See https://en.wikipedia.org/wiki/Bonneville_Salt_Flats — the salt flats are extremely flat (as the name implies), and because of all the salt, no vegetation can survive. Look at the pictures: there are no trees, no grass, no hiding places at all. Anyone standing (or even lying prone) on the salt flats is visible to anyone else for miles around.
GP was saying that systems should be "transparent enough that a compromised system is obvious". I'm not entirely convinced that that's possible (On Trusting Trust should have taught us that compromised systems can create places for the compromise to hide), which means that the salt flats analogy is not a great analogy, IMHO. But at least now you understand the analogy.
Let’s say first that we know (some) users will inevitably agree to let malware compromise their system, no matter the popup or protections
A compromised system that’s transparent:
- Has only one way an executable can be started and, being designed as a “salt flat”, it’s easy to read
- Exposes all I/O and all network requests (to admins), regardless of driver abstractions
In this case, even a young enthusiast can look at a system and immediately see that it’s compromised, remove it’s ability to start or do work, and likely remove it from the system entirely.
The inspiration for this approach is a backlash against the absolute glut of places to hide in current user-focused systems. From multiple startup options, to services, to drivers, and in to the “hidden from the admin” executables that can be compromised it’s an ever-worsening problem that erodes user’s ability to keep their own system secure
