[thot_experiment]

What a disgusting take. It's actually so depressing to see anyone say this, presumably sincerely. It's how all the modern operating systems I use work.

It's what makes computers so wonderful and powerful, you can just have it do whatever you want. Turning that into "whatever google decides i should be allowed to do" is not gonna lead us to a bright future.

[charcircuit]

With Turing completeness you can do whatever computation you want. If you want to go outside of Turing completeness and starting interacting with the real world or other apps that is when security models need to exist. There isn't a reason to allow a program to act however it wants. Why should we allow for programs to secretly spy on a user's mic with no visual indication. It's okay to bound what is possible with a device. This already happens in practice with other operating systems. Redhat can still be useful even if you don't have permission to write new CPU instructions (only Intel and Amd have they signing keys to add new instructions). Sure Intel may be limiting what you can do, but it still is a useful machine without it that many people successfully use and gain value from every day. Even as a smaller example root on Linux has limits on how it can interact with the kernel. It may be root, but there are still limits on what it can do without loading a kernel module to modify things. If you want a less secure operating system where things are less secure like allowing the user to be spied on you can make your own, but the average person wants to have a secure device.

[thot_experiment]

Yeah and security models are fine. Having root on my device isn't the same as running everything as root. e.x. I want to access my files on my device over SSH so i don't have to keep plugging my phone in, sadly turing completeness doesn't get me there when I can't give my SSH daemon access to the filesystem. These are all solved problems, we're just CHOOSING not to expose the solutions to the end user under the guise of security in order to retain control.

[charcircuit]

Making it so that you can't overly share data with apps is not an issue with root not being available. That is an issue with the capabilities the os exposes to you.

The answer to every security issue not "add a backdoor".

[iggldiggl]

> That is an issue with the capabilities the os exposes to you. The answer to every security issue not "add a backdoor".

Problem is, I strongly suspect we'd still be having the same discussion even if we were talking about "allow the user direct access to all files*" instead of "allow the user full root rights".

Because while some of those missing capabilities are "simply" a matter of it being too much effort to provide a dedicated capability for each and every niche use case (though that once again raises the question as to whether you prefer failing open, i.e. provide root as an ultimate fallback solution, or fail closed), with file access I guess that this was very much an intentional design decision.

[thot_experiment]

What do you mean it's not an issue with root not being available. Root solves the problem, that's the whole point, when the OS doesn't expose the capability I want I can just read the file or piece of memory. The reason for root is that I want to have the failure mode be "ugh i have to go deal with the root security i've elected to have to do XXXX" rather than "well i guess i'm sol"