has reached the end-of-life and is now read-only. Please see the EOL announcement for details

@grainloom but they (we|a)re better sandboxes than OSes

Flawed though they are

@electroCutie not really, there are OSs that don't suck at sandboxing

browsers are also bad at multi-level sandboxing because you can't easily sandbox JS inside JS, so they are not even good language VMs in my view

@grainloom fair. I guess from my point of view OS sandboxes are incredibly difficult to get right. I guess that is why docker is a thing, but it is still pretty hefty and I don't know all the caveats

Browsers are sandboxes which have a very low cost of entry (costs come later)

@electroCutie something something Plan 9 per process namespaces
just restrict the process to a trusted set of services and you should be good to go afaik
(as long as the kernel and hardware are safe of course, and the services uphold the guarantees that you expect. but that's pretty much the same as with browsers, except things should be easier to verify thanks to their relative simplicity)

@grainloom I am deathly afraid of the Couldnt-ya-just

I am not new to software or server admin. It isn't that it is not possible, just that doing it is such a mystery to me that I don't k ow where to start

I'm not asking to be educated, rather just drawing attention too the problem. How do we get this knowledge out there? How do we make it standard for software?

What is the path from here to better?

@grainloom Cloud-heart

This cloud appreciates you and sends her love to you

Basically those two emojis, were they to be combined, would form electroCutie (me!), the cotton candy cloud with a bow

Until the unicode folks make that a zero width joiner, though, they will have to do ^_^

@electroCutie ohhhhhhhhhhhhhhhhhhhhhh
thank!!! *appreciates back* :blobuwu:

· · brutaldon · 0 · 0 · 0
Sign in to participate in the conversation

the mastodon instance at is retired

see the end-of-life plan for details: