boredsquirrel<p><span class="h-card" translate="no"><a href="https://floss.social/@kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@floss.social</span></a></span> <span class="h-card" translate="no"><a href="https://lemmy.kde.social/c/kde" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kde@lemmy.kde.social</span></a></span> </p><p>Thx for the info, then it is like that.</p><p>Here is the goal proposal</p><p><a href="https://phabricator.kde.org/T17370" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">phabricator.kde.org/T17370</span><span class="invisible"></span></a></p><p>Tbh, <a href="https://tux.social/tags/bubblewrap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bubblewrap</span></a> would need to be fixed drastically to be as secure as the <a href="https://tux.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> <a href="https://tux.social/tags/sandbox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sandbox</span></a>. And (I am not sure yet) I think even <a href="https://tux.social/tags/Snaps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snaps</span></a> are more secure (on <a href="https://tux.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Ubuntu</span></a> with <a href="https://tux.social/tags/Apparmor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Apparmor</span></a> patches) than <a href="https://tux.social/tags/Flatpak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Flatpak</span></a> with the current system.</p><p>As far as I understood, sandboxing needs to happen in <a href="https://tux.social/tags/userspace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>userspace</span></a>, with tools like <a href="https://tux.social/tags/fuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fuse</span></a> doing the work while being restricted by <a href="https://tux.social/tags/MAC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MAC</span></a> like <a href="https://tux.social/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> or Apparmor.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon.
Funding graciously provided by the OpenStreetMap Foundation.
Administered by:
Server stats:
250active users
en.osm.town: About · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#userspace
0 posts · 0 participants · 0 posts today
Mai :v_trans:<p>After spending yesterday entirely by re-implementing <a href="https://soc.saiyajin.space/tags/tcp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tcp</span></a> in <a href="https://soc.saiyajin.space/tags/userspace" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>userspace</span></a> I now know:</p><p>- TCP is weird<br>- we have the PSH flag that completly makes the data ignore the TCP sending/recieve buffers and directly writes into the application's stream<br>- ACK can be part of literally any other package; you also can SYN, FIN or PSH data while ACK'ing<br>- zero-length data packages *technically* exist, but they dont do anything; they dont even wake up the FD when it's in a epoll<br>- the <a href="https://soc.saiyajin.space/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://soc.saiyajin.space/tags/kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kernel</span></a> is funny: it responds with RST to incomming TCP packets, even on raw sockets; you'll need to drop them via <a href="https://soc.saiyajin.space/tags/iptables" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iptables</span></a> if you want to implement TCP in userspace</p><p>Learned a lot! Now I can go on and create a few tests for <a href="https://soc.saiyajin.space/tags/webservers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webservers</span></a>; mainly SYN floodings and so on.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload