using features of the system. > > > There are no easy answers but I do believe it is a very interesting > > discussion. > > It indeed is and one that needs to be addressed if Squeak is to be > seriously considered as a commercial vehicle. It has huge potential in > that area if the proper hooks are in place. > > As a side note I might mention that our current system is implemented in > C++ and, if it turns out to be possible with respect to the topic of > this thread, we are seriously considering porting it to Squeak. Croquet > will also play a major role as the monitoring / management tool. > > > Ron Teitelbaum > > President / Principal Software Engineer > > US Medical Record Specialists > > www.usmedrec.com > > Squeak Cryptography Team Leader > > > > > >> -----Original Message----- > >> From: [hidden email] [mailto:beginners- > >> [hidden email]] On Behalf Of Jens Pall > >> Sent: Tuesday, March 06, 2007 2:09 AM > >> To: Squeak Beginners > >> Subject: [Newbies] Squeak in commercial projects > >> > >> Hi > >> > >> How can I use Squeak in a commercial closed source project (whole > image)? > >> > >> How about upgrades? I want to be able to send an upgrade to the > customer > >> which only contains the changed code. > >> > >> Thanks, > >> JP > > > _______________________________________________ > Beginners mailing list > [hidden email] > http://lists.squeakfoundation.org/mailman/listinfo/beginners _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
In reply to this post by Bert Freudenberg
Bert Freudenberg wrote:
> You could buy impara's Plopp (made in Squeak), and if you find it secure > enough, contact them for how they did it: > > http://store.eSellerate.net/s.aspx?s=STR8699827788 > > - Bert - > Interesting! Thanks for the tip, Bert. JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
In reply to this post by Jens Pall
Jens Pall wrote:
> Hi > > How can I use Squeak in a commercial closed source project (whole image)? Have you seen how to lock down? http://wiki.squeak.org/squeak/518 _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
Brad Fuller wrote:
> Jens Pall wrote: >> Hi >> >> How can I use Squeak in a commercial closed source project (whole image)? > > Have you seen how to lock down? > http://wiki.squeak.org/squeak/518 > Yes, I've seen bits and pieces of the lock down procedure but haven't been able to successfully lock an image (haven't tried very hard though). This is a step inn the right direction but I'm a bit concerned about upgrades. How would I ship an upgrade without sending the whole image again? Can I somehow export the new/changed bytecode and import it at the customer's site? JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
Jens Pall wrote:
> Brad Fuller wrote: >> Jens Pall wrote: >>> Hi >>> >>> How can I use Squeak in a commercial closed source project (whole >>> image)? >> >> Have you seen how to lock down? >> http://wiki.squeak.org/squeak/518 >> > > Yes, I've seen bits and pieces of the lock down procedure but haven't > been able to successfully lock an image (haven't tried very hard > though). There were msgs about a month or two back in the squeak-dev ML about the lock down package not working correctly on 3.9. But, I think there were workarounds. Check the archives. This is a step inn the right direction but I'm a bit concerned > about upgrades. How would I ship an upgrade without sending the whole > image again? Can I somehow export the new/changed bytecode and import it > at the customer's site? Can you not employ a similar procedure as squeaksource? Make your own mini SqueakMap that points only to your repo? Or put a friendly frontend to Monticello pointing to your repo only? Maybe you could also send update alerts if the person is online to remind them to update. brad _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
In reply to this post by Jens Pall
On Tue, 06 Mar 2007 12:10:00 -0800, Jens Pall <[hidden email]> wrote:
> As a side note I might mention that our current system is implemented in > C++ and, if it turns out to be possible with respect to the topic of > this thread, we are seriously considering porting it to Squeak. Croquet > will also play a major role as the monitoring / management tool. You may be able to do a partial port, and by keeping some sections in C++, be able to prevent theft. _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
In reply to this post by Brad Fuller-3
Brad Fuller wrote:
> Jens Pall wrote: > > This is a step inn the right direction but I'm a bit concerned >> about upgrades. How would I ship an upgrade without sending the whole >> image again? Can I somehow export the new/changed bytecode and import >> it at the customer's site? > > Can you not employ a similar procedure as squeaksource? Make your own > mini SqueakMap that points only to your repo? > > Or put a friendly frontend to Monticello pointing to your repo only? > Maybe you could also send update alerts if the person is online to > remind them to update. But doesn't this imply that the source is downloaded, making it easy (easier) to hack the system? I could make the private Monticello connection secure, update the system and then delete the source... just thinking out loud. JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
In reply to this post by Blake-5
Blake wrote:
> On Tue, 06 Mar 2007 12:10:00 -0800, Jens Pall <[hidden email]> wrote: > >> As a side note I might mention that our current system is implemented >> in C++ and, if it turns out to be possible with respect to the topic >> of this thread, we are seriously considering porting it to Squeak. >> Croquet will also play a major role as the monitoring / management tool. > > You may be able to do a partial port, and by keeping some sections in > C++, be able to prevent theft. Can you elaborate a bit on this point? How would this prevent access to the Smalltalk code in the image? JP _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
In reply to this post by Jens Pall
Hi!
