Re: wishes for next Lout

[T. Kurt Bond]

>Date: Tue, 16 Jan 1996 16:36:07 -0500 (EST)
>From: <address@hidden>
>
>basile starynkevitch writes ("Re: wishes for next Lout"):
>> In my opinion, the problem already exists with the existing @Filter
>> capability. After all, I could have a @Filter invoking a shell, and
>> this is nearly the same as a @Pinclude primitive.
>
>I've just looked up the @Filter feature, and you're right.
>
>This is a Bad Thing.  This feature should only be available if you
>invoke Lout in an `unsafe' mode, and the default should be to invoke
>it in a safe mode.
>
>Otherwise there is no safe way to format documents supplied by other
>people.
>
>...
>> I believe that Lout could be viewed as document format.  [...]
>> I would prefer to write in my document
>> 
>> @LispEval{ (car '(a b)) }
>...
>> Lisp example:  (car '(a b))   -> a
>> 
>> (with fancy fonts, etc...). Behind the scenes, the (car '(a b)) is
>> passed to a Lisp interpreter, and (at document formatting time) it
>> returns a. Both the expression and its result are suitable transformed
>> into Lout.
>
>This is NOT what a document format should be.
>
>I wish people would pause for a bit before deciding how neat it would
>be for documents to be able to contain arbitrary programs !
>
>Remember the Word virus, folks ?
>
>Ian.

I wish that people would pause for a bit before deciding that
documents should *not* be able to contain arbitrary programs !

Have you ever tried to keep in synch the hundreds of ``here's some
program input, what is the program output?'' examples one might have
in a piece of documentation, a tech report, etc.?  After all, I'm
writing the document, I know I can be trusted, so why not integrate my
document formatter with my other tools and automatically generate
them?

Of course, other people may write documents that do injury, either
maliciously or stupidly, but shouldn't you be more careful with other
people's documents in the first place?  In most modern (and
not-so-modern) operating systems you can easily isolate one program
from all other running programs and from inappropriate areas of the
file systems, so do that before formatting someone else's documents
and be safe.  (Sure, it helps if the language or document processor
has features that assist in this, but it's not necessary: our other
tools and help.)

Note that *anything* with active documents will have these problems,
and I expect them to increase, but they have been around since the
first time someone figured out that if they put the correct escape
codes in a file they sent someone, they could cause that person's
terminal, editor, command line, etc., to misbehave.

The solution isn't to eliminate such functionality from our tools, but
to present it in safe ways.  After all, the computer is here to take
as much of the tedious make-work away from me as possible, so I can
get my job done better; artificially limiting the tools available to
me, and their adaptability to me, just makes my job harder.

As for the Word virus, Microsoft could have easily prevented that by
having Word ask the user before executing macros in documents on
startup, with an idot-box warning about security if they deemed
necssary.
-- 
T. Kurt Bond, address@hidden