> Am 30.01.2017 um 11:49 schrieb Sven Van Caekenberghe <s...@stfx.eu>: > >> >> On 30 Jan 2017, at 11:43, Norbert Hartl <norb...@hartl.name> wrote: >> >>> >>> Am 30.01.2017 um 11:36 schrieb Denis Kudriashov <dionisi...@gmail.com>: >>> >>> Hi Sean. >>> >>> 2017-01-28 19:06 GMT+01:00 Sean P. DeNigris <s...@clipperadams.com>: >>> Have you considered security at all yet? Leaving a port open which allows >>> arbitrary code to be executed reomotely seems very dangerous... >>> >>> Norbert already answer you. I just put little summary. >>> Currently there is two important issues which must be handled manually: >>> - security. You can manage it by VPN or SSH >>> - distributed garbage collection. You need perform "remotePharo disconnect" >>> (or "PrmRemotePharo disconnectAll") at the end of your working session. It >>> cleans server and client from distributed objects. >>> >>> Last issue is at high priority in my todo. When I implement it unused >>> distributed objects will be collected automatically like local ones. >>> Security option can be added too. Seamless design allows to it. Probably It >>> can be simple switch to SecureSocketStream instead of SocketStream. >> >> My advize for security is two-fold. The first reason not to apply security >> features to seamless is that it complicates the code base with a feature >> that is done better elsewhere. The second reason is that one big reason why >> this can be unusable is latency. A high latency makes it very hard to use >> the toolkit. So removing everything adding latency should be avoided. >> Security is from the image perspective one of those things. > > Explicit/manual SSH port forwarding is easy & safe. Doing it deliberately > makes you more aware of what you are doing, which is very necessary in this > case because of the huge danger involved (giving away full image control). > But it will add its own latency (just like TLS would). > Right. To make it a bit more concrete. If we use the example of Denis on port 40423 then a simple
$ ssh -L 40423:localhost:40423 pharmide-server.anydomain.com <http://pharmide-server.anydomain.com/> will open a forwarding tunnel so you can connect with the PharmIDE client using PrmRemoteIDE connectTo: (TCPAddress ip: #[127 0 0 1] port: 40423) and you'll end up connecting to your remote image. Unfortunately I couldn't test it because I installed the PharmIDE on my linux machine and it does not work. When starting the image a listening port is opened but 5 seconds later the port closes automatically. Has anyone tested it on a linux machine? Norbert >> thanks again for doing that. >> >> Norbert >> >>> >>> Important thing here that I am really satisfied with Seamless design which >>> I made. It was driven by tests which means that it only addresses existing >>> features but allow stable evolution to new functionality. And I thing it is >>> most important property of any system: provide stable way how to evolve. >>> System can be broken and very buggy at some point but if design and tests >>> are stable then system will move. By stable I mean "do not require big >>> changes for any new bug or feature", "always iterative process". >>> Just want to share these thoughts with you :).
