Kerry, this is for you :-)
Hi Kerry,
Thanks for the encouraging feedback. The fact is that its been a long time that I haven't developed JNEXT due to other projects taking too much of my time. However, I really do want to continue the development.
The security infrastructure can take JNEXT to the level where it can be safely used on any Web site. I spent a lot of time trying to think of the ways in which the security design can be compromised and it seems as though all the angles have been covered. However, more scrutiny is required and the development involved would take quite a bit to complete in my spare time, so I'm sort of waiting until something changes - i.e either someone capable with enough time will want to help out or I suddenly get very rich and will be able to put in the time this project deserves. Until either of these occur, I'm afraid that progress will continue to be slow.
All the best,
Amnon
---------------------
Subject: JNEXT ver 1.0.9?
On Thursday, May 13, 2010, 04:05 PM, Kerry wrote:
I was wondering if you still plan on developing the next version of JNEXT (with the security attributes you mentioned would be in 1.0.9).
I think this is a great concept and hope you haven't gotten discouraged...
Thanks for your reply,
Kerry
[ 2 comments ] ( 53 views ) | permalink |
( 3 / 2256 )The plan is to release two minor versions before releasing the version with the advanced Web security framework.
The minor versions will include some cool examples of using JavaScript with UDP and perhaps some additional plugins.
In a nutshell, for anyone who is interested - the Web security is achieved using a backend utility that creates a signed file of various dependencies and signed digests of the site that requires real time verification by the JNEXT client. The JNEXT client when accessing this site in real time does not enable any native operation until the current page contents and CSS/script dependencies has been verified to be authentic.
The server backend utility has been completed and what is left is the non-trivial task of building the real-time JNEXT client side security mechanism.
It's quite a challenge, but its also a lot of fun and considering the ease at which site developers will be able to combine JavaScript with TCP,UDP,SQLite,Files and any other extension plugins gives enough motivation to meet the challenges...
[ 2 comments ] ( 106 views ) | permalink |
( 2.9 / 2204 )To those interested in the development state of JNEXT:
The past couple of weeks I've been laying the infrastructure for the PKI based security system for enabling JNEXT to safely run on public Web sites.
Work is currently being done on the JNEXT security backend - the idea being the a Webmaster will be able to run a utility which will automatically pre-process the site being launched and create the necessary signatures that the client JNEXT engine will process at runtime (surftime...) and on which decision will be made of whether to enable JNEXT based on whether the javascript code on the site has been compromised.
Completing the back end and the client side security framework takes quite a bit of work - I expect the new version of JNEXT containing this functionality will be complete sometime in January 2009 - so there will be a bit of silence on this blog until then - but don't get the wrong impression: JNEXT is growing and maturing every day and my ambitions for its use are of megalomanic proportions... :-)
[ add comment ] ( 19 views ) | permalink |
( 3.1 / 168 )Things are starting to fall into place with the security design for JNEXT, so this is where the focus will be the next few weeks.
[ 2 comments ] ( 62 views ) | permalink |
( 3 / 1788 )After getting a better understanding of the number of security holes that must be plugged in order to make JNEXT safe for deployment on public Web sites, it seems this is definitely not going to be a walk in the park. Ironically, The power and flexibility of JavaScript, which motivated me to create JNEXT in the first place, is the very reason that makes the task of letting JNEXT loose on the Web a very difficult one.
Since at this point, there are not many people actively involved in developing JNEXT, my dilemma is whether to spend more time researching how to make JNEXT's security watertight or to forget about Web deployment for now, define JNEXT as a tool for rapid application development and concentrate on creating cool extensions for it.
Anyone care to comment ?
[ add comment ] ( 20 views ) | permalink |
( 3 / 1803 )
Calendar
