[cap-talk] Re: entertaining system problem from RISKS digest
Jed at Webstart
donnelley1 at webstart.com
Tue Feb 1 16:37:10 EST 2005
At 10:36 AM 1/28/2005, Sam Coleman wrote:
>At 09:52 AM 1/27/2005, Mark Boolootian wrote:
>>The question about everyday users sorting out stuff like this is one I
>>often find myself asking.
>
>I've seen the same thing. If I boot with a USB disk attached, I get a disk
>error, not just a non-system-disk message. When I unplug the drive all is
>well. My BIOS only has floppy, CD, and hard drive options for booting. I
>dropped the floppy and CD from the list, so I'll see what happens next time.
>
>I agree with Mark, how to people deal with this stuff? Well, for one
>thing, they call someone like you or me. As has been said many times, if
>cars were as unreliable as computers, Detroit would be out of business and
>auto executives would be hanging from lamp posts.
Only if there were a more reliable and user friendly alternative. There
doesn't seem to be. In some ways it seems computers are still in a state
comparable to automobiles in the earlier stages of their development -
perhaps through the 1920s? In those days one had to be something of an
automobile hobbyist (or hire a mechanic) to support a car.
>It's amazing how much time I waste trying to deal with the incompetence or
>maliciousness (e.g. virus/spam protection) of people. It's a sad state of
>affairs and I have no solution. Do you?
Not a magic bullet if that's what you mean. However, I will say that from
my perspective things have improved significantly over the last few (7?) years.
I do believe that something along the POLA line like Polaris:
http://www.hpl.hp.com/personal/Alan_Karp/polaris.pdf
Polaris: Toward Virus Safe Computing for Windows XP
Marc Stiegler, Alan H. Karp, Ka-Ping, and Mark Miller
Hewlett-Packard Laboratories
Palo Alto, California
or Plash:
http://www.cs.jhu.edu/~seaborn/plash/plash.html
Plash: the Principle of Least Authority Shell
Mark Seaborn, Johns Hopkins
is needed before there will be any sort of sane mechanism that will allow
people to use software that they pick up from relatively untrusted
sources. Just last night I had that case of the little app that I wanted
to use to check out what codecs are needed for video files. That thing
definitely (!) doesn't need access to all my files and my other rights, but
there it is as a needlessly serious Trojan horse threat.
--Jed http://www.webstart.com/jed/
More information about the cap-talk
mailing list