From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: David Kastrup Newsgroups: gmane.emacs.devel Subject: Re: Emacs Lisp's future Date: Thu, 09 Oct 2014 10:05:55 +0200 Message-ID: <87y4sp6524.fsf@fencepost.gnu.org> References: <54193A70.9020901@member.fsf.org> <87d2a54t1m.fsf@yeeloong.lan> <83lhotme1e.fsf@gnu.org> <871tql17uw.fsf@yeeloong.lan> <838uktm9gw.fsf@gnu.org> <87h9zgarvp.fsf@fencepost.gnu.org> <87mw97rjwm.fsf@yeeloong.lan> <8761fvn8io.fsf@yeeloong.lan> <87egujahw6.fsf@fencepost.gnu.org> <87wq8bd8w2.fsf@netris.org> <87y4sr909s.fsf@fencepost.gnu.org> <87ppe3lbkr.fsf@yeeloong.lan> <87oatn8dqz.fsf@fencepost.gnu.org> <87eguili20.fsf@yeeloong.lan> <87siiy7e0p.fsf@fencepost.gnu.org> <8761ftrki2.fsf@uwakimon.sk.tsukuba.ac.jp> <87bnpl7ubo.fsf@fencepost.gnu.org> <87tx3dpul5.fsf@uwakimon.sk.tsukuba.ac.jp> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1412841976 5549 80.91.229.3 (9 Oct 2014 08:06:16 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 9 Oct 2014 08:06:16 +0000 (UTC) Cc: Richard Stallman , Mark H Weaver , dmantipov@yandex.ru, emacs-devel@gnu.org, handa@gnu.org, monnier@iro.umontreal.ca, Andreas Schwab , Eli Zaretskii To: "Stephen J. Turnbull" Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Thu Oct 09 10:06:08 2014 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Xc8jg-0007Tt-AE for ged-emacs-devel@m.gmane.org; Thu, 09 Oct 2014 10:06:08 +0200 Original-Received: from localhost ([::1]:40944 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc8jf-0007yC-R9 for ged-emacs-devel@m.gmane.org; Thu, 09 Oct 2014 04:06:07 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:33367) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc8jc-0007w8-95 for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:05 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Xc8jb-0004M0-BT for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:04 -0400 Original-Received: from fencepost.gnu.org ([2001:4830:134:3::e]:33610) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc8jb-0004Lu-96 for emacs-devel@gnu.org; Thu, 09 Oct 2014 04:06:03 -0400 Original-Received: from localhost ([127.0.0.1]:40784 helo=lola) by fencepost.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Xc8jU-0004JZ-3q; Thu, 09 Oct 2014 04:05:56 -0400 Original-Received: by lola (Postfix, from userid 1000) id AF804E0500; Thu, 9 Oct 2014 10:05:55 +0200 (CEST) In-Reply-To: <87tx3dpul5.fsf@uwakimon.sk.tsukuba.ac.jp> (Stephen J. Turnbull's message of "Thu, 09 Oct 2014 16:31:50 +0900") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.4.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::e X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.devel:175175 Archived-At: "Stephen J. Turnbull" writes: > David Kastrup writes: > > > > who may lose their life savings if a filter for 419 phish fails > > > > Can we have terrorism with that scaremongering? > > Are you really unaware that such exploits happen every day? So does terrorism. But the existence of threats is no excuse for handwaving justifications of measures that do nothing to address the threats. > You're not the only programmer who deprecates security because *your* > applications are "secure enough" and it "can't" happen to you, you > know. At the current point of time, we are more talking about deprecating security theatre rather than security. Primitive operations that fail rather than process and pass on information are attack vectors for denial-of-service attacks. > Unfortunately, I'm not the one who lacks understanding. I'm well > aware that security is costly in convenience and functionality. How about you explain in what respect XEmacs' non-round-trippability of utf-8 encoding helps with the security of running AUCTeX? How about explaining in what respect it helps with security in _any_ regard that XEmacs is not able to faithfully reproduce its input? How are you even supposed to _scan_ for malicious input if you refuse to decode it in recognizable manner? Again: the responsibilities of an engine and of an application are different. And not understanding that and thinking that the former can somehow absolve the latter from doing its job if it is annoying enough... Security theatre. -- David Kastrup