Hopefully we won't go back to the Win95/98 era of everything running as single user!
Having services run isolated as their own users is not merely a good security mechanics, it provides for a clear and simple mental model of what is what. A clear permissions barrier that's enforced pretty strictly by the OS.
Moreover we see separate user accounts more and more; even on small devices like phones it makes sense to have, for example, separate "private" and "business" accounts.
>does that mean processes have failed?
Nah, that's too general of a take. There are two more specific failures. First up, people fail to realize the present-day crop of containers are re-inventing processes. "Those who do not learn history, etc, etc."
Secondly, there's a significant failure of certain key features (like IP stack, FS handlers, etc. - in general, NAMESPACES) having been provided almost exclusively in kernel, and thusly requiring either superuser access or complex work-arounds (like FUSE) to manage. Plan 9 did it the right way; on P9, processes == containers.
But having separate private and personal accounts on your phone is very different from application resource namespacing. They're essentially orthogonal concerns.
In the case you're making, a user (a real actual human user) has different settings when _using_ the phone in two contexts. In the latter case, applications are restricted to sandboxes with well-defined interactions between each other's memory, processes, devices, sockets, and files.
So, you run three different Gmail accounts in chrome, and two different office 365 logins in Firefox. Not only can the firefox process, under you user ID, read/write chrome's cache, local data etc and vice versa, but so can your calculator app, your cpu temperature widget and your solitaire game.
Lxc can improve a bit on this, as can "containers" (lxc or otherwise restricted processes).
Hopefully we won't go back to the Win95/98 era of everything running as single user!
Having services run isolated as their own users is not merely a good security mechanics, it provides for a clear and simple mental model of what is what. A clear permissions barrier that's enforced pretty strictly by the OS.
Moreover we see separate user accounts more and more; even on small devices like phones it makes sense to have, for example, separate "private" and "business" accounts.
>does that mean processes have failed?
Nah, that's too general of a take. There are two more specific failures. First up, people fail to realize the present-day crop of containers are re-inventing processes. "Those who do not learn history, etc, etc."
Secondly, there's a significant failure of certain key features (like IP stack, FS handlers, etc. - in general, NAMESPACES) having been provided almost exclusively in kernel, and thusly requiring either superuser access or complex work-arounds (like FUSE) to manage. Plan 9 did it the right way; on P9, processes == containers.