• CCCP Enjoyer
    link
    fedilink
    arrow-up
    2
    ·
    5 months ago
    1. Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.

    2. Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.

    • The Free Penguin
      link
      fedilink
      arrow-up
      1
      ·
      5 months ago

      also, i want my browser to have write access to my user files (ESPECIALLY on mobile)

      • CCCP Enjoyer
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        5 months ago

        Well that’s your choice, but it’s a lot more rational to limit filesystem access by the browser, but allow a user unlimited access to the files downloaded by the browser (very easy to set that up asymmetrically with a symlink). Or at least restrict which directories a browser can or cannot access.

        • The Free Penguin
          link
          fedilink
          arrow-up
          1
          arrow-down
          1
          ·
          5 months ago

          Unified ecosystem actually increases speed and efficiency, and a unified ecosystem does not have to come at the expense of security.