Comment on 'xz utils' Software Backdoor Uncovered in Years-Long Hacking Plot

• tal@lemmy.today ⁨7⁩ ⁨months⁩ ago

  desktop

  Some of it is that a lot of desktop software paradigms weren’t built to operate in that kind of environment, and you can’t just break backwards compatibility without enormous costs.

  Wayland’s been banging on that, but there’s a lot to change.

  Like, the clipboard is designed so that software packages can query its contents, rather than having the contents pushed to it.

  What’s on the screen and a lot of system state like keys that are down and where the mouse pointer is and so forth wasn’t treated as information that needed to be kept private from an application.

  I don’t think that there’s a great way to run isolated game-level 3d graphics in a VM unless you’re gonna have separate hardware.

  Something that I’ve wondered about is potential vulnerability via Steam. None of the software there is isolated in a “this might be malicious” sense – not from the rest of the system, not from other software sold via Steam. And Steam is used to distribute free software…I haven’t looked into it, but I don’t think that the bar to get something into Steam is likely super high. And then consider that there are free-to-play games that have to make money however they can, and some of that is going to be selling data, and some of how they do that may be to just offer to run whatever libraries with their game the highest bidder offers. How secure are those supply chains? And on Steam, most of the software is closed source, which makes inspecting what’s going on harder. And that’s before we even get to mods and stuff like that, which are from all over the place.

  source
• DavidGarcia@feddit.nl ⁨7⁩ ⁨months⁩ ago

  FreeBSD jails were way ahead of their time

  source