[cap-talk] Plash: Empowering Security

[Toby Murray]

On Sun, 2008-04-06 at 23:37 +0000, Karp, Alan H wrote:
> Toby Murray wrote:
> >
> > Anyone interested in POLA needs to know about Plash. It's woefully
> > under-hyped and much more powerful than I believe many
> > (including those
> > in the POLA community) are aware. I've tried to write something short,
> > sharp and sweet to address this. Please read it if you're
> > interested and
> > give me feedback. 
>
> I agree about Plash, and I like your write-up.  I don't know if your description is accurate, but one thing does bother me.  I think your use of the terms "safe", "cannot harm", and "secure" are too strong.  Plash limits the damage that can be done by a malicious program, but it doesn't eliminate it.  For example, the program can do anything with the contents of the file it is editing.
> 

Thanks heaps for the feedback. I see exactly what you mean about the
choice of words. This is a tricky game. How do you accurately qualify
what you mean without the use of weasel words (i.e. sounding like you're
being purposely ambiguous) or increasing the level of detail past that
of the rest of the piece.

The following example came back to me just now when I was thinking about
this.

(from http://www.sponster.com/step2.asp)
 "Subject to the general security limitations inherent in communicating
via the Internet the OpenMX system has been built with total and
absolute privacy in mind."

Most readers (myself included) probably don't (accurately) understand
the general limitations inherent in communication via the Internet, not
least of all what these implications would be for the security and
privacy afforded by OpenMX.

(This is not to disparrage the above text or its authors. Just merely to
highlight the general limitations inherent in communicating complex
ideas to a wide audience.)
 
Any thoughts on how I could be more accurate while avoiding confusion?

Cheers again,

Toby