Re: Xcode... - rendezvous + cluster
Re: Xcode... - rendezvous + cluster
- Subject: Re: Xcode... - rendezvous + cluster
- From: Wade Tregaskis <email@hidden>
- Date: Wed, 25 Jun 2003 13:30:16 +1000
What you've described is effectively what's being pushed as 'grid
computing'. It is not a part of the OS - it is a whole new world in
which to find exotic problems. Not the least of which is security -
would you trust anyone with network access to your machine to run
code on it?
On the local link? Generally, yes. Making Rendezvous link-local only
turns a network security problem into a site security problem, and
those are much easier to solve.
You can never trust your network. Networks simply don't provide much
security against unwanted access . Maybe if you're using a VPN or
Airport, but even then there are still issues...
Plus it may be that you don't trust everyone on your network, and for
good reason. I'm on a network here at college with at least 200
computers on my subnet, and I don't think I'd trust a single one of
them implicitly. What I might do is trust some of them with certain
limitations, like not letting them use any networking accept back to
the original computer (to prevent my computer becoming a willing part
of a DDoS, for example), and not having access to local storage except
in a particular directory (e.g.
/tmp/<someuniquedirjustforthatprocess>/), etc. There's no reliable
mechanism in MacOS X to do this - if systrace were integrated, then
we'd have something to work with.
The purpose of my aforementioned project is to overcome these problems
and others - like user authentication. MacOS X doesn't have any scheme
for distributed PKI operations. My current subproject is a 'Keychain'
framework to provide just such a unified scheme, but it's at 20,000
lines and growing with still only very basic functionality. It was
meant to just be an ObjC wrapper over all Apple's C/C++ stuff, but due
to the limitations of that stuff*, I'm having to write some
functionality from scratch. Not fun.
So even on a local network (which I wouldn't assume; what if you have a
server farm of a thousand machines, on multiple subnets, at a remote
location?) there are a lot of issues which need to be solved, and don't
have much OS-level support [as yet]. Having said that, the Security
guys seem to be full of secrets lately, so I'm somewhat hopeful that
there'll be some new stuff in Panther (perhaps someone could check the
Security framework in the preview release for me), but that's up to 6
months away. I'd originally planned to finish this project within 6
months from now. :/
Wade Tregaskis
-- Sed quis custodiet ipsos custodes?
* = This isn't having a dig at the Apple guys - they've done a heck of
a lot of good work all round, and kudo's to them for it. Unfortunately
for me and them, however, there's still a lot to be done.
_______________________________________________
cocoa-dev mailing list | email@hidden
Help/Unsubscribe/Archives:
http://www.lists.apple.com/mailman/listinfo/cocoa-dev
Do not post admin requests to the list. They will be ignored.