Desktop / Laptop privacy & security of web browsers on Linux part 1: concepts and theory
Web browsers today are everywhere, and they are a huge pile of
shitcode, full of shiny things that hide sometimes bad surprises, but, despite this fact, you want to use it daily cause oftoomany things today depend on you to visit a web site often requiring you[r] latest web technologies.Even if many vendor[s] today take browser security seriously, the fast evolution of web standards make [it] very hard to care about that on such big projects, and almost everyday in the wild appear a new method to fuck poor users using the web as a vector of evil code, using both browser vulnerability or user
stupidityinnocence.There is no 100% security, if anyone tell[s] you he has the panacea of all evil things and can show you how to be 100% protected online, it's a liar, no exception. Despite that, something can be done to be at least a little bit more secure and block the most common attack vectors, with a cost in terms of usability that is really cheap.
[Continues...]
Desktop / Laptop privacy & security of web browsers on Linux part 2: firejail based sandboxesThere are many tools in the wild to build the sandboxes using the features explained, some more user friendly, other more complex, some more complete, other more specific to one or few features.
After some tests and with the help of many friends from the Veteran Unix Admins group on facebook, the primary tool I've chosen to use is firejail.
Firejail is a great utility aiming to build sandboxes and it match almost perfectly our needs. With just a little bit of shell scripting, a little patch I have sent to firejail and a couple of other tools supported by firejail itself, we have all what is needed for our architecture.
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @10:54AM
One word will fix this. Accountability.
So when will gun manufacturers be liable for gun deaths? Or even car manufacturers for car collision deaths?
If your solution is "no software, no security problem" then I have you found it.
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @01:32PM
When will microsoft be liable for Ribbon Rage?
Right.
(Score: 3, Funny) by darkfeline on Wednesday August 10 2016, @03:46PM
More like, when will car manufacturers be liable when your car randomly explodes? They already are.
If the automobile had followed the same development cycle as the computer, a Rolls-Royce would today cost $100, get a million miles per gallon, and explode once a year, killing everyone inside.
-- Robert X. Cringely
Join the SDF Public Access UNIX System today!
(Score: 2) by jmorris on Wednesday August 10 2016, @04:30PM
So when will gun manufacturers be liable for gun deaths?
If your gun malfunctions and causes death or serious injury you can sue. Congress only stopped the stupid notion of suing the manufacturer of a lawful product when it is used by a criminal but otherwise performs exactly as designed.
Or even car manufacturers for car collision deaths?
Do you get TV in your world? Car manufacturers are constantly being sued, settling and issuing recalls to correct defects in cars. But like guns, when they are operating as designed and operator error causes death they aren't liable.
Logic isn't your strong suit I gather? Perhaps a knowledge of this lack is why you lack the confidence to use an account?
Now let us apply you notion properly. When Microsoft has been aware of a security impacting bug for longer than a year and an exploit causes massive economic damage they should be liable. They specifically state their software is not to be used in life critical applications so a death would fall squarely on the consultant that misused it for such a purpose.
Meanwhile, someone suffering a loss due to the Linux kernel gets nothing because it was licensed under the GNU GPL (Version 2) which disclaims all warranties. If you used it for something and lost, you lost. RHEL has very specific contractual (not a EULA with dubious legality) obligations, consult your attorney if you suffer a loss on a RHEL system, but you are probably hosed there too. This should not be a viable business model though, selling a supported product should include liability and as soon as customers begin to demand it the vendors will up their game and worry about security instead of pushing an endless stream of rewrites and new shiny.
(Score: 2) by bob_super on Wednesday August 10 2016, @10:47PM
> Congress only stopped the stupid notion of suing the manufacturer of a lawful product when it is used by a criminal but otherwise performs exactly as designed.
I'll sue for that. You can't grow up in an environment where Bad Guys Can't Shoot, only to find out, at the worst possible time, that some insane manufacturer thought it was a problem worth solving.