Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It's a quite powerful idea to run every package in its own container (sandbox).

However, it depends on the implementation and Snap just sucks.

(Note that the default Unix assumption is that no users can be trusted but all applications can be trusted, which is wrong imho. Containers provide a way out of this, but things get messy very fast.).



> It's a quite powerful idea to run every package in its own container (sandbox).

It is, but I also actively don't want every package to run in its own container. I'd rather containerize select applications that I choose.


Yes, this is one of many reasons why Snap sucks.


The sandbox is not going to protect users from spyware telemetries, bad security for the application itself, ads, and so on.


> The sandbox is not going to protect users from ... bad security for the application itself

Your other data, in other sandboxes, is protected though.


Sure, but that's far from enough.


This is the only truly reliable security approach: security by compartmentalization.


Not at all, it's not enough.


Yes, but right now my smartphone is more secure wrt apps than my desktop, which is odd.


No, you can use a security oriented distribution, plus sandbox the applications you use.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: