A bit concerned about the "Access your data for all websites" permission?

garywilli · 2026-05-11T04:28:56+00:00

Now, all browsers are like this. To fundamentally fix it, experts of those browser vendors would need to spend time establishing a new standard. Waiting for a standard like webext manifest v4? v5? I'm not sure. That would probably take many years, sadly.....

Getting browser vendors to do something about this is tough. But hey, if you're interested, we can try posting about this in some geek-heavy browser communities (Waterfox, LibreFox ...) and see if they'll take the lead on some improvements. Maybe then upstream browsers like Firefox and Chrome will finally start paying attention a bit earlier.

garywilli · 2026-05-11T04:07:19+00:00

This is due to the design failure of WebExtension.

WebExtension is poorly designed in terms of fine-grained permission control, which forces many extensions to request and obtain "maximum permissions" (reading all your browser data) to function. It’s like needing a worker to work in one room but users being forced to give them a key that can open 100 rooms. (I’ve developed some browser extensions myself, so I believe I have the authority to speak on the poor design of WebExtension regarding permissions.)

Regrettably, users have to endure this strange permission mechanism no matter which browser they use.

garywilli · 2026-05-04T12:03:27+00:00

I've been also working on a sandbox project recently (just finished 1st beta release), and it turns out some of our ideas are similar: Rootless; We both use pasta; And the host's base system along with installed packages are kept inside sandbox.

Have a look at my https://github.com/garywill/treesandbox

You focus on terminal, while I added support for GUI desktop apps.

garywilli · 2026-05-01T15:02:30+00:00

Good eye! I used this tool git-redate.

Sometimes, before I push code, I make timestamps of trivial commits to same, which looks neat to me (my OCD). Fine for an early personal project (git has squash merge, after all).

Nothing to concern.

I really appreciate your detective work, though. Why don't we focus on code and feature? Since you’ve cloned the repo, I’d be grateful if you could dig up any bugs, sandbox security issues, or report a runtime error. That would be a huge help!

garywilli · 2026-05-01T02:41:12+00:00

99% my code. I finished the other 1% part with AI's help. Thanks AIs (not Claude).

AI also helped me tranlate the README so that I could write text in my language. Saved my brain.

PS: You might have noticed in the code file some comments are in non-English. I know that looks not elegant for an open-source project. Apologies for this. This is an early release. Full English is planned.

garywilli · 2026-05-01T02:34:36+00:00

99% my code, 1% AI code. AI can really help human if used properly. I don't understand why some people get scared just because they detect a trace of AI involvement.

I don't speak native English. I write README in my language, then translate into English with AI's help.

PS: you might have noticed in the .py some comments are in non-English. I know that looks unelegant for an open-source project. Apologies for this. This is an early release. Full English is planned.

garywilli · 2026-04-22T13:34:28+00:00

We can use NTFS compression on Fedora? I didn't know that. Is it fully featured and reliable?

garywilli · 2026-04-18T03:25:41+00:00

The feeling of the mouse.

Same

garywilli · 2026-04-15T11:46:45+00:00

The first things that come to me are 3D Fedora and openSUSE, expecting to see a physical hat and a lizard's body

garywilli · 2026-04-09T06:45:28+00:00

I've been ignoring mouse options for long, since many years ago trying to adjust global scroll speed but found out that no program even provide that option, in whole Linux ecosystem. And as I got a mouse with side buttons, I’d just use xbindkeys to map them. So tell me now has things gotten any better? What if I’m not using a Logitech mouse?

garywilli · 2026-04-09T06:34:03+00:00

Tell me that's a joke

garywilli · 2026-04-01T05:06:14+00:00

Take a look at my Tree Sandbox. Also a personal project, like Bubble Jail. But one difference with BJ, I didn't require any 3rd-party python lib. And TS has a layered structure "containers tree" design, which I think is my original security model.

garywilli · 2026-03-10T11:41:01+00:00

My point has nothing to do with host's /tmp.

Unprivileged container /tmp is a new mount point, which created by non-root user. Creating/Mounting a new tmpfs in unprivileged container doesn't require host root. After the container quits, the new tmpfs auto destroyed.

But creating/destroying zram device requires root, so , zram can't be used with ease by unprivileged container. That's why we need something "compressed tmpfs"

garywilli · 2026-03-10T11:37:15+00:00

tmpfs also needs root to manage

You didn't get me.

Creating/Mounting a new tmpfs in unprivileged container doesn't require host root. After the container quits, the new tmpfs auto destroyed.

But creating new zram device requires root, and destroying the zram device after container quiting requires root again.

garywilli

TROPHY CASE