lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
import ./encase.nix {
name = "firefox";
rw.home.nathan = /home/nathan/home-for/firefox;
# other dependencies it might need...tmp = /tmp; # fresh tmpfs for this sandboxnetwork = true;
command = pkgs.firefox;
}
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a /proc unless you set proc= /proc;, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).
I mean, yeah, sure. But at this point, if that’s really a worry, one should not trust any sandbox. OSes are huge and complex and will have vulnerabilities too. Hell, there could be a xz level backdoor currently in the wild and nobody knows any better lol
did…did you really started using linux because of porn?
Of course not, it was because I really liked this girl, and she used Linux too.
GNU/rizz
lmao, this is unironically the reason one of my exs stared using Linux. Because I kept hyping it up so he figured it was a good bonding activity to learn it. To my knowledge he still uses it.
I was actually kidding… I don’t know any girl that uses Linux 😔.
Then allow me to introduce myself.
Not that I’m a Linux pro, but I at least know how to copy and paste terminal commands until I fix whatever problem I caused by copying and pasting terminal commands.
one of us one of us one of us
this is such a mood lmao
Will you marry me 😊?
/s I’m already married, just said it for the joke 😂… not happily though, so there’s always a chance 🤣🤣🤣.
I’ve learned the dumb way going for married people is always a bad idea regardless of the status of the marriage, so I must politely decline.
I’m an Ubuntu user anyway, so I’m unfortunately unfit for marriage in the first place.
Lol 🤣, this is why you are, you’re funny 😂.
Seriously though, I completely agree with you. I was just kidding anyway, that is completely my problem to have and/or solve, don’t need to drag others with me.
relationship is temporary, linux is eternal
goals
Takes all types I guess.
But maybe take OP’s distro recommendations with a grain of salt…
I use Void BTW.
Instruction unclear, put a pound of salt into the void
It was not a hard choice.
I mean, I’d wager it specifically was a hard choice.
I mean, if OP is going to the type of websites that have that significant of a risk of hacking him, he’s pretty deep into the depravity.
That’s… quite the dedication. I personally just never downloaded things or ran random executables from porn sites, but hey… who am I to judge, I guess
There’s always a risk of JavaScript breaking out of the sandbox and crap like that. Browser vendors do their best to protect against things like that but security is often a trade-off for speed and people like fast software, not to mention browsers are huge and complex and they’re going to have vulnerabilities. A browser’s whole job is to execute remote untrusted code, do you trust it that much to be flawless?
… I mean, I don’t but I use it anyway so ¯\_(ツ)_/¯
Linux security noob here but can’t you just run the browser in a chroot with everything isolated?
Yeah, that should work too… but you don’t get to see any of your local files…
Made a Nix library for this. For a simple setup you can just build this (untested) and run the result:
import ./encase.nix { name = "firefox"; rw.home.nathan = /home/nathan/home-for/firefox; # other dependencies it might need... tmp = /tmp; # fresh tmpfs for this sandbox network = true; command = pkgs.firefox; }
It doesn’t have user isolation yet, so if it escapes the browser and the chroot (which doesn’t have a
/proc
unless you setproc = /proc;
, and runs in a PID namespace either way) your files are still at risk. However, this is still pretty secure, and you can run the script itself as a different user (it creates a new UID namespace so chrooting can be done without root).I mean, yeah, sure. But at this point, if that’s really a worry, one should not trust any sandbox. OSes are huge and complex and will have vulnerabilities too. Hell, there could be a xz level backdoor currently in the wild and nobody knows any better lol
Right, that’s where OP comes in - most malware will be made for Windows, so if you visit such a malicious website, it’ll likely be inert under Linux!
… I’m not saying this is a great reason to use Linux, but there’s at least a little bit of merit to it.
virus.exe has downloaded - Kalm
Wine opens up - Panik!