[gobolinux-users] Interesting and maybe relevant article

Sergio Tortosa Benedito sertorbe at gmail.com
Fri Apr 24 03:06:33 NZST 2015


Knneth Marken wrote:
>Frankly i find containers on the desktop to be one of two things:

>Cloud "devs" that think they have found the hammer to fix all "nails".

>DE devs (hello Gnome) that think that users must be protected from
themselves, or else they will soil the devs pristine ivory tower.

>From what I have readed I feel like containers are pretty much "standard"
sandboxes with some extra features, so I'll answer as if it was sandboxing.
Sandboxing is nice, I think like that and I'm no cloud man (my only server
is one running a personal minecraft server), and I want sandbox for my own
computer so it's no like I'm going to soil my pristine ivory tower.
Here's a secret, bugs exist, both in the application itself and the
background code (libraries, kernel...) so sandboxing is just limiting
applications capabilities to just what they need (something which seems
pretty reasonable), in order to stop both bugs and attacks from harming
one's computer.

If you think untrusted applications are the only way to get atracked
through an application look from some info, big software tends to have
bugs: java, adobe reader, and even the kernel itself (I remember also a
linux PDF readers had problems, I think it was EOG) have had bugs which let
people attack you.

El 22/4/2015 21:53, "Trans" <transfire at gmail.com> wrote:
>
> I can understand maybe running the browser in a container, since that is
likely to to be the mostly likely source of security issues. But then
again, if it ever became really popular I'm sure hacker would find​ a way
around that too.
>
> Or am I missing the point of containers?

Well, containers themselves I think are more for cloud, bug standard
sandboxing is useful in desktop, I could repeat much lf what I said above,
the point it's not only protecting you from untrusted applications, but
also from bugs in trusted ones.
Truth be told (as of today and in Linux) I think the mostly likely source
is software installation downloaded from internet, packages which promise
to solve X bug with Y application/driver, or any sort of package difficult
to trust just because the people around them are small.

--Sergio
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gobolinux.org/pipermail/gobolinux-users/attachments/20150423/3740bd88/attachment.html>


More information about the gobolinux-users mailing list