Smalltalk Squeak Squeak - Dev

[squeak-dev] [ANN] UGP / SecureSqueak version 0.1 released

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Michael van der Gulik-2
Reply | Threaded
Open this post in threaded view
|

[squeak-dev] [ANN] UGP / SecureSqueak version 0.1 released

Michael van der Gulik-2
Hi all.

I'm announcing version 0.1 of my Unnamed Grand Project, including naïve versions of SecureSqueak, Subcanvas, SiteBrowser and DPON.

Download from here: http://sourceforge.net/projects/securesqueak/
Or watch the video: http://vimeo.com/6698843.

This release "barely works". It is for curious onlookers who want to poke the code with a stick to see if it moves.

I've only tested this under the Linux VM. I'm not sure if it will run on the Windows or Mac VMs; it requires that the EventSensor's inputSemaphore is signalled from the VM. Also, if you're worried about security, this release opens up a TCP socket and basically runs anything that comes in on it. If you're worried, disconnect yourself from the Internet first. Later releases will be more secure.

The Unnamed Grand Project is like a web browser but different. Instead of loading HTML, the user will interact with distributed objects. The downloadable image above does this for three simple "sites", downloading their implementation and running them locally.

SecureSqueak is a fork of Squeak which provides a sandboxed environment to run untrusted, remotely loaded code. Later versions will be progressively more secure.

Subcanvas is a graphics/event-handling framework. It does a similar job to the EventSensor, Display, Form and BitBlt classes. It provides a secure API with optimisable implementations.

SiteBrowser is the user interface built on Subcanvas which lets the user interact with distributed objects.

DPON is an object replication framework. It lets objects move between images. It can replicate most objects in the image using a number of replication algorithms, and will also replicate the classes of those objects and any dependencies.

Unfortunately, PbWiki seems to be down, but when it works again I'll add more information at http://gulik.pbwiki.com/SecureSqueak and consider finding another wiki hosting site.

Gulik.

--
http://gulik.pbwiki.com/
Andreas.Raab
Reply | Threaded
Open this post in threaded view
|

[squeak-dev] Re: [ANN] UGP / SecureSqueak version 0.1 released

Andreas.Raab
Michael van der Gulik wrote:
> I'm announcing version 0.1 of my Unnamed Grand Project, including naïve
> versions of SecureSqueak, Subcanvas, SiteBrowser and DPON.

The UGP, eh? Very funny ;-) I need to find some to play with it
(hopefully on the weekend now that the new release is out) but as a
general question, do you feel that there are parts that are "ready" for
wider consumption? If so, what parts feel like worth looking at?

Cheers,
   - Andreas

> Download from here: http://sourceforge.net/projects/securesqueak/
> Or watch the video: http://vimeo.com/6698843.
>
> This release "barely works". It is for curious onlookers who want to
> poke the code with a stick to see if it moves.
>
> I've only tested this under the Linux VM. I'm not sure if it will run on
> the Windows or Mac VMs; it requires that the EventSensor's
> inputSemaphore is signalled from the VM. Also, if you're worried about
> security, this release opens up a TCP socket and basically runs anything
> that comes in on it. If you're worried, disconnect yourself from the
> Internet first. Later releases will be more secure.
>
> The Unnamed Grand Project is like a web browser but different. Instead
> of loading HTML, the user will interact with distributed objects. The
> downloadable image above does this for three simple "sites", downloading
> their implementation and running them locally.
>
> SecureSqueak is a fork of Squeak which provides a sandboxed environment
> to run untrusted, remotely loaded code. Later versions will be
> progressively more secure.
>
> Subcanvas is a graphics/event-handling framework. It does a similar job
> to the EventSensor, Display, Form and BitBlt classes. It provides a
> secure API with optimisable implementations.
>
> SiteBrowser is the user interface built on Subcanvas which lets the user
> interact with distributed objects.
>
> DPON is an object replication framework. It lets objects move between
> images. It can replicate most objects in the image using a number of
> replication algorithms, and will also replicate the classes of those
> objects and any dependencies.
>
> Unfortunately, PbWiki seems to be down, but when it works again I'll add
> more information at http://gulik.pbwiki.com/SecureSqueak and consider
> finding another wiki hosting site.
>
> Gulik.
>
> --
> http://gulik.pbwiki.com/
>
>
> ------------------------------------------------------------------------
>
>


Michael van der Gulik-2
Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: [ANN] UGP / SecureSqueak version 0.1 released

Michael van der Gulik-2


On Wed, Sep 23, 2009 at 3:30 PM, Andreas Raab <[hidden email]> wrote:
Michael van der Gulik wrote:
I'm announcing version 0.1 of my Unnamed Grand Project, including naïve versions of SecureSqueak, Subcanvas, SiteBrowser and DPON.

