top | item 46901101

(no title)

naikrovek | 24 days ago

Are you suggesting that it's impossible to have a system that is secure by default and be usable by normal people? Because I'm saying that's very possible and I'm starting to get angry that it hasn't happened.

Plan 9 did this and that kernel is 50k lines of code. and I can bind any part of any attached filesystem I want into a location that any running application has access to, so if any program only has access to a single folder of its own by default, I can still access files from other applications, but I have to opt into that by making those files available via mounting them into the folder of the application I want to be able to access them.

I am not saying that Plan9 is usable by normal people, but I am saying that it's possible to have a system which is secure, usable, not a phone, and easy to develop on (as everything a developer needs can be set up easily by that developer.)

discuss

pixl97|24 days ago

>as everything a developer needs can be set up easily by that developer.

So yea, developers are the worst when it comes to security. You put up a few walls and the next thing you know the developer is settings access to ., I know, I make a living cleaning up their messes.

I mean, people leave their cars unlocked and their keys in them FFS. Thinking we're going to suddenly teach more than a handful of security experts operating system security abstractions just has not been what has been occurring. Our lazy monkey brains reach for the easy button first unless someone is pointing a gun at us.

naikrovek|24 days ago

yes, I know, but that doesn't render the entire idea moot. I'm a developer, but I have knowledge of infosec, and I don't do those things. but because some developers do, it shouldn't be done? what kind of logic is that?

everyone who is NOT a developer is now protected by the operating system in a situation like this, and developers that are not, are unprotected by their own hand, instead of being unprotected via the decision of an OS vendor.

By the way, the entire "not protected" situation that you claim developers would put themselves in, is the exact situation that everyone is in today, with very little choice to opt out of that situation.

I want people to opt in to the insecure situation, and opt out of the secure situation, not the reverse, which is the case today. Ransomware can encrypt an entire disk because the OS has no notion that full disk access is bad, or that self-escalation to privileged access should not be granted automatically. MacOS kinda does these things, but not to the point I want to see them done. Not at all.

an OS that isolates everything renders containers completely moot. everything a container does should be provided by default by the operating system, and operating systems that don't provide this should be considered too immature to be useful in any production setting, either by business or by consumers. isolation by default should be table stakes for any OS to even come up for consideration by anyone for any reason.

And you're saying that this shouldn't happen because some developers who don't understand security will make their system look just like wide-open systems today? Come on.