Show more

@tl @rootkovska @micahflee @gnome @federicomena Most of our work currently is around creating Flatpak and Bubblewrap. We want to get as many core GNOME apps sandboxed as possible.

@rootkovska @micahflee Hi there! In @gnome we are doing a lot of work to sandbox things and solve the root cause for this kind of problem. We'd love to hear about these bugs from researchers first, instead of depending on hardening-after-the-fact downstreams like Subgraph and Qubes to push bug reports to us.

Example conversation I'd like to happen around this bug: purpose of .desktop files vs. filename spoofing; executing code you downloaded; sandboxing all executions by default.

Also, the Subgraph reaction has been baffling. They:
1. Ignored Micah's report for 2 weeks (which he gave them to patch) & did nothing to resolve the problem,
2. Downplayed/denied the bug once it got published:
3. Falsely implied that the bug affected QubesOS:
4. Finally patched:

About the Subgraph attack:
1. The main problem that @micahflee exploited is the unfortunate decision made by Subgraph OS to keep Gnome/Nautilus in the TCB *and* letting this complex software process *untrusted* files,
2. The specific Nautilus bug (handling of .desktop files) is just *one* example of what could go wrong in this case,
3. We can think of other potential problems (e.g. Thumbnails processing)
4. More details:

I've published a technical explanation of how to get unsandboxed arbitrary code execution in Subgraph OS, and how this attack compares with Qubes cc @rootkovska

Is there any more technical info about alleged Intel plans to combine (upcoming) CAT instructions with SGX for seamless defense against cache-based attacks? (As hinted in the "Malware Guard Extension" paper)?

Mastodon's federation introduces UX challenges.

One that worries me a lot is about message forgery. Anyone can forge a twoot, even cross-server.

Whereas Twitter Inc might be trustworthy enough to not forge transcripts. Anyone can run a Mastodon server and might want to abuse it to influence people (see Russian troll campaigns).

Should Mastodon "home servers" cryptographically sign updates? Should there be end-to-end signatures? Anyone has thoughts on this?

@femme @bcrypt Subgraph has a lot thicker layers on top of grsec than Qubes does on top of Xen, because grsec itself doesn't provide isolation. You have to build a sandbox yourself (in SG's case, Oz). So I don't think that grsec bugs are a proxy for SG bugs in the same way Xen bugs are a proxy for Qubes bugs.

@charlyblack @covalent @bcrypt @femme yeah, I'd recommend Qubes over Subgraph.

Also, Subgraph is still alpha, lots of rough edges and things that aren't supported. It might get better in the future, but Qubes is stable and (for those who are already Linux nerds) usable

@femme @bcrypt @covalent yeah. I think it's an Oz issue actually, because all profiles have access by default. There's an issue (from 2015) to fix it though.

But I think the bigger thing, for me, is that Qubes is flexible in ways Subgraph isn't. Like, it's simple to run N different Signal Desktops in different sandboxes, or manage multiple identities in separate whonix VMs, or have vaults to store secret data in, etc.

The speed at which a good fraction of my previous twitter feed migrated here is astonishing & fun.

So, we are currently invading on two fronts - French social media, and the migration of from twitter :P

We should probably make @Gargron 's life easier and help the guy out;

Please boost! (it's the new RT, right?)

@rootkovska nearly correct, there is no mastodon network, just the OStatus based federation.

In case there are any Qubes OS users here: we just released Qubes Security Bulletin #29 for a critical Xen bug in PV memory virtualization allowing VM escape (XSA-212):

There are NO checkmark verifications on this instance or any other. People just put emoji in their display names for a joke

@rootkovska Thanks for the primer — I signed up mostly to get the green check mark.

We are all aggregating on one Mastodon instance. I hope we'll be able to migrate accounts.

Show more

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!