@electroCutie not really, there are OSs that don't suck at sandboxing
browsers are also bad at multi-level sandboxing because you can't easily sandbox JS inside JS, so they are not even good language VMs in my view
@electroCutie and due to their complexity and vendors pushing more and more "features" on them, they are everyone's favorite attack vector
@grainloom fair. I guess from my point of view OS sandboxes are incredibly difficult to get right. I guess that is why docker is a thing, but it is still pretty hefty and I don't know all the caveats
Browsers are sandboxes which have a very low cost of entry (costs come later)
@grainloom make it as trivial to run isolated code on any machine as browsers have done and we might see a migration back to apps
or Java again. Dunno.
@electroCutie something something Plan 9 per process namespaces
just restrict the process to a trusted set of services and you should be good to go afaik
(as long as the kernel and hardware are safe of course, and the services uphold the guarantees that you expect. but that's pretty much the same as with browsers, except things should be easier to verify thanks to their relative simplicity)
@grainloom I am deathly afraid of the Couldnt-ya-just
I am not new to software or server admin. It isn't that it is not possible, just that doing it is such a mystery to me that I don't k ow where to start
I'm not asking to be educated, rather just drawing attention too the problem. How do we get this knowledge out there? How do we make it standard for software?
What is the path from here to better?
This cloud appreciates you and sends her love to you
Basically those two emojis, were they to be combined, would form electroCutie (me!), the cotton candy cloud with a bow
Until the unicode folks make that a zero width joiner, though, they will have to do ^_^
@electroCutie good question, i guess education and writing software for better systems?
or for things to become even worse so that people finally switch...
@electroCutie idk, i guess a cohesive movement would be nice, seems like everyone is trying to reinvent the wheel rn
@grainloom Yes. This is all explained in my vase theory of technology
We make things simpler in one direction, save complexity, in order to save costs. This is the narrow part of the vase. Then we need more speed… so we add a bit more complexity, then more, then more… then someone comes up with the brilliant idea to simplify.
«wide» Mainframe I/O Processors → Scsi → IDE → SATA «smallest point»
but then we needed more speed
PCIe drives → NVME -→ Optane memory → etc
@grainloom basically we cycle back and forth. We see it all over
Type safe vs dynamic typing of some sort. We are on a typing swing, and some good folks I know are working on gradual typing
Mainframe → mini computer → web services → apps for phone → apps fror phone that are just front-ends for a web service
Back and forth, back and forth
I do it in my code all the time. The cycles are even nested.
Make one super system that is easy to use, but then expand it to do more, cycle
@grainloom anyway, this elates to wheel-reinvention because we're in a growth phase all around. Everyone thinks their complexity is worth it. I'm waiting for the decades-long cycle to head toward simplification. We'll get there.