lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
import ./encase.nix {
name = "firefox";
rw.home.nathan = /home/nathan/home-for/firefox;
# other dependencies it might need...
tmp = /tmp; # fresh tmpfs for this sandbox
network = true;
command = pkgs.firefox;
}
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a /proc unless you set proc = /proc;, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).
did…did you really started using linux because of porn?
Of course not, it was because I really liked this girl, and she used Linux too.
GNU/rizz
lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
I was actually kidding… I don’t know any girl that uses Linux 😔.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
one of us one of us one of us
Will you marry me 😊?
/s I’m already married, just said it for the joke 😂… not happily though, so there’s always a chance 🤣🤣🤣.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
relationship is temporary, linux is eternal
That’s… quite the dedication. I personally just never downloaded things or ran random executables from porn sites, but hey… who am I to judge, I guess
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Linux security noob here but can’t you just run the browser in a chroot with everything isolated?
Yeah, that should work too… but you don’t get to see any of your local files…
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a
/proc
unless you setproc = /proc;
, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).