#1 problem is the IT mindsets' unwillingness to adopt a default-deny philosophy.

Default-Accept philosophy make it easier for millions of holes to open up ag first and you spend entire IT budget locking down things you don't need but not the ones you don't see that needs closing.

Default-deny is one time IT expenditure. And you start poking holes to let things thru. If that hole is dirty, you plainly see that dirty hole and plug it.

All that also equally applies to CPU designers.

▲

otabdeveloper4 4 hours ago | parent [-]

"Default deny" is the Windows model of clicking "yes" for the incessant permissions dialog box.

Or the Linux model of prefixing every command with a "sudo".

It doesn't work.

	▲	killerstorm 5 minutes ago \| parent [-]
		Well that happens when it's bolted onto something not designed for fine-grained access. It's much different when UX is built around it. E.g. for a web browser _has_ to treat web pages as untrusted. So instead of giving web page access to file system (that would be equivalent of `sudo`) you selected individual files/directories using a trust browser UI, and they are made available through particular APIs which are basically equivalent to ocaps. So if don't need to support POSIX APIs ("I WANT TO JUST fopen!!!") it's much easier.