I’d love to go back to Windows 2000 (and Google circa 2000). The software industry (at least in the desktop side) peaked two decades ago, then spent most of the last decade or so badly reinventing everything on the web.
While better than Windows 9X, Windows 2000 was also horrendous with regard to security. That was the era where Windows saw so many exploits and worms, and their security practices so lax that because they started the firewall a few seconds after starting the network interfaces when booting, if you were connected to the internet without a separate firewall on boot (fairly common at that time) it was likely you would be infected by a worm in that few seconds of unprotected networking.
Anyone around at that time will remember the rampant worms infecting large swaths of the internet connected Windows machines. Code Red. Sasser. Blaster. Slammer/Sapphire.
Gmail is lame compared to Outlook 2000. (It also broke self-hosted email for everyone.) Likewise Google Docs can’t hold a candle to Office 2000 (or even Word Perfect 6.1). It has extremely bare-bones control over text formatting and page layout. E.g. no kerning, limited styling, no footnote styles, limited control of header/footer formatting, no section breaks, etc. No section breaks! The version of Word Perfect I installed from a stack of floppy discs had section breaks!
Microsoft's web apps are a grim reminder of how desktop UIs have evolved backwards. (I’m in the midst of evaluating Office 365 as part of some IT transitions at work.) It's missing tons of features even compared to Word 2000. And it's a total pig. I thought Office was a pig before, but moving it to the Web made everything 10x worse. (Google Docs is less of a pig, but that seems to be because it has less functionality than Gobe Productive on BeOS.)
I’ll concede that Google Maps is better than what was available in 2010. It bet it would be even better if Google turned it into a Win32 desktop app.
>Microsoft's web apps are a grim reminder of how desktop UIs have evolved backwards. (I’m in the midst of evaluating Office 365 as part of some IT transitions at work.) It's missing tons of features even compared to Word 2000. And it's a total pig. I thought Office was a pig before, but moving it to the Web made everything 10x worse. (Google Docs is less of a pig, but that seems to be because it has less functionality than Gobe Productive on BeOS.)
Sure, that's all true, but this backwards devolution also ensures the important thing: that you don't really own the code you run, a centralized provider does, and they can change or break it as they please, without having to remain compatible with your machine. This is a business model problem: they've decided they do better off turning your general-purpose, user-programmable personal computer into a dumb terminal that uses 10x bloated-ass Javascript frameworks to make AJAX calls to their HTTP servers.
Both statements are true. Security in 2000 was worse by a lot, but the need for security was also less. While there were viruses that deleted all your files, they were very primitive compared to what is done today.
I hear you, but security wise this point is countered by the fact that every (n-1) iOS operating system has a public lpe exploit available. A user might not be able to jailbreak their idevice, but a hacker can.
I wonder what makes you say that? There is more social focus on security, however that seems more a consequence of the pervasiveness of computing in our society then in fundamental progress in our systems-thinking. As far as I can tell, the basic security models have not changed much since the late 60's.
"the basic security models have not changed much since the late 60's" != "number one thing that could have gotten better in the last 19 years but didn't: security"
Those two are very different claims IMO. Who cares what the basic security models are if you are significantly more difficult to attack?
We can debate whether these were "innovative" or not but the fact is that in 2000 none of these things existed in anything beyond research if at all there: ASLR, stack canaries, RETGUARD, pledge, jails, seccomp, fuzzing, San/kSan/HWAsan (tagged mem), NX, signed bootloaders/secure enclaves. IMO, iOS took huge steps to isolate the different user applications from one another.
EDIT: I deleted a reference to SELinux. It was introduced only a handful of days before Jan 1, 2001 ;)
The article is talking about academic research while most of the examples you quote seem recent(ish) industry implementations of these security models. I'd say that corroborates rather then disputes the authors thesis..
What we see is security practice. The security practices coming into play today that come out of research already done by 2000 were not widespread in 2000. Is there no security research being done in 2017 that we won't have paid much attention to for another decade?