top | item 47170716

(no title)

Capabilities based security is something we've discussed quite a bit through the years.[1] Until very recently, I saw the lack of it as something we've papered over since the 1980s when it was fully fleshed out, then ignored. I've pointed this out here, after many security incidents (which could have been prevented if ambient authority weren't the default), and elsewhere far too many times. 8(

To me, virtualization is just a very crude version of capabilities. I thought we'd have collectively realized our mistake by now, and have actually secure, and actually useful, general purpose computing solved.

Now we're on the edge of AGI, not super-intelligence, but something competent, as long as it doesn't hallucinate, or get confused. This is exactly the thing that could have been handled if we weren't on the worst timeline possible. Most of the solutions presented in the article are capabilities based.

Perhaps this will finally get us on the right track, but I doubt it. I'll see if I can use all this AI magic to cough up some reasonable tools fit for purpose, but I'm just one old guy who gets tired far too quickly these days.

[1] https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...

discuss

No comments yet.