Just a note - decompiling from bytecodes is very easy in Squeak. The only thing missing is the original indentation and any comments. But everything else is there. Just so you know. Locking down the image is of course doable - so that you can't easily get to the tools etc - but there are of course ways to go around that too. For example, I guess you can use an image file analyzer (there is at least one I think) or hack a VM to do stuff when the image is loaded. Jens Pall <[hidden email]> wrote: > Brad Fuller wrote: > > Jens Pall wrote: > > > > This is a step inn the right direction but I'm a bit concerned > >> about upgrades. How would I ship an upgrade without sending the whole > >> image again? Can I somehow export the new/changed bytecode and import > >> it at the customer's site? > > > > Can you not employ a similar procedure as squeaksource? Make your own > > mini SqueakMap that points only to your repo? > > > > Or put a friendly frontend to Monticello pointing to your repo only? > > Maybe you could also send update alerts if the person is online to > > remind them to update. > > But doesn't this imply that the source is downloaded, making it easy > (easier) to hack the system? I could make the private Monticello > connection secure, update the system and then delete the source... just > thinking out loud. Yes - a Monticello package is just a zip file of source code. Sure, you can make the transfer "secure" using SSL or whatever - and you can apply it and throw it away (no need for the MC snapshot to ever touch the file system) but the problem of decompilation/image analysis above remains. But of course - it is all a matter of "ambition". regards, Göran _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
|
|
In reply to this post by Jens Pall
On Tue, 06 Mar 2007 22:46:52 -0800, Jens Pall <[hidden email]> wrote:
> Blake wrote: >> On Tue, 06 Mar 2007 12:10:00 -0800, Jens Pall <[hidden email]> >> wrote: >> >>> As a side note I might mention that our current system is implemented >>> in C++ and, if it turns out to be possible with respect to the topic >>> of this thread, we are seriously considering porting it to Squeak. >>> Croquet will also play a major role as the monitoring / management >>> tool. >> You may be able to do a partial port, and by keeping some sections in >> C++, be able to prevent theft. > > Can you elaborate a bit on this point? How would this prevent access to > the Smalltalk code in the image? It wouldn't. I was thinking that that particular code would be hidden, and you could force the Smalltalk code to be reliant on the compiled code. Or you could have the compiled code do dongle checking/phoning home. That's what one small company I know does. I've always hate copy protection, but certain markets, people seem to have no compunction about stealing. (Even when the net result could very well be the end of the company that makes the product.) _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
In reply to this post by Jens Pall
El 3/6/07 8:03 PM, "Jens Pall" <[hidden email]> escribió: > Yes, I've seen bits and pieces of the lock down procedure but haven't > been able to successfully lock an image (haven't tried very hard > though). This is a step inn the right direction but I'm a bit concerned > about upgrades. How would I ship an upgrade without sending the whole > image again? Can I somehow export the new/changed bytecode and import it > at the customer's site? > > JP I following your exchange with Ron. My tip. To a Ned Preferences disableProgrammerFacilities method I usually add a modified World menu !TheWorldMenu methodsFor: 'construction' stamp: 'edc 1/29/2006 07:18'! buildWorldMenu "Build the menu that is put up when the screen-desktop is clicked on" | menu | menu := MenuMorph new defaultTarget: self. menu commandKeyHandler: self. self colorForDebugging: menu. menu addStayUpItem. self fillIn: menu from: {{'restore display (r)'. {World. #restoreMorphicDisplay}. 'repaint the screen -- useful for removing unwanted display artifacts, lingering cursors, etc.'}. nil}. Preferences simpleMenus ifFalse: [self fillIn: menu from: {{'open...'. {self. #openWindow}}. {'windows...'. {self. #windowsDo}}. {'changes...'. {self. #changesDo}}}]. self fillIn: menu from: {{'help...'. {self. #helpDo}. 'puts up a menu of useful items for updating the system, determining what version you are running, and much else'}. {'appearance...'. {self. #appearanceDo}. 'put up a menu offering many controls over appearance.'}}. Preferences simpleMenus ifFalse: [self fillIn: menu from: {{'do...'. {Utilities. #offerCommonRequests}. 'put up an editible list of convenient expressions, and evaluate the one selected.'}}]. self fillIn: menu from: { nil. {'new morph...' . { self . #newMorph }. 'Offers a variety of ways to create new objects'}. nil.}. Preferences simpleMenus ifFalse: [self fillIn: menu from: {{'debug...'. {self. #debugDo}. 'a menu of debugging items'}}]. self fillIn: menu from: {nil. {'save'. {SmalltalkImage current. #saveSession}. 'save the current version of the image on disk'}. {'save as...'. {SmalltalkImage current. #saveAs}. 'save the current version of the image on disk under a new name.'}. {'save as new version'. {SmalltalkImage current. #saveAsNewVersion}. 'give the current image a new version-stamped name and save it under that name on disk.'