zlacker

[return to "Detecting the use of "curl | bash" server-side"]
1. h000pe+x3[view] [source] 2018-07-29 02:52:35
>>rubyn0+(OP)
Regardless of the installation method it sounds like we need to be running all applications in their own individual virtual machines (e.g. Qubes OS) or within a restricted environment with limited permissions (iOS)
◧◩
2. geggam+v5[view] [source] 2018-07-29 03:33:55
>>h000pe+x3
How do you install the virtual machine software ? Where do you put the trust ?
◧◩◪
3. taeric+K5[view] [source] 2018-07-29 03:37:54
>>geggam+v5
Worse, what happens when I do want the applications to communicate?

An amusing gotcha I found with docker was how do I convince the servers I communicate with from in the container that I am me? Best bet was to map my user into the user on the container, but that was actually ridiculously fraught with trouble. (There is a chance this has since been fixed...)

◧◩◪◨
4. chii+x6[view] [source] 2018-07-29 03:55:20
>>taeric+K5
> I do want the applications to communicate?

QubeOS adopted the "manual authentication" method (of having to confirm everything, such as clipboard copy/paste).

This is probably not quite scalable (not to mention annoying). May be there's some way to have a short session token, so during a work session of a few hours, it works without any intervention.

◧◩◪◨⬒
5. taeric+F7[view] [source] 2018-07-29 04:24:06
>>chii+x6
The problem came when I wanted the app to communicate to another on behalf of me. Do I have to constantly reconfigure an openid connection for every app on my machine? (Not the worst of ideas, I suppose...)
[go to top]