wiki processor for interpreter
moved from deprecated page MiscProposals -- ThiloPfennig 2006-11-07 16:41:58
Use a processor for an interpreter to test out codechanges of our existing library.
If I use an UML I think about the following steps:
- processor starts UML
- processor sends data to UML RAMDISK
- UML starts the interpreter
- Interpreter executes the sources
- processor watches for results
- processor copies results to AttachURL
- UML exists
The idea is to start the interpreter by the UML and to exchange the data by the visit library. The UML must be protected against changes. Only a small RAMDISK is needed with read write access.
I have setup already the UML. I did some changes because I have learned some more options by reading UML documentations,
processor writes into filesystem fs2 all what has to be executed
processor starts UML by su dummy-user -c interpreter-UML
- single user mode is used and by this the interpreter is started
- the interpreter is configured to use a startup file this is used to execute all in fs2
- the interpreter executes halt
- UML exists
- processor reads results from fs2
I decided to use a dummy-user account whith nearly no rights on the system. At the moment I am using the kraxel precompiled kernels. The next step is to compile my own uml kernel. Because there are some modules into the kernel compiled which I prefer to have as module or removed.
Another way I am thinking about is:
If it is necessary to start by a dummy-user the UML I probably could start the interpreter the same way without the UML.
Any ideas are welcome.
Discussion
see also CommunityProgrammableWiki
Security concerns
In my implementation, the most important layer of security is PeerReview; the server doesn't accept any code until the code has been put up for review for a fixed "review period", during which anyone may veto the code. Although I try to sandbox the CPW code, I feel that allowing arbitrary web users to execute arbitrary code is too dangerous, even if the process is sandboxed. I might feel differently if we were using a language that can be inherently sandboxed, such as Java or Lua.
I don't know enough about security to know if UML with a ramdisk is sufficient. Could it really be safe to allow an attacker to execute arbitrary code on your box, if that code will be executed within UML on a ramdisk (a Google search for "UML "break out"" or "UML honeypot" suggests that UML can sometimes have security flaws just like everything else)? Even if the attacker can't break out of the UML, if they can gain root access within the UML they can presumably use your machine as a jumping-off point to stage an attack on someone else's machine (I think designing a firewall to allow out only replies to the current HTTP request will be error-prone and may have security flaws the first hundred attemps, as that is not a common task for which firewalls are presently designed).
If you wimp out, like me, and require peer review, then I don't think it is feasible to have debugging online; you need to give your peers some time to log on and read the code.
On the other hand, I think it would be feasible for the host/admin to hand-select people whom they trusted and to give them "peer review override" access. I haven't implemented this yet, but it's on my list. However, for the time being, I think just giving your friends a shell account would be the easiest way to accomplish this.
Peer review
Lest it sound like I think the security problems are insoluble, I don't; I think PeerReview is stronger than any sort of security in the software, and I think it's strong enough to make the system work.
LiterateProgramming; Why my implementation is based on patches
First, let me say that I'm excited about the idea of having tying LiterateProgramming in with CommunityProgrammableWiki""s. I'd like to see each subroutine have it's own wiki page, for the code to be on that page, for discussion about the code to be on that page, and for change to the code to be submitted to that page.
Ideally, I'd even like to have the code editable through the edit box on that page. But I don't think this feature needs to be top priority (although if someone else wants to implement it, I'd be glad to have it). The reason is that most things that people want to do with the code will affect many parts of the code at once. If you want to make a change that changes subroutine A and subroutine B, you want that change to be treated atomically, both in terms of when it is applied, and in terms of rolling it back later or viewing it in the wiki pages' version histories.
I don't think it is the best idea to have the whole wiki's sourcecode just be associated with one wiki page (with different changes being changes to that page). This would get too confusing as many people are working on their own projects and changing the sourcecode at the same time. More practically, the source code of many wiki engines is TooBigToEdit (I know because this was the first thing I tried); for many wiki engines, you can't fit all the sourcecode into one HTTP Post. Also more practically, the way I implemented PeerReview was the same way that UseMod implements publically editable InterMapTxt on MeatballWiki (see CommunityProgrammableWiki:FileReplacement and FileReplacement ); if this is the way you do it, then each proposed change should go on a separate page (because, using the FileReplacement system, no proposed change is written to disk until the page containing the proposal remains unchanged for an entire peer review cycle).
So, I think the best way is to think of each change as being an object in itself (a patch). I want it to be possible for each subproject which is changing the code in different ways to have its own wiki page for posting its suggested code changes and discussing them (or rolling them back). Even better, each proposed change could get its own page for discussing that change. Both of these are possible if you express changes as patches.
In summary, the community is going to think in terms of proposed code changes in terms of patches anyway. Why not provide software support for acting directly on those patches? And, once you provide that, how often is the community really going to use anything else?
Availability of sourceforge site
I have a sourceforge site for CommunityProgrammableWikis. I would be happy to use it to host other CommunityProgrammableWiki""s besides the one I wrote, and to discuss this stuff on the wiki over there. In fact, I eventually envision a whole community of CommunityProgrammableWiki""s living on the same server, written in different languages, but interoperating in various ways, and perhaps able to edit each others' code.
One caveat: right now, I don't actually run my CommunityProgrammableWiki on the sourceforge site. I wonder if we should ask before we do something like that. Also, presuming we got permission, whatever system we have running on that site will have to pass muster with me security-wise. Remember, we don't have access to UML or anything like that at the sourceforge site.
I also have an old computer that I was planning to eventually set up as a server for CommunityProgrammableWiki""s, if anyone is really interested. I would be open to running other people's CommunityProgrammableWiki""s there. This year it would be running off my cable modem connection (which goes down every now and then), but in the future I might be able to set it up on UCSD's network in my office. Again, though, I'd have to be very comfortable with the security of someone's CommunityProgrammableWiki if I was going to host it.
-- BayleShanks