[LtWorf]

That the security model on Unix (and Linux) is to trust your applications and mistrust other users of the same machine.

While now the security model is that your applications are closed source and you cannot trust them, which is why you need wayland.

[anthk]

9front tells me otherwise. It's security model with namespaces and rfork it's far more tuned to modern times than the GNU/Linux or BSD one where even wth mitigations and the like a good crafted NES sound file (6502 code in the end, as C64 MOD files) could cause mayhem on some buffer overflow executing x86 code.

rio(1) windows under plan9/9front have their own namespace and OFC you can restrict these per windows making these kind of attacks futile.

[tmtvl]

How's the a11y story under Plan 9? I always thought of Plan 9 as being very forward thinking for its time but unfortunately stuck in the past in various ways, but are there screen readers and voice input and everything?

[anthk]

nothing yet but an flite port. But by design it's far easier than with X and/or with DBUS.

[simoncion]

> [T]he security model on Unix (and Linux) is to trust your applications

If that were true, httpd (and all other system daemons) would be run as root and neither the 'nobody' user and group nor the various security-related X11 extensions would exist.

Anyone who has worked in this field for more than a few years (regardless of their era of entry) knows that nontrivial programs are faulty and can happen to or be induced to do things that are harmful in varying degrees to the operation of the computer that runs them.

[LtWorf]

Protecting against accidental mistakes and expecting applications to steal data are different levels.