[cap-talk] RE: compatibility issues - OS security discussion, restricted access processes, etc.

marcs marcs at skyhunter.com
Thu Apr 29 22:23:24 EDT 2004


> What happens when you want to network Swing or SWT?  Who 
> gives rights to 
> a remote display?
> Are you back to xhost + or some such?
> 
> Do you have any references to your work on Swing and SWT?

The most directly useful material is the JavaDoc/EDoc of the Java and SWT
APIs found at 

http://www.erights.org/javadoc/index.html

You can read about the problems we had taming swing in the security review
of the DarpaBrowser at

http://www.combex.com/papers/darpa-review/index.html

and our responses to the problems identified at

http://www.combex.com/papers/darpa-report/index.html

The bottom line is, I confess I was, ah, overstating when I say we have
tamed Swing: it would be more correct to say that Swing was large enough and
complicated enough to defeat a taming effort consisting of 2 man-months of
effort by one person who was partly inventing the taming process for GUIs as
he went along. On the other hand, we developed a strong base for a future,
larger effort to truly tame Swing. It's not clear that that is the right
direction of evolution. We are focusing on SWT as an alternative, for many
reasons, the possibility of a reliable taming being one of them.  The SWT
taming is much better, but has not been seriously reviewed, and surely has
defects.

For connecting to remote hosts, you can either revert to Xwindows and such,
or I have a design for a compact yet comprehensive "waldo" that you can run
on a display machine (on the display thread). Give a reference to the waldo
to the remote E program, and it can manipulate the UI perfectly well, with
only a small increase in complexity (since you are handling promises and
always have to do sends, not immediate calls). 

This is needed for a full-up version of CapDesk, which would put each
individual capplication in a separate vat, and for which the display would
therefore be a remote vat anyway. Once you've built the waldo for a remote
vat, it makes no difference whether the remote vat is local or really remote
:-) Well, there are performance differences...but in any situation where you
could get Xwindows to behave usefully, you have more than enough
connectivity to make the waldo slick (at least I think so, it would be nice
to try it someday :-)

--marcs 



More information about the cap-talk mailing list