Hacker News new | ask | show | jobs
by flukus 3567 days ago
I really disagree with UWP being a better model than limited UAC. Apps being able to talk to each other and the filesystem and interacting is what makes them useful. The linux/sudo approach is the best comrpomise between security and utility I'm yet to come across.

> The old system had defaults originating from the single user non-multimedia usecases left over as a legacy, but currently we have so many things going on our computers, that privacy/security needs a rethinking of old concepts to cope with new challenges.

I android has proven anything it's that sandboxed applications don't solve this problem.
1 comments
raesene6 3567 days ago
Generally the way I've seen sudo implemented in all desktop linuxes is that after providing a password the process gets all access.

This to me isn't a great trade off as it relies on the user invoking the process understanding the security risks they're taking, which is a tricky one.

Sure you can do more with sudo, but unless it's the default, most people won't

link
flukus 3567 days ago
There's room for improvemnt, it's just the best trade off I've seen. Windows has it's "click yes to continue" buttons, android has it's permissions thing that is useless to everyone. At least making people pause and type a password might make them think about what they're doing a bit.
link
icebraining 3567 days ago
The best trade off I've seen is what Nokia's S60 (and iOS, or so I've heard) did: have granular permissions like Android, but show a dialog when the app first tries to use them, instead of having a laundry list at installation time.

You're more likely to think twice when you open your flashlight app and it asks "Do you want to allow [Flashlight App] to read all your contacts?"

link
flukus 3567 days ago
It that once off or every time? There have been a few Android apps that started off OK and transitioned to spyware.
link
rahoulb 3567 days ago
On iOS it asks the first time the app wants a particular permission but doesn't ask again. If you want to change your initial choice, you can head to Settings and view/change the grants/revokes by permission or by app.
link
icebraining 3567 days ago
Can't remember. Still, I don't think it matters - if you know an app has turned into spyware, why are you opening it again instead of uninstalling it?
link
flukus 3566 days ago
Because I don't know until I hear it somewhere.
link