Announcement

Collapse
No announcement yet.

A KDE Developer Is Experimenting With XDG-App Sandboxing

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by mcirsta View Post
    Honestly I don't care one bit about this feature and were it available I'd disable it. I don't want to sandbox my Linux apps, they should be secure enough. Windows apps for which I don't even have the source code for yes, those I would sandbox.
    Right now if a security flaw is found on your web browser it could be used to compromise your entire home directory. The Unix model was fine in the 70's when you didn't have internet and all apps were trusted by the system admin, but now when people actually use multiple applications with possible security flaws it's insane to expose everything to every one of them.


    Originally posted by Awesomeness View Post

    Noooo, Gnome developers would never call something "cross desktop" and then do implementation and trials only with Gnome software…
    Right, they should have written it as an abstraction that supported multiple implementations and different plugins. Better yet, have a setup wizard for each app so you could pick which abstraction you prefer at first run.

    Comment


    • #12
      I'm just saying I for one don't find these security features useful to me. The only time I was "hacked" was when I used the same pass for multiple sites ( my mistake I know ) and one of them was stupid enough to save it unencrypted in the DB and then they got hacked too.
      I'm not really afraid of people hacking my PC though some security flaw in Qt or glibc, these I find secure enough and if there's a security flaw it's not intentional plus is usually gets fixed pretty fast.

      On Windows though you have no idea wtf they have in that code, maybe it's an intentional backdoor or something, you'll never really know unless you go though the steps necessary to analyze the binary.

      So for me it's this feature is useless and I don't find it necessary, not for my personal PC. For others or for server uses ( I suppose it can be used for server apps too ) it might have value.

      I was commenting on this based on my security needs, I have no need for this or SELinux, AppArmor and these kinds of things for my home PC. No one is going to bother with an up2date Linux machine containing nothing of great value when there are tons of Windows PCs for the picking with gullible users that will click on a web page saying their PC is infected to install an "antivirus"

      Comment


      • #13
        Originally posted by ssokolow View Post

        You're much more confident in your apps than I am... but then, I'm a programmer. I have first-hand experience with how easy it is to introduce a serious bug entirely by accident, despite being an obsessive perfectionist. (Try writing a full-coverage unit test suite for something. You'll be surprised how many corner cases have serious bugs that you just happened to never trigger.)

        This and Rust (a C/C++ alternative obsessed with memory safety... to the point of being very frustrating when you realize it was right and you were wrong about how safe something was) are long overdue.
        I'm assuming the unit tests were written after the fact? That's something I've not (yet!) had to do. Getting post hoc full coverage is supposed to be an...interesting... experience...
        TDD is great for "interpreted" languages, but it should be useful for any lang that had something similar to a repl.

        Comment


        • #14
          Originally posted by mcirsta View Post
          I'm just saying I for one don't find these security features useful to me. The only time I was "hacked" was when I used the same pass for multiple sites ( my mistake I know ) and one of them was stupid enough to save it unencrypted in the DB and then they got hacked too.
          I'm not really afraid of people hacking my PC though some security flaw in Qt or glibc, these I find secure enough and if there's a security flaw it's not intentional plus is usually gets fixed pretty fast.

          On Windows though you have no idea wtf they have in that code, maybe it's an intentional backdoor or something, you'll never really know unless you go though the steps necessary to analyze the binary.

          So for me it's this feature is useless and I don't find it necessary, not for my personal PC. For others or for server uses ( I suppose it can be used for server apps too ) it might have value.

          I was commenting on this based on my security needs, I have no need for this or SELinux, AppArmor and these kinds of things for my home PC. No one is going to bother with an up2date Linux machine containing nothing of great value when there are tons of Windows PCs for the picking with gullible users that will click on a web page saying their PC is infected to install an "antivirus"
          ...you're an idiot....
          To ACTIVELY remove protection from your system, to actually WANT less security, when their inclusion is generally transparent, is just... stupid.

          Comment


          • #15
            Originally posted by liam View Post

            ...you're an idiot....
            To ACTIVELY remove protection from your system, to actually WANT less security, when their inclusion is generally transparent, is just... stupid.
            Thanks for warning me but honestly I prefer to do it this way because I don't need all that security and some of these techs are causing me much more trouble then they're worth.

            At the end of the day my PC is secure enough for a home PC that as I've said contains nothing of any real value .... there's always a chance I could get my PC hacked of course but who would bother and why ? And yes I can reduce that chance from say ... 1% every year to 0.1% every year by using this and that but what if I'm fine with 1% and consider it low enough to not bother.

            Btw I'm not actively removing anything, my distro doesn't use SE Linux or AppArmor and I'm fine with that.

            It's my right to not care about some of the security stuff... as it is I'm much safer than 99% of Windows users who don't know what in the world they're doing when in front of a PC.

            Comment


            • #16
              Originally posted by mcirsta View Post

              Thanks for warning me but honestly I prefer to do it this way because I don't need all that security and some of these techs are causing me much more trouble then they're worth.

              At the end of the day my PC is secure enough for a home PC that as I've said contains nothing of any real value .... there's always a chance I could get my PC hacked of course but who would bother and why ? And yes I can reduce that chance from say ... 1% every year to 0.1% every year by using this and that but what if I'm fine with 1% and consider it low enough to not bother.

              Btw I'm not actively removing anything, my distro doesn't use SE Linux or AppArmor and I'm fine with that.

              It's my right to not care about some of the security stuff... as it is I'm much safer than 99% of Windows users who don't know what in the world they're doing when in front of a PC.
              It's not about "rights" but the pointless avoidance of transparent features which can help reduce a system's vulnerabilities. Also, as others have said, xdg-app isn't primarily about security but portability. It's literally docker for the desktop.
              Please tell me you're not a sysadmin.

              Comment

              Working...
              X