[cap-talk] Butler Lampson does it again

[David-Sarah Hopwood]

ihab.awad at gmail.com wrote:
> On Mon, Dec 21, 2009 at 1:29 PM, Karp, Alan H <alan.karp at hp.com> wrote:
>> The November issue of CACM has an article by Butler Lampson titled "Usable
>> Security: How to Get It" in which he concludes you can't.  As with all his recent
>> work he assumes a particular access control model which almost guarantees
>> his conclusion.
> 
> Most interesting is his remark that "... ordinary people ... take
> isolation for granted, and they don't think in terms of objects or
> resources." Where to begin?

Spot the contradiction:

# An example of a successful user model is the desktop, folders, and files
# of todays client operating systems. Although there is no formal standard
# for this model, it is clear enough that users can easily move among PC,
# Macintosh, and Unix systems.

Users "don't think in terms of objects or resources", but a successful
user model has them thinking in terms of "the desktop, folders, and files".
Hmmm...

> They take isolation for granted, so perhaps we should present them
> with a system where that assumption is justifiable? Since he seems to
> agree it's a desideratum anyway?
> 
> They don't think in terms of objects? With his "red" and "green"
> computers, he has essentially reinvented the ocap model, at the
> granularity of machines.

Actually, no, since he doesn't know how to do secure message passing
between his two objects :-)

> According to him, users can understand these "objects" -- or else his
> argument falls flat, right? So what's the problem?
> 
> This is a waste of time.

-- 
David-Sarah Hopwood  ⚥  http://davidsarah.livejournal.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 292 bytes
Desc: OpenPGP digital signature
Url : http://www.eros-os.org/pipermail/cap-talk/attachments/20091222/958bde2e/attachment.bin