I was thinking of using Denis remote thing with an XMPP XEP so that we could IM our way into an image.
That would be message passing. Coupled with a file transfer feature, well, could become interesting (and wild). That's On Sun, Apr 23, 2017 at 7:36 PM, Ben Coman <[email protected]> wrote: > On Sun, Apr 23, 2017 at 8:33 PM, [email protected] <[email protected]> > wrote: > > But what makes Pharo nice is also that there are no such limitations. > > > > There are security things in Pharo, like disabling socket acces etc. > > Maybe putting the VM in a true sandbox would be more adequate. > > That can be done in a lot of ways at the OS level. Think containers. > > > > Phil > > But that doesn't help us take over the world with *everyone* working > within the Giant-Single-Galactic-Image. mhahHaHaHAhaaaaa.... > cheers -ben > > > > > On Sun, Apr 23, 2017 at 1:33 PM, Guillermo Polito > > <[email protected]> wrote: > >> > >> Generally speaking, and from my understanding, you will not be able to > do: > >> > >> SomeClass compile: 'initialize > >> MyEvilHack dostuff. > >> ^ super initialize ' > >> > >> In newspeak. > >> > >> And that's because you are not able to do: > >> > >> SomeClass compile: '...' > >> > >> Newspeak uses object capabilities, and following those principles, you > >> will only be able to compile and install code in a class, if somebody > gives > >> you a capability to do so. > >> > >> Then, the problem is that right now Pharo's reflective API is convoluted > >> with the base API, and thus from any piece of code you can do e.g.,: > >> > >> anyObject superclass superclass allSubclasses... > >> > >> A possible solution to this is to separate the reflective API from the > >> base API. > >> > >> On Sun, Apr 23, 2017 at 9:16 AM, Ben Coman <[email protected]> wrote: > >>> > >>> On Thu, Apr 13, 2017 at 3:54 PM, Denis Kudriashov < > [email protected]> > >>> wrote: > >>> > > >>> > 2017-04-12 18:32 GMT+02:00 Ben Coman <[email protected]>: > >>> >> > >>> >> If you want hostile actors working directly within the Image with a > >>> >> full > >>> >> environment, then Pharo is probably not suitable. Its easy to get > >>> >> hold of > >>> >> global class from the Playground references and overwrite/compile > any > >>> >> method > >>> >> in the system like this... > >>> >> > >>> >> SomeClass compile: 'initialize > >>> >> MyEvilHack dostuff. > >>> >> ^ super initialize ' > >>> >> > >>> >> You might want to consider Newspeak, which runs on the same VM as > >>> >> Pharo > >>> >> and has a focus on security. > >>> > > >>> > > >>> > Interesting how they address your example? > >>> > >>> Not a direct response, but in Newspeak forum I see Gliad [1] respond > >>> to LaeMing... "Newspeak (note the capitalization) fits with your > >>> concerns around security and asynchrony, though the reality needs > >>> work. The main implementation runs on Smalltalk and as such is > >>> insecurable. There are less complete implementations based on > >>> compiling to Javascript and to the Truffle VM, and Ryan's Psoup VM, > >>> which is probably the most compliant version." > >>> > >>> [1] > >>> https://groups.google.com/forum/#!searchin/newspeaklanguage/laeming% > 7Csort:relevance/newspeaklanguage/0-20dj5m6wo/f5xpYnBFBgAJ > >>> > >>> cheers -ben > >>> > >> > > > >