}. {'save and quit'. {self. #saveAndQuit}. 'save the current image on disk, and quit out of Squeak.'}. {'quit'. {self. #quitSession}. 'quit out of Squeak.'}}. ^ menu! ! Compare with what you have in your image and suit to needs. Also I usually add a makeRTS method to things what I develop and wihst close. This is a morphic button what sends the button to the class in use, do all Ned trick and mine adds, save image with wishd name and destroy button. Former I cook SqueakLight, my striped first and load what I wish version of Squeak. I could produce a 3.7 version based app as small as 3.8 Mb and grow to what you need (see what is in official Squeak site) For managing updates in a form similar to what Squeak uses , I use a commercial free 24/24 server. The complete process could be used, I have on my ftp several semi closed own versions of what a Squeak app could be from different times, for pople could be how this have some years of evolution. ftp://[hidden email]/ password: elpelotero (on approximate 09:00 to 20:00 GMT, dig and take what you like, at your own risk) Fell free to ask here or private Edgar __________________________________________________ Preguntá. Respondé. Descubrí. Todo lo que querías saber, y lo que ni imaginabas, está en Yahoo! Respuestas (Beta). ¡Probalo ya! http://www.yahoo.com.ar/respuestas _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
Re: Squeak in commercial projects
|
|
In reply to this post by Göran Krampe
On Mar 7, 2007, at 8:57 , [hidden email] wrote:
> Hi! > > Just a note - decompiling from bytecodes is very easy in Squeak. The > only thing missing is the original indentation and any comments. But > everything else is there. Just so you know. Well, if you're really concerned about decompiling, just mangle the selectors. As long as you are not constructing Symbols at runtime (#asSymbol, #intern:) this works perfectly well. Same for class names and instance variable names. > Locking down the image is of course doable - so that you can't easily > get to the tools etc - but there are of course ways to go around that > too. For example, I guess you can use an image file analyzer (there is > at least one I think) or hack a VM to do stuff when the image is > loaded. Sure. But if the names are mangled this is about as much fun as reverse engineering machine code. No wait, the tool support is still better ;) >> But doesn't this imply that the source is downloaded, making it easy >> (easier) to hack the system? I could make the private Monticello >> connection secure, update the system and then delete the source... >> just >> thinking out loud. > > Yes - a Monticello package is just a zip file of source code. Sure, > you > can make the transfer "secure" using SSL or whatever - and you can > apply > it and throw it away Well, you certainly would want to encrypt and sign the patch. If you are *that* paranoid I'd not even use MC but just image segments. It's all a question of cost/value. I for one would be more concerned about preventing malicious code injection than the possibility of reverse engineering. But you have to weigh that yourself. - Bert - _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
RE: Uploading Patches and Enabling Features in CommercialSystems
|
|
In reply to this post by Ron Teitelbaum
Hello all,
Nobody updated my list! I guess this could mean two things either my list is perfect, or nobody cares. Please let me know if my comments are not helpful so that I don't spend too much time on it. Ok so one point at a time. 1) A system must be able to ensure that it is updating itself from a trusted location. Currently there is only one why that I know of to ensure that a site is real. The name, the ip address, the domain can all be lost, and some can be spoofed. The only way to ensure that the location is real is to provide a certificate that can be verified by a Certificate Authority. Of course this option is only as good as you are at protecting your server. If you loose your private key then all bets are off. Do your customers check this? No, it's my experience that people are mostly annoyed by security and are not willing to give anything up to get it. (They do yell loudly when systems are compromised). So you could go out and spend lots of money getting a SSL certificate. Or you could get the free one that I recommend. www.cacert.org (now it appears their web site is down, but they have been around a long time now and I'm sure that is temporary, check out the wikipedia entry http://en.wikipedia.org/wiki/CAcert.org ) Why would you want to use CACert? Because it is free and because supporting open source certificates is a really good idea, since anything that encourages more security and decreases the barriers to security are good things. Why wouldn't you want to use CACert? One good reason is that Internet Explorer does not automatically support CACert as a trusted Certificate Authority. This is very easy to fix, you just double click on the root certificate from CACert and it installs it on windows but it does give you a lot of warning messages. Many other browsers already include CACert in the default list of trusted CA's. Some users may see this as unprofessional so it is a good idea to either go with a paid CA, or write up a very good and professional rational for using CACert