← Back to context

Comment by mikewarot

1 month ago

A gentle reminder to the readers here at HN that it doesn't have to be this way. Computer Security is a solved problem[1], and has been so since the 1980s[2]. It's my strong opinion that the only methods you've seen to this point[3-7] were deliberately chosen to be ones that don't work, and make things worse in the long run.

There's no reason we shouldn't be able to run what we want on our hardware, without having to trust anything other than the microkernel inside the operating systems.

[1] https://en.wikipedia.org/wiki/Capability-based_security

[2] https://en.wikipedia.org/wiki/Capability-based_operating_sys...

[3] https://en.wikipedia.org/wiki/User_Account_Control

[4] https://en.wikipedia.org/wiki/AppArmor

[5] https://en.wikipedia.org/wiki/Security-Enhanced_Linux

[6] https://en.wikipedia.org/wiki/Application_permissions

[7] https://en.wikipedia.org/wiki/Trusted_Platform_Module

6 comments

mikewarot

Reply
carlosjobim  1 month ago

Your opinion is not "a gentle reminder", "a friendly reminder" or "a public service announcement". It's just your opinion and nothing more.

  • mikewarot  1 month ago

    Ok, so I've trigged quite a reaction with my phrasing. I'm very sorry about that.

    Put yourself in my place... Computer Security is a solved problem, and has been for decades, yet we find ourselves in an infinite loop of crises that result in ignorance of solutions. Maybe 5% of all discourse here on HN is about a problem we don't have to have.

    How would you push the world to resolution?

    • carlosjobim  1 month ago

      You put me on the spot, because I don't understand the subject matter in such depth. I hope somebody who does chimes in. All I can think about is when a man's paycheck depends on not understanding the issue... Many people make a lot of money from cyber security, so would they want the problem to be completely solved?

  • 7373737373  1 month ago

    It's obvious you don't understand what is written in those links. The capability security architecture breaks the false dichotomy of either having to have a fully locked down or open operating system, it provides the technical foundation to grant individual programs, and even parts of these programs, recursively, only the (data, filesystem, network) access and resource consumption (cpu, memory) rights that they need. This is not an opinion, this is a decades old technical solution that humanity ignores at its own peril. While I wouldn't argue that it completely solves computer security, it allows programmers and users to minimize the attack surface of their systems.

    • carlosjobim  1 month ago

      I appreciate that I probably don't understand what is written in those links. But whether you're right or wrong - and you're probably right - phrasing your comment in the clichéd "gentle reminder" makes people refrain from taking your message to heart.

      1 reply →