[squeak-dev] Namespaces

Hi all.

My Namespaces architecture(1) seems stable enough for other people to look at.

I'd like to release an image so that other people can check it out. Is there somewhere I could put an image?

Gulik.

(1) http://gulik.pbwiki.com/Namespaces

--
http://people.squeakfoundation.org/person/mikevdg
http://gulik.pbwiki.com/

2008/7/4 Michael van der Gulik <[hidden email]>:
> Hi all.
>
> My Namespaces architecture(1) seems stable enough for other people to look
> at.
>

Great!

> I'd like to release an image so that other people can check it out. Is there
> somewhere I could put an image?
>

If there is no other alternatives, i think best would be to put it at
squeak.org. Ken, can you help with it?



> Gulik.
>
> (1) http://gulik.pbwiki.com/Namespaces
>
> --
> http://people.squeakfoundation.org/person/mikevdg
> http://gulik.pbwiki.com/
>

--
Best regards,
Igor Stasenko AKA sig.

The webteam maintains a directory of 'various images' on the FTP site
and entries on the Downloads page, please coordinate with them.

Ken

On Fri, 2008-07-04 at 04:49 +0300, Igor Stasenko wrote:

Namespaces is sorely needed in Squeak and I applaud  your initiative. I suggest you should look at some of the work that has already been put into namespaces and packages by the Squeak community.

It looks to me as if you are modeling your solution on the very weak Java metamodel. IMO this is a pity because it leads to an unnecessarily restricted solution. I suggest UML is a better starting point since its metamodel is well defined and reasonably consistent. (But it is also very, very hard reading). It is also very large, so most of it must be discarded for Squeak purposes.

A UML Namespace is " a set of named elements that can be identified by name". In Squeak, a Namespace could be a Dictionary of ProtoObjects without any restriction. Local variables, instance variables,  class variables,  pool variables,  ... could be defined as Namesapces and  treated correctly by compiler, debugger, etc. According to UML, the Squeak message dictionary is also a Namespace.

A UML Package is "used to group elements, and provides a namespace for the grouped elements". The grouped elements are "PackageableElements", they include Packages, classes, interfaces, collaborations, constraints, components, ... It seems a good idea to let a Squeak package assume as little as possible about its contents.

Cheers
..Trygve






On 04.07.2008 01:18, Michael van der Gulik wrote:

Hi all.

My Namespaces architecture(1) seems stable enough for other people to look at.

I'd like to release an image so that other people can check it out. Is there somewhere I could put an image?

Gulik.

(1) http://gulik.pbwiki.com/Namespaces

--
http://people.squeakfoundation.org/person/mikevdg
http://gulik.pbwiki.com/

On Sat, 05 Jul 2008 10:03:38 +0200
Trygve Reenskaug <[hidden email]> wrote:

> Namespaces is sorely needed in Squeak and I applaud  your initiative.

These Namespaces are not for Squeak. They are for a fork of Squeak I'm making, called SecureSqueak.

Whether this Namespaces architecture eventually becomes integrated into Squeak depends on whether other people in the community consider this to be a good idea and are willing to put work into it.

That vaguely summarises what I've done.

"Namespace" is a subclass of "Dictionary", and it contains mappings of #Names (i.e. Symbols) to objects. Those objects are typically classes and sub-namespaces, but could be any object. My converter, which converts standard Squeak classes to their Namespaced equivalents, converts shared pools into Namespaces.

"Package" is a subclass of "Namespace", so that it can contain namespaces, classes and other named objects.

Gulik.


--
Michael van der Gulik <[hidden email]>

On 7/5/08, Michael van der Gulik <[hidden email]> wrote:
>
> These Namespaces are not for Squeak. They are for a fork of Squeak I'm >making, called SecureSqueak.

I'm not sure I have ever understood your use of the word "security"
here.  When I think of security (as relates to technology) I think of
firewalls, access rights and the like.  Is something like this what
you mean, i.e. that unknown users can inject code into the image but
it has no rights unless someone grants them, etc.?

2008/7/6 Jason Johnson <[hidden email]>:
Security its when you don't need any firewalls or virus protection
software simply because you can't do any harm to system despite how
hard you try.
Maybe in Microsoft's sense, security means installing a lot of stuff ,
which protects their badly half-working software , but for the rest of
the world its means different :)


--
Best regards,
Igor Stasenko AKA sig.

On 7/6/08, Igor Stasenko <[hidden email]> wrote:
>
> Security its when you don't need any firewalls or virus protection
> software simply because you can't do any harm to system despite how
> hard you try.
> Maybe in Microsoft's sense, security means installing a lot of stuff ,
> which protects their badly half-working software , but for the rest of
> the world its means different :)

Well, I'm a software developer and a network engineer and I can tell
you that security absolutely means adding *lots* of infrustructure,
machines, software and so on for protection (not to mention
partitioning the network into "safety levels" and so on).

I'll give you that it all looks worse on M$, but security isn't
achieved by magic anywhere.

On 7/6/08, Igor Stasenko <[hidden email]> wrote:
> 2008/7/6 Jason Johnson <[hidden email]>:
>
> Security its when you don't need any firewalls or virus protection
> software simply because you can't do any harm to system despite how
> hard you try.

And I should also point out that this sentance sounds more like
programming in Java then Smalltalk to me (i.e. "don't worry, we'll
protect you from doing anything (dangerous)").

2008/7/6 Jason Johnson <[hidden email]>: Not at all:
you can introduce a layers of accessibility in image, where power user
can do anything, and regular user can do anything , but can't do any
harm.
I think that Gulik having more to say about it, because i never
thought deeply on this topic.

