Comment by xorcist

Comment by xorcist 19 hours ago

4 replies

View on Hacker News

Server software is usually compartmentalized in uid:s but desktop software seldom is, if ever. Package managers and maintainers could do a lot here to make it easier. Some things long time Linux users like to do, like running Firefox as a separate user, is still a much more involved process than it should be.

A lot of it is probably standards and culture work, like where a user can expect to store files and have them readable by Firefox in this example. So perhaps this is something the GNOME/Freedesktop people could have been interested in and made a difference? Instead we have things like Flatpak, which is good but not the lowest hanging fruit here.

guappa 18 hours ago

You're going to deal with the users who can't attach a file to an email because the firefox process has no access to it?

Reply View 1 reply
  • taeric 14 hours ago

    To be fair, if firefox had the intelligence to know that it was being asked to attach a file it didn't have access to, it could prompt for a password. I don't expect full TRAMP like smarts from Emacs, but I don't see why this wouldn't be doable?

    Granted, I'm viewing this as far easier than the sandbox "fake file system" approach? Firefox would be able to see the file exists, most likely, but just not have read rights to it. Yes, you can have some things it can't list, but I would expect that to be low on probability to want to attach to an email?

    Reply View 0 replies
aragilar 18 hours ago

For user-facing stuff, I agree it's hard because of the challenge of managing access to data (and I would argue no system does this well, Android has a different set of failure modes, and I've not used QubesOS but presumably it has it's own issues as well), but in the top-level comment, the concern was around using pip/npm, which to me is almost a solved problem if you care enough and are willing to put the effort (and money) in.

It's also not like Linux is any different with respect to installing random PyPI/npm packages on any other desktop/laptop OS (https://xkcd.com/1200/), so I'm not sure anything desktop Linux does here would change the fact that installing random software from the internet may be a bad idea sometimes ;)

Reply View 1 reply
  • taeric 14 hours ago

    Completely agreed on this. Linux, by and large, should actually be far easier here? Have a "work account" for your machine where you do these tasks and you are basically there. Switching to a gaming account or your banking/etc. seems easy enough?

    Reply View 0 replies