It really isn't, malware still can easily break out as wine nor proton were never designed for isolation in the first place. Easy example is the Z drive giving program access to the whole Linux filesystem.
"Tautological denial of magic" seems like a total misunderstanding of the scientific method. If you know there's something "magical" you still can study it's effects on the real world.
Like someone here already commented, this is what we do in case of medical studies, "how good does this thing work compared to something that gives the illusion of working", the same can be done for whatever you define as your "magic".
Yeah but this way you can only communicate with other Tor users. Also the mail server can prolly easily leak your actual IP if you don't harden it well.
That's not true and misleading. Docker and flatpak base images mostly contain shared libraries and even these get automatically deduplicated. Your flatpak calculator doesn't ship systemd or any other init system nor does it ship system drivers lol
And yeah if you are working in a restrained env and care about those few mbs taken by shared libraries then containarization is not for you.
Containerization is not perfect and it will never be, but that was never the goal. Making apps and services independent of the base system and easily restrictable like mounting volumes, restricting network, etc.. was.
It really isn't, malware still can easily break out as wine nor proton were never designed for isolation in the first place. Easy example is the Z drive giving program access to the whole Linux filesystem.