Readit News logoReadit News
rnhmjoj commented on Problems with D-Bus on the Linux desktop   blog.vaxry.net/articles/2... · Posted by u/LorenDB
akimbostrawman · 15 hours ago
Flatkill is very out of date and disingenuous. Flathub is very explicit and obnoxious about such unsafe permissions and can easily be modified by the user. It's also amusing that people here claim Wayland is a security theater too while posting about flatpak being bad because it's vulnerable to x11 issues.

No security boundary can prevent bad permissions just like in android.

rnhmjoj · 14 hours ago
> It's also amusing that people here claim Wayland is a security theater too while posting about flatpak being bad because it's vulnerable to x11 issues.

They both create an illusion of safety. We all know that X.org had no security model and it sucks. Wayland put restrictions that would make sense if the rest of the desktop ecosystem was made with security in mind, but it wasn't. I've heard way too many claims like "Wayland makes keyloggers impossible" that are technically true but irrelevant in the real world, because a desktop environment is not just Wayland.

Flatpack is also misleading and its sanboxing is just not great, regardless of the problem with X11.

> No security boundary can prevent bad permissions just like in android.

Good bringing this up: in Android the applications ask the user for permissions, in flatpak permissions are granted based on what the developed asked. That's just bad.

rnhmjoj commented on Problems with D-Bus on the Linux desktop   blog.vaxry.net/articles/2... · Posted by u/LorenDB
preisschild · 17 hours ago
> At the same time a malware can just get all of your passwords without even asking using d-bus or read all of your files since it's running as your uid.

Thats not exactly true since this requires the application to have permission to talk to the secrets service (if using Flatpak)

rnhmjoj · 16 hours ago
Sandboxing on the Linux desktop is far from common and the flatpak security is kind of a joke [1] [2], unless something changed recently. For starters, it's the application that has to ask to be sandboxed, so if I were to make a malicious flatpak I will just ask for full file system access or d-bus.

[1]: https://flatkill.org/ [2]: https://hanako.codeberg.page/

rnhmjoj commented on Problems with D-Bus on the Linux desktop   blog.vaxry.net/articles/2... · Posted by u/LorenDB
skydhash · a day ago
I always thought as the secret for things that should not be saved non-encrypted on disk, not for things that should be kept hidden from other applications. And if that is your threat model, you should look into virtual machines.
rnhmjoj · 21 hours ago
There are no excuses, this protocol is just terrible: it could have been made much much more secure without any kind of virtualisation or sandboxing.

For example, the kernel could be used[1] to store the secrets in memory and only authorize the userspace process that created it to read it; other processes could request access to a secret and only be given if you accept.

[1]: https://docs.kernel.org/security/keys/core.html

rnhmjoj commented on Problems with D-Bus on the Linux desktop   blog.vaxry.net/articles/2... · Posted by u/LorenDB
rcxdude · a day ago
This is especially amazing given how much of wayland friction is in the name of security ("Why would we ever standardise a way to intercept and send keystrokes? it's not secure!")
rnhmjoj · 21 hours ago
Yes, it's 100% a security theatre. Programs aren't even allowd to set their own icon because it's not considered secure, I'm not joking. The reasoning goes something like: what if a malicious program set its name to "firefox" and uses the firefox icon and then prompts you for the gmail password, eh?

At the same time a malware can just get all of your passwords without even asking using d-bus or read all of your files since it's running as your uid.

rnhmjoj commented on Stop Breaking TLS   markround.com/blog/2025/1... · Posted by u/todsacerdoti
tialaramex · 7 days ago
The whole point of the logs is that they're tamper-evident. If you think the certificate you've seen wasn't logged you can show proof. If you think the logs tell you something different from everybody else you can prove that too.

It is striking that we don't see that. We reliably see people saying "obviously" the Mossad or the NSA are snooping but they haven't shown any evidence that there's tampering

rnhmjoj · 7 days ago
> It is striking that we don't see that

It probably just means they are asking the providers to hand over the data, no need to perform active attacks.

rnhmjoj commented on Show HN: Gemini Pro 3 imagines the HN front page 10 years from now   dosaygo-studio.github.io/... · Posted by u/keepamovin
jrowen · 7 days ago
I think it's the "consecutive" that makes it funny. This thing that entire continents have been working on together for decades was operational for 20 consecutive minutes?!?

It's dark comedy because the progress of fusion just feels so agonizingly slow, that even a very optimistic prediction for 10 years from now sounds like such small and functionally useless progress.

And there's no shade toward any of the entities involved, it's a hard problem, but it's still funny.

rnhmjoj · 7 days ago
Nah, it's huge, you just have to remember the best result so far: the JET DTE-3 record that produced the energy to boil 60 tea kettles in a whopping 5 seconds pulse.
rnhmjoj commented on Show HN: Gemini Pro 3 imagines the HN front page 10 years from now   dosaygo-studio.github.io/... · Posted by u/keepamovin
jrowen · 7 days ago
Was ITER or nuclear energy in the prompt sample?

ITER achieves net positive energy for 20 consecutive minutes

That's just pure dark comedy, although maybe kinda accurate? What would humans predict for this?

rnhmjoj · 7 days ago
This would be very optimistic, essentially the project meeting its main goal, I'm not sure why you're calling it dark comedy. A 20 minutes pulse alone would mean the fuel injection, aux heating, plasma control systems and the divertor are working as designed. Net positive energy also means we got the physics of a burning plasma right.

The most recent timeline I know (from 2024) in fact puts the start of the DT operation at 2035, so I doubt ITER would achieve such a huge result within less than an year.

rnhmjoj commented on Nixtml: Static website and blog generator written in Nix   github.com/arnarg/nixtml... · Posted by u/todsacerdoti
rnhmjoj · 14 days ago
There's a more cursed one here: https://rgbcu.be/blog/htmnix. It hijacks the Nix search paths syntax (e.g. import <path> {}) to create html tags.
rnhmjoj commented on Kodak ran a nuclear device in its basement for decades   popularmechanics.com/scie... · Posted by u/cainxinth
xg15 · 24 days ago
Makes sense, but from a layman perspective it seems like introducing additional complexity and lots of inefficient, high-loss transmission steps.

We start with detached electrons moving at high speeds (plasma). We want detached electrons moving at moderate speeds (electrical current). And yet, the intermediate steps involve everything from heat, steam, large-scale mechanical forces and magnetic induction, just to get back to the electrons?

It feels more like the "pull in a 500MB framework instead of writing the function yourself" kind of simplicity.

rnhmjoj · 22 days ago
> It feels more like the "pull in a 500MB framework instead of writing the function yourself" kind of simplicity.

Essentially yes, but it's a function that has been continuously optimised by engineers for 200 years.

r

u/rnhmjoj

KarmaCake day2562November 13, 2014View Original