Hi,
>Maybe is time to re-think about who should be in the Release Team ? No - if this problem continues to appear on the list we just need to fix the problem/images (not the release team itself) ;) >Maybe nobody cared to rebuild new images with the fix? >>Its not that "no body cared". Thats a little harsh... since ... My posting today was not intended to criticize Edgars work or the Release Team. Maybe the intention get's clearer with some background info: I tested 3.10 on a regular basis and I contacted Andreas in March after having the FFI problem and reported to the squeak-dev list [1] together with a mantis report [2]. After Andreas reported a fix [3] on the squeak list I also added his fix to Mantis. After a while I tried a newer image for 3.10 (Squeak3.10.1-7175-basic.zip) and since the problem was still there I now reported to the official V3dot10 list [4] in May - with the result that the fix is now at least in the preliminary 3.11 (posting from Keith [5]). AFAIK it's not fixed in the "Squeak3.10.2-7179-basic.zip" which is the latest downloadable 3.10 version and linked from the squeak.org webpage. I dont "care about" the reason and havent followed the issue since my own build scripts easily apply the fix. Maybe the fix in 6980 just slipped through, the fix is to unstable or maybe there is no general interest or to much work in rebuilding the 3.10 image for this particular issue or most people know how to apply fixes from Mantis, maybe people still use 3.9 - I dont really know , I can just guess. What I know is that I got no answer on the V3dot10 list regarding the issue to be fixed for the current 3.10 Squeak image. So my impression was and still is that nobody cared/or has an interest on having a newer 3.10 image built to solve this issue there. Maybe having it in a 3.11 script is good enough and a new 3.10 image is not necessary. But since I dont really know I've put a question mark on the statement! Nothing more said. >all "should" be well. Maybe, but that depends. I still think that it's hard for beginners starting with 3.10 (or Squeakers who do not regulary scan Mantis/dev list or know about Installer) to be faced with a problematic image after loading FFI... Bye Torsten [1] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127207.html [2] http://bugs.squeak.org/view.php?id=6980 [3] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127208.html [4] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001116.html [5] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001112.html -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer |
2008/8/3 Torsten Bergmann <[hidden email]>:
> Hi, > >>Maybe is time to re-think about who should be in the Release Team ? > > No - if this problem continues to appear on the list we just need to fix the problem/images > (not the release team itself) ;) > >>Maybe nobody cared to rebuild new images with the fix? >>>Its not that "no body cared". Thats a little harsh... since ... > > My posting today was not intended to criticize Edgars work or the Release Team. > Maybe the intention get's clearer with some background info: > > I tested 3.10 on a regular basis and I contacted Andreas in March after having the FFI > problem and reported to the squeak-dev list [1] together with a mantis report [2]. > After Andreas reported a fix [3] on the squeak list I also added his fix to Mantis. > > After a while I tried a newer image for 3.10 (Squeak3.10.1-7175-basic.zip) and since the problem > was still there I now reported to the official V3dot10 list [4] in May - with the result that the fix > is now at least in the preliminary 3.11 (posting from Keith [5]). > > AFAIK it's not fixed in the "Squeak3.10.2-7179-basic.zip" which is the latest > downloadable 3.10 version and linked from the squeak.org webpage. I dont "care about" the > reason and havent followed the issue since my own build scripts easily apply the fix. > > Maybe the fix in 6980 just slipped through, the fix is to unstable or maybe there is no general interest > or to much work in rebuilding the 3.10 image for this particular issue or most people know how to apply > fixes from Mantis, maybe people still use 3.9 - I dont really know , I can just guess. > > What I know is that I got no answer on the V3dot10 list regarding the issue to be fixed for the > current 3.10 Squeak image. So my impression was and still is that nobody cared/or has an interest > on having a newer 3.10 image built to solve this issue there. Maybe having it in a 3.11 script is good > enough and a new 3.10 image is not necessary. But since I dont really know I've put a question > mark on the statement! Nothing more said. > >>all "should" be well. > > Maybe, but that depends. I still think that it's hard for beginners starting with 3.10 > (or Squeakers who do not regulary scan Mantis/dev list or know about Installer) > to be faced with a problematic image after loading FFI... > An FFI is 'need to have package' for my needs. Frankly, i don't remember images which i was working with, which don't have FFI installed. Because of that, i have a strong bias that FFI plugin should be included as internal plugin into VM by default (and FFI package could still be optional, but it should be tested to be able to loaded without problems in ANY image). The arguments for not putting it, some people like repeating, that FFI puts instability into image/VM seem very odd as to me. A running Croquet is best illustration what such arguments worth. But this is just my humble opinion. I was expected that in 3.10.2 the issue was fixed (because couple months passed since issue was found and then cure found). Honestly there is nobody to blame for it (except self ;) , that it is not included. > Bye > Torsten > > [1] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127207.html > [2] http://bugs.squeak.org/view.php?id=6980 > [3] http://lists.squeakfoundation.org/pipermail/squeak-dev/2008-March/127208.html > [4] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001116.html > [5] http://lists.squeakfoundation.org/pipermail/v3dot10/2008-May/001112.html > -- > Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! > Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer > > -- Best regards, Igor Stasenko AKA sig. |
In reply to this post by Torsten Bergmann
> Maybe, but that depends. I still think that it's hard for beginners starting with 3.10 > (or Squeakers who do not regulary scan Mantis/dev list or know about Installer) > to be faced with a problematic image after loading FFI... > > Bye > Torsten > I think that we/someone is confusing things here. In one breath we ask the release team to provide a minimal image in which as many packages as possible are removed. In the next we complain when total beginners are not able to build their own custom images perfectly from scratch with one click, or must learn a command line tool. As far as I know the intention all along has been for the base image to get smaller, and for derived images to be built from that base image using scripts. The process of supplying working derived images for beginners to play with was something that members of the community would be expected to do at their leisure. So far we have several, squeak-dev, squeak-web and FunSqueak. "Installer" of course makes this process much easier, and http://installer.pbwiki.com/ provides a place for publishing such scripts. Sure we would like to have our cake (the small image) and eat it (build derived images with one click), but the 3.10 release team picked Universes to perform this task rather than Installer, so 3.10 doesnt come with an up to date Installer or instructions on how to use it. Universes can be persuaded to work in theory, but someone needs to actually do it. I myself preferred to put my effort into Sake/Packages in order to replace Universes in 3.11. Matthew has been trying to ensure that as many SqueakMap packages as possible actually load. cheers Keith |
In reply to this post by Igor Stasenko
Igor Stasenko wrote:
> Because of that, i have a strong bias that FFI plugin should be > included as internal plugin into VM by default (and FFI package could > still be optional, but it should be tested to be able to loaded > without problems in ANY image). > The arguments for not putting it, some people like repeating, that FFI > puts instability into image/VM seem very odd as to me. A running > Croquet is best illustration what such arguments worth. It's not about stability, it's about security. Without the FFI, it is possible to have a fairly well sand-boxed environment (see Squeakland for example). With the FFI, this is simply impossible. That's why the FFI isn't built-in, and likely never will be for any VMs that I release. Cheers, - Andreas |
> Igor Stasenko wrote:
>> Because of that, i have a strong bias that FFI plugin should be >> included as internal plugin into VM by default Unless there is a serious flaw in the implementation any plugin should be perfectly usable as an external plugin. *No* plugin that I am familiar with (yes, I'm not familiar with every single one of them) needs to be bound internally in order to work. In fact I'd go so far as to claim the the only reason to bind plugins internally is for packaging reasons relating to the platform being totally braindead about packages. Why is it that 20 years after RISC OS demonstrated that an utterly trivial packaging implementation was both doable and very effective and 5 years (or so) after OSX demonstrated that a similar (did I say copied? Not me. Though it probably is, since I know some folk worked on both) system worked rather well on unix filesystems, we still don't see it being used everywhere? Oh yeah - the software world has its collective head up its collective rectum. I forgot. tim -- tim Rowledge; [hidden email]; http://www.rowledge.org/tim Useful random insult:- Settled some during shipping and handling. |
In reply to this post by Andreas.Raab
Hi andreas
could give some examples about the security problems FFI brings into play (buffer overflow? ... and issues like that?) Stef On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote: > Igor Stasenko wrote: >> Because of that, i have a strong bias that FFI plugin should be >> included as internal plugin into VM by default (and FFI package could >> still be optional, but it should be tested to be able to loaded >> without problems in ANY image). >> The arguments for not putting it, some people like repeating, that >> FFI >> puts instability into image/VM seem very odd as to me. A running >> Croquet is best illustration what such arguments worth. > > It's not about stability, it's about security. Without the FFI, it > is possible to have a fairly well sand-boxed environment (see > Squeakland for example). With the FFI, this is simply impossible. > That's why the FFI isn't built-in, and likely never will be for any > VMs that I release. > > Cheers, > - Andreas > > > |
stephane ducasse wrote:
> could give some examples about the security problems FFI brings into > play (buffer overflow? ... and issues like that?) How about something like: Win32OS shellExecute: 'format c:'. or, for our unix friends (who often think they are invulnerable ;-) UnixOS system: 'find ~/ -type f -exec rm -f {} \;'. This should do it. Note that you can slip this in without even having any of the FFI in the image since you can construct the necessary bits on the fly (calling system() is particularly trivial). It's downhill from there since there are simply too many ways in which *all* of the operating systems are entirely unsafe. And before anyone says "but you can do this FileDirectory as well": Yes, you can, but only if the sandbox isn't activated. As soon as go into sandbox mode via "SecurityManager default enterRestrictedMode" an attack like the above will no longer work. Cheers, - Andreas > > Stef > > On Aug 3, 2008, at 12:52 AM, Andreas Raab wrote: > >> Igor Stasenko wrote: >>> Because of that, i have a strong bias that FFI plugin should be >>> included as internal plugin into VM by default (and FFI package could >>> still be optional, but it should be tested to be able to loaded >>> without problems in ANY image). >>> The arguments for not putting it, some people like repeating, that FFI >>> puts instability into image/VM seem very odd as to me. A running >>> Croquet is best illustration what such arguments worth. >> >> It's not about stability, it's about security. Without the FFI, it is >> possible to have a fairly well sand-boxed environment (see Squeakland >> for example). With the FFI, this is simply impossible. That's why the >> FFI isn't built-in, and likely never will be for any VMs that I release. >> >> Cheers, >> - Andreas >> >> >> > > > |
Free forum by Nabble | Edit this page |