!YTvKGNlinIzlkMTVRl:matrix.org

Element Web/Desktop

15975 Members
https://riot.im | Current release 1.3.2 | Code & bugs at https://github.com/vector-im/riot-web | Give feedback on desktop/webapp here; Mobile app feedback at #riot-android:matrix.org and #riot-ios:matrix.org2108 Servers

Load older messages


SenderMessageTime
15 Aug 2019
* @mhnoyes:matrix.orgmhnoyes looks at kernel.unprivileged_userns_clone14:56:36
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: So enabling unprivileged user namespaces globaly is safer than chmod on chrome-sandbox? 14:59:06
@jryans:matrix.orgJ. Ryan StinnettI have not done a thorough security analysis myself. I would recommending reading about these options and deciding what is best for you.15:00:21
@jryans:matrix.orgJ. Ryan StinnettHopefully Linux distros can settle on a single path of securing Electron apps, but at moment I am not sure what the path forward will be...15:01:10
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: That is whu I'm asking. The other option is running riot-web with --no-sandbox. 15:01:27
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: Thanks for the help. I'll investigate further. 15:01:57
@jryans:matrix.orgJ. Ryan StinnettFrom what I can tell, giving unpriviledged users access to user namespaces should be safe enough as long as that technology itself is secure, but of course any API can have bugs and security flaws. For a single user desktop system, it seems safe enough to enable it to me (and indeed Ubuntu has done so), but of course choose what's best for you.15:07:08
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: Thanks again. I reverted to riot-web --no-sandbox while I look into the security implicatons. 15:13:15
@dave:matrix.orgDavehonestly I would say that is the worst of all possible options15:15:42
@mhnoyes:matrix.orgmhnoyes Dave: Thanks. Do you lean toward the kernel change or the chmod change? 15:16:59
@dave:matrix.orgDaveI would probably chmod, personally15:18:23
@mhnoyes:matrix.orgmhnoyes Dave: Thanks. Done again. I'll evaluate the three options later today. 15:21:23
@jryans:matrix.orgJ. Ryan StinnettYeah, depends whether you want to trust user namespaces as an API or just Chrome / Electron.16:07:28
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: That being the case, your potential attack surface should be smaller when trusting Electron. 16:40:44
@jryans:matrix.orgJ. Ryan StinnettYeah. I think the pyschological calculation is a bit different for distro already enabling user namespaces, since there you have to think of it as disabling a default feature if you decide it's too risky.16:42:27
@jryans:matrix.orgJ. Ryan Stinnett * Yeah. I think the psychological calculation is a bit different for distros already enabling user namespaces, since there you have to think of it as disabling a default feature if you decide it's too risky.16:42:41
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: True. Ubuntu vs. Debian 16:43:08
@munfred:caltech.party伯翼💩텞㕙䭃굫陖럏緌 changed their display name from munfred to 伯翼💩텞㕙䭃굫陖럏緌.16:51:02
@mhnoyes:matrix.orgmhnoyes J. Ryan Stinnett: Anyway, it looks like we will have to deal with these types of issues periodically for the foreseeable future.
https://wiki.debian.org/Matrix
16:55:44
@jryans:matrix.orgJ. Ryan StinnettRight, probably so.16:57:01
@janek:matrix.orgjbbr joined the room.17:22:51
@jjgalvez:matrix.orgJoseif the desktop all is closed to the taskbar, is there anyway to easily answer an incoming video call from the notification popup? right now I have to click show on the icon, and then answer or reject the call17:25:20
@jjgalvez:matrix.orgJose * if the desktop app is closed to the taskbar, is there anyway to easily answer an incoming video call from the notification popup? right now I have to click show on the icon, and then answer or reject the call17:25:41
@jason.oliveira:matrix.org@jason.oliveira:matrix.org joined the room.17:35:04
@jason.oliveira:matrix.org@jason.oliveira:matrix.orgis anyone else having issues sending an mp4 file over riot now?17:35:51
@jason.oliveira:matrix.org@jason.oliveira:matrix.orgwebm and avi both work.17:35:56
@jason.oliveira:matrix.org@jason.oliveira:matrix.orgsits at 0B17:36:09
@jason.oliveira:matrix.org@jason.oliveira:matrix.orgI've been trying to upload an mp4 since I joined the room.17:46:41
@jason.oliveira:matrix.org@jason.oliveira:matrix.orgimage.png
Download image.png
17:47:21
@autismsandwich:matrix.orgAutismSandwich Will this version of the room replace the old one in +community:matrix.org ? 17:53:32

There are no newer messages yet.


Back to Room ListRoom Version: 5