Re: How about a Safe Virtual Machine?

Daniel W. Connolly ([email protected])
Tue, 04 Oct 1994 12:18:17 -0500


In message <[email protected]>, Nathaniel Borenstein writes:
>
>I think you may have missed a key point that Dave made. We undoubtedly
>want very complex CSCW applications on the network. But the part of
>such systems that has to be executed in a safe language is VERY limited.
> In particular, you only need to use Safe-Tcl for what I call "RPC to
>human beings". Most of your work can go on inside trusted servers on
>the net, programmed in any language you like. The role of Safe-*
>languages is much more limited -- it needs to be able to go off and
>interact with the user on his/her platform, but it needn't contain the
>whole application. I think you overestimate the need for very large
>programs in the safe language.

I think we just plain disagree here. I think that folks will want to
use the safe computing platform to build their applications, and that
Tcl doesn't scale to these applications. But only time will
tell. Today, I have to agree that the data are on your side. And given
the scope of programs you expect to deploy on the safe-computing
platform, I can see why you chose Tcl.

I'm a little bit confused when you say that Tcl will only be used for
these little user dialogs, and then you also say that the way to
extend the system is to distribute add on modules, presumably in Tcl:

>Safe-Tcl has a distributed library feature that allows a user or a site
>to decide to trust a library of extensions on the Internet. Adding a
>"module" to such a library effectively extends the functionality of
>Safe-Tcl for ALL sites that trust that library.

I suppose it's reasonable to support add-on dynamically linked native
code modules.

By the way... I hope that authentication of modules is in the works...
I'd hate to have somebody forge a Safe-Tcl add-on module by attacking
DNS or whatever.

Hmmm... if we agree that Safe-* is only for "RPC with humans" and that
hence Safe-Tcl is sufficient for Safe-Tcl, the next step is to see how
Safe-Tcl integrates with distributed object technologies like HTTP,
CORBA, ILU, DCE, etc. that will be used to build the "guts" of these
CSCW applications. Hmm... there are Tcl bindings for Modula-3...
playing with that should keep me busy for a few late nights...

Dan