Seamless Lessons & Security (commentary)

[Martin Dengler]

On Mon, Jul 07, 2008 at 11:54:17AM -0300, Martin Langhoff wrote:
> 2008/7/7 Martin Dengler <martin at martindengler.com>:
[...]
> > http://dev.laptop.org/~mdengler/launch-by-click-ie.jpg
[...]
> I think that the dialogue you captured is the "seam" people are
> talking about :-)

Cool.  I was just querying the definition of "seamless".  I'm sure
sensible people are thinking about this.  I don't mean/imply
otherwise.  I just wanted to know whether this had been written down,
and whether we were to know the rationales.

> a document-triggered launch (using JEBs) is good enough, and I think
> it can be deemed reasonably safe.

That's what Ivan points out I conflated (run-existing-with-input
vs. run-new-with-dodgy-downloaded-stuff).  Like I said, 1) I doubt
users understand this distinction; and 2) the disctinction isn't that
useful anymore[1] anyway.

Sensible people will argue that "document-triggered launch" is
"reasonably safe", and such - I just didn't know we got to that
decision from "seamful".  I don't disagree with (what I imagine is)
the implied UI (I certainly think we need to eliminate the "abyss"
that was referred to, where it exists).

> So I don't think there's a major problem here.

Neither do I.  I didn't intend the tone of my email to be
unproductively argumentative.  I'm sure the summary-ish content
will/can be clarified, and I'm sure it's not important enough to
clarify *right*now* (before feature freeze, etc.).

> cheers,
> 
> 
> 
> m

Martin

1. it's not clear to me why applications accepting powerful input that
we don't normally think of as "executable code" should be trusted to
run-existing-with-dodgy-input more than the
run-new-with-dodgy-downloaded-code is ((un)trusted).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.laptop.org/pipermail/devel/attachments/20080707/b2a1947e/attachment.sig>