Note that a sandbox escape is often possible via TIOCSTI (CVE-2017-5226) [0] unless a special flag (--new-session) is used.
Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.
It's frustrating to have such a useful tool be knowingly easy to misuse.
They're making great progress! There's still more work to do, but I've been very impressed by the improvements made by the Element team over the past year, ranging from many small details to large usability features like the UI for spaces as an easier way to organize communities
In that case, Safari should make it clear that its users should not expect web application to work well. OP proposes helping Safari do that by displaying informational banners when appropriate.
Also try searching "journalist in blue" via the default (not image) article search on Bing. It lacks the relevant results found on Google or DuckDuckGo.
> In this: "the host will open the door at random and in this example it happen to have a goat" vs "the host will never open a door with a car behind it".)
If the host opens a door with a goat, then it doesn't matter whether or not it was intentional.
I highly recommend using the Nix package manager alongside whatever you're comfortable with. That way you can `nix shell -p foobar` when you need a package quickly or fallback to brew/apt/etc if you're not yet comfortable addressing the situation in Nix.
> The people who do well on the test are given the job on a probationary basis.
This sounds terrible. Not everyone can take tests well (even if they strongly understand the content), and few people can afford to accept a job that's probationary.
> The only meaningful act of protest in the 21st century is to permanently delete your digital accounts?
Surely this is an exaggeration?
I'd like to quote more (it feels gross to seemingly quote-snipe) but the site blocks copy-paste on mobile, making productive discussion of its contents needlessly difficult.
> They can also stop screenshots being taken of exchanges if they are using an Android phone.
This is terribly misleading. A Signal user can disable screenshots being taken on their own device (something like "disable screenshots on my phone when I'm using this app") but Signal makes no attempt to apply this policy to other people in a conversation. It's not like Snapchat, which attempt to block/track screenshots taken by any party.
> This issues goes way back: imagine if after executing a program on CLI instead of closing it gave you a fake shell, where you eventually went about your day until you had to type your password into sudo..
As a fun fact, even worse might be a program maliciously aliasing sudo in ~/.profile
Bubblewrap is aware of this, yet their documentation gives no indication that this flag is necessary to produce a secure sandbox. In --help, the documentation of --new-session is simply "Create a new terminal session," which severely understates its importance.
It's frustrating to have such a useful tool be knowingly easy to misuse.
[0]: https://github.com/containers/bubblewrap/issues/142