[cap-talk] Horton at HotSec '07: How broadly object/capability?
Jonathan S. Shapiro
shap at eros-os.com
Wed Jul 11 11:08:08 EDT 2007
On Tue, 2007-07-10 at 18:11 -0700, Jed Donnelley wrote:
> I believe it's appropriate to start very briefly at the highest
> possible level:
> Computers are a wonderful invention. They are very inexpensive little
> slaves (with none of the ethical issues normally associated with
> slaves -
> at least yet) that can do our bidding. To do so they must run
> that people write. We now have this wonderful collection of people
> who are writing all sorts of useful programs.
> However, the computer user community and market is currently
> consumed by FEAR and LOATHING:
This is an appropriate introduction for an inspirational sermon. You
*can* get away with this style of talk at HotSec, but it better be
viewed in hindsight as the best *technical* talk at the workshop if you
ever want to be taken seriously again.
The one certain way to permanently burn yourself with this audience is
to frame an argument on polemics rather than facts.
I think your comment
> Public enemy #1 in this situation amounts
> to Microsoft's (bogus) first 'immutable' law of computer security:
> Law #1: If a bad guy can persuade you to run his program on your
> computer, it's not your computer anymore.
is a good and useful point to make, because the rule is obviously wrong.
But you better not call it "public enemy #1" unless you can point to a
source for that statement. That's polemics, and this community HATES
that sort of bullshit with a burning passion.
Jed: if you proposed such a talk with me as a co-author, I would
seriously review the talk because it very well might fall under the
"best technical talk" category. If it did not, I would probably insist
that my name be removed from the work.
It is very important to me that MarkM be perceived with credibility in
this community. Please work to support his long term success. Please do
not damage that potential by alienating his colleagues.
Jonathan S. Shapiro, Ph.D.
The EROS Group, LLC
More information about the cap-talk