Seamless Lessons & Security (commentary)
martin at martindengler.com
Mon Jul 7 11:35:58 EDT 2008
On Mon, Jul 07, 2008 at 11:54:17AM -0300, Martin Langhoff wrote:
> 2008/7/7 Martin Dengler <martin at martindengler.com>:
> > http://dev.laptop.org/~mdengler/launch-by-click-ie.jpg
> I think that the dialogue you captured is the "seam" people are
> talking about :-)
Cool. I was just querying the definition of "seamless". I'm sure
sensible people are thinking about this. I don't mean/imply
otherwise. I just wanted to know whether this had been written down,
and whether we were to know the rationales.
> a document-triggered launch (using JEBs) is good enough, and I think
> it can be deemed reasonably safe.
That's what Ivan points out I conflated (run-existing-with-input
vs. run-new-with-dodgy-downloaded-stuff). Like I said, 1) I doubt
users understand this distinction; and 2) the disctinction isn't that
useful anymore anyway.
Sensible people will argue that "document-triggered launch" is
"reasonably safe", and such - I just didn't know we got to that
decision from "seamful". I don't disagree with (what I imagine is)
the implied UI (I certainly think we need to eliminate the "abyss"
that was referred to, where it exists).
> So I don't think there's a major problem here.
Neither do I. I didn't intend the tone of my email to be
unproductively argumentative. I'm sure the summary-ish content
will/can be clarified, and I'm sure it's not important enough to
clarify *right*now* (before feature freeze, etc.).
1. it's not clear to me why applications accepting powerful input that
we don't normally think of as "executable code" should be trusted to
run-existing-with-dodgy-input more than the
run-new-with-dodgy-downloaded-code is ((un)trusted).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
More information about the Devel