Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think this is especially problematic for Windows, where a simple and effective lightweight sandboxing solution is absent AFAIK. Docker-based sandboxing is possible but very cumbersome and alien even to Windows-based developers.




Windows Sandbox is built in, lightweight, but not easy to use programmatically (like an SSH into a VM)

reply


WSB is great by its own, but is relatively heavyweight compared to other OSes (namespaces in Linux, Seatbelt in macOS).

reply


I don't like that we need to handle docker(container) ourselves for sandboxing such a light task load. The app should provide itself.

reply


>The app should provide itself.

The whole point of the container is trust. You can't delegate that unfortunately, ultimately, you need to be in control which is why the current crop of AI is so limited

reply


fair point.

reply


The problem is you can't trust the app, therefore it must be sandboxed.

reply




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: