alt Hacker News> Any sandbox technology works fine until it isn't.
Tautology is tautology.
> but Java applets were removed from the browsers
Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.
> hosters who will hand off user account to a shared server
There's lots of CI or function runners that expose docker-like environments.
> Java applets provided more scope compared to the browser itself, not less. They're not really comparable to seccomp or namespaces.
They are comparable because they provided a restricted sandbox to execute untrusted code.
> There's lots of CI or function runners that expose docker-like environments.
These are running inside VMs.