[phkahler]

>> I think permission systems are bound to wind up in all desktop operating systems, eventually

What I'm about to say may seem wrong, stupid, or crazy at first. I think permissions often belong in the GUI. Applications would get no access to the file system directly, but they could use an API in the gui to open files - only files that are granted access by the user, often by selection in a File->Open dialog or other direct user interaction. By putting the granting of access in the GUI toolkit, we can run untrusted apps natively with no OS permissions.

Maybe not directly in the GUI, but something like that. Trust the user but not the app.

[CamperBob2]

At some point you have to trust the user to choose the apps they want to run. That's simply not the OS's job.

To the extent that it is the OS's job, you don't have a computer anymore. You have an appliance. Sometimes that's OK; I don't complain because I can't run Doom on my dishwasher. But let's be clear about what is a general-purpose personal computer, and what is not.

[kitsunesoba]

> To the extent that it is the OS's job, you dn't have a computer anymore. You have an appliance.

In my opinion, that depends on the existence of an escape hatch. If it's like iOS where there effectively is none, sure, but if it's like macOS where SIP, Gatekeeper, etc can be temporarily disabled to make changes and then re-enabled or disabled entirely it's a different story.

[fomine3]

That what Microsoft WinRT/UWP/whatever implemented.