that you give to your users. So now that you have your certificate that verifies that your server is who it says it is you are all set. You can now have an SSL client connect to your server and after verifying the certificate it can download your patches. This can be done with our SSL client in squeak, which was developed by Rob Withers and me. Rob has been working on verification and I think that is working now. You can find our code in the www.squeaksource.com repository under cryptography. You could also use the libCurl plugin that is available for squeak and use openSSL. We can talk about how to do this as we put all of this together. I encourage everyone that is interested in cryptography to join the cryptography team! http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography Comments are encouraged; I really do not like talking to myself. Happy Coding! Ron Teitelbaum President / Principal Software Engineer US Medical Record Specialists www.usmedrec.com Squeak Cryptography Team Leader THIS OPINION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE OPINION OR THE USE OR OTHER DEALINGS IN SOFTWARE. > From: Ron Teitelbaum > > Hi JP, > > OK before answering let me say that these are only suggestions and you are > responsible for taking suggestions as suggestions. In other words I can > not > be responsible for anything that goes wrong on your system, use my > suggestions at your own risk. > > THE OPINION IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR > IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, > FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL > THE > AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN > ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN > CONNECTION > WITH THE OPINION OR THE USE OR OTHER DEALINGS IN SOFTWARE. > > I'm sure all that goes without saying but now it is said. > > The first question you asked was: how does a system update itself? > > Here are the issues as I see them. > > 1) A system must be able to ensure that it is updating itself from a > trusted > location. > 2) A system must be able to ensure that only the trusted system can ask it > to update itself. > 3) A system must be able to ensure that it can securely store an update > location. > 4) A system must be able to securely change the update location. > 5) All communications must be encrypted. > 6) A System must be able to verify patches before applying them. > 7) A System must be able to automatically load the patch. > 8) A System should be able to update without restarting the application. > 9) A System must be able to report back success or failure of patch > installation. > 10) A System must be able to recover from a failed patch. > > Ok so basic caveat, I just made these up and I'm sure I left something > out. > > The second question is how you can limit functionally in your system > unless > and until payment is received. > > 1) A system must be able to enable features for a single instance and > prevent those features from being shared to other systems. > 2) A system could be able to detect features being used inappropriately > 3) A system could be able to periodically check for permission (trial > software) > > Ok so since I ran out of time I'll try to take each point one at a time > starting tomorrow. > > Does this list help the conversation? Can you add to the list things that > you think the system needs to do? > > Ron Teitelbaum > President / Principal Software Engineer > US Medical Record Specialists > Squeak Cryptography Team Leader > > > > > From: Jens Pall > > Sent: Tuesday, March 06, 2007 3:10 PM > > > > Ron Teitelbaum wrote: > > > Hi JP, > > > > > > This is not an easy question. There are a number of things that you > > need to > > > consider. First you need to decide how secure the update needs to be. > > If > > > you are not worried about security then you have a much easier job and > > many > > > more options. In general Squeak is not secure, but it is also not > less > > > secure then many other tools that are sent to end users. > > > > > > So first answer some questions. > > > > > > Is your system likely to be used by people that are interested in > > cracking > > > the system? > > > > Some of the end-users might try this but most of them will not. They > > just want a system that works and does its job. We are working with > > partners who are distributing our software and I know that some of them > > will try to open up the software, modify it and, in some cases, try to > > sell it as their own if it is easy to get at the source. If the source > > is not available and it is a bit hard to get access to the developing > > interface then I believe this risk is greatly reduced. > > > > > Does your system have access to network facilities that attach to > other > > > installations of your system? > > > > Yes. This is a distributed networked application. It lives and breathes > > on the network. > > > > > Are you concerned that someone might try to build a patch and upload > > that > > > code to your system installations? (i.e. spyware, worms, viruses) > > > > Well, not really. Our installations mainly run on private WAN networks > > owned by the customer but you never know what malicious internal users > > might do. We plan on being able to run this over the Internet where this > > is a major