now…

Shouldn't that be the easiest way to distribute audio software for linux? It's just a static shared library and maybe some data.

> This is the first time I'm reading of Pipewire, and it sounds promising, but will need to have host support before it becomes a reasonable VST / LADSPA replacement.

I'm pretty sure they didn't mention pipewire as a replacement for vst or lv2 (or ladspa lol). It's benefit would be for your standalone since it supports alsa, jack and pulseaudio clients and can get decent latency.

Ah ok, I thought they have an X server running under windows, but apparently not. (Was that in some previous version? I remember reading that.)

> so presumably the FreeRDP client would be just fine on Linux.

Memory sharing would need support by the hypervisor I guess, that probably means hacking FreeRDP, rdp-wayland-backend and the hypervisor :\

Yeah, thats what I meant, you can just use kvm and your gui/audio/etc. stuff directly instead of having all the unnessecary complexity and dependency those layers bring along.

> Bubblewrap is okay if you trust your kernel

Thats why I proposed it for when you don't need virtualisation. You can ofc also use it in a VM to further restrict processes.

Why all the complexity? Just qemu/kvm and xpra, waypipe, whatever would be way simpler and in turn have way smaller of an attack surface. Same if you don't need virtualisation, just use bubblewrap instead of docker etc. It will even give you more fine grained control and you can just use your distributions package manager to keep everything up to date.

If you read the examples you'll see that they mount /tmp/.X11-unix in the container, thats where the X-Sessions Unix domain socket is. You can do the same for pulseaudio. But you shouldn't. Use Wayland and Pipewire if you are actually interested in using this as a security measure, since they are built for sandboxing.

> I thought modern browsers would need /dev/dri/?

They only need it for hw-acceleration. You can also give the container access to it if you need that.

NSA: VPN and "secure" webmail providers

CIA: They don't need fronts anymore, they have CISCO, Juniper, Netgear, etc.

Also I see nothing wrong with this except for the hungarian PascalCase…

I guess anti-fraud laws… Also, to my disappointment, someone already got banksy.io :D

My immediate thought when I read your post was GPL or GTFO, so I guess it's fine ;)

If you depend on users (attackers) not being able to modify their software or environment and poke around at each and every bit of your (publicly accessible) interfaces you are doing something awfully wrong!

> but the user needs to be authenticated to upload a database

Is registration for your service limited to a fixed amount of trustworthy people? Otherwise this isn't an obstacle.

> the lambda that extracts the data is sandboxed to access only what it needs

Using a simple serialisation format would be orders of magnitudes safer (and simpler)

> Unless there is some way to introduce a malicious side effect to a select statement in sqlite?

See all the links posted here already

Why don't they start with their own?

Server side energy consumption is directly measured by how much money it costs to run the servers. The only reason web devs waste client processing power like there is no tomorrow is that it doesn't cost anything.

You'd have to build some hardware abstraction to use with the scripting language anyways at which point you could just use the language you wrote the abstraction in imo. Is it so you can have inexperienced (cheaper?) devs do the maintainence? For all the embedded projects I worked on the high level program logic wasn't the thing that took the most effort.

¹ https://www.zrythm.org/en/explore.html ² https://lmms.io/

Yes please save all of your personal and payment information in your browser, I don't see how that could be a bad idea.