agree, pretty everything can be "used correctly", in particular marijuana. Just few stuffs should really be avoided ever and are a poisons for humans. And also, everyone has his stuffs that are poisons for him, for his peculiar situation; the same stuffs could be okay for other humans, and so on...

on modern mobile os should be all compartimentalized, so it should do pretty nothing in background. Apple will do the background spying on you.

today super grateful for a fantastic sun over my skin and a beautiful insight on chroot and containers in general🥰 https://www.youtube.com/watch?v=JOsWB50LmwQ

#YESTR there's literally nothing beyond you and God, that is in you and all the other stuffs. Everything is fine if you align yourself to God, inside and outside. Everything is broken if you dont humbly embrace this power.

user namespace is really a cool concept in #linux, basically an elegant way to permit to user processes to mount an entire filesystem where they can act as root. It is used in containers and browser sandboxes, to effectively isolate processes. But there are problems here: now, when user namespaces is activated in the kernel, ANY user process (so any random app) can access a gigantic amout of functions and kernel calls that was intended to be ran from a root user. These functions have bugs. These bugs wasnt a security threat before, because if you are already root and you are invoking a kernel function to trigger a bug that makes the kernel crash.... Well, you was already root. The process that invoked the function was already in total control of the machine, so the bug was basically useless for hackers to use in a chain of exploits. Now, with user namespaces, a user process can invoke these functions to trigger the bugs to crash the kernel or whatelse: these bugs now are security threats. Solutions? Seems there isnt a better alternative to do this kind of sandboxing in linux, so the solutions are [fixing the bugs®] and restrict the capability of use user namespaces to a whitelist of trusted apps (like containers, browsers, flatpak, systemd-something, and apps that in the future will start using it....)

love it

silksong

ironfox

or... just do a podcast? :)