dragonhawk at gmail.com
Tue Jul 3 16:45:24 EDT 2007
On 7/3/07, Bill Sconce <sconce at in-spec-inc.com> wrote:
> And from that standpoint there can be no other answer than
"There is no such thing as security. Only risk management."
It can be argued (quite correctly, I think) that allowing arbitrary
systems out in the world to send stuff for your computer to be
interpreted in complex ways is always a very risky proposition. And
are damn complex on their own. Even without implementation bugs (of
which there are an apparently endless supply), there is ample
intrinsically more evil than interpreting HTML? And you put email
into the picture, and geez...
This isn't just idle speculation. There's good reason we don't
permit computers with classified information on them be connected to
At the same time, there are some very real benefits to networked
participation. If there weren't, this Internet fad would have died
out after the first few worms. Cutting oneself off in the name of
security isn't a very good solution for most.
or something else entirely (maybe sandboxed Python -- ha! on-topic!),
I think this kind of thing is inevitable.
More information about the Python-talk