These are chat archives for ractivejs/ractive

6th
Sep 2018
kouts
@kouts
Sep 06 2018 06:53
@ceremcem have you seen https://octobox.io/ ?
Cerem Cem ASLAN
@ceremcem
Sep 06 2018 08:59
@kouts I just tried it and it seems the obvious solution at the