I’m the Never Ending Pie Throwing Robot, aka NEPTR.

Linux enthusiast, programmer, and privacy advocate. I’m nearly done with an IT Security degree.

TL;DR I am a nerd.

  • 4 Posts
  • 183 Comments
Joined 3 months ago
cake
Cake day: November 20th, 2024

help-circle






  • Actually, in the case of a web browser, Flatpak weakens both Firefox’s and Chromium’s internal sandboxing, possibly allowing for breaking of cross-site or site-host boundaries. Firefox is even weaker then Chromium as a Flatpak because it can’t use the zypak fork server. Both are weakened, best to avoid.

    For basically any other app, Flatpak can be beneficial as a sandbox.

    Basically, don’t sandbox browsers because its like wearing 2 condoms. The only sandboxing tool I know that doesn’t interfere with the browser’s sandbox (and also doesnt allow for the possibility of privilege escalation, like Firejail) is Bubblejail

    PS: Since you mentioned you are on Fedora, Bubblejail is offered through this COPR repo from the Secureblue team. It provides a sandbox without interfering with the browser’s sandbox. It comes with profiles for Firefox and Chromium. Only issue ive experienced is that the sandbox works, aka it means I can’t access files from my home directory unless explicitly given permission to a folder.



  • All the different tests ive seen comparing Rust and C put compile times in the same ballpark. Even if somehow every test is unrepresentative of real-world compile times, I doubt it is “order[s] of magnitude” worse.

    I remember watching someone test the performance of host a HTTP webpage and comparing the performance of Zig, Rust w/ C HTTP library, and Rust native. Rust native easily beat them out and was able to handle like 10s of thousands more client connections. While I know this isnt directly relevant to Kernels, the most popular C HTTP library is most likely quite optimized.

    Memory related vulnerabilities are consistently in the top reported vulnerabilities. It is a big deal, and no, you can’t just program around it. Everyone makes mistakes, has a bad day, or something on their mind. Moments of human fallibility. Eliminating an entire class of the vulnerabilites while staying competitive with C is a hard task, but entirely worth doing.