| ▲ | josephg 3 hours ago |
| I've been arguing for this for years. There's no reason every random binary should have unfettered, invisible access to everything on my computer as if it were me. iOS and Android both implement these security policies correctly. Why can't desktop operating systems? |
|
| ▲ | giobox 2 hours ago | parent | next [-] |
| The short answer is tech debt. The major mobile OSes got to build a new third party software platform from day 0 in the late 2000s, one which focused on and enforced priorities around power consumption and application sandboxing from the getgo etc. The most popular desktop OSes have decades of pre-existing software and APIs to support and, like a lot of old software, the debt of choices made a long time ago that are now hard/expensive to put right. The major desktop OSes are to some degree moving in this direction now (note the ever increasing presence of security prompts when opening "things" on macOS etc etc), but absent a clean sheet approach abandoning all previous third party software like the mobile OSes got, this arguably can't happen easily over night. |
|
| ▲ | marky1991 3 hours ago | parent | prev | next [-] |
| Mobile platforms are entirely useless to me for exactly this reason, individual islands that don't interact to make anything more generally useful. I would never use any os that worked like that, it's for toys and disposable software only imo. |
| |
| ▲ | josephg 2 hours ago | parent | next [-] | | Mobile platforms are far more secure than desktop computing software. I'd rather do internet banking on my phone than on my computer. You should too. We can make operating systems where the islands can interact. Its just needs to be opt in instead of opt out. A bad Notepad++ update shouldn't be able to invisibly read all of thunderbird's stored emails, or add backdoors to projects I'm working on or cryptolocker my documents. At least not without my say so. I get that permission prompts are annoying. There are some ways to do the UI aspect in a better way - like have the open file dialogue box automatically pass along permissions to the opened file. But these are the minority of cases. Most programs only need to access to their own stuff. Having an OS confirmation for the few applications that need to escape their island would be a much better default. Still allow all the software we use today, but block a great many of these attacks. | | |
| ▲ | jofla_net an hour ago | parent [-] | | Both are true, and both should be allowed to exist as they serve different purposes. Sound engineers don't use lossy formats such as MP3 when making edits in preproduction work, as its intended for end users and would degrade quality cumulatively. In the same way someone working on software shouldn't be required to use an end-user consumption system when they are at work. It would be unfortunate to see the nuance missed just because a system isn't 'new', it doesn't mean the system needs to be scrapped. |
| |
| ▲ | okanat an hour ago | parent | prev [-] | | There is a middle ground (maybe even closer to more limited OS design principles) exist. It is not just toys. Otherwise neither UWP on Windows nor Flatpaks or Firejail would exist nor systemd would implement containerization features. In such a scenario, you can launch your IDE from your application manager and then only give write access to specific folders for a project. The IDE's configuration files can also be stored in isolated directories. You can still access them with your file manager software or your terminal app which are "special" and need to be approved by you once (or for each update) as special. You may think "How do I even share my secrets like Git SSH keys?". Well that's why we need services like the SSH Agent or Freedesktop secret-storage-spec. Windows already has this btw as the secret vaults. They are there since at least Windows 7 maybe even Vista. |
|
|
| ▲ | IcyWindows 2 hours ago | parent | prev [-] |
| Windows has had this for over a decade, but no one wants to put their application in a sandbox. |
| |
| ▲ | akdev1l 2 hours ago | parent [-] | | If a sandbox is optional then it is not really a good sandbox naturally even flatpak on Linux suffers from this as legacy software simply doesn’t have a concept of permission models and this cannot be bolted on after the fact | | |
| ▲ | okanat an hour ago | parent [-] | | The containers are literally the "bolting on". You need to give the illusion of the software is running under a full OS but you can actually mount the system directories as read-only. |
|
|
