undefined | Better HN

0 pointsjonahx1y ago0 comments

I think you misunderstood. Among the coarse grained capabilities I mentioned would be "access to folder X and it's subfolders" (read or write).

But to answer your question there are, eg, tons of programming packages in any language that I want purely for their computational abilities, and I know this for certain when using them. In fact for the vast majority of GUI programs I use, or programming packages I use, I know exactly what kind of permissions they need, and yet I cannot easily restrict them in those ways.

0 comments

taeric1y ago

It is specifically running applications that always trips me up here. As a user/operator of the computer, I have been bitten by applications being too locked down for them to be useful in the past. I /think/ we have gotten better such that it is easy to have better OS behavior when it wants to restrict an application. But specifically sandboxing by default has been a source of terrible application behavior for me, in the past. Is a lot like using a shadow banned account where everything looks correct, but nothing is actually showing up. Very confusing.

Now, I think your point on restricting the libraries that are imported to a program makes a ton of sense. I'm not entirely clear where I would want the "breaker box" of what an application is allowed to do to be located, but it is crazy how much just importing some library will do in many programs.

jonahxOP1y ago

Well you are ofc free to give applications full reign if you want. But you should at least be able to say, "No, desktop calculator I just downloaded, you can't do anything but compute and draw things in your application window".

More broadly, creating a good UI around granting capabilities is non-trivial. But that's a separate problem from simply not being able to make even the most basic kinds of restrictions that you want in most cases.

taeric1y ago

Totally fair. I just don't know of that many (any?) "desktop calculator" applications that people download. I'm far more expecting that people are downloading and running social applications than they are isolated things.

Mostly fair that it would be good if we could say "on site foo.com, request for any access to not-foo.whatever that happens." I can't remember the last time I saw the sheer number of third party network accesses that happens on far too many sites. It was sobering.

bhelkey1y ago

> Totally fair. I just don't know of that many (any?) "desktop calculator" applications that people download.

Quite a few apps fall into this category: single player games, photo editors, word editors, video players, pdf editors ...

It seems very reasonable to restrict these applications from accessing the internet.

1 more reply

frederikb1y ago

Oh, but they do! There used to exist a boatload of malware on Android disguised as common conscience apps, famously flashlight apps/widgets.

As a random example, see this one ( https://www.welivesecurity.com/2017/04/19/turn-light-give-pa... ) which is a banking trojan cosplaying as a flashlight widget.

Now there is a more or less sophisticated permission system which users then bypass by still accepting any prompt if you promise them anything shiny...

1 more reply

chii1y ago

I think the ideas in qubes OS (https://www.qubes-os.org/) is reasonable in implementation given today's applications, and the need for backwards compatibility.

Unfortunately, the performance is what suffers, and morse law hasn't kept up such that vm based OS can be used by the regular laymen.

yencabulator1y ago

I think this sort of stuff implies a switch to new APIs that understand that the app is inside a sandbox, instead of "just trying to do things". For example, XDG Portals for opening/saving documents, instead of open(2) syscall.

j / k navigate · click thread line to collapse

0 comments

taeric1y ago

jonahxOP1y ago

taeric1y ago

bhelkey1y ago

> Totally fair. I just don't know of that many (any?) "desktop calculator" applications that people download.

Quite a few apps fall into this category: single player games, photo editors, word editors, video players, pdf editors ...

It seems very reasonable to restrict these applications from accessing the internet.

1 more reply

frederikb1y ago

Oh, but they do! There used to exist a boatload of malware on Android disguised as common conscience apps, famously flashlight apps/widgets.

As a random example, see this one ( https://www.welivesecurity.com/2017/04/19/turn-light-give-pa... ) which is a banking trojan cosplaying as a flashlight widget.

Now there is a more or less sophisticated permission system which users then bypass by still accepting any prompt if you promise them anything shiny...

1 more reply

chii1y ago

I think the ideas in qubes OS (https://www.qubes-os.org/) is reasonable in implementation given today's applications, and the need for backwards compatibility.

Unfortunately, the performance is what suffers, and morse law hasn't kept up such that vm based OS can be used by the regular laymen.

yencabulator1y ago

j / k navigate · click thread line to collapse