"Christopher C. Stacy" wrote:
> You are the one who began the conversation with the phrase
> "malicous user", so naturally I addressed your specific concern.
> Now you're saying that the problem is not "users" at all.
> Can you please give a specific example of what you're afraid of?
> The Lisp Machine, rather surprisingly to people who are unfamiliar
> with it, did not in reality experience the kinds of problems that
> I think you are worrying about. My personal experience with the
> design of secure computing systems goes back 24 years, but I would
> like you to elaborate, since you are so insistent that there must
> be a terrible problem here. Perhaps we can walk through some examples
> to show why the this was, in practice, not a problem on the LispM.
Bear in mind that during the period under discussion, there was also
no problem with SMTP and no problem with FTP. The users of these
machines were largely either professionals, academics, or military.
Access to them was expensive and monitored carefully, so they
largely didn't have to deal with malicious users. These people
were not regarded as a general market segment yet, so there was
no spam and no financial motive to subvert remote machines for
purposes of sending spam. No secondary market for personal information
to use in targeted advertising had yet emerged, so there was no
financial motive for software developers to embed spyware or other
malicious code in the programs. And "script kiddies" had not yet
emerged either, nor had industry associations with herds of lawyers
available yet employed darkside hackers to start trying to take
down machines and network segments whose network traffic they
A modern LispM would face a very different environment in terms of
what type of users it was available to. Given the new motivations
of users and developers, and would need much different defenses
against malicious users and malicious code. I think the separate
memory spaces and permission controls of a UNIX type system are an
absolute minimum for anything that's going to be connected to the
net these days. Buffer overruns and stack screws can't happen in
LISP, but if you put something on the net, it will have to deal
with all the hostility that anyone can throw at it.