>



--
Best regards,
Igor Stasenko AKA sig.

2008/7/6 Jason Johnson <[hidden email]>:
Ask youself, why you need to add these lots of things. Isn't it
because your basic installed software lacks mechanisms to protect any
of its parts from unwanted intrusion?

> I'll give you that it all looks worse on M$, but security isn't
> achieved by magic anywhere.
>
>



--
Best regards,
Igor Stasenko AKA sig.

On 7/6/08, Igor Stasenko <[hidden email]> wrote:
> >
> Not at all:
> you can introduce a layers of accessibility in image, where power user
> can do anything, and regular user can do anything , but can't do any
> harm.
> I think that Gulik having more to say about it, because i never
> thought deeply on this topic.
>

Isn't one of the goals of Smalltalk to break the distinction between
"power user" and "regular user"? :)

On 7/6/08, Igor Stasenko <[hidden email]> wrote:
>
> Ask youself, why you need to add these lots of things. Isn't it
> because your basic installed software lacks mechanisms to protect any
> of its parts from unwanted intrusion?

No, it's because of bugs in software.  Any bug can potentially be
exploited by a hacker.  And these days, with the number of compromised
computers on the interenet, if a bug is discovered in your software,
the exploiter can literally hit every PC on the internet in a matter
of hours.

But if none of your software has bugs anywhere then save money, don't
buy any security infrastructure. :)

2008/7/6 Jason Johnson <[hidden email]>:
I wonder, how you could protect your buggy software from being
exploited by hacker, when you have no idea where bug is?
Lets suppose that you wrote a server for public use, and its
potentially contains bugs.
Now , what role plays firewall here?
The only possible way of 'protection' and 'security' which firewall
can provide is putting a rule in firewall to deny access from all
hosts to it. Then you can feel happy, that your public server
protected from any potential attacks of exploiters :)

Another example. Suppose i running a server which holding open 1000
ports for use by anyone. Now someone running a DOS attacks on it, or
you'd like to ban some IP's, of users which causing problems or
violate terms of use.

What way,  to your sense is more simpler, better and error proof:

MyServer denyAccessFromIp: 'xx.yy.zz.ww'

or:

Firewall portsFrom: a to: b do: [:port | port denyAccessFromIp: 'xx.yy.zz.ww' ].

> But if none of your software has bugs anywhere then save money, don't
> buy any security infrastructure. :)
>


--
Best regards,
Igor Stasenko AKA sig.

2008/7/6 Jason Johnson <[hidden email]>: okay, let me rephrase it: trusted user and untrusted user.
Do you still against distinction?


--
Best regards,
Igor Stasenko AKA sig.

On Sun, Jul 6, 2008 at 8:36 PM, Igor Stasenko <[hidden email]> wrote:
>
> I wonder, how you could protect your buggy software from being
> exploited by hacker, when you have no idea where bug is?

Exactly the way we do it now: with lots of security and network
infrastructure to create layers of network so if someone does break in
we can minimize how much of the company is compromised.

> Another example. Suppose i running a server which holding open 1000
> ports for use by anyone. Now someone running a DOS attacks on it, or
> you'd like to ban some IP's, of users which causing problems or
> violate terms of use.

There are various techniques for dealing with DOS attacks that I don't
have time to go into now, but I will say the idea of a DOS attack is
pretty old as are the solutions to it.

> What way,  to your sense is more simpler, better and error proof:
>
> MyServer denyAccessFromIp: 'xx.yy.zz.ww'
>
> or:
>
> Firewall portsFrom: a to: b do: [:port | port denyAccessFromIp: 'xx.yy.zz.ww' ].

This issue is a lot more complex then you make it out to be.  In
actual practice you would be talking about thousands of applications
running under all kinds of different constraints and so on.  Rather
then brow-beat everyone to "stop making mistakes" it's easier to use
infrastructure to minimize the damage that can happen.  The reason
*every company of any size* does it this way is because it's the
easiest and most effective.

On Mon, Jul 7, 2008 at 9:15 AM, Jason Johnson
<[hidden email]> wrote:
> On Sun, Jul 6, 2008 at 8:36 PM, Igor Stasenko <[hidden email]> wrote:
> The reason
> *every company of any size* does it this way is because it's the
> easiest and most effective.

Here by "of any size" I mean a company that has some size to it.  Not
every possible size.  Obviously smaller companies don't do all these
things (for lack of resources, less servers to protect in the first
place, and so on)

On Sun, Jul 6, 2008 at 8:40 PM, Igor Stasenko <[hidden email]> wrote:
>
> okay, let me rephrase it: trusted user and untrusted user.
> Do you still against distinction?

In the programming language: yes.  It is up to the developer to know
the access needs of his software (e.g. are there parts that need to be
protected?) and write it accordingly.

The only way you need it in the language itself is if you are allowing
arbitrary clients to inject code into your running system, which I'm
against.  In that case I think it's better to just expose APIs to
clients that they can call which you prove to be safe (like web
services).

2008/7/7 Jason Johnson <[hidden email]>:
Smalltalk is quite indifferent for these purposes, so i don't see any
problem using same approach at any level.
It is not in 'language itself' , i don't think that Gulik need to
change the language to make things more secure.
It's not a Java, after all, where by typing word 'private', or 'final'
you getting false feeling of safety :)

>



--
Best regards,
Igor Stasenko AKA sig.

Actually, I will need to change the language a bit. I'll need to add "private" methods and possible other Java-like features . I hope to do this without any changes to the language syntax.

Gulik.

--
http://people.squeakfoundation.org/person/mikevdg
http://gulik.pbwiki.com/