concern but will try to limit it by using secure network > > connections. > > > > > Are you trying to prevent users from using features of your system > > without > > > authorization? (i.e. Try before you buy?) > > > > Yes. We must be able to issue licenses for using features of the system. > > > > > There are no easy answers but I do believe it is a very interesting > > > discussion. > > > > It indeed is and one that needs to be addressed if Squeak is to be > > seriously considered as a commercial vehicle. It has huge potential in > > that area if the proper hooks are in place. > > > > As a side note I might mention that our current system is implemented in > > C++ and, if it turns out to be possible with respect to the topic of > > this thread, we are seriously considering porting it to Squeak. Croquet > > will also play a major role as the monitoring / management tool. > > > > > Ron Teitelbaum > > > President / Principal Software Engineer > > > US Medical Record Specialists > > > www.usmedrec.com > > > Squeak Cryptography Team Leader > > > > > > > > >> -----Original Message----- > > >> From: [hidden email] [mailto:beginners- > > >> [hidden email]] On Behalf Of Jens Pall > > >> Sent: Tuesday, March 06, 2007 2:09 AM > > >> To: Squeak Beginners > > >> Subject: [Newbies] Squeak in commercial projects > > >> > > >> Hi > > >> > > >> How can I use Squeak in a commercial closed source project (whole > > image)? > > >> > > >> How about upgrades? I want to be able to send an upgrade to the > > customer > > >> which only contains the changed code. > > >> > > >> Thanks, > > >> JP > > > > > > _______________________________________________ > > Beginners mailing list > > [hidden email] > > http://lists.squeakfoundation.org/mailman/listinfo/beginners > > > _______________________________________________ > Beginners mailing list > [hidden email] > http://lists.squeakfoundation.org/mailman/listinfo/beginners _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
RE: Uploading Patches and Enabling Features inCommercialSystems
|
|
> Hello all,
> > Nobody updated my list! I guess this could mean two things either my list > is perfect, or nobody cares. Please let me know if my comments are not > helpful so that I don't spend too much time on it. Please continue. I am just reading but it is useful and interesting so far. Emilio _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
RE: Uploading Patches and Enabling FeaturesinCommercialSystems
|
|
Thanks Emilio. Feel free to ask questions.
Happy Coding! Ron > From: Emilio Oca > > > Hello all, > > > > Nobody updated my list! I guess this could mean two things either my > list > > is perfect, or nobody cares. Please let me know if my comments are not > > helpful so that I don't spend too much time on it. > Please continue. > I am just reading but it is useful and interesting so far. > > Emilio > _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
RE: Squeak in commercial projects
|
|
In reply to this post by Bert Freudenberg
Hey Bert,
This sounds pretty interesting, can you share more about how to mangle names. Does it require a change in the VM to de-mangle? Ron Teitelbaum > From: Bert Freudenberg > > On Mar 7, 2007, at 8:57 , [hidden email] wrote: > > > Hi! > > > > Just a note - decompiling from bytecodes is very easy in Squeak. The > > only thing missing is the original indentation and any comments. But > > everything else is there. Just so you know. > > Well, if you're really concerned about decompiling, just mangle the > selectors. As long as you are not constructing Symbols at runtime > (#asSymbol, #intern:) this works perfectly well. Same for class names > and instance variable names. > > > Locking down the image is of course doable - so that you can't easily > > get to the tools etc - but there are of course ways to go around that > > too. For example, I guess you can use an image file analyzer (there is > > at least one I think) or hack a VM to do stuff when the image is > > loaded. > > Sure. But if the names are mangled this is about as much fun as > reverse engineering machine code. No wait, the tool support is still > better ;) > > >> But doesn't this imply that the source is downloaded, making it easy > >> (easier) to hack the system? I could make the private Monticello > >> connection secure, update the system and then delete the source... > >> just > >> thinking out loud. > > > > Yes - a Monticello package is just a zip file of source code. Sure, > > you > > can make the transfer "secure" using SSL or whatever - and you can > > apply > > it and throw it away > > Well, you certainly would want to encrypt and sign the patch. If you > are *that* paranoid I'd not even use MC but just image segments. > > It's all a question of cost/value. I for one would be more concerned > about preventing malicious code injection than the possibility of > reverse engineering. But you have to weigh that yourself. > > - Bert - > > > _______________________________________________ > Beginners mailing list > [hidden email] > http://lists.squeakfoundation.org/mailman/listinfo/beginners _______________________________________________ Beginners mailing list [hidden email] http://lists.squeakfoundation.org/mailman/listinfo/beginners |
«
Return to Squeak - Beginners
|
1 view|%1 views
| Free forum by Nabble | Edit this page |