return to main page
Tempest in a Tea Pot ??
Is it safe to use ROPE, which uses JAVA ??
I (Ed Thelen) changed from Microsoft Windows 7 to Apple macOS.
Then promptly got concerned that ROPE's usage of JAVA might be an added security risk.
The following is a collection of e-mails concerning the above -
Table of Contents
Retrospect
In retrospect, since I was primarily concerned about random web sites triggering JAVA insecurities
in the browser I use (FireFox), I should have first checked with FireFox.
"Googling" about I found this statement from JAVA.
https://java.com/en/download/help/firefox_java.html
"Firefox no longer provides NPAPI support (technology required for Java applets)
"As of September, 2018, Firefox no longer offers a version which supports NPAPI, the technology required to run Java applets. The Java Plugin for web browsers relies on the cross-platform plugin architecture NPAPI, which had been supported by all major web browsers for over a decade. The 64 bit version of Firefox has never supported NPAPI, and Firefox version 52ESR is the last release to support the technology. It is below the security baseline, and no longer supported."
|
Initial E-Mail from Ed Thelen
From: ed ed-thelen.org
Sent: Tuesday, April 19, 2022 7:08 AM
To: Ron Mak,
Cc: Robert Garner
Subject: 1401, ROPE, Java
I moved to the MAC and its OS from Windows 7 about a year ago -
I have not yet loaded Java which seems required to run ROPE
due to the ?ongoing? security risk.
Is there a work-around ?
or do I spook too easily ??
-Ed Thelen
|
Response from Ron Mak
from: Ronald Mak/SJSU
Fri 4/29/2022 1:52 PM
To: ed ed-thelen.org
Cc: Robert Garner ; Stan Paddock, ;
Luca Severini ; Cay Horstmann
Hi, Ed.
My understanding is that Java was a security risk when used in the browser. ROPE uses Java on the desktop so it should be safe. You have to (re)install Java on your platform. As far as I know, Java runs fine on MacOS and 64-bit Windows. It could be the Java 5 version that I used way back then is now obsolete. It will be a challenge to convert ROPE to Python because it heavily uses Java’s graphical user interface.
I’ve cc’d Cay Horstman who has the most Java expertise that I know.
Cay, ROPE is a Java program that I wrote nearly 20 years ago during a few nights on the midnight shift at JPL mission control to babysit my Mars rover software (also written in Java). It’s a GUI shell for an Autocoder assembler and a machine simulator that allows us to write, debug, and run IBM 1401 programs on PC, Mac, and Linux platforms: http://ibm-1401.info/1401SoftwDevel.html. We use ROPE to develop demo programs to run on the restored 1960s-era hardware at the Computer History Museum.
— Ron
|
Response from Cay Horstmann
From: Cay Horstmann
Sent: Friday, April 29, 2022 9:39 PM
To: Ronald Mak/SJSU ; ed ed-thelen.org Cc: Robert Garner ; Stan Paddock, ; Luca Severini
Subject: Re: 1401, ROPE, Java, security risk
Running ANYTHING on your own desktop is FAR more of a security risk than
using an app or Java applet in the browser. It makes no difference what
programming language was used. With a small open source project such as
ROPE, you can carefully read through the source code and decide it
doesn't contain any instructions that steal your passwords or erase your
files. Or you can read the commit history and decide that you trust the
authors. But with software of any complexity, it becomes essentially
impossible to know the provenance of the entire codebase, as evidenced
by recent "supply chain" attacks. If in doubt, run an unknown program in
a VM.
Where does the meme "Java is unsafe" come from? I guess because at one
point Java applets were marketed as safer than ActiveX. Which they
surely were. But not safe enough, and Oracle decided not to try keeping
up with the hackers. It is no longer possible (at least not without
major tinkering) to run a Java applet in a browser.
Java runs fine on 64 bit Windows. You can download a recent version from
https://adoptium.net/.
Then again, if you are security conscious, why in the world would you be
running Windows?
Cheers,
Cay
|
;--)) from Ron Mak
I wrote ROPE and I don’t remember stealing any passwords.
|
The latest ROPE from Luca Severini
Hello everybody,
Regarding the security of modern OS, I currently work for Malwarebytes and I wonder why the people working on the Windows side (I’m on the Mac side of course) have at least three times more issues, and I’m sure that I’m pretty conservative in saying that.
Sure MacOS is not totally safe nor perfect, but still is much better than Windows…
Best regards,
Luca
Hello everybody,
You probably know that already, but the latest source of ROPE is on github.
https://github.com/lucaseverini/ROPE
Hope to see you again soon,
Luca
|
---------------------
GitHub
ME.md
ROPE
ROPE is an Integrated Development and Simulation Environment (IDSE) for the IBM 1401,
the historical and successful mainframe introduced in 1959 that can still be seen in
action at the Computer History Museum in Mountain View. (http://ibm-1401.info/index.html).
ROPE is the acronym of Ron's Own Programming Environment.
Ron Mak, NASA scientist, CS professor at SJSU and volunteer at the Computer History Museum
(http://www.cs.sjsu.edu/~mak/), wrote the first version of ROPE in 2005.
Luca Severini, Mak's student, took his place in the development and maintenance in 2013.
ROPE is made of three main parts. The front-end developed in java whose source is in this
repository, the Autocoder assembler developed in Fortran by W Van Snyder
(https://science.jpl.nasa.gov/people/Snyder),
and the SimH simulator (http://simh.trailing-edge.com).
Every comment, bug reporting or fixing is welcome.
Thank you!
Installing
$ git clone http://github.com/lucaseverini/ROPE.git
$ cd ROPE
$ unzip dist.zip
$ cd dist
Running
$ java -jar "rope1401.jar"
ROPE should open after running the command above.
Once ROPE opens, do the following:
In the window titled "EDIT", click the "Browse ..." button
Browse to the "examples" folder in this repository
Select the "lincoln.s" file
Click the "Choose" button
Click the "Assemble File" button
Two new windows will open inside of ROPE
In the window titled "EXEC" click the "Start program" button
Open the "PRINTOUT" window to see the output
Learn more
The manuals availble here are invaluable in programming the IBM 1401:
http://ibm-1401.info/1401SoftwDevel.html#Reference
|