Extremely impressive. ...although it's not clear why this isn't a huge vector to cause all sorts of havoc.
The idea of having an executable sandbox that anyone can drop executable code into sounds famously ill-conceived. Every time a site like yahoo mail or myspace has a javascript sanitation problem, this causes major problems..
Sure, the "web at large" is like a big space filled with executable scripts, but at least there is a level of accountability established by the site that is hosting any scripts you're executing.
While javascript might execute in a sandbox, it's still wise to use NoScript. I don't know enough about silverlight to know whether or not to trust it, so by default, I am skeptical. I'm even more skeptical of a site that built on the idea of user-contributed apps that run in a silverlight sandbox.
I do appreciate the built-in ability to view the source code of the apps, however. The reputation system for apps might also make it possible to crowd-filter out the worst ones. All the same, I saw an app named "infinite" that I imagine amounts to a denial of service. Yes, it was voted "-1" but it's probably a DOS, lurking in the user-submitted apps.
although it's not clear why this isn't a huge vector to cause all sorts of havoc.
First the larger question: Is the Silverlight sandbox safe? The Silverlight CoreCLR security model is a simplified version of the full CLR security model [1].
Some callouts:
- C# "unsafe" code blocks, which let you access raw pointers, are not allowed.
- P/Invoke and COM Interop are not allowed.
- There are whole categories of the .NET class library that have been removed, a notable example being local file access. Silverlight is not like Adobe AIR, which gives you all sorts of native APIs.
- Socket communications are restricted by default to the original host from which the Silverlight app was downloaded. Cross-domain access can be granted by supplying either a Flash policy file or a Silverlight-native policy file. [2]
Therefore, to say whether this could be used for DDOS attacks on other hosts, we need to look at the network access policy file. Here it is: http://www.wiki-os.org/clientaccesspolicy.xml . As configured now, Wiki-OS allows incoming HTTP connections from any host, but outgoing connections are only permitted to the original host (and outgoing connections can only use the WebClient-- outgoing raw socket connections are not allowed).
This is interesting. If I'm reading that file correctly, it seems you could write a Wiki-OS network server but not a DDOS vehicle.
With regards to the "infinite" program, I meant a DOS on YOUR machine, completely irrespective of network access. ...at least enough to force you to close the tab or the browser. I assume the sandbox is good enough to keep the process from causing the machine to become unresponsive, but hey...
Your conclusion is quite interesting, with respect to the possibilities of wiki-os. That's potentially a quite powerful feature.
This is really cool...the best use of Silverlight I've seen so far. Now Microsoft just needs to cook a clever implementation of Silverlight into the next version of Windows Mobile to have a truly powerful mobile platform.
Microsoft is a big beast to move, but once it gains momentum you should watch out. It's certainly not going to be tomorrow, but Windows Mobile will be competitive with iPhone eventually.
Windows Mobile 6.5 is due out Oct 6th, and "will deliver new customer experiences through an improved, easy-to-use user interface, better browsing capabilities and access to valuable services, including Windows Marketplace for Mobile and Microsoft My Phone"
Windows Mobile is the prevalent operating system on phones
If you work for Microsoft, you may find comfort in that fact, but for everyone else out there, I wouldn't bet on Windows Mobile dominance based on what's happening with the iPhone (followed long-term by Android).
I feel that the whole web concept using a browser based interface is a bit hyped now. And anyways believe it or not, iPhone is the first true Web OS. And so is Google Android. It's sad Microsoft hasn't taken this kind of thing seriously yet.
The idea of having an executable sandbox that anyone can drop executable code into sounds famously ill-conceived. Every time a site like yahoo mail or myspace has a javascript sanitation problem, this causes major problems..
Sure, the "web at large" is like a big space filled with executable scripts, but at least there is a level of accountability established by the site that is hosting any scripts you're executing.
While javascript might execute in a sandbox, it's still wise to use NoScript. I don't know enough about silverlight to know whether or not to trust it, so by default, I am skeptical. I'm even more skeptical of a site that built on the idea of user-contributed apps that run in a silverlight sandbox.
I do appreciate the built-in ability to view the source code of the apps, however. The reputation system for apps might also make it possible to crowd-filter out the worst ones. All the same, I saw an app named "infinite" that I imagine amounts to a denial of service. Yes, it was voted "-1" but it's probably a DOS, lurking in the user-submitted apps.
Interesting experiment, but I have reservations.