but you can run an X11 software package in Xnest or Xeyphr to functionally sandbox X11

I know (did that with Telegram for some time, until deciding I’ll take the insecurity with working clipboard), but those manuals would only touch upon having a separate user or a chroot.

That might permit for clipboard snooping, have to check, but avoids the keylogging and display-dumping issues.

Will read about firejail.

It is true that X11 — not to mention most traditional desktop operating systems – were not really designed to sandbox software packages. Local stuff is trusted.

It’s about philosophy - I really like p2p applications built using something like Kademlia, because they are built with the premise that everything is unreliable and that works.

Also unreliable things don’t create vendor locks. It’s much easier to change from one unreliable thing to another.

But I’m more optimistic than I think your comment is, think that things have generally gotten better, not worse.

Yes, I’ll repeat my opinion that things becoming more complex and that being described as needed for them to become more secure - means just that the security theater is better now.

Go back a quarter century and nearly all Internet traffic was unencrypted; most is encrypted today.

Encrypted with keys decided using certificates ultimately with some approved CA as root, and the list of those trusted CAs is supplied with software. There have been plenty of cases where a CA has been compromised.

As protection against some punks peeking upon neighbors it works, but the main threat is not some punks. The post is about E2EE and nation-states.

I’d trust Web browsers to reliably sandbox things today more than I did then.

Why do we have hypertext browsers running cross-platform applications? Why can’t we separate these two classes of programs? There are, say, the Gemini protocol for the former and, say, JVM for the latter.

We have containers and VMs, which are a big improvement over chroot jails. My software updates are mostly cryptographically-verified. If you want a cryptographic filesystem, it’s not a big deal to set up these days.

I agree about this.

We don’t have operating systems automatically invoking binaries because they happened to live on something that looks like a CD drive that was connected.

And this.

We’re using more programming languages that are more-resistant to some common memory management bugs that historically led to a lot of our security problems.

Well, yes and no, people had Perl and Tcl as popular ones back then too, ha-ha.

agree that it’s important not to falsely believe that security is present when it’s not. But I don’t think that everything is dismal, either.

Not dismal, I don’t mean that. It’s a lot of fantastic achievements, but they won’t work if taken for always present.

It’s strategically wrong to expect complex unachievable to full extent things to work. People can expect landline to always work (they did at some point at least), but to expect computing to be mostly secure is nuts, and that’s what everyone is doing. Landline phones are one of a very few really reliable technologies, but most of our civilization is not like that.