<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title></title>
<style type="text/css">
<!--
body{margin-left:10px;margin-right:10px;margin-top:10px;margin-bottom:10px;}
-->
</style>
</head>
<body marginleft="10" marginright="10" margintop="10" marginbottom="10">
<font face="Geneva" size="+0" color="#000000" style="font-family:Geneva;font-size:10pt;color:#000000;"> One thing the Bitfrost specification fails to address, and<br />
that no one in the mailing list has raised is security for plugins and<br />
extensions to activities. Look:<br />
<br />
* Some activity writers will want to write their activity as a<br />
simple base with extensible plugins, in order to keep the base size small<br />
while allowing children looking for specialized functionality to receive<br />
it in a non-clunky fashion. Extensions to Squeak (which does have its own<br />
security system for plugins), Develop (which should in the end be<br />
extensible to allow, e.g. C development or a visual interface builder),<br />
and Draw (where there might be demand for various esoteric features) come<br />
to mind as examples.<br />
* Furthermore, many of these extensions will be written not by<br />
random strangers but by the activity authors themselves. An extension<br />
written and signed by the activity author should install without hassling<br />
the user about security. Thus, such extensions are simply <br />
* On the other hand, an extension written by someone else<br />
*should* hassle the user and *should* be subject to the same sort of<br />
restrictions Bitfrost puts on activities, so that a badly or maliciously<br />
written third-party plug in can't screw up the activity's reputation with<br />
the security monitor and can't corrupt the activity's files.<br />
* Ergo, the Bitfrost implementation should include an<br />
easy-to-use library that allows plugins to be written and installed in a<br />
secure and easy-to-use manner. Because activities don't need to have the<br />
system know about extensions, this can even be shipped later, either in a<br />
system update or as a library that activity writers can drop in.<br />
<br />
Anyone with influence agree that this will be something worth<br />
taking a look at later on?<br />
<br />
The thing is, this isn't at all urgent. All of the example<br />
extensions that came to mind are very much non-essential (Bezier curve<br />
editing? Develop plugins? What are we, training a new generation of<br />
designers and programmers?), but there will undoubtedly come a time when<br />
an activity writer wants to allow their activity to be extended. Firefox,<br />
for instance, has an extension system that puts it ahead of the<br />
competition, and it has many extensions useful not only for professionals.<br />
<br />
Giving people a secure and official way to offer extensibility<br />
will minimise instances where an activity is compromised with malicious<br />
third party code, which under Bitfrost would not be as dangerous, but<br />
would undoubtedly be *very* annoying.<br />
<br />
Serhei Makarov<br />
<br />
PS. Thank you for suffering through this long post; I hadn't<br />
the time to write a short one..<br />
<br />
<br />
<br />
<br />
</font>
</body>
</html>