Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
stonogo 2 hours ago

I will never understand why "the computer can tell what input it is receiving" has turned into an accepted threat model.

I understand that we have built a computer where our primary interface depends on running untrusted code from random remote locations, but it is absolutely incredible to me that the response to that is to fundamentally cripple basic functionality instead of fixing the actual problem.

We have chosen to live in a world where the software we run cannot be trusted to run on our computers, and we'd rather break our computers than make another choice. Absolutely baffling state of affairs.

anonymous908213 3 minutes ago | parent | next [-]

> instead of fixing the actual problem

> than make another choice

What is the choice you propose? Personally verifying every single line of the source code of every single application that runs on your computer? Get real. Real-world application usage involves using programs that have millions of lines of code (including Linux itself!). Even if you had the knowledge and experience to instantly understand every codebase the moment you read it, you would not have time to read it. Notably, the vast, vast majority of people who use computers are not even programmers, so this option is not on the table for them.

You use all kinds of hyperbolic language, proclaiming to be baffled by something that is immediately, blatantly obvious why it is the case if you live in the real world. We can operate on something as flimsy and unreliable as "trust" for every application, or we can build systems wherein we only need to trust a single source, the system itself, and let the system handle the rest.

> fundamentally cripple basic functionality

Nothing is crippled. All that changes is that users opt-in to allowing unsecure behaviour on a per-application basis when they know it needs access to that behaviour to achieve the functionality they want from it, rather than blanket allowing all applications to silently engage in that behaviour even if they have no valid reason to be doing so.

teo_zero 38 minutes ago | parent | prev [-]

I have doors between rooms in my house, despite its being inhabited by members of the same family who trust each other.

stonogo 3 minutes ago | parent [-]

And when someone violates that trust, do you then tear the house down and build one with only external doors, requiring inhabitants to circle in the yard to move between rooms? The point of the Wayland security model is that the inhabitants of the house do not trust each other, and the architecture of the house must change to accomodate that.

I'm not impressed with the analogy. I am not confused about the goals of Wayland's security model. I am dismayed at the poor judgment elsewhere in computing that has led to its necessity.