Hacker News new | past | comments | ask | show | jobs | submit login

DOSBox is a sandbox and I mod DOS games all the time as a hobby. I can run modded games in Sandboxie, or in containers in Linux. I fail to see how sandboxing is at all incongruent with modding.

Unless of course by enforce you mean taking control of the sandboxing away from the user, in which case I totally agree that should not be done because I'm against that kind of user-hostile bullshit.




> Unless of course by enforce you mean taking control of the sandboxing away from the user, in which case I totally agree that should not be done because I'm against that kind of user-hostile bullshit.

Nearly every effort I've seen by OS makers to implement sandboxing by default also makes the sandbox difficult or impossible to disable. iOS, UWP, the list goes on. I agree they shouldn't be connected, but they nearly always are. And it's always done in the name of protecting users.

macOS is the one bright spot here, and even then, the new dialogs in Mojave that can't be disabled fare crippling if you make heavy use of apps that need access to other app's sandboxes[1]. I'm convinced that if Apple moves to ARM, it will likely come with a massive tightening on user restrictions, in the name of security.

[1] https://apple.stackexchange.com/questions/339509/edit-tcc-db...


Be that as it may, we both agree that OS developers taking control away from the user is orthogonal to application sandboxing.

Sandboxing should be done, treating users like children who need to have control stripped from them for their own good should not.


If basically every example of by-default application sandboxing also results in a loss of user control, are they really orthogonal?

As soon as you implement the option at an OS level, there are going to be (many!) developers who want it enforced for all users. It's the obvious path to go down.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: