return to main page

Tempest in a Tea Pot ??

Is it safe to use ROPE, which uses JAVA ??

I (Ed Thelen) changed from Microsoft Windows 7 to Apple macOS.
Then promptly got concerned that ROPE's usage of JAVA might be an added security risk.
The following is a collection of e-mails concerning the above -

Table of Contents
  1. Retrospect
  2. Initial E-Mail from Ed Thelen
  3. Response from Ron Mak
  4. Response from Cay Horstmann
  5. ;--)) from Ron Mak
  6. The latest ROPE from Luca Severini

Retrospect
In retrospect, since I was primarily concerned about random web sites triggering JAVA insecurities in the browser I use (FireFox), I should have first checked with FireFox.
"Googling" about I found this statement from JAVA.
https://java.com/en/download/help/firefox_java.html
"Firefox no longer provides NPAPI support (technology required for Java applets)

"As of September, 2018, Firefox no longer offers a version which supports NPAPI, the technology required to run Java applets. The Java Plugin for web browsers relies on the cross-platform plugin architecture NPAPI, which had been supported by all major web browsers for over a decade. The 64 bit version of Firefox has never supported NPAPI, and Firefox version 52ESR is the last release to support the technology. It is below the security baseline, and no longer supported."

Initial E-Mail from Ed Thelen 
From: ed ed-thelen.org 
Sent: Tuesday, April 19, 2022 7:08 AM
To: Ron Mak, 
Cc: Robert Garner 
Subject: 1401, ROPE, Java
 
I moved to the MAC and its OS from Windows 7 about a year ago -

I have not yet loaded Java which seems required to run ROPE
     due to the ?ongoing? security risk.

Is there a work-around ?
  or do I spook too easily ??

-Ed Thelen

Response from Ron Mak
from: Ronald Mak/SJSU
Fri 4/29/2022 1:52 PM
To: ed ed-thelen.org
Cc: Robert Garner ; Stan Paddock, ;
Luca Severini ; Cay Horstmann

Hi, Ed.

My understanding is that Java was a security risk when used in the browser. ROPE uses Java on the desktop so it should be safe. You have to (re)install Java on your platform. As far as I know, Java runs fine on MacOS and 64-bit Windows. It could be the Java 5 version that I used way back then is now obsolete.
It will be a challenge to convert ROPE to Python because it heavily uses Java’s graphical user interface.

I’ve cc’d Cay Horstman who has the most Java expertise that I know.

Cay, ROPE is a Java program that I wrote nearly 20 years ago during a few nights on the midnight shift at JPL mission control to babysit my Mars rover software (also written in Java). It’s a GUI shell for an Autocoder assembler and a machine simulator that allows us to write, debug, and run IBM 1401 programs on PC, Mac, and Linux platforms: http://ibm-1401.info/1401SoftwDevel.html. We use ROPE to develop demo programs to run on the restored 1960s-era hardware at the Computer History Museum.

— Ron

Response from Cay Horstmann
From: Cay Horstmann
Sent: Friday, April 29, 2022 9:39 PM
To: Ronald Mak/SJSU ; ed ed-thelen.org Cc: Robert Garner ; Stan Paddock, ; Luca Severini
Subject: Re: 1401, ROPE, Java, security risk

Running ANYTHING on your own desktop is FAR more of a security risk than using an app or Java applet in the browser. It makes no difference what programming language was used. With a small open source project such as ROPE, you can carefully read through the source code and decide it doesn't contain any instructions that steal your passwords or erase your files. Or you can read the commit history and decide that you trust the authors. But with software of any complexity, it becomes essentially impossible to know the provenance of the entire codebase, as evidenced by recent "supply chain" attacks. If in doubt, run an unknown program in a VM.

Where does the meme "Java is unsafe" come from? I guess because at one point Java applets were marketed as safer than ActiveX. Which they surely were. But not safe enough, and Oracle decided not to try keeping up with the hackers. It is no longer possible (at least not without major tinkering) to run a Java applet in a browser.

Java runs fine on 64 bit Windows. You can download a recent version from
https://adoptium.net/.

Then again, if you are security conscious, why in the world would you be running Windows?

Cheers,

Cay

;--)) from Ron Mak
I wrote ROPE and I don’t remember stealing any passwords.

The latest ROPE from Luca Severini
Hello everybody, Regarding the security of modern OS, I currently work for Malwarebytes and I wonder why the people working on the Windows side (I’m on the Mac side of course) have at least three times more issues, and I’m sure that I’m pretty conservative in saying that. Sure MacOS is not totally safe nor perfect, but still is much better than Windows… Best regards, Luca
Hello everybody, You probably know that already, but the latest source of ROPE is on github. https://github.com/lucaseverini/ROPE Hope to see you again soon, Luca
--------------------- 
GitHub


ME.md 
ROPE

ROPE is an Integrated Development and Simulation Environment (IDSE) for the IBM 1401, 
the historical and successful mainframe introduced in 1959 that can still be seen in 
action at the Computer History Museum in Mountain View. (http://ibm-1401.info/index.html).

ROPE is the acronym of Ron's Own Programming Environment.

Ron Mak, NASA scientist, CS professor at SJSU and volunteer at the Computer History Museum 
(http://www.cs.sjsu.edu/~mak/), wrote the first version of ROPE in 2005.

Luca Severini, Mak's student, took his place in the development and maintenance in 2013. 
ROPE is made of three main parts. The front-end developed in java whose source is in this 
repository, the Autocoder assembler developed in Fortran by W Van Snyder 
(https://science.jpl.nasa.gov/people/Snyder), 
and the SimH simulator (http://simh.trailing-edge.com). 
Every comment, bug reporting or fixing is welcome.
Thank you!
Installing

$ git clone http://github.com/lucaseverini/ROPE.git
$ cd ROPE
$ unzip dist.zip
$ cd dist

Running

$ java -jar "rope1401.jar"

ROPE should open after running the command above.

Once ROPE opens, do the following:

    In the window titled "EDIT", click the "Browse ..." button
    Browse to the "examples" folder in this repository
    Select the "lincoln.s" file
    Click the "Choose" button
    Click the "Assemble File" button

Two new windows will open inside of ROPE

    In the window titled "EXEC" click the "Start program" button
    Open the "PRINTOUT" window to see the output

Learn more

The manuals availble here are invaluable in programming the IBM 1401:
 http://ibm-1401.info/1401SoftwDevel.html#Reference