This comment is pure snark.
Someday people will realize they don't have to make their computers orders of magnitude slower just in order to get back capabilities that used to come automatically.
But that day is not today, I guess.
The problem at hand is actually a pet peeve of mine and I really don't get why it's still the default to grant programs access to all our personal data. There is a lot wrong with mobile OSs, but in this regard they are actually ahead of the curve.
That's because our data has become a commodity relatively recently, and desktop technology still hasn't fully caught up yet. Regardless, it seems in general it's companies that run web services that are a bigger problem than desktop applications.
Either way, I'm glad projects like these exist, including snapd, flatpak, and this. The likes of flatpak and snapd may not be perfect, but it's progress.
I think you can check it in the snap metadata.
I was about to just use a plain docker for firefox and slack with mounted X11 file. This project tought me about a more secure method for X11 forward.
I would have thought it would now be more performant to do something like this using Wayland and, if the app uses X11, multiple isolated xwayland instances somehow. That way you might be able to get GPU acceleration, which I don’t think is possible through xpra?
- Subuser - Securing the Linux desktop with Docker
- Flatpak - The Future of Apps on Linux
- snapd - Snap is a software packaging and deployment system developed by Canonical for the operating systems that use the Linux kernel.
Subuser looks interesting, nice work! I love to see progress in this space.
For older computers, virtual machines are too demanding.
As for escalation hacks: they happen also on virtual machines. Check virtualbox and vmware cve's.
The main repo is an image base for examples and base for developers to create their own images.
It has been updated in june 20, the main base file is debian buster.
All other image files are based on this one and a simple update does actually upgrade your tools from the older base image to the newer one -
It's like symlinked Dockerfiles.
It works pretty well with docker, though I've not used it since I switched to podman as there wasn't any support for it at the time. I've not tried recently.
It does seem this project is at a dead end based on the recent development activity in recent months.
[0] https://github.com/whalebrew/whalebrew
It's not a new nor crazy idea...Jessie (jessfraz.com) talked about doing this[1] in their desktop environment back in 2015.
https://blog.jessfraz.com/post/docker-containers-on-the-desk...
> Creative Commons Zero, public domain
> With the following exception:
> Only standards documents identical to those released by Timothy V Hobbs(timthelion) or another person or party whom he nominates may be presented as defining “the subuser standard”. In other words: you cannot edit this document and then claim that your new standard is the official one.
That's legally incoherent. You cannot have public domain with an exception. Either something is in the public domain (no copyright) or it is not (copyrighted). If it is copyrighted, then you can license it under "X with the following exception". Most commonly, those exceptions grant extra rights compared to the base license (e.g. Classpath exception), occasionally they aim to take away rights compared to the base license (e.g. the notorious "Commons Clause"). But you can only have an exception to a copyright license if there is a copyright to be licensed, and putting something in the public domain means there isn't.
CC0 is a bit of a hybrid in that it contains both a public domain dedication for those jurisdictions which recognise that, and a permissive fallback copyright license for those jurisdictions that don't (e.g. Germany). The author claiming to make an exception to CC0, it makes sense for the later but not for the former. Does this mean the exception is only legally binding in the jurisdictions in which the fallback license applies? Or does the attempt to impose an exception nullify the public domain dedication? I don't know, IANAL. (But I imagine many lawyers won't know the answer either.)
Now, what the author aims to do here could be achieved by trademark law – claiming (or registering) "subuser standard" as a trademark, and then saying that even though the copyright of the standard is relinquished to the public domain, the trademark is only licensed under certain conditions. But while that would legally make sense, it isn't what the author has actually done.
https://subuser.org/subuser-standard/standard.html#subuser-s...
They are a terrible idea for the desktop or academia. They're fine for server environments.
