Comments URL: https://news.ycombinator.com/item?id=47749601

Points: 1

# Comments: 0

It's in rust with egui, and should help folks to do that without the cli.

Not ready for prime time yet, but available at https://github.com/almet/signal-without-smartphone

You are correct: that's basically what Dangerzone is doing!

The challenges for us are to have a sandbox that keeps being secure and make it possible for non-tech folks (e.g. journalists) to run this in their machines easily.

About the sandbox:

- Making sure that it's still updated requires some work: that's testing new container images, and having a way to distribute them securely to the host machines ;

- In addition to running in a container, we reduce the attack surface by using gVisor¹ ;

- We pass a few flags to the Docker/Podman invocation, effectively blocking network access and reducing the authorized system calls ;

Also, in our case the sandbox doesn't mount the host filesystem in any way, and we're streaming back pixels, that will be then written to a PDF by the host (we're also currently considering adding the option to write back images instead).

The other part of the work is to make that easily accessible to non-tech folks. That means packaging Podman on macOS/Windows, and providing an interface that works on all major OSes.

¹ https://dangerzone.rocks/news/2024-09-23-gvisor/

That's a good question :-)

Opening PDFs, or images, or any other document directly inside your machine, even with a limited PDF viewer, potentially exposes your environment to this document.

The reason is that exploits in the image/font/docs parsing/rendering libraries can happen and are exploited in the wild. These exploits make it possible for an attacker to access the memory of the host, and in the worse case allow code execution.

Actually, that's the very threat Dangerzone is designed to protect you from.

We do that by doing the docs to pixel conversion inside a hardened container that uses gVisor to reduce the attack surface ¹

One other way to think about it is to actually consider document rendering unsafe. The approach Dangerzone is taking is to make sure the environment doing the conversion is as unprivileged as possible.

In practice, an attack is still possible, but much more costly: an attacker will be required to do a container escape or find a bug in the Linux kernel/gVisor in addition to finding an exploit in document rendering tools.

Not impossible, but multiple times more difficult.

¹ We covered that in more details in this article https://dangerzone.rocks/news/2024-09-23-gvisor/

There is indeed a dangerzone-cli tool¹, and it should be made more visible. We plan on updating/consolidating our docs in the foreseeable future, to make things clearer.

Also, plans are here to make it possible to use dangerzone as a library, which should help use cases like the one you mention.

¹ https://github.com/freedomofpress/dangerzone/blob/main/dange...

Challenge the popular adage "containers don't contain", by sending Santa a naughty letter that bypasses Dangerzone protections (Libreoffice + gVisor + Podman)

If your letter breaks a containerization layer by capturing a flag, you get the associated bounty.

Have fun!

Comments URL: https://news.ycombinator.com/item?id=46300002

Points: 4

# Comments: 1

Comments URL: https://news.ycombinator.com/item?id=39891959

Points: 2

# Comments: 0

Too many comments might actually be a bad thing. It's more lines to maintain, and sometimes the comments just tell what the code is doing where there is no need to.

I worked a few years back on something like this but it went nowhere, but I still believe it would be doable and useful. The only trace I found back is https://wiki.python.org/moin/Testing%20Infrastructure, which contains almost no info...

Having a tab always open in my browser for my mail seems so wrong.

Depending who is your enemy (threat model), I guess proton tools can help you protect your intimacy though.

Yes, nuclear energy is generating less CO2 than some other forms of energy, but saying it's saving lives seems sketchy at best, and to be used as a "hammer argument". Because it's "saving lives", it's good.

All energy producing less CO2 than the current mix is "saving lives" in a way. So yes, we should aim for less production of CO2. There is no question here.

But I believe that in order to have a opinion on the matter we need to understand the whole picture.

- *Waste* : we don't really know what to do with them. We pile them up and try to protect humans from them, but really we don't know what to do more than that.

- *War risk* : if a plant is a military target, it might cause big trouble to the population around, and to the nature…

- *Dismantling* : we still don't know how to dismantle a nuclear power plant and we don't know the energetic cost of doing so. Still, we have many nuclear plants that are coming to their end of lives, and we still don't know how to so properly.

- *We don't have sufficient sources of uranium* : it seems that we lack some uranium in order to produce enough energy in a sustainable way.

- Also, uranium extraction is complex geo-politically and seems to creates a geographic context keen to a war on resources, especially if we don't have enough.

So, it might "save lives" wrt CO2 emissions, but that doesn't necessarily mean that it's a clean energy, nor that's the energy of the future, in my opinion.

I understand why they want to take back the copyright on music, but they do so in such a geeky way that it seems completely useless to me.

Ultimately, musicians will pick good / cool melodies from this dataset, in the same way they do when in front of an instrument.

I might be missing the point ?