Re: Intro To Capabilities Reposted Ka-Ping Yee (ping@lfw.org)
Wed, 23 Feb 2000 02:29:11 -0800


This message is being re-sent because there have been recent problems with my outgoing mail. It seems likely that most of my outgoing mail for the past couple of weeks has been lost, so i'm trying to send it all again. I apologize sincerely if you are receiving this message for the second time, and also if this is a time-sensitive message that is arriving late. 
This message was originally sent on:                          
        Date: Thu, 17 Feb 2000 01:51:58 -0800 (PST)
        Subject: Re: Intro To Capabilities Reposted
--------------------------------------------------------------

On Wed, 16 Feb 2000, Marc Stiegler wrote:
> Among other things, new overview page describes the Godzilla-like battle,
> "Melissa versus CapZilla", in which I describe what would have happened to
> the famous Melissa virus in a capability world.

Cool.

Why do you describe the interaction of Melissa in a capability environment as one which the user will be pestered with requests for individual privileges? (Sounds a bit like the Java security manager or the POSIX privilege model.) Am i wrong in thinking that you could simply have said that the mail reading program would never have been given privileges to make arbitrary outward network connections, and that the mail reading program would never have launched the embedded application in an environment with access to the address book capability or the mail-sending capability at all?

"Computers are useless. They can only give you answers."