One thing that's weirdly precarious is how we still have one big environment for personal computing and how it enables most malware.

It's one big macOS/Windows/Linux install where everything from crypto wallets to credential files to gimmick apps are all neighbors. And the tools for partitioning these things are all pretty bad (and mind you I'm about to pitch something probably even worse).

When I'm running a few Windows VMs inside macOS, I kinda get this vision of computing where we boot into a slim host OS and then alt-tab into containers/VMs for different tasks, but it's all polished and streamlined of course (an exercise for someone else).

Maybe I have a gaming container. Then I have a container I only use for dealing with cryptocurrency. And I have a container for each of the major code projects I'm working on.

i.e. The idea of getting my bitcoin private keys exfiltrated because I installed a VSCode extension, two applications that literally never interact, is kind of a silly place we've arrived in personal computing.

And "building codes for software" doesn't address that fundamental issue. It kinda feels like an empty solution like saying we need building codes for operating systems since they let malware in one app steal data from other apps. Okay, but at least pitch some building codes and what enforcement would look like and the process for establishing more codes, because that's quite a levitation machine.

macOS at least has some basic sandboxing by default. You can circumvent it, of course – and many of the same people complaining about porous security models would complain even more loudly if they could not circumvent it, because “we want to execute code on our own machine” (the tension between freedom and security).

By default, folders like ~/Documents are not accessible by any process until you explicitly grant access. So as long as you run your code in some other folder you’ll at least be notified when it’s trying to access ~/Documents or ~/Library or any other destination with sensitive content.

It’s obviously not a panacea but it’s better than nothing and notably better than the default Linux posture.

> One thing that's weirdly precarious is how we still have one big environment for personal computing and how it enables most malware.

You're not the only one to note the dangers of an open-by-default single-namespace execution model. Yet every time someone proposes departing from it, he generates resistance from people who've spent their whole careers with every program having unbridled access to $HOME. Even lightweight (and inadequate) sandboxing of the sort Flatpak and Snap do gets turned off the instant someone thinks it's causing a problem.

On mobile, we're had containerized apps and they've worked fine forever. The mobile ecosystem is more secure and has a better compatibility story than any desktop. Maybe, after the current old guard retires, we'll be able to replace desktop OSes with mobile ones.

Agreed on the madness of wide open OS defaults, I share your vision for isolation as a first-class citizen. In the mean-time (for Windows 11 users) theres Sandboxie+ fighting the good fight. I know most here will be aware of its strengths and limitations, but for any who dont (or who forgot about it), I can say its still working just as great on Windows 11 like it did on Windows 7. While its not great isolating heavy-weight dev environments (Visual Studio, Unreal Engine, etc), its almost perfect for managing isolation of all the small suff (Steam games, game emulators, YouTube downloaders , basic apps of all kinds).

Like Qubes?

I am told that the SmartOS people have this sort of idea.

* https://wiki.smartos.org

flatpak is supposed to address this. Running applications in sandbox. But, with almost all applications wanting access to your HOME, because of convenience, sandbox utility is quiet questionable in most cases.

Not if you make podman your default way of isolating projects.