alt Hacker NewsA lot of it already exists in one form or another and the trade-off for sand-boxing is usability a lot of the time.
It isn't even a freedom vs security. It is usability vs security.
A lot of it already exists in one form or another and the trade-off for sand-boxing is usability a lot of the time.
It isn't even a freedom vs security. It is usability vs security.
> It is usability vs security.
I think a lot of it is "nobody has bothered building it yet" vs security.
Eg Qubes runs everything in Xen isolates - which is a wildly complex, performance limiting way to do sandboxing on modern computers. There are much better ways to implement sandboxing that don't limit performance or communication between applications. For example SeL4's OS level capability model. SeL4 still allows arbitrary IPC / shared memory between processes. Or Solaris / Illumos's Zones. But that route would unfortunately require rewriting / changing most modern software.