Friday, October 30, 2015

I don't git it

Why y'all continue to trust applications to do anything is beyond me.
You don't hand your wallet to the clerk at the gas station, but you'll hand your whole machine over to any random bit of code, and get upset when it goes awry.
Your OS should ask which files to let your application access... until that changes, you're going to keep getting skunked.

Friday, October 02, 2015

CapabilityPipes v0.001 - A very rough draft of an incredibly powerful idea

This is a raw dump of an idea that came to me at 4AM... I hope it's coherent enough to catch on... I will of course keep refining it.

This is v0.001 of the idea

++ Capability Pipes  

Unix/Linux is a set of tools which work together to allow you to pipe output from one program into another, and the resulting plumbing lets you do very powerful things. We need a similar set of tools for the capability security model. This would allow you to have complete and total control over your applications, your network useage, and everything your computer does on your behalf, in a rational and expandable manner.

Instead of trusting applications to do everything, why not use the pipe/api model to limit their connections to the world, so that you can tightly restrict the side effects of everything, as needed?

Give the user a traditional view of the world, just like the linux they have now, but instead of trusting applications blindly, force them all to use capability pipes (like file handles) to do all their I/O.

Of course, you could always default things to the current look/feel of a typical linux desktop, to make transitioning easy for users.

It is impossible to overstate the amount of power this would put back into the hands of users.
 
Examples, use cases:

  A mute filter to allow control over the audio output of a web browser.
  Filtering of which URLs a web browser is allowed to access
  A batch file which could do more than chroot ever could, with all the limits hard enforced by the operating system
  All file pipes would be chosen / supplied from outside the application.

iptables allows a linux system administrator to do very powerful things with the network stack of a machine... this would be a much more fine grained approach as you could control I/O of everything down to the bit level, or not... as you see fit, in the unix way.

You could count the bytes a web browser sends or recieves on each and every page. You could log things.

Digital Rights Management would be killed stone dead as a nice side effect.

Ad blocking could be scripts that users could tweak themselves.