<div dir="ltr"><div class="gmail_default" style="font-size:large">I put Zoom on two Kindle tablets to try out.</div><div class="gmail_default" style="font-size:large">The little 6" Kindle Fire didn't have very good sound, but the 8" hdx worked fine.</div><div class="gmail_default" style="font-size:large">Nothing much of value on either one, except the network password. ;^D</div><div class="gmail_default" style="font-size:large">Ken<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, May 26, 2020 at 2:12 PM Bobbie Sellers <<a href="mailto:bliss-sf4ever@dslextreme.com">bliss-sf4ever@dslextreme.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">You might want to take a look at Easy OS<br>
<<a href="https://easyos.org/" rel="noreferrer" target="_blank">https://easyos.org/</a>><br>
<br>
It does something similar to Qubes but with less<br>
complications for the user.<br>
<br>
Bobbie Sellers<br>
<br>
On 5/26/20 1:15 PM, Akkana Peck wrote:<br>
> It's great to have the option of all these virtual meetings<br>
> everybody's running now ... but I'm unhappy about needing to<br>
> install proprietary binaries like Zoom and Discord on my system.<br>
> I'd like to find a way of sandboxing them.<br>
> Are any of you sandboxing those untrusted proprietary apps?<br>
> How do you do it?<br>
><br>
> I found something called firejail that sounded perfect. From the<br>
> description, it seemed to be sort of an easy chroot (that can also<br>
> wall off networking, devices, system calls and other services).<br>
> Sounded perfect! After a bit of fiddling with it, I had<br>
> firejail --private /path/to/sandbox zoom<br>
> running fine ... but then when I called up Settings to adjust where<br>
> recordings were stored, it still had full access to my homedir.<br>
> It wasn't in a chroot jail at all. (This may be specific to zoom:<br>
> I tried it with a couple other apps and they only saw the sandbox.<br>
> Maybe child processes aren't jailed?)<br>
><br>
> So I set up an Ubuntu install inside virtualbox, and installed Zoom<br>
> there. That sorta works ... but the CPU load is ridiculous (this on<br>
> my fancy new Carbon X1 gen 7, I don't even want to think what it<br>
> would have been on my older machines), the fan is blasting at full<br>
> speed, everything is super laggy, and I get occasional warnings<br>
> that the high CPU use is causing a poor zoom experience (no kidding).<br>
> Zoom by itself, outside of virtualbox, doesn't use anywhere near<br>
> that kind of CPU load and has much better performance.<br>
><br>
> Would kvm/qemu be less CPU hungry than virtualbox? Or should I be<br>
> looking at Docker? I've never tried Docker ... would it give me a more<br>
> effective sandbox than firejail? I've been avoiding it because when<br>
> I google, I find tons of "here's a pre-made Docker image for you"<br>
> and hardly any "here's how to set up your own Docker image".<br>
><br>
> Any other good sandboxing options?<br>
><br>
> ...Akkana<br>
><br>
> _______________________________________________<br>
> sf-lug mailing list<br>
> <a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
> <a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
> SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a><br>
><br>
<br>
<br>
<br>
<br>
_______________________________________________<br>
sf-lug mailing list<br>
<a href="mailto:sf-lug@linuxmafia.com" target="_blank">sf-lug@linuxmafia.com</a><br>
<a href="http://linuxmafia.com/mailman/listinfo/sf-lug" rel="noreferrer" target="_blank">http://linuxmafia.com/mailman/listinfo/sf-lug</a><br>
SF-LUG is at <a href="http://www.sf-lug.org/" rel="noreferrer" target="_blank">http://www.sf-lug.org/</a> <br>
</blockquote></div>