Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://movsw.0x0.st/notes/9xj9x8h8to559fii">miauz genyau (mia@movsw.0x0.st)'s status on Friday, 30-Aug-2024 05:00:58 JST</a><a href="https://movsw.0x0.st/@mia" title="mia@movsw.0x0.st"><img src="https://gnusocial.jp/theme/gnusocialjp/default-avatar-stream.png" width="48" height="48" alt="miauz genyau" style="position: absolute; left: 0; top: 0;">miauz genyau</a><div><a href="https://udongein.xyz/objects/7daff674-5d04-4231-a26e-93f9669012e6" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/158739" title="phnt@fluffytail.org">Phantasm</a></li><li><a href="https://gnusocial.jp/user/209694" title="lispi314@udongein.xyz">LisPi</a></li></ul></div></section><article><p><a href="https://udongein.xyz/users/lispi314">@lispi314</a> <a href="https://queer.hacktivis.me/users/lanodan">@lanodan</a> <a href="https://fluffytail.org/users/phnt">@phnt</a> it truly is. opensuse ships somewhat hardened systemd units (namespace isolation, syscall restrictions and so on and so forth) plus apparmor by default, and it has a yast module for some rudimentary privilege tweaking/hardening. it can also work as a transactional system where every change is done to a new copy-on-write snapshot of the filesystem.<br><br>but the way i see it all this crap is no better than windows users and their real-time antiviruses in that these are measures to limit the damage that can be done to a system that simply lacks secure user-space APIs and on the kernel level has never seriously been designed to provide a secure environment (which would make it incompatible with UNIX/POSIX)</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3585649#notice-7036279">In conversation</a><time datetime="2024-08-30T05:00:58+09:00" title="Friday, 30-Aug-2024 05:00:58 JST">about 3 months ago</time> <span>from <span><a href="https://movsw.0x0.st/notes/9xj9x8h8to559fii" rel="external" title="Sent from movsw.0x0.st via ActivityPub">movsw.0x0.st</a></span></span><a href="https://movsw.0x0.st/notes/9xj9x8h8to559fii">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
miauz genyau (mia@movsw.0x0.st)'s status on Friday, 30-Aug-2024 05:00:58 JSTmiauz genyau
in reply to
@lispi314 @lanodan @phnt it truly is. opensuse ships somewhat hardened systemd units (namespace isolation, syscall restrictions and so on and so forth) plus apparmor by default, and it has a yast module for some rudimentary privilege tweaking/hardening. it can also work as a transactional system where every change is done to a new copy-on-write snapshot of the filesystem.

but the way i see it all this crap is no better than windows users and their real-time antiviruses in that these are measures to limit the damage that can be done to a system that simply lacks secure user-space APIs and on the kernel level has never seriously been designed to provide a secure environment (which would make it incompatible with UNIX/POSIX)
In conversationabout 3 months ago from movsw.0x0.stpermalink

Public

Embed Notice

HTML Code

Corresponding Notice