Ted SpenceLet’s talk about a problem - software cannot be trusted anymore. In the past, if I allowed an app to send me notifications, I’d get alerted for things I wanted to hear about. Now every app uses spurious notifications as a way to artificially boost their daily active user count. I am one by one having to shut off notifications on apps that used to be reliable products. I’ve disabled notifications on linkedin because it keeps sending me ads and random unnecessary alerts.
We fundamentally need a new type of option: the ability to grant software privileges that are completely phony. I need to be able to *pretend* to grant an app the ability to send me notifications, but then to have all those notifications sent into the void. Untrustworthy software should not be able to know what privileges I have granted it.
medium rare bird@Tedspence this is not fundamentally new, this is selecting the inputs to a program written to a capability interface. it's definitely a paradigm most users will never have seen, but it's literally what fd redirection in unix shells does.
I wholeheartedly agree that capability-oriented OS APIs are the only user-first way to design an OS, and every practical option for an OS/userspace fail this horribly.
also cc @sunfish