Remix.run Logo
smokel a day ago

Even though you seem to have a lot of support on Hacker News, I don't think making root access a fundamental right is preferable.

Historically, computers have not granted you access to everything. Most home computers used to have ROM cartridges, which could not be modified, at least not by an average user. Also, when using unrestricted operating systems, such as as MS-DOS, a simple virus could wipe all your hard work.

In our current time, devices are connected to other machines, and the problem of security and privacy has increased dramatically. Unfortunately, we still don't have operating systems that are secure enough to be used by untrained persons. It makes perfect sense to lock down these devices.

I basically see only two ways out:

1. Allow developers exclusive access to development systems, similar to how console development works.

2. Implement a secure operating system.

It will take an extreme amount of effort to do the latter, and it might even be impossible to gradually absorb the mess of interfaces that people and companies expect to work.

So that probably leaves us with the first option. Personally, I would love devices to be locked down more, so that the crazy threats from hackers will be less severe. But I would also love to keep developing software. Having to jump through some hoops is probably unavoidable. The situation could be compared to requiring a driver's license in order to safely drive on the shared infrastructure.

As much as I agree with your sentiment to have freedom, it still seems somewhat overly optimistic to expect this to work in our complex society.

poisonborz a day ago | parent [-]

Why? What is the reason root would be dangerous, if it's not the default? People can be scammed to activate it, but those same people can be scammed to click links and give passwords and personal data. Any action requiring root would need a warning and raise suspicion, or put behind an activation mechanism that's complex enough.

Anything else and you lose freedom, and the whole ethos that enabled the advanced IT landscape of today.

smokel a day ago | parent [-]

Having root access implies that you can do all sorts of things: change files, install new software, new kernel modules, etc. Locking this down makes the attack surface for malicious parties much smaller. Many exploits start in user-space and then obtain root access to install rootkits.

Of course you lose freedom, but that is exactly what is needed, because some people just cannot help themselves from exploiting that freedom.

Unless someone figures out a way where we can safely share computing power and connections to real-life services (e.g. banking, having an identity, communication in general), I think there is no real alternative.

Perhaps having separate internets for various purposes would be an option. Ond where we can socialize anonymously, but not trust each other, and one where it's pretty boring, but where you can safely buy goods using your paycheck.

beeflet a day ago | parent [-]

https://imgs.xkcd.com/comics/authorization.png

>Unless someone figures out a way where we can safely share computing power and connections to real-life services (e.g. banking, having an identity, communication in general), I think there is no real alternative.

I think the opposite is true. We don't have adequate sandboxing of userspace on most desktop OSes. If your malware has access to the victim's home directory and can phone home, they've been pwned for all intents and purposes. Root access would matter if userspace programs were well sandboxed.

On OSes where this is true like android, you have terrible interoperability of userspace programs and it's impossible to get "real work" done. Not to mention that without root access, you are just relying on the corporation to manage your system for you, which isn't tenable for a democracy.

You don't need all of this trusted computing stuff to have secure, private payments. Chaumian ecash and cryptocurrencies have known this for a while. Just use a digital signature scheme instead of relying on open-source information.

smokel 20 hours ago | parent [-]

I don't think these problems are opposing; both are real.

I totally agree that user space is not as much of a useful concept on a single-user device. Originally, it helped to shield users of the same system from each other. Most of this was based on file system authorization. This hasn't been extended to internet access in a very useful way.

However, even on single-user devices, having root access makes it easier to hide malicious processes. Granted that in modern operating systems it is already totally unclear what most processes are doing, so one can simply hide in plain sight.

I'm still not convinced we can get by without a lot of trusted computing stuff to have secure payments.