[E-Lang] what is good about E?

Jonathan S. Shapiro shap@eros-os.org
Wed, 18 Jul 2001 19:04:40 -0400

> There are three types of people...

Lately, I've been encountering a fourth type, partly through becoming a
(mildly) known person in the security field and partly through the Hopkins
Information Security Institute:

People who can no longer ignore the fact that their sites are getting probed
2 or 3 times a day and that script kiddies have more real power over their
machines than they do.

The ubiquity of the internet, and the resulting business imperative for
connectivity, is creating an environment in which even the "slow" executives
now understand that they cannot ignore the issue. Regrettably, too few of
these newly-aware people have staff who are competent to differentiate good
solutions from bad solutions.

Richard, however, raises a good point. There is a kernel of validity in what
he says, and I'ld like to respond to it.

I do not believe that either MarkM, MarcS, Norm, or I are really interested
in security in the traditional sense. Certainly none of us are obsessed with
keeping secrets nor are we particularly paranoid people. Rather, I think
that all of us recognize that as the general population has connected, the
internetworked world has ceased to be the friendly environment that we grew
up in. Also, I think we all have come to believe that the real-world risk of
connectivity increases when electronic financial transactions (whether
credit cards or micropayments) get into play.

I think that in the larger scheme, all of us are first and foremost
interested at some level in restoring a sense of "control" to the user. To
some users, of course, "control" means the ability to express their
paranoia. This is not always a bad thing. To most users, it may mean
something as simple as freedom from trespass.

Ultimately, I'm not interested in telling people why the world should be a
secret place. I'm interested in creating an electronic world where there is
an appropriate balance of control between users, vendors, and hackers. These
days, given the american legal environment, I'm almost as worried (maybe
more worried) about control of vendors as I am about control of hackers.

In this context, please note that "appropriate" definitely involves a value
judgement, and that my judgement may be off. This is why the open process
that E and EROS pursue is so important.

Just my two cents, and sorry for the off-topic post.