Post AWfddk2ILg7N5fiFGK by mcc@mastodon.social
(DIR) More posts by mcc@mastodon.social
(DIR) Post #AWfdddHzQvVsAK0BFo by mcc@mastodon.social
2023-06-14T02:44:16Z
0 likes, 0 repeats
A thing that I do not like about the world we live in is that you're given two options, Windows where any application at any time can and usually will just demand you give it 100% permission to install stuff in the kernel and you really have no choice but to proceed because that's the only way to run the software, and Apple where you're not allowed to do anything with your devices ever at all.
(DIR) Post #AWfdde9sCacArRDDF2 by mcc@mastodon.social
2023-06-14T02:48:29Z
0 likes, 0 repeats
The thing that I *really* want— every application is running inside of a sandbox I fully control, such that all attempted OS-level changes are accepted from the app's perspective but actually logged and tracked, and then I'm allowed pijul-style to decide which "patchsets" of sandboxes are simultaneously active for any one piece of software— might be kinda hard to implement and implement efficiently. But it seems *some* third option must be possible
(DIR) Post #AWfddeozjhVYuyS3Ky by inthehands@hachyderm.io
2023-06-14T03:08:47Z
0 likes, 0 repeats
@mccI’ve wanted this too, and have thought about it. I pondered for a while a layered file system in which the user controls which layers are readable and writable by each app, and was halfway to implementing a nonsense version of Nix-in-the-OS before I decided this was not actually an easy problem.
(DIR) Post #AWfddfWb7aO16CqsIi by mcc@mastodon.social
2023-06-14T03:10:37Z
0 likes, 0 repeats
@inthehands Did you know the original Mach, the experimental microkernel that gradually turned into Mac OS X, originally had a feature where userland program 1 could launch userland program 2 in a special way, and then from program 2's perspective program 1 was the kernel. Program 2 would think it's sending syscalls to the kernel but the syscalls are all going to program 1 and program 1 is allowed to freely decide whether to forward them on to the real kernel or just like… lie
(DIR) Post #AWfddfog2Mqe0HJJTs by mcc@mastodon.social
2023-06-14T02:51:02Z
0 likes, 0 repeats
Like, "the app developer has complete control and the user is powerless" versus "the OS vendor has complete control and the user and app developers are both powerless" versus the good condition, "the user has complete control and the OS vendor and app developer must do what they say".(And no, Linux is not that third thing. Windows is the OS where 168989f.msi "wants to make changes to your device" and Linux is the OS where you're being asked to run curl 16989f.sh > sudo sh)
(DIR) Post #AWfddgGgMFFXP8Pg8G by alexis@alexisart.me
2023-06-14T04:15:12Z
0 likes, 0 repeats
@mcc @inthehands This may not be what you are looking for exactly, but I do know that there's an effort right now to make sandboxed native* applications with WebAssembly. This particular solution has a slightly different goal point of running the same program on every device with the same executable. There's also native* launchers as well as NodeJS.The executable file is different from what normally exists for said operating system, and it is interpreted by the browser, NodeJS, etc.
(DIR) Post #AWfddgujxJIBPN9fZQ by mia@snug.moe
2023-06-14T04:16:25.595Z
1 likes, 0 repeats
@alexis@alexisart.me @mcc@mastodon.social @inthehands@hachyderm.io if only someone had thought of a universal bytecode that could be executed across platforms!
(DIR) Post #AWfddk2ILg7N5fiFGK by mcc@mastodon.social
2023-06-14T02:51:33Z
0 likes, 0 repeats
I guess you can spend the rest of your life writing AppArmor configs and then worrying that your AppArmor rules are ineffective because of a one-character typo