Login

Redecentralize

We’ve had enough of digital monopolies and surveillance capitalism. We want an alternative world that works for everyone, just like the original intention of the web and net.

We seek a world of open platforms and protocols with real choices of applications and services for people. We care about privacy, transparency and autonomy. Our tools and organisations should fundamentally be accountable and resilient.

Home

Parent
Paul Frazee [LibreList] Re: [redecentralize] Spring of User Experience 2014-02-28 16:03:03 (6 years 5 mons 7 days 22:09:00 ago)
Plan9's papers include an overview of its security arch that's worth a read. One of their core views is that UX is a security decision, which is in keeping with a lot of what's been said in this thread.

http://plan9.bell-labs.com/sys/doc/auth.html

On Feb 28, 2014, at 1:02 PM, Adam Ierymenko <adam.ierymenko@zerotier.com> wrote:


On Feb 28, 2014, at 10:21 AM, Eric Mill <eric@konklone.com> wrote:

Also, I just found this much more detailed demonstration of how Telegram's philosophy led it to make wildly insecure architectural decisions:

"and they take the most complicated route for everything."

That's often a pitfall of Ph.Ds. Complexity is usually bad for security. I'll give you a recent example I tangled with: Microsoft's filesystem ACL model. It takes a *page* of C++ code to lock down permissions on a file. On *nix I can do this with "chmod(file,0600);". I ended up doing it by invoking the "cacls.exe" external utility, since I just couldn't overcome my disgust at having to spend a day learning some incredibly complex APIs just to do something incredibly elementary.

I'm sure most developers don't even go that far. They just pay absolutely no attention to file permissions on Windows.

: