It’s usable and the security benefits are definitely important when working with multiple security domains (separate clients each with their own confidential data and third-party dependencies, where you don’t want one client’s malicious NPM dependency affecting the other).
However, there are cons. It’s only really usable in a stationary environment; it completely kills battery life and even basic tasks such as (non-HD) video display maxes out a single CPU core so it’s just not worth trying on a laptop. Hibernation doesn’t seem to be supported by default which becomes risky when combined with the extreme power usage.
The other problem is memory. I have to decide to between Signal Desktop and development sometimes.
But it's my main machine for what I care. I love the peace of mind running random things if the need comes up. For more intensive stuff, media games etc, I have a previous machine running Ubuntu.
I still wonder why kernels can't just handle this properly.
I've seen it in both Windows and Linux systems, something takes all the CPU or I/O or RAM, and the UI is so starved that you can't kill it.
Shouldn't that already be handled by things like virtual memory, and the kernel scheduler? Why do modern OSes, that have to protect against such complicated attacks like Spectre, struggle to do what the very first multi-tasking kernels promised before I was born?
There is mlockall() but it's a loaded footgun by default, and is rlimit-ed by default because it's not something you want users on a multiuser system to be able to do willy-nilly.