[cap-talk] DJB on Least Privilege

Stiegler, Marc D marc.d.stiegler at hp.com
Mon Nov 5 13:45:09 EST 2007 

I remember when we were trying to explain to people why global
hyptertext systems would be valuable, in the days before the term World
Wide Web was coined. Invariably, at the end of a presentation, someone
would ask, "but who will copy all the documents into this system? It
doesn't seem useful till all the copying is done". This was the same
problem -- the assumption that the existing corpus of stuff is what will
be valuable in five years. With documents, of course, we have
demonstrated in neon lights and fireworks that this is untrue.

Having said that, how many of the top ten programs you use are less than
3 years old, and how many are antiques that just keep getting patched to
do more stuff more poorly? In my own world, the answer is pretty
depressing:

 
Firefox
Gmail
MS Word
PowerPoint
Outlook
Eclipse
Connectix
Crimson
Winzip
Acrobat Reader

Of these, the only one even faintly youngish is Gmail. New from-scratch
software seems not a part of the desktop mix. Indeed, the situation is
so woeful that I don't even look for new software any more. I am without
hope of seeing anything better.

Which means that new from-scratch software development techniques will
have little effect. 

Documents roll over much more rapidly than software. Infuriating but
true.


--marcs


 

> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org 
> [mailto:cap-talk-bounces at mail.eros-os.org] On Behalf Of Mark Miller
> Sent: Saturday, November 03, 2007 9:06 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] DJB on Least Privilege
> 
> On Nov 3, 2007 1:35 PM, Jonathan S. Shapiro <shap at eros-os.com> wrote:
> 
> 
> 	All of which reminds me of an orthogonal point: people 
> use the cost of
> 	legacy repair as an excuse to do nothing, and routinely 
> ignore the fact
> 	that new programs naturally replace old at a 
> surprisingly rapid pace.
> 	This raises the question: why are we (i.e. the field, 
> and particularly
> 	academia) not focusing much greater attention on improved
> 	software/security engineering for virgin programs?
> 
> 
> I just wanted to say that this is an excellent point that 
> should be shouted from the rooftops. 
> 
> Do any of us here, by any chance, know of any kind of 
> quantitative data regarding how rapid this pace of 
> replacement is, in any important context?
>  
> --
> Text by me above is hereby placed in the public domain 
> 
>    Cheers,
>    --MarkM
> 
>

More information about the cap-talk mailing list