[userbinator]

On modern operating systems, applications under the same user are separated from each other, for the purpose of protecting them against malware and compromised programs.

Fundamentally, these problems are caused by the lack of app-to-app and app-to-OS authentications.

I see the security argument side of things, but I think that overall this trend of compartmentalising everything is detrimental to the open interactions between apps that made computers so versatile and useful. Put another way, by building increasingly closed and restrictive systems, and requiring strict authorisations and procedures for all interactions between their components, we've significantly marginalised the ad-hoc, unpremediated sharing aspect of computing --- one which I think is also extremely important.

It's certainly not a good thing to have data you want private leaked out, but neither is it to be unable to freely share between apps what you do want without going through some horribly byzantine process involving only the app developers and not the user. Something to think about, whenever someone proposes isolating everything for the sake of security...

[mikeash]

I think compartmentalization is good, but the fundamental question is one of who is in control.

I completely agree that interaction between apps is fundamental. It acts as a multiplier, such that the whole is much more than the sum of its parts. Poor facilities for inter-app interaction is why iOS is such a toy compared to other OSes. It's great for browsing the web and reading your e-mail and such, but it sucks for a lot of serious tasks because your stuff can't move easily.

But I don't think that interaction should necessarily be a free for all either. Ideally, it would all be gated and put under my control. Then I can ensure that things I want to do get done, and malware can't touch my stuff.

The trouble with Apple's approach isn't compartmentalization itself, but rather than Apple has decided that users are too stupid to make their own decisions, and so it is Apple who gets to decide which interactions are allowed.

[jobu]

> ...Apple has decided that users are too stupid to make their own decisions...

Sadly this is true for many, if not most users: http://arstechnica.com/security/2008/09/study-confirms-users...

It's a few years old, but it seems unlikely that things have changed much since it was done:

"Some researchers have tested how college students respond to fake dialog boxes in browser popup windows and found that the students are so anxious to get the dialog out of the way, they click right through obvious warning signs"

[mikeash]

You're right. A lot of users simply can't be trusted to make good decisions.

There has to be a way to protect those users without shutting down power users, though. I don't know what it is, but Apple's approach of giving power users a big middle finger is not good.

[userbinator]

Apple isn't alone in this, Microsoft and Google are also heading in the same direction.

At least there were 9 who "did the right thing" - 21% - which to me suggests that not all users are idiots and a fair number of them are knowledgeable. It would be interesting to do this study again, nearly 7 years later, and compare the results.

The real danger of assuming that users are stupid is that it means they'll likely stay stupid, as then even fewer will learn due to the lack of any motivation to. My cynical opinion of why this happens is that for these companies, it's actually advantageous to keep users stupid; you can extract more profit from them if they're kept happy, unquestioningly complacent, and consuming. To paraphrase an old analogy: if you keep someone from learning how to fish, you can keep selling them fish.

[noblethrasher]

Some people figured this out 40 years ago: Objects were supposed to be little (or big) virtual computers that communicated to each through message passing. Security (modulo side-channel attacks) is then just a function of each object's grammar and corresponding parser implementation.

We can then reason about security in terms of formal language theory. For example, an object's whose grammar is a regular expression is much more secure than an object with a Turing complete grammar.

Of course, if you take the idea of objects too seriously, you then realize that you don't need things like operating systems in the first place.

[asveikau]

I thought it somewhat audacious to refer to that as "modernity". I prefer to think of it as a path that some people, not everybody, have taken.