zlacker

[return to "Notepad++ supply chain attack breakdown"]
1. ashish+q9[view] [source] 2026-02-03 23:29:06
>>natebc+(OP)
I am running a lot of tools inside sandbox now for exactly this reason. The damage is confined to the directory I'm running that tool in.

There is no reason for a tool to implicitly access my mounted cloud drive directory and browser cookies data.

◧◩
2. troad+9b[view] [source] 2026-02-03 23:38:13
>>ashish+q9
MacOS has been getting a lot of flak recently for (correct) UI reasons, but I honestly feel like they're the closest to the money with granular app permissions.

Linux people are very resistant to this, but the future is going to be sandboxed iOS style apps. Not because OS vendors want to control what apps do, but because users do. If the FOSS community continues to ignore proper security sandboxing and distribution of end user applications, then it will just end up entirely centralised in one of the big tech companies, as it already is on iOS and macOS by Apple.

◧◩◪
3. symaxi+Fb[view] [source] 2026-02-03 23:40:08
>>troad+9b
Sand-boxing such as in Snap and Flatpak?
◧◩◪◨
4. troad+hc[view] [source] 2026-02-03 23:42:30
>>symaxi+Fb
Notoriously not actually secure, at least in the case of Flatpak. (Can't speak to Snap)

Not sure how something can be called a sandbox without the actual box part. As Siri is to AI, Flatpak is to sandboxes.

◧◩◪◨⬒
5. Fergus+Uf[view] [source] 2026-02-04 00:02:47
>>troad+hc
Doesn't it use bwrap under the hood? what's wrong with that?
◧◩◪◨⬒⬓
6. okanat+Wm[view] [source] 2026-02-04 00:46:26
>>Fergus+Uf
Many apps require unnecessarily broad permissions with Flatpak. Unlike Android and iOS apps they weren't designed for environments with limited permissions.
◧◩◪◨⬒⬓⬔
7. IsTom+sG1[view] [source] 2026-02-04 12:00:04
>>okanat+Wm
> Unlike Android

My experience with android apps seems to be different. Every other app seems to be asking for contacts or calling or access to files.

[go to top]