The UGP, eh? Very funny ;-) I need to find some to play with it (hopefully on the weekend now that the new release is out) but as a general question, do you feel that there are parts that are "ready" for wider consumption? If so, what parts feel like worth looking at?


No part of it is ready for wider consumption. Sorry! Everything is pretty skeletal; for example, Subcanvas currently can only draw lines, rectangles and text, which is barely enough to draw stuff on the screen. Gradients, elipses and bezier curves will come later.

My next step is to refactor the namespaces and improve the tools. I'll be grabbing the most recent trunk image (thank you!) with ToolBuilder based tools and importing Kernel-* and Collections-*. If I make any changes that Squeak could benefit from, I'll feed the changes back to you.

Gulik.

--
http://gulik.pbwiki.com/
Göran Krampe
Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: [ANN] UGP / SecureSqueak version 0.1 released

Göran Krampe
Hey!

Michael van der Gulik wrote:
> My next step is to refactor the namespaces and improve the tools. I'll be
> grabbing the most recent trunk image (thank you!) with ToolBuilder based
> tools and importing Kernel-* and Collections-*. If I make any changes that
> Squeak could benefit from, I'll feed the changes back to you.

Regarding your namespaces - is there a good writeup somewhere about it?
Just perversely curious :). It's like a drug, I don't want it, but can't
help myself...

regards, Göran


Andreas.Raab
Reply | Threaded
Open this post in threaded view
|

[squeak-dev] Re: [ANN] UGP / SecureSqueak version 0.1 released

Andreas.Raab
Göran Krampe wrote:
> Regarding your namespaces - is there a good writeup somewhere about it?
> Just perversely curious :). It's like a drug, I don't want it, but can't
> help myself...

Not Gulik's approach but try the wiki at http://squeaksource.com/Names.html

It's pretty far along (i.e., it actually works, has tests, can
fileIn/Out etc) but I got completely stuck when trying to beat
Monticello into submission. And without Monticello support it's
effectively worthless in my book.

Cheers,
   - Andreas

Michael van der Gulik-2
Reply | Threaded
Open this post in threaded view
|

Re: [squeak-dev] Re: [ANN] UGP / SecureSqueak version 0.1 released

Michael van der Gulik-2
In reply to this post by Göran Krampe


2009/9/23 Göran Krampe <[hidden email]>
Hey!


Michael van der Gulik wrote:
My next step is to refactor the namespaces and improve the tools. I'll be
grabbing the most recent trunk image (thank you!) with ToolBuilder based
tools and importing Kernel-* and Collections-*. If I make any changes that
Squeak could benefit from, I'll feed the changes back to you.

Regarding your namespaces - is there a good writeup somewhere about it?
Just perversely curious :). It's like a drug, I don't want it, but can't help myself...


http://gulik.pbworks.com/Namespaces (2)

My approach is the "heavy-weight" approach. Compared to yours and Andreas' approach, I burn all diskpacks, implement a module/packaging system, include my own Kernel and metaclasses and introduce new syntax. I have specific requirements for SecureSqueak, and backwards compatibility isn't one of them.

For the record, its unlikely that Monticello will work with it. I looked at Monticello early on and even tried making it work with Namespaces(1) but in the end I decided it wasn't a good fit; the result would be ugly. Eventually I'll make something better than Monticello.

For the meanwhile, you can use any old file-based version control system. I currently use Subversion. I make sure that packages are filed out nicely so that file-based tools can make nice diffs or patches.

Gulik.


(1) http://www.squeaksource.com/SecureSqueak/Monticello-mvdg.313.mcz

(2) Can anybody recommend a better free wiki hosting site? PbWorks has been unreliable.

--
http://gulik.pbwiki.com/
Free forum by Nabble Edit this page