Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://social.glitched.systems/notes/a8cvlcuuslph0199">CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 21:00:11 JST</a><a href="https://social.glitched.systems/@froge" title="froge@social.glitched.systems"><img src="https://gnusocial.jp/avatar/275421-48-20240809084426.webp" width="48" height="48" alt="CyberFrog" style="position: absolute; left: 0; top: 0;">CyberFrog</a><div><a href="https://gnusocial.jp/notice/10041438" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://hachyderm.io/@dalias">@dalias@hachyderm.io</a> I actually do think the automated connections to a remote system for updates are bad and should be removed in this case, but it's just wild to me that you genuinely don't believe in mandatory security updates, and further that you actually seem to not understand that the network traffic from a VPN is itself attack surface... this means that even if you trust both ends of the connection you should still install security relevant patches to mitigate issues on the network or in the protocol itself, at the very least, not to mention bugs that can occur when an untrusted application runs locally<br><br>most people don't actually completely trust all the applications on their device anyway, even if that application is granted network access to function, this is why defense-in-depth and sandboxing is such a big field of study still</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/5119451#notice-10041625">In conversation</a><time datetime="2025-05-29T21:00:11+09:00" title="Thursday, 29-May-2025 21:00:11 JST">about 2 days ago</time> <span>from <span><a href="https://social.glitched.systems/notes/a8cvlcuuslph0199" rel="external" title="Sent from social.glitched.systems via ActivityPub">social.glitched.systems</a></span></span><a href="https://social.glitched.systems/notes/a8cvlcuuslph0199">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
CyberFrog (froge@social.glitched.systems)'s status on Thursday, 29-May-2025 21:00:11 JSTCyberFrog
in reply to
- Rich Felker
@dalias@hachyderm.io I actually do think the automated connections to a remote system for updates are bad and should be removed in this case, but it's just wild to me that you genuinely don't believe in mandatory security updates, and further that you actually seem to not understand that the network traffic from a VPN is itself attack surface... this means that even if you trust both ends of the connection you should still install security relevant patches to mitigate issues on the network or in the protocol itself, at the very least, not to mention bugs that can occur when an untrusted application runs locally

most people don't actually completely trust all the applications on their device anyway, even if that application is granted network access to function, this is why defense-in-depth and sandboxing is such a big field of study still
In conversationabout 2 days ago from social.glitched.systemspermalink

Public

Embed Notice

HTML Code

Corresponding Notice