Note that a sandbox escape is often possible via TIOCSTI (CVE-2017-5226) [0] unless a special flag (--new-session) is used.
Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.
It's frustrating to have such a useful tool be knowingly easy to misuse.
They're making great progress! There's still more work to do, but I've been very impressed by the improvements made by the Element team over the past year, ranging from many small details to large usability features like the UI for spaces as an easier way to organize communities
In that case, Safari should make it clear that its users should not expect web application to work well. OP proposes helping Safari do that by displaying informational banners when appropriate.
Also try searching "journalist in blue" via the default (not image) article search on Bing. It lacks the relevant results found on Google or DuckDuckGo.
> In this: "the host will open the door at random and in this example it happen to have a goat" vs "the host will never open a door with a car behind it".)
If the host opens a door with a goat, then it doesn't matter whether or not it was intentional.
I highly recommend using the Nix package manager alongside whatever you're comfortable with. That way you can `nix shell -p foobar` when you need a package quickly or fallback to brew/apt/etc if you're not yet comfortable addressing the situation in Nix.
> I'm not so sure... just, like, maybe put one single thought into organizing it?
Most documentation definitely needs more attention towards organization.
But in my experience, organization is extremely difficult, especially because a documentation author may think of the system very differently than a new user might
Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.
It's frustrating to have such a useful tool be knowingly easy to misuse.
[0]: https://github.com/containers/bubblewrap/issues/142