Re: [Gnu-arch-users] Re: arch roadmap 1 (and "what's tom up to")

[James Blackwell]

Anselm Lingnau:
> Sandboxing at the VM level isn't easy to get right, as, e.g., the Java folks 
> have found out to their chagrin.

Sure, they've had to fix a few coding mistakes, but that doesn't
disprove that their idea doesn't work. I'm not worried that yahoo is
going to get my checking account number from my finance software when I
play spades. (*Sidenote: I'm not a java supporter becaxuse of their
licensing hell)


Anselm Lingnau:
> One of the lessons to learn from the sandbox feature in Tcl is that merely 
> disallowing commands as »unsafe« doesn't quite cut it -- it is useful (and 
> often necessary) to be able to execute nominally »unsafe« commands under 
> carefully controlled circumstances (think of it as »user mode« vs. »kernel 
> mode«). Tcl distinguishes between »safe interpreters« and »trusted 
> interpreters«. In safe interpreters, potentially-dangerous commands are 
> »hidden« and cannot be used in programs running in the safe interpreter; 
> commands in a safe interpreter can »trap« into a trusted interpreter to do 
> unsafe things (where the trusted interpreter will presumably check any 
> arguments very carefully), and hidden commands in a safe interpreter can be 
> invoked from a trusted interpreter.

This just pushes the problem around. Who do you trust? Some
multi-conglomerate-super-company (MCSC) that is going to sell your personal
information to some other MCSC? Some college graduate that wants to
grab your credit card numbers from your finance software so that he can
pay off his college loan?

Anselm Lingnau:
> Personally I would much rather see arch »librified« rather than endowed with 
> a 
> VM and programming language all of its own (a Tcl/Tk binding would be nice). 
> However, since Tom says what will happen, I just hope that the VM changes 
> will also indeed accelerate the librification.

Heh. Tom isn't omnipotent. Arch development has grown to the size that
Tom can no longer arbitrarily enforce decisions he's made. These days,
he has to work the same way that everyone else does -- by building
consensus.

-- 
James Blackwell          Try something fun: For the next 24 hours, give
Smile more!              each person you meet a compliment!

GnuPG (ID 06357400) AAE4 8C76 58DA 5902 761D  247A 8A55 DA73 0635 7400