←back to thread

We should have the ability to run any code we want on hardware we own

(hugotunius.se)
2071 points K0nserv | 7 comments | 31 Aug 25 21:46 UTC | HN request time: 1.262s | source | bottom
1. mikewarot ◴[01 Sep 25 01:49 UTC] No.45088709[source]
A gentle reminder to the readers here at HN that it doesn't have to be this way. Computer Security is a solved problem[1], and has been so since the 1980s[2]. It's my strong opinion that the only methods you've seen to this point[3-7] were deliberately chosen to be ones that don't work, and make things worse in the long run.

There's no reason we shouldn't be able to run what we want on our hardware, without having to trust anything other than the microkernel inside the operating systems.

[1] https://en.wikipedia.org/wiki/Capability-based_security

[2] https://en.wikipedia.org/wiki/Capability-based_operating_sys...

[3] https://en.wikipedia.org/wiki/User_Account_Control

[4] https://en.wikipedia.org/wiki/AppArmor

[5] https://en.wikipedia.org/wiki/Security-Enhanced_Linux

[6] https://en.wikipedia.org/wiki/Application_permissions

[7] https://en.wikipedia.org/wiki/Trusted_Platform_Module

replies(1): >>45088716 #
2. carlosjobim ◴[01 Sep 25 01:50 UTC] No.45088716[source]
Your opinion is not "a gentle reminder", "a friendly reminder" or "a public service announcement". It's just your opinion and nothing more.
replies(2): >>45088765 #>>45094159 #
3. 7373737373 ◴[01 Sep 25 02:01 UTC] No.45088765[source]
It's obvious you don't understand what is written in those links. The capability security architecture breaks the false dichotomy of either having to have a fully locked down or open operating system, it provides the technical foundation to grant individual programs, and even parts of these programs, recursively, only the (data, filesystem, network) access and resource consumption (cpu, memory) rights that they need. This is not an opinion, this is a decades old technical solution that humanity ignores at its own peril. While I wouldn't argue that it completely solves computer security, it allows programmers and users to minimize the attack surface of their systems.
replies(1): >>45092354 #
4. carlosjobim ◴[01 Sep 25 12:54 UTC] No.45092354{3}[source]
I appreciate that I probably don't understand what is written in those links. But whether you're right or wrong - and you're probably right - phrasing your comment in the clichéd "gentle reminder" makes people refrain from taking your message to heart.
replies(1): >>45100129 #
5. mikewarot ◴[01 Sep 25 16:32 UTC] No.45094159[source]
Ok, so I've trigged quite a reaction with my phrasing. I'm very sorry about that.

Put yourself in my place... Computer Security is a solved problem, and has been for decades, yet we find ourselves in an infinite loop of crises that result in ignorance of solutions. Maybe 5% of all discourse here on HN is about a problem we don't have to have.

How would you push the world to resolution?

replies(1): >>45095491 #
6. carlosjobim ◴[01 Sep 25 18:50 UTC] No.45095491{3}[source]
You put me on the spot, because I don't understand the subject matter in such depth. I hope somebody who does chimes in. All I can think about is when a man's paycheck depends on not understanding the issue... Many people make a lot of money from cyber security, so would they want the problem to be completely solved?
7. 7373737373 ◴[02 Sep 25 07:33 UTC] No.45100129{4}[source]
The grandparent comment wasn't mine, and I can kind of agree with yours. I can understand both of you, you in that the phrasing used may feel patronising. On the other hand, it is frustrating to know of a solution, of a good technical and theoretical foundation and see it ignored by the world at large. Hence probably the reminder phrasing used by the grandparent.