[lively-kernel] Couple of question on Lively

Lawson English lenglish5 at cox.net
Sat Nov 26 07:48:12 CET 2011

On 11/25/11 10:58 PM, Daniel Ingalls wrote:
> Hello Ram -
> [...]
>   It is a focus of this year's Bachelor project at HPI to push forward in both portability of Lively apps in the mobile sphere and, we also hope, access to hardware features on a par with native apps.

The same security issue applies to LK's access to the underlying 
hardware, applies to the squeak browser plug-in: with great power, comes 
great responsibility. The more access to the client's OS that a web-app 
has, the more potential there is for malware.

Microsoft raised an important point about WebGL earlier this year: a 
web-app could bypass normal browser security and wreak havoc on a user's 
system simply by making the proper OpenGL calls to the video card and no 
existing security software can check to see if this is being done. The 
only symptom is the melting card. Same thing applies to any extra access 
given to LK above and beyond the existing browser sandboxes.


More information about the lively-kernel mailing list