Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
nkrisc 3 days ago

I own the computer. The least privilege I have encompasses every privilege.

charcircuit 3 days ago | parent | next [-]

You could own a microwave, but there doesn't have to be a button that makes it run with the door open. The UI of devices doesn't let just anything happen. Similarly an operating system doesn't need to make accessible a way to do everything to the user.

inkyoto 3 days ago | parent | next [-]

> You could own a microwave, but there doesn't have to be a button that makes it run with the door open. The UI of devices doesn't let just anything happen.

And where is the UI capability that prevents microwave users from putting liquids (e.g. grape juice) that generate plasma storms inside the microwave and often result in fires? Or, as a bonus, crinkled foil.

To state the matter bluntly – the entire diatribe concerning the system’s role in defining capabilities is as constructive as insisting that every computing device and appliance on the planet must implement B2-level RBAC and capability-based controls – an argument so unmoored from practical reality that one wonders whether its proponent has ever been burdened by implementation.

charcircuit 3 days ago | parent [-]

The UI is missing because the law doesn't require it. That's why it's possible to by tablesaws without a SawStop like safety mechanism despite it being superior to have (ignoring price). Some people will choose the cheaper and less safe option because they don't value safety as much.

nkrisc 3 days ago | parent | prev | next [-]

> Similarly an operating system doesn't need to make accessible a way to do everything to the user.

Then who is it available to, if not me, the owner of the computer? What if the operating system isn't doing the things it should that I don't have access to? Do I have to bring it to someone and beg them to fix the computer for me?

esseph 3 days ago | parent | prev | next [-]

"an operating system doesn't need to make accessible a way to do everything to the user"

Microsoft and Apple both seem to think this way. Questionable results.

crabmusket 3 days ago | parent | prev [-]

I instinctually agree with nkrisc, but this is an interesting line of thought.

What's an example of something that nobody should be allowed to do e.g. on a laptop? If I buy a system with OS stuff set up from the get-go. What abilities do you withdraw from the user?

charcircuit 3 days ago | parent [-]

>What's an example of something that nobody should be allowed to do e.g. on a laptop?

Clearing required efi variables, bricking the motherboard.

https://www.phoronix.com/news/UEFI-rm-root-directory

davexunit 3 days ago | parent | prev [-]

But do you want your web browser to have the privilege to read your SSH private key? That's the risk of running programs "as you".