in some cases, plan 9's coincidental inability to run modern programs that do unpredictable and undesirable things is a useful feature. mothra, for example, doesn't even handle many html tags, but it also doesn't execute unknown server-supplied code on my terminal. how can i be sure? because the program is small enough to read and understand, and, having done so, i can be reasonably certain that it contains no code to do so. quite aside from having the functions accidentally or surreptitiously enabled, the functions simply don't exist. with most modern "useful" programs (and their dependencies), understanding the code isn't a valid approach to security, because your lifetime is too short a span to read -- much less comprehend -- the contents of the source directory. this is compounded by numerous and constant revisions to already unreadably massive piles of code.

what does a given useful program do? who can really say?

harvey seems interesting, but its main objective seems inextricably tied to throwing the strength of plan 9's simplicity and relative isolation out the window.

sl