diff --git a/access-control.md b/access-control.md
index 48e9c82..6b355f1 100644
--- a/access-control.md
+++ b/access-control.md
@@ -50,24 +50,15 @@ If there's anything on the list which isn't a name it's ignored. Any value of th
 
 My idea of this is that there will be a priviliged name which is bound in the environment of each user; each user will have their own binding for this name, and, furthermore, they can change the binding of the name in their environment. For now I propose that this name shall be **friends**. The value of **friends** should be an access list as defined above. The access control list of any cell is the value that **friends** had in the environment in the environment in which it was created, at the time it was created.
 
-## Functions for managing access control
+## Managing access control
 
-I propose a number of functions to make this easier. They are, respectively:
+The `with` function can be used to make this easier:
 
-### (with-access-control list-or-t-or-executable s-expr)
+```
+(with ((*friends* . list-or-t-or-executable)) s-exprs...)
+```
 
-Creates a new environment in which **friends** is bound to the value of **list-or-t-or-executable**, and within that environment evaluates the specified **s-expr**. Any cells created during that evaluation will obviously have **list-or-t-or-executable** as their access control. Returns the value of executing **s-expr**.
-
-### (with-open-access-control list-or-t-or-executable s-expr)
-
-As above, but
-1. Creates an enviroment in which **friends** is bound to **T**;
-2. In that environment, makes a copy of **list-or-t-or-executable**;
-3. Creates a further environment in which **friends** is bound to the copy;
-4. Evaluates **s-expr** in that new environment;
-5. Returns the value of executing **s-expr**.
-
-This ensures that, whatever the readability of the cells created, their access control lists will be readable by everyone.
+Creates a new environment in which **friends** is bound to the value of **list-or-t-or-executable**, and within that environment evaluates the specified **s-exprs**. Any cells created during that evaluation will obviously have **list-or-t-or-executable** as their access control. Returns the value of executing the last **s-expr**.
 
 ### (get-access-control s-expr)
 
@@ -77,11 +68,13 @@ Returns the access control list of the object which is the value of the **s-expr
 
 Suppose I want to compile a function **foo** which will be executable by all my current friends and additionally the group **foo-users**:
 
+```
     (with-open-access-control
-      (cons 'system.groups.foo-users friends)
-      (rebind! 'system.users.simon.exec.foo (compile foo))
+      (cons ::system:groups:foo-users *friends*)
+      (rebind! ::system:users:simon:functions:foo (compile foo))
+```
 
-_Here **rebind!** creates a new binding for the name **foo** in the namespace **system.users.simon.exec**, whether or not that name was previously bound there. Analogous to the Clojure function **swap!**_
+_Here **rebind!** creates a new binding for the name **foo** in the namespace **::system:users:simon:functions**, whether or not that name was previously bound there. Analogous to the Clojure function **swap!**_
 
 Suppose I want to compile a function **bar** which will be executable by exactly the same people as **foo**:
 
@@ -91,30 +84,42 @@ Suppose I want to compile a function **bar** which will be executable by exactly
 
 Suppose I want to do some work which is secret, visible only to me and not to my normal friends:
 
-    (with-access-control
-      (list current-user)
+```
+    (with ((*friends* . (list current-user)))
       (repl))
+```
+
+(or, obviously, 
+```
+    (with ((*friends* current-user))
+      (repl))
+```
+which is in practice exactly the same)
 
 _Here **repl** starts a new read-eval-print loop in the modified environment - I suspect this is a common use case._
 
 Suppose I want to permanently add Anne and Bill to my normal friends:
 
-    (rebind! environment.friends (cons 'system.users.anne (cons 'system.users.bill friends)))
+```
+    (rebind! *environment*:*friends* (cons ::system:users:anne (cons ::system:users:bill *friends*)))
+```
 
-_Here I'm presuming that **environment** is bound to the value of **system.users.simon.environment**, and that unqualified names are searched for first in my own environment._
+_Here I'm presuming that `*environment*` is bound to the value of `::system:users:simon:environment`, and that unqualified names are searched for first in my own environment._
 
 Suppose I want everyone to be able to play a game, but only outside working hours; and for my friends to be able to play it additionally at lunchtime:
 
-    (with-open-access-control
+```
+    (with ((*friends* 
       (compile
         (lambda (user cell)
-          (let ((time (get-current-time)))
+          (let ((time . (now)))
             (cond 
               ((< time 09:00) T)
               ((> time 17:00) T)
-              ((and (> time 12:30)(< time 13:30)) friends)
-              (T NIL)))))
-      (rebind! 'system.users.simon.exec.excellent-game (compile excellent-game)))
+              ((and (> time 12:30)(< time 13:30)) *friends*)
+              (T NIL)))))))
+      (rebind! ::system:users:simon:functions:excellent-game (compile excellent-game)))
+```
 
 ## Summary