[lively-kernel] Couple of question on Lively
lenglish5 at cox.net
Sat Nov 26 07:48:12 CET 2011
On 11/25/11 10:58 PM, Daniel Ingalls wrote:
> Hello Ram -
> It is a focus of this year's Bachelor project at HPI to push forward in both portability of Lively apps in the mobile sphere and, we also hope, access to hardware features on a par with native apps.
The same security issue applies to LK's access to the underlying
hardware, applies to the squeak browser plug-in: with great power, comes
great responsibility. The more access to the client's OS that a web-app
has, the more potential there is for malware.
Microsoft raised an important point about WebGL earlier this year: a
web-app could bypass normal browser security and wreak havoc on a user's
system simply by making the proper OpenGL calls to the video card and no
existing security software can check to see if this is being done. The
only symptom is the melting card. Same thing applies to any extra access
given to LK above and beyond the existing browser sandboxes.
More information about the lively-kernel