Follow Yeah, 100%.

Side-channel attacks aside (because I'm not up to date on the state-of-the-art wrt either the attacks or mitigations), I feel like language- or module-level capabilities are the only way to get anywhere close to the granularity that I'm really looking for in a system like this.

Traditional sandboxing can be restrictive to the point of uselessness, but I also don't want to live in a world where any code execution is radioactively dangerous.

· · Web · 1 · 0 · 0
Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko