Remix.run Logo
poisonborz a day ago

Why? What is the reason root would be dangerous, if it's not the default? People can be scammed to activate it, but those same people can be scammed to click links and give passwords and personal data. Any action requiring root would need a warning and raise suspicion, or put behind an activation mechanism that's complex enough.

Anything else and you lose freedom, and the whole ethos that enabled the advanced IT landscape of today.

smokel a day ago | parent [-]

Having root access implies that you can do all sorts of things: change files, install new software, new kernel modules, etc. Locking this down makes the attack surface for malicious parties much smaller. Many exploits start in user-space and then obtain root access to install rootkits.

Of course you lose freedom, but that is exactly what is needed, because some people just cannot help themselves from exploiting that freedom.

Unless someone figures out a way where we can safely share computing power and connections to real-life services (e.g. banking, having an identity, communication in general), I think there is no real alternative.

Perhaps having separate internets for various purposes would be an option. Ond where we can socialize anonymously, but not trust each other, and one where it's pretty boring, but where you can safely buy goods using your paycheck.

beeflet a day ago | parent [-]

https://imgs.xkcd.com/comics/authorization.png

>Unless someone figures out a way where we can safely share computing power and connections to real-life services (e.g. banking, having an identity, communication in general), I think there is no real alternative.

I think the opposite is true. We don't have adequate sandboxing of userspace on most desktop OSes. If your malware has access to the victim's home directory and can phone home, they've been pwned for all intents and purposes. Root access would matter if userspace programs were well sandboxed.

On OSes where this is true like android, you have terrible interoperability of userspace programs and it's impossible to get "real work" done. Not to mention that without root access, you are just relying on the corporation to manage your system for you, which isn't tenable for a democracy.

You don't need all of this trusted computing stuff to have secure, private payments. Chaumian ecash and cryptocurrencies have known this for a while. Just use a digital signature scheme instead of relying on open-source information.

smokel 19 hours ago | parent [-]

I don't think these problems are opposing; both are real.

I totally agree that user space is not as much of a useful concept on a single-user device. Originally, it helped to shield users of the same system from each other. Most of this was based on file system authorization. This hasn't been extended to internet access in a very useful way.

However, even on single-user devices, having root access makes it easier to hide malicious processes. Granted that in modern operating systems it is already totally unclear what most processes are doing, so one can simply hide in plain sight.

I'm still not convinced we can get by without a lot of trusted computing stuff to have secure payments.