[Cryptography] defaults, black boxes, APIs, and other engineering thoughts
Phillip Hallam-Baker
hallam at gmail.com
Sun Jan 5 16:47:37 EST 2014
On Sun, Jan 5, 2014 at 3:25 PM, Jonathan Thornburg <jthorn at astro.indiana.edu
> wrote:
>
> > the thirty packages that are written
> > by the usual C-crew
>
> Only 30? :)
>
> But this raises some genuine questions:
> * Is there a secure web browser? My trust level in any of the biggies
> (Microsoft, Apple, Google, Mozilla) is low...
> * I've just booked a hotel room in <distant city>; the hotel sent me a
> .docx file which claims to be a confirmation. Is there an "office suite"
> in which it's safe for me to look at that .docx file?
> * Same question, but for pdf files?
> * For bonus points, can that pdf-viewer edit fillable pdf forms? I have
> seen claims that evince or mupdf can do this... but neither seems to
> handle either US or Canadian tax forms. :(
Well as Jerry quoted my old college tutor earlier in this thread, you can
either make something so simple it is obviously correct or so complex that
there aren't any obvious errors.
Every O/S has a broken privilege system in my view. Instead of system
privileges being monolithic as they have become defacto in every O/S, they
should be mutually exclusive.
A user can have multiple privs but a particular application should not be
able to claim 'modify executable code on disk' and 'modify application
code'.
Only Microsoft should be able to patch my copy of Microsoft Office without
some very explicit overrides on my part. Same for Adobe.
When a program is installed, the installer should only see the default O/S
environment. It should not be able to modify any part of the O/S or install
any dll or .so that any other package can see the change.
We need to get back to the idea of least privilege but apply it to
applications and daemons rather than users.
--
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140105/a019b02d/attachment.html>
More information about the cryptography
mailing list