[rmunn]

See https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.

GP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.

[ileonichwiesz]

I don’t think the analogy was the issue. What does it mean for a system to be so transparent that it’s obvious when it’s compromised?

[joshspankit]

What I mean can be shown with an example:

Let’s say first that we know (some) users will inevitably agree to let malware compromise their system, no matter the popup or protections

A compromised system that’s transparent:

- Has only one way an executable can be started and, being designed as a “salt flat”, it’s easy to read

- Exposes all I/O and all network requests (to admins), regardless of driver abstractions

In this case, even a young enthusiast can look at a system and immediately see that it’s compromised, remove it’s ability to start or do work, and likely remove it from the system entirely.

The inspiration for this approach is a backlash against the absolute glut of places to hide in current user-focused systems. From multiple startup options, to services, to drivers, and in to the “hidden from the admin” executables that can be compromised it’s an ever-worsening problem that erodes user’s ability to keep their own system secure

[coldtea]

That what apps have permission to access/record what at what times they use it, shouldn't be hidden or scaterred across several Settings panels.

[volemo]

I can’t speak for the ancestor, but I think making every screen recording app prominently visible in the status bar would fit the bill.

[butlike]

I was thinking it would even go so far as to make the background red if it failed some heuristics.