Subject: Re: A few thoughts. (fwd)
From: kragen@pobox.com (Kragen)
Date: Wed, 19 Aug 1998 17:55:20 -0400 (EDT)

Forwarded by shap's request.

---------- Forwarded message ----------
Date: Fri, 14 Aug 1998 15:03:05 -0300
From: shap@eros.cis.upenn.edu
To: Kragen <kragen@pobox.com>
Subject: Re: A few thoughts. 

> I think you stand to benefit, also, if Linux wins, simply because
> supporting Linux applications on EROS will be perhaps one and a half
> orders of magnitude easier than supporting Win32 applications on EROS.

Definitely.

> You know, I think it would be really wonderful if you did Mozillify
> EROS.  "Security" would no longer mean "only two bugs behind the
> crackers" -- it would mean "it's not possible to break in".  IMHO, that
> would be a good thing.

I think that would be a good thing, but I don't think we can provide
that with EROS.  As long as machines are hooked to a network and using
password schemes in the present style, and as long as real human
beings maintain and occasionally break sensitive programs, machines
are going to get compromised.

On the other hand, there is a question of degree.  If the mail
transport gets hacked that doesn't mean the hacker should be able to
read you password file and apply offline password attacks.  That *can*
be done with EROS.

Sorry to pick nits, but security is one of those areas where one
doesn't want to have false expectations running around loose. :-)


shap