[mikewarot]

Of course cybersecurity can be solved... the solution was worked out in the 1970s, and there are commercially available secure systems. The Operating Systems most of us use daily, on the other hand, do not support multi-level security, nor the Bell-LaPadula model.

If we did use such systems, the user interface would be almost identical, but our applications would only be able to open the files we fed them, and not everything, by default. The world would be a much more secure place, but that would have made the NSA's job a lot harder, so such systems aren't talked about much.

[paulryanrogers]

What's the evidence such systems weren't adopted because of NSA influence?

IME secure systems are hard to use in practice, and performance is usually worse than less secure systems.

[mikewarot]

>IME secure systems are hard to use in practice, and performance is usually worse than less secure systems.

If you're talking about tacked on layers of lockdown like SElinux, AppArmor, UAC on windows, "Access to X" on your phone, etc... that's obviously true. However, a capabilities based system should be almost identical in terms of the users view of things.. instead of calling a dialog to get a file name then directly opening the file, a "powerbox" is used which returns the capability to access a file.

As far as the user knows, the code behavior is identical, and they don't need to change their interactions.

We've all adopted ersatz capability systems when we moved to virtual machines, containers, and the like... just a far more course grained control of access instead of individual files at runtime.

I'm hoping that we finally fix computer security before I leave this world, but I'm having my doubts. WASM is a good step in the right direction, as long as they don't bypass the capabilities model in the name of "ease of use", it should help quite a bit.