I'll have to ponder on the SETI/Boinc option.<br><br>Like I said originally, I didn't think it was possible, but there are a lot of people in this community smarter than me, so I figured it wouldn't hurt to ask. :)
<br><br>tj<br><br><br><div class="gmail_quote">On Jan 8, 2008 1:31 AM, Hynek Vychodil <<a href="mailto:vychodil.hynek@gmail.com">vychodil.hynek@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
This is insecure by principle like DRM. It can't work any way really<br>secure. All methods what you can use will be only security by<br>obscurity ant it isn't real security.<br><br>What if I use tweaked VM?<br>What if I use tweaked network layer.
<br>What if I use tweaked kernel.<br>What if I use virtual machine for run hosting OS?<br><br>You can't solve it! You must trust at least some client even use<br>SETI/Boinc redundant approach.<br><div><div></div><div class="Wj3C7c">
<br>On 1/7/08, Ulf Wiger (TN/EAB) <<a href="mailto:ulf.wiger@ericsson.com">ulf.wiger@ericsson.com</a>> wrote:<br>> Travis Jensen skrev:<br>> > Thanks for the reply, Ulf. This seems like the inverse of what I want,
<br>> > if I'm understanding it correctly. This allows the client to run<br>> > untrusted code on the server, right? What I want is to have the server<br>> > run trusted code on the client and be able to trust the result.
<br>><br>> Ok, sorry for the sloppy interpretation.<br>><br>> It seems as if you have to decide upon which level of trust<br>> to extend to the client, and then live with that. Unless<br>> you know exactly what the result of the computation will
<br>> be, I think it ought to be extremely difficult to get any<br>> guarantees...<br>><br>> But if you can run an Erlang VM on the client, you can take<br>> some precautions to make sure that the client doesn't
<br>> easily tamper with it:<br>><br>> - maintain a secure connection with the VM, to make sure<br>> that it's not shut down and replaced with something<br>> else<br>> - don't provide a shell (
e.g. via to_erl) on the client<br>> - don't run distributed Erlang on it, or if you do,<br>> try to use a really obscure cookie that you set after<br>> erlang is started (this means you must bring up the
<br>> net kernel manually)<br>> - This way, there is no way to start a shell session<br>> on the VM, or access the RPC server in order to<br>> e.g. load suspicious code.<br>><br>> If you then send code and requests along the secure
<br>> channel, you should be pretty safe.<br>><br>> (I'm sure there are variations on the above theme.)<br>><br>> BR,<br>> Ulf W<br>><br>> ><br>> > So, let me break it down a little more...
<br>> ><br>> > - Client connects to server.<br>> > - Server sends code to client<br>> > - Client runs process<br>> > - Clients sends result to server<br>> > - Server trusts client result
<br>> ><br>> > In the middle of this is the fact that I don't really trust the client,<br>> > so I would have to know that the result I get from the client is<br>> > actually the result of running the process I sent to the client and not
<br>> > the result of some hack. In general, there are two hack concerns:<br>> > hacking the running process to process differently and hacking the<br>> > resulting data stream to give a fake result.<br>
> ><br>> > I realize that this may be wishful thinking, but a month ago, having a<br>> > system that would scale significantly without introducing unbelievable<br>> > complexity into my code was also wishful thinking; then I found Erlang. :)
<br>> ><br>> > tj<br>> ><br>> > On Jan 7, 2008 12:01 AM, Ulf Wiger (TN/EAB) <<a href="mailto:ulf.wiger@ericsson.com">ulf.wiger@ericsson.com</a><br>> > <mailto:<a href="mailto:ulf.wiger@ericsson.com">
ulf.wiger@ericsson.com</a>>> wrote:<br>> ><br>> > Travis Jensen skrev:<br>> > > I've been looking around online and haven't seen anything to<br>> > contradict<br>> > > what I assume to be the case, but I'm unfamiliar enough with
<br>> > Erlang that<br>> > > I figure I should ask.<br>> > ><br>> > > Assuming I have a server on one system and a client on another system<br>> > > that exists out somewhere else in the broad, scary internet. The
<br>> > server<br>> > > is trusted, the client is not. The network connection between<br>> > the two<br>> > > is not trusted.<br>> > ><br>> > > Is there any way to run trusted code on the client?
<br>> ><br>> > As far as I know, the closest you will get right now with<br>> > Erlang is ErlHive.<br>> ><br>> > <a href="http://erlhive.sourceforge.net/" target="_blank">http://erlhive.sourceforge.net/
</a><br>> ><br>> > ErlHive is sort of presented as a web application development<br>> > framework, but is really mainly a multi-user back-end with<br>> > safe code execution. It happens to have a front-end application
<br>> > which hooks into Yaws, and enables user authentication via<br>> > HTTP.<br>> ><br>> > ErlHive is able to compile modules from source, or interpret<br>> > erlang expressions. It forbids operations that are not known
<br>> > to be safe, but also offers safe alternatives to many<br>> > operations that normally wouldn't be: a virtual file system,<br>> > process spawning, send & receive, ets tables, etc. All code
<br>> > runs inside mnesia transactions.<br>> ><br>> > BR,<br>> > Ulf W<br>> ><br>> ><br>> ><br>> ><br>> > --<br>> > Travis Jensen<br>> > <a href="mailto:travis.jensen@gmail.com">
travis.jensen@gmail.com</a> <mailto:<a href="mailto:travis.jensen@gmail.com">travis.jensen@gmail.com</a>><br>> > <a href="http://cmssphere.blogspot.com/" target="_blank">http://cmssphere.blogspot.com/</a><br>> > Software Maven * Philosopher-in-Training * Avenged Nerd
<br>> ><br>> ><br>> > ------------------------------------------------------------------------<br>> ><br>> > _______________________________________________<br>> > erlang-questions mailing list
<br>> > <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>> > <a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://www.erlang.org/mailman/listinfo/erlang-questions
</a><br>> _______________________________________________<br>> erlang-questions mailing list<br>> <a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>> <a href="http://www.erlang.org/mailman/listinfo/erlang-questions" target="_blank">
http://www.erlang.org/mailman/listinfo/erlang-questions</a><br>><br><br><br></div></div><font color="#888888">--<br>--Hynek (Pichi) Vychodil<br></font></blockquote></div><br><br clear="all"><br>-- <br>Travis Jensen<br>
<a href="mailto:travis.jensen@gmail.com">travis.jensen@gmail.com</a><br><a href="http://softwaremaven.innerbrain.com/">http://softwaremaven.innerbrain.com/</a><br>Software Maven * Philosopher-in-Training * Avenged Nerd