I do use Gentoo currently, but it's *so very hard* to keep programs from monitor... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		M95D 23 days ago \| parent \| context \| favorite \| on: Windows 11 adds AI agent that runs in background w... I do use Gentoo currently, but it's so very hard to keep programs from monitoring what happens in the system via dbus and the only firewall for outgoing connections, OpenSnitch, hard-depends on it. Running every major program in a container is NOT a solution. So far Linus has kept these things outside the kernel, but he won't live forever.

fsflover 23 days ago [–]

This is why my daily driver is Qubes OS.

M95D 23 days ago | [–]

OMG, that's even worse than containers.

fsflover 22 days ago | | [–]

By which measure?

M95D 22 days ago | | [–]

Storage occupied, memory, CPU, config complexity, startup time, data transfer, take your pick.

fsflover 22 days ago | | [–]

Indeed, security has a price. However the storage requirements are minimal, since different VMs can share the root filesystem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact