| ▲ | otabdeveloper4 4 hours ago | |
"Default deny" is the Windows model of clicking "yes" for the incessant permissions dialog box. Or the Linux model of prefixing every command with a "sudo". It doesn't work. | ||
| ▲ | killerstorm 6 minutes ago | parent [-] | |
Well that happens when it's bolted onto something not designed for fine-grained access. It's much different when UX is built around it. E.g. for a web browser _has_ to treat web pages as untrusted. So instead of giving web page access to file system (that would be equivalent of `sudo`) you selected individual files/directories using a trust browser UI, and they are made available through particular APIs which are basically equivalent to ocaps. So if don't need to support POSIX APIs ("I WANT TO JUST fopen!!!") it's much easier. | ||