GNOME<p>🛡️ "Stop Subverting Sandboxes"<br>with Michael Catanzaro at <a href="https://floss.social/tags/GUADEC2025" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GUADEC2025</span></a><br>📅 25 July 🕒 13:40 CEST 📍 Brescia</p><p>🔒 Flatpak can protect users—but not if we keep bypassing it. Michael calls for stronger sandboxing, better portals, and shares GNOME’s new security bounty program.</p><p>🔗 <a href="https://events.gnome.org/event/259/contributions/1217/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">events.gnome.org/event/259/con</span><span class="invisible">tributions/1217/</span></a></p><p><a href="https://floss.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Flatpak</span></a> <a href="https://floss.social/tags/GNOME" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GNOME</span></a> <a href="https://floss.social/tags/Sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sandboxing</span></a> <a href="https://floss.social/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://floss.social/tags/FOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FOSS</span></a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
262active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#sandboxing
1 post · 1 participant · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mamot.fr/@bohwaz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bohwaz</span></a></span> <span class="h-card" translate="no"><a href="https://indieweb.social/@punkfairie" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>punkfairie</span></a></span> <span class="h-card" translate="no"><a href="https://social.vivaldi.net/@ajsadauskas" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ajsadauskas</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@JessTheUnstill" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>JessTheUnstill</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@tomiahonen" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tomiahonen</span></a></span> That's <em>exactly the problem</em>, cuz <a href="https://infosec.space/tags/KaiOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KaiOS</span></a> nee <a href="https://infosec.space/tags/FirefoxOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FirefoxOS</span></a> was a good and solid basis not just for <a href="https://infosec.space/tags/LowEnd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LowEnd</span></a>-Devices but could've been excellent for a more <a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a> mobile OS, as it has good potential for <a href="https://infosec.space/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a> and <a href="https://infosec.space/tags/KISS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KISS</span></a>-principle'd <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> that are lean and efficient.</p><p>But then again when enthusiasts like <span class="h-card" translate="no"><a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fuchsiii</span></a></span> and I were shouting <em>"<a href="https://infosec.space/tags/ShutUpAndTakeMyMoney" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ShutUpAndTakeMyMoney</span></a>!"</em> to <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mozilla</span></a>, they basically <em>refused to sell</em> any <a href="https://infosec.space/tags/device" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>device</span></a>, and then we get the <em>"<a href="https://infosec.space/tags/PSvita" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PSvita</span></a>-Effect"</em>:</p><ul><li>Noone's gonna build an <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> for a platform that is <a href="https://www.youtube.com/watch?v=REaUzHef9h4" rel="nofollow noopener" target="_blank">essentially a <em>rounding error</em> from the start!</a>…</li></ul>
boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Can you tell us what happens on the "sandbox all the things" goal?</p><p>I think this is a pretty crucial step forward, even though <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandbox</span></a> technologies (most often through user namespaces) are more problematic than I initially thought.</p><p>(Basically, user <a href="https://tux.social/tags/namespaces" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>namespaces</span></a> open up <a href="https://tux.social/tags/privesc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privesc</span></a> dangers to the monolithic <a href="https://tux.social/tags/kernel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kernel</span></a>, which is incredible. <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> and <a href="https://tux.social/tags/ChromeOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ChromeOS</span></a> use <a href="https://tux.social/tags/LXC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LXC</span></a>, mounts and <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SELinux</span></a> for <a href="https://tux.social/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a>)</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.anoxinon.de/@mit_scharf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mit_scharf</span></a></span> <span class="h-card" translate="no"><a href="https://kitty.haus/users/lamp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lamp</span></a></span> <a href="https://infosec.space/tags/jar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jar</span></a> files are <a href="https://infosec.space/tags/portable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>portable</span></a> but in terms of <a href="https://infosec.space/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a> I'm wary as that <em>is an option</em> but few JREs implement it properly as it would get often in the way.</p><p><a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> with <a href="https://infosec.space/tags/Dalvik" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Dalvik</span></a> kinda did it...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://kitty.haus/users/lamp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lamp</span></a></span> Also that isn't <em>that</em> portable, or as portable as <a href="https://infosec.space/tags/BSDjails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSDjails</span></a>, <a href="https://infosec.space/tags/bhyve" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bhyve</span></a> and other <a href="https://infosec.space/tags/sandboxing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sandboxing</span></a> options...</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload