[gbrown]

I found the video quality and responsiveness to be far worse, and I have to teach and work over Zoom. I tried running the desktop client virtualized as well, with similar results.

So… sketchy it is. I find myself wondering what it’s doing with 15% CPU when not in a meeting. Feelsbad.

[echlebek]

I ran it under strace and after that it was never allowed to run again. I don't know exactly what it's doing, but it's nothing I want it to be doing.

If you get an AMD GPU then the web experience is a bit more performant, the Intel iGPUs are not quite potent enough.

[Quasimarion]

Mind if you elaborate on that? I just ran zoom with strace but see nothing out of ordinary.

[KennyBlanken]

Discreet GPUs support encoding/decoding a lot more streams than the integrated stuff. Depending on the generation of Quicksync you have, the codec used by Zoom might not be hardware accelerated at all, though I think Zoom uses h264, so you'd have to be on some pretty old hardware.

[londons_explore]

I don't know about zoom specifically, but most video conferencing programs counterintuitively don't use hardware video encoders/decoders.

They use the GPU for visual effects (background blur etc), but then do regular CPU video encoding. That's why they gobble so much CPU!

I think that helps with system compatibility. Hardware video encoders are full of bugs and corner cases, and it's very easy for someone to end up seeing a garbled image when the bitstream was truncated or bad in some way.

[gbrown]

Is there something specific about the AMD drivers? I have a decent Nvidia card (I know, I know…)

[KennyBlanken]

Have you tried running the desktop client in a container? Lots of options for this on Linux.

There shouldn't be any significant virtualization penalty. My guess is that it uses hardware video codec acceleration and that wasn't accessible in the VM you had set up? If the guest was Windows, looks like nvidia has supported this since host driver version v465 or later.

https://nvidia.custhelp.com/app/answers/detail/a_id/5173/~/g...

HTH!

[jrockway]

The systemd slice approach is the same mechanism as containers.

The security problem is being able to talk to the same X server as trusted applications. X clients can do pretty much all the things you don't want Zoom to do; look at your screen, observe your keystrokes, etc. (Sadly, many of Zoom's features, like screen sharing, are also great things for spyware to do in the background. Not saying Zoom does this, but if you don't trust them, this level of access is the part that worries people, not consuming too much CPU.)

[yc12340]

> The security problem is being able to talk to the same X server as trusted applications

Use Ctrl+Alt+F<number> to switch into another VT and run a different X server. Run zoom in container there.

I found this a lot more convenient than messing with nested X servers and other types of X11 client isolation. Each time you leave an X server and switch to another VT, the clients perceive it like the monitor being turned on/off.

[mbarbar]

Thank you for this, easy solution that didn't cross my mind. I wanted to restrict Zoom from reading files (solved by a sandbox) while also sharing my screen from my normal environment (VM is out of the picture) but also preventing it from looking at the X clipboard and all that stuff.

[gbrown]

I did, but had trouble getting it to work. It was a while ago though, and the image I was working from was old/unmaintained even at the time. Linux guest. Do you have any examples to hand?

[eikenberry]

Why run it when not in a meeting?

[gbrown]

I do kill it, but I’m in and out of meetings all day, so it’s easy to forget.