[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: wishes for next Lout
From: |
Ian Jackson |
Subject: |
Re: wishes for next Lout |
Date: |
Wed, 17 Jan 96 14:20 GMT |
T. Kurt Bond writes ("Re: wishes for next Lout"):
> I wish that people would pause for a bit before deciding that
> documents should *not* be able to contain arbitrary programs !
>
> Have you ever tried to keep in synch the hundreds of ``here's some
> program input, what is the program output?'' examples one might have
> in a piece of documentation, a tech report, etc.? After all, I'm
> writing the document, I know I can be trusted, so why not integrate my
> document formatter with my other tools and automatically generate
> them?
This then is not a document but a collection of test programs which
must be run and have their output collected.
Most documents do not contain collections of test programs; users
should not be led to believe that turning documents into programs is a
good idea.
It's the very idea that documents ought to be Turing-powerful that has
got us into this mess in the first place.
> Of course, other people may write documents that do injury, either
> maliciously or stupidly, but shouldn't you be more careful with other
> people's documents in the first place?
*NO*. In order to read a document properly I need to be able to
format it, and this should *not* require me to trust the originator.
> In most modern (and
> not-so-modern) operating systems you can easily isolate one program
> from all other running programs and from inappropriate areas of the
> file systems, so do that before formatting someone else's documents
> and be safe. (Sure, it helps if the language or document processor
> has features that assist in this, but it's not necessary: our other
> tools and help.)
Right, how do I do this on a multi-user Unix system of which I'm not
the sysadmin ? On a single-user DOS or Windows box ?
> Note that *anything* with active documents will have these problems,
> and I expect them to increase, but they have been around since the
> first time someone figured out that if they put the correct escape
> codes in a file they sent someone, they could cause that person's
> terminal, editor, command line, etc., to misbehave.
Only because the receiving program had a bug that made it interpret
those control codes. Noone was claiming then that it was a feature.
> As for the Word virus, Microsoft could have easily prevented that by
> having Word ask the user before executing macros in documents on
> startup, with an idot-box warning about security if they deemed
> necssary.
Even if this were true, the logical equivalent for Lout is a
command-line option to disable this kind of thing. The option should
default to off, just like the dialogue box.
Ian.