alt Hacker NewsDesktop OSes and their derivatives are woefully behind in this regard, and unfortunately the will to bring them up to par is incredibly weak. Of those in mass use (Qubes OS is neat but its user base isn’t even a rounding error), macOS probably does the most, but it’s still lagging behind iOS and what’s been implemented has come with much consternation from the technically inclined peanut gallery.
I understand some amount of reticence with commercial OSes, but there’s no justification for being against it on open Linux based desktops and mobile OSes. We really need to get past the 90s-minded paradigm of everything having access to everything else all the time with the only (scantly) meaningful safeguards coming in the form of *nix user permissions.
Replies
Letting everything I install have access to everything is the core feature I want out of a platform. If I can't have that might as well just use android
Fun fact - on most Linux distros any user program can see almost any event, yes including key presses, by reading from the right /dev/... file.
This is not surprising. The desktop Linux community reacted with hostility to the well funded security efforts (selinux, apparmor, grsecurity, etc)
Flatpak and Snaps are built to solve this. They do conflict with some expectations from users to be able to play around with things, though, so they do not have the penetration one might want.
Aren't all the necessary pieces for something better essentially in place now that unprivileged namespaces are well-established?
They've for sure had more than their fair share of security issues, but those are bugs, not fundamental design problems as far as I understand?
> We really need to get past the 90s-minded paradigm of everything having access to everything else all the time
I do agree with that, and I strongly believe that the iOS and Android security model is way ahead of Desktop Linux. But what I observe is that nobody seems to care about the security model. A recurrent complaint I see against anything AOSP-based (including Android) is that people "want to be root".