Originally posted by Weasel
View Post
The main point here is that the "trusted productivity software" in actual reality is rarely if ever a paragon of code quality and intelligent design so you lock it down as well as you can to prevent it from screwing up everything else in case it is compromised or blows up on its own.
For example, on Windows servers it's extremely common to run each software inside its own VM in a server running VMWare Esxi hypervsor. Which is extremely wasteful and dumb, but hey that's what you can do in Windows land.
On Linux there are containers (lxc, Docker and friends), and Flatpak is the "consumer application equivalent" of containers.
Comment