[IronPython] DLR, OS X/Linux & other languages

Keith J. Farmer kfarmer at thuban.org
Fri Dec 26 23:32:23 CET 2008 

If you think sandboxing is not necessary on the desktop, consider a Trojan attack using desklets.
 
A buddy of mine in MSN suggests you check out the "Web Sandbox" materials for PDC 2008 for backgrounder, and comments that while the desktop used to be considered an isolation boundary -- it used to be considered fully-trusted.  However, we now know this to be foolish, so if you want to secure downloaded code you either block things completely, or you go into more interesting security.
 
I also don't personally consider your "ugly workaround" all that ugly.  If it makes it more palatable, you could consider it a security scoping mechanism, which I think would be a great thing to have in WPF, and just have it use Silverlight as an implementation detail.
 
-- Keith (ex-Silverlight DataGrid guy)

________________________________

From: users-bounces at lists.ironpython.com on behalf of Miha Valencic
Sent: Fri 12/26/2008 2:07 PM
To: Discussion of IronPython
Subject: Re: [IronPython] DLR, OS X/Linux & other languages


Keith,

you are right that what people have done with Vista gadgets interests me, but usually (I didn't check how they did it though!) it involves workarounds. Like the ones how they use Cardspace and WCF from gadgets... or how they access Outlook, etc.

With regards to Desklets, the point is that you have two options: sandboxed and "full access", which makes it very compelling, IMHO.

With regards to to "reduction" of the API: it is probably a philosophical debate, but the point with reduction IMHO is not security or sandboxing, but how to make the "framework or vritual engine" small and make it "transferrable" to client computers with a fast download.

Sandboxing is absolutely necessary in the browser, but not on the desktop. The point you make with SL vista gadgets though, makes me think about something like clickonce for desklets - where you can cache the app for offline usage, but when you're online, it launches (or at least checks for a new version) from the remote server(s). (that would need security sandboxing though).

So, a question to Ironmen and Silverlight guys (Jimmy et al?): is it possible to somehow run Silverlight app as a desktop app on Windows? Something like Desklets? 

An ugly workaround I can think of at the moment would be a simple winforms application which hosts a browser control which in turn loads a silverlight application from a local system. (or maybe even starts a simple local-only lightweight http server (like chiron or devserver) if it is not possible to launch SL app from filesystem). That way, we could (could we really?) run DLRConsle as a desktop app... 

Miha


2008/12/26 Keith J. Farmer <kfarmer at thuban.org>


	Right, and I would agree that desklets are a nifty way to share sandboxed code.
	 
	My point was more a caution against trying to undo Silverlight/Moonlight's reduction.  It's one thing to add additional controls, quite another to start messing with the networking support. The security implications could be tragic ;)
	 
	It may interest you to know that folks have already created Silverlight gadgets for Vista's sidebar including, IIRC, gadgets that are remotely hosted.

________________________________

	
	From: users-bounces at lists.ironpython.com on behalf of Miha Valencic
	
	Sent: Fri 12/26/2008 12:48 PM 

	To: Discussion of IronPython
	Subject: Re: [IronPython] DLR, OS X/Linux & other languages
	

	[I hope this is not too off-topic...]
	
	What is wrong? Nothing I guess -- if you have full WPF at the other end. Probably WPF (or WCF in my example) is not the right example -- due to dependencies further down the road.
	
	Reduced set or not, you will end up with extensions/additions to base class library. You have extensions/additions with SL as well -- be it custom UI controls or some other backend libraries that make your life easier. (it is the same with desktop development). So you end up bringing those libraries along with your apps.
	
	Now the point of my ... writing/thinking is not how to bring in additional DLLs but how far are we from having the Silverilght programming model (with DLR + CoreCLR + XAML) with the whole extensibility model as a [lightweight] desktop programming model as well?
	
	So that, regardless of my platform of choice (Linux, OS X, Windows XP/Vista/7?), I can develop apps in the language of choice (be it a dynamic beast or a statically typed beast or something in between :)), and have it run on multiple platforms -- and on the web.
	
	Basically, we would need an environment to run Silverlight applications on the desktop as a "first class applications" with access to the full .NET/Mono/xy API where applicable. Something like desklets apparently deliver[1].
	
	It seems pretty awesome to me that I would be able to choose the language and have a great tooling support (UI controls, BCL subset..., VisualStudio) and that I could develop for the web and for the desktop using the same technology and paradigms.
	
	Miha
	
	[1]: http://www.davidarno.org/2008/04/21/mono-team-to-microsoft-build-moonlight-desklet-support-into-silverlight/
	
	
	
	2008/12/26 Keith J. Farmer <kfarmer at thuban.org>
	

		  
		What's wrong with targetting a full WPF host (assuming that Mono's WPF support is sufficient at the time)?
		 
		Either stick to the reduced set or not.  Don't try to turn the one into the other :)



	_______________________________________________
	Users mailing list
	Users at lists.ironpython.com
	http://lists.ironpython.com/listinfo.cgi/users-ironpython.com
	
	


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ironpython-users/attachments/20081226/64624d1d/attachment.html>

More information about the Ironpython-users mailing list