[hedora]

The web browser is a sandbox, and it runs as an OS process, which is a sandbox.

I think their comment means you’d be better off targeting an OS level sandbox (maybe based on OCI(?), which means a different container for each OS kernel or breaking kernel change — new docker doesn’t run on old linux as it is).

If you chose the OS level sandbox correctly, that would probably be more cpu-efficient than the web browser.

However, that’s a big “if”, since most of the linux sandbox thingies take multiple seconds to spawn a process, and multiply memory usage by 10-100x.

[marrs]

I guess the term "sandbox" can become overloaded. I'm not thinking of OS processes as sandboxes in this context.

> However, that’s a big “if”, since most of the linux sandbox thingies take multiple seconds to spawn a process, and multiply memory usage by 10-100x.

And this is the thing I'm not willing to accept. Well, I can tolerate excessive memory consumption depending on what I'm doing, but I refuse to entertain long boot times. It's the main reason I avoid Java apps, Flatpacks, and so on.

[DonHopkins]

No, I mean the other way around.

X11 sucks. Wayland sucks. Get rid of them both! But the browser's not going away, and it's open standards based and cross platform, and there's a huge amount of collaborative work and money and talent going into making it better and more powerful and more efficient and more secure across the entire industry and all platforms, unlike X11 and Wayland (which nobody gives a shit about outside of a few fanatical Linux desktop users), or even the Windows and Mac desktops and Android and iOS interfaces (which billions of people use every day, but are stagnant terribly designed dead-ends).

The browser is a sandbox, so why run it on top of another leaky inflexible insufficient outdated sandbox full of clumps of dehydrated urine and cat turds like X11 or Wayland, instead of directly on the hardware?

No modern desktop environment is complete without a browser, so since you're stuck with it, why not just use the browser itself as the desktop environment (or whatever user interface paradigm you choose to use), since you're never getting rid of the browser, and modern non-browser desktops aren't as flexible or powerful or extensible as a browser, and most useful applications have been ported to run in the web browser environment anyway, so they can run across many different platforms, and be easily distributed and efficiently used over the network (unlike Wayland or "modern" X11 apps).

I'm just surprised this seems to be so hard for some people to understand, in spite of the fact that I've been making the same argument for more than a decade, and provided many links to those arguments, because it seems extremely obvious and straightforward to me, and the technology is finally mature enough to pull it off.

[marrs]

X11 isn't a sandbox and that's fine by me. I'm not particularly interested in zero trust computing. I'm not strongly opposed to it, but in general I'm going to choose a lightweight app over a resource hog. However bad X11 is, it runs the software I want to use. That's literally my only motivation for sticking with it. Sorry if you find all this offensive.

> No modern desktop environment is complete without a browser, so since you're stuck with it, why not just use the browser itself as the desktop environment..?

Because I want to use my desktop environment as my desktop environment. I've invested time and energy optimising it for my workflow and I'd like to continue to benefit from using it.

> non-browser desktops aren't as flexible or powerful or extensible as a browser

Again, I don't know what this means. My desktop is literally programmable. As in, I can edit and recompile the source code directly. Please tell me what's more powerful than that.

> they can run across many different platforms,...

I only need my apps to run on one platform

> ...and be easily distributed and efficiently used over the network (unlike Wayland or "modern" X11 apps).

`apt install my-x11-app my-wayland-app` `#include <sys/socket.h>`