Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Olivier Forget (teleclimber@social.tchncs.de)'s status on Thursday, 06-Dec-2018 10:12:36 EST Olivier Forget Olivier Forget

    Learning about running untrusted JS:

    - can't expose your other JS so use VM2
    - but VM2 will probably leak and doesn't protect against while(true) so run in a container
    - but then you read containers can't be trusted! Kernel exploits galore! For real security use full virtualization
    - But KVM might have bugs too! The real way to go is bare metal.
    - You're gonna airgap that, right?

    In conversation Thursday, 06-Dec-2018 10:12:36 EST from social.tchncs.de permalink
    1. D. Joe (deejoe@mstdn.io)'s status on Thursday, 06-Dec-2018 15:28:06 EST D. Joe D. Joe
      in reply to

      @teleclimber

      I'm not sure what qualifies as being any other kind of JS.

      Like, what *are* the mechanisms for trusting JS, really?

      In conversation Thursday, 06-Dec-2018 15:28:06 EST from mstdn.io permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.