| The next big OS leap is a capabilities based security with a microkernel. The old model of assuming you wanted to share your authority with everything you run is unsustainable. It should have been a thing at least 20 years ago. >>Please elaborate. How does this resonate with the average user who doesn't know anything about infosec? Elaboration, with too much pop culture... ;-) When you use cash, for example, you're using capabilities. You can hand out exactly $3.50 to the Loch Ness Monster[1], and no matter what, he's not going to be able to leverage that into taking out your entire bank balance, etc. The current "ambient authority" system is like handing the Loch Ness Monster your wallet, and HOPING he only takes $3.50. Another metaphor is power outlets, which limit how much of the power from the grid makes it to your device. The current system is much like the electric - i - cal, at the Douglass house in Green Acres.[2] The point is, you can run any program you want, and give it only the files you want, and nothing else, by default in such a system. For the user, it really doesn't have to seem that different, they already use dialog boxes to select files to open and save things, they could use a "power box"[3] instead, which looks the same, except then the OS enforces their choices. [1] https://www.quora.com/Why-does-the-Loch-Ness-monster-want-3-... [2] https://youtu.be/EnGyq2JYrHk?si=c2iTB9BYxB0VwZ9u&t=184 [3] https://wiki.c2.com/?PowerBox |