HN Reader

Rupert's Snub Cube and Other Math Holes [video] (youtube.com)

1 points by ivanjermakov 1m ago 0 comments

Ongoing Supply Chain Attack Targets CrowdStrike NPM Packages (socket.dev)

1 points by talboren 2m ago 0 comments

Save pins button always disabled (github.com)

1 points by blenderob 4m ago 0 comments

AI Tools Differ from Human Tools (tomtunguz.com)

1 points by brandonb 5m ago 0 comments

Intercellular communication through ultra-fast hydrodynamic trigger waves (nature.com)

1 points by vogu66 5m ago 0 comments

Show HN: Make LLM prompts time-aware, "next Friday" –> "next Friday (19 Sept)" (time-ai.blueprintlab.io)

1 points by yaoke259 5m ago 0 comments

CIA Freedom of Information Act Electronic Reading Room (cia.gov)

2 points by bookofjoe 7m ago 0 comments

GPT5 and Codex Took over Agentic Coding (latent.space)

1 points by mooreds 7m ago 0 comments

Hotels with Options for Wild Swimming (nytimes.com)

1 points by mooreds 7m ago 0 comments

Honolulu engineer creates fabric of the future out of chicken feathers (khon2.com)

1 points by mooreds 7m ago 0 comments

Hosting a Website on a Disposable Vape (hackaday.com)

1 points by beardyw 9m ago 1 comments

A painful road to Java modularity (blog.enioka.com)

1 points by tannhaeuser 10m ago 0 comments

9/16/25, celebrate a date of mathematical beauty (npr.org)

1 points by manveerc 10m ago 0 comments

Understanding and Implementing Qwen3 from Scratch (magazine.sebastianraschka.com)

1 points by ibobev 11m ago 0 comments

Cursor AI editor lets repos "autorun" malicious code on devices (bleepingcomputer.com)

1 points by speckx 12m ago 0 comments

Entry/Exit System – EU (en.wikipedia.org)

1 points by serendipty01 12m ago 0 comments

Donald Trump files $15B defamation lawsuit against The New York Times (npr.org)

1 points by manveerc 13m ago 0 comments

Show HN: Prune – a tiny tool to sharpen your thinking (prune.quest)

3 points by tonerow 14m ago 1 comments

Teen Safety, Freedom, and Privacy (openai.com)

1 points by meetpateltech 15m ago 0 comments

Be Engineering Insights: Adventures in Graphics Drivers (haiku-os.org)

3 points by markus_zhang 17m ago 1 comments

What Every Programmer Should Know About Memory (2007) [pdf] (people.freebsd.org)

1 points by redbell 18m ago 0 comments

Discoverminds.ai – "Notion for Professional Relationships"

1 points by Heysonics 19m ago 0 comments

Some Magic Mushroom Edibles Have Zero Psilocybin (gizmodo.com)

1 points by cainxinth 20m ago 0 comments

Java 25, Ready to Perform to the Limit (hanno.codes)

1 points by microflash 21m ago 0 comments

Force Sensing Gripper with Iris Cutting Mechanism for Harvesting Crops (mdpi.com)

2 points by PaulHoule 21m ago 0 comments

Ask HN: Why isn't capability-based security more common?

2 points by killerstorm 23m ago 0 comments

New Electric Motor Runs Without Metal Coils [video] (youtube.com)

1 points by thelastgallon 23m ago 0 comments

Show HN: JSON-translated-AI,CLI tool for translations across multiple languages (github.com)

1 points by victorhe 23m ago 0 comments

Rupert's snub cube and other Math Holes (tom7.org)

2 points by QuadmasterXLII 23m ago 0 comments

Rust-style safety model for C++ 'rejected' as profiles take priority (theregister.com)

1 points by rntn 24m ago 0 comments

Ask HN: What is your dev experience using sveltejs?

1 points by jerawaj740 26m ago 1 comments

FTC launches inquiry into AI chatbot companions and their effects on children (cbsnews.com)

1 points by gmays 27m ago 0 comments

My "Show HN" Follow-Up for "Swimming in Tech Debt" (loufranco.com)

1 points by loumf 28m ago 1 comments

The true value of ancient history (estimateproperty.blogspot.com)

1 points by geoforcehartza 28m ago 0 comments

Wikidata and Mundaneum – The Triumph of the Commons (schmud.de)

1 points by schmudde 29m ago 0 comments

Just Use HTML (gomakethings.com)

27 points by speckx 31m ago 3 comments

Show HN: AuthPress – Advanced WordPress 2FA Plugin (wordpress.org)

1 points by debba 33m ago 0 comments

Headcount Systems Explained (iprogrammer.au)

1 points by iprogrammerau 34m ago 0 comments

The Build Up (theawkwardyeti.com)

1 points by mooreds 37m ago 0 comments

The Internet Coup [pdf] (interseclab.org)

1 points by mooreds 38m ago 0 comments

The Rise of Tool Users (minimal-reflections.pages.dev)

1 points by within_will 41m ago 0 comments

Apple Music's new AI auto mix: examples (james.cridland.net)

2 points by cainxinth 42m ago 0 comments

China mandates 1-hour reporting for serious cybersecurity incidents (scmp.com)

2 points by mooreds 43m ago 0 comments

Converting a disposable vape into a web server (cnx-software.com)

1 points by mikece 43m ago 0 comments

Horst Wessel (en.wikipedia.org)

1 points by throwaway89201 45m ago 0 comments

Why Firsts Matter (tratt.net)

1 points by ltratt 47m ago 0 comments

The Secret of Highly Efficient Teams (managerstories.co)

2 points by damsos 49m ago 0 comments

The Magic of Showing Up (prisonculture.substack.com)

1 points by speckx 51m ago 0 comments

Visitors travelling to Europe will face new digital checks (economictimes.indiatimes.com)

4 points by 01-_- 53m ago 1 comments

Students Using AI for Controversial Viewpoints (insidehighered.com)

1 points by HR01 54m ago 0 comments

Ask HN: Why isn't capability-based security more common?

2 killerstorm 0 9/16/2025, 12:54:33 PM
Recent ["self-propagating NPM malware"](https://news.ycombinator.com/item?id=45260741) reminds us that the predominant security model is basically whack-a-mole: you gotta trust _every_ piece of software you run (including all the libraries, plugins, etc), unless you explicitly sandbox it.

Capability-based security might offer an alternative: software should not have access to things when it's not explicitly provided with access. I.e. "classic" desktop security is kind of a blacklist model (everything is possible unless explicitly restricted e.g. via sandbox) while capbility-based security is like a whitelist.

On a programming language level it's usually known as object-capability model, and there's a number of programming languages which implement it: https://en.m.wikipedia.org/wiki/Object-capability_model

The question: why isn't it more popular? It doesn't even seem to be widely known, let alone used. (Aside from isolated examples.)

Is there any chance it would be widely adopted?

I guess one objection is that people don't want to manually configure security. But perhaps it can be integrated into normal UX if we really think about it: e.g. if you select a file using a system-provided file picker it would automatically grant access to that file, as access is explicitly authorized.

Comments (0)

No comments yet