← Back to context

Comment by loup-vaillant

2 days ago

> No I mean that the operating system protects applications from messing with each other. The operating system should isolate each app for security purposes.

Oh but that is far incomplete a specification. What security purposes? Who are we protecting, from whom? On whose behalf does the OS isolates applications from each other? If it’s on mine, then you bet I absolutely want the ability to lift that isolation in specific cases. It’s my computer, I decide when and how the rules are broken.

But the moment I have that (a computer and OS that really work for me), I lose the ability to prove that I don’t. If I play an online game, being in control means the game company is not, and I can’t prove to them I’m not cheating.

I’m not aware of any third alternative.

2 comments

loup-vaillant

Reply
charcircuit  1 day ago

In short the integrity of the application must be secured. This integrity must be protected from everyone. Nothing should be able to violate the integrity of the app.

>I absolutely want the ability to lift that isolation in specific cases.

There is no need for this. Allowing end users to turn off security features is not a good idea. Users should not have to think about such things.

>I decide when and how the rules are broken.

Most users do not want this ability. They just want a computer that works and is safe to use. They don't want to dictate how exactly it was written. That is the manufacturers job.

  • loup-vaillant  1 day ago

    > In short the integrity of the application must be secured. This integrity must be protected from everyone. Nothing should be able to violate the integrity of the app.

    I’m getting a strong sense that you don’t know what you’re talking about. "Everyone" for instance doesn’t include the app vendor. You want to allow updates, right?

    > Most users do not want this ability

    Again with the ambiguous wording. What do you mean exactly? That >50% of users don’t care about having this ability, or that >50% of users explicitly reject this ability?

    In my experience, most users think they don’t care, until they need to run an app that’s not on the main app store. Easy example: skip YouTube ads. On Android, you jumps a few hoops, install Newpipe or Tubular, and voilà, no more ads. But I’ve met several iPhone users who wanted the same, and were quite dejected when they realised they couldn’t have it.

    Of course, the idea that most users explicitly reject the ability to bypass security measures is utterly ridiculous.

    > Allowing end users to turn off security features is not a good idea.

    Not that I’m not talking about flipping a switch that would end all process isolation. I’m talking giving permission to one app to mess with one other app. Secure by default with fine grained permissions, not "please revert to Windows 98 with zero memory protection".

    > Users should not have to think about such things.

    They have to anyway. Where their credentials are, what if they break their computer, lose their phone, their data gets leaked…