ROX Desktop - Security

Programming in E, one year on

Thomas Leonard — Sat, 16 Oct 2010 19:35:03 +0000

E is a "secure distributed pure-object platform and p2p scripting language". I've been writing programs in E for a little over a year now. Here's a quick summary of the cool features I've found so far in this surprisingly overlooked little language.

Klik to Zero Install

Thomas Leonard — Tue, 11 Apr 2006 20:18:40 +0000

I've tried installing Klik twice in the past, but the site was down both times. A osnews.com article prompted me to try it again and this time I got it installed.

Klik's main advantage over Zero Install is the large number of packages available for it. Its main disadvantage is that it's totally insecure. However, I've written klik2zero, a little Python script that creates Zero Install packages automatically from Klik ones.

New toy: plash

Thomas Leonard — Thu, 26 Jan 2006 21:42:14 +0000

I've been spending a bit of time playing with PLASH. Plash is a shell which grants the programs it runs access only to certain files. For example:

$ cat text

Because text appears on the command-line, the cat command is given read access to it (and nothing else). To get write access, you put => before the filename:

$ rm text
/bin/rm: cannot remove `text': Permission denied
$ rm => text
$

You can also give a process access to a file (or directory structure) without also passing its name as an argument. List such files after +, e.g.:

GPG keys and instructions

Thomas Leonard — Thu, 05 Jan 2006 20:22:56 +0000

GPG is the GNU Privacy Guard.

In an effort to reduce the chance of someone breaking into SourceForge (as has happened before) and quietly changing the code (which hasn't), all software source releases have GPG signatures.

To check a file, you need to get my public key (below) and the GPG signature for the file you downloaded. Assuming the key hasn't been tampered with too, GPG can check that the downloaded file is identical to the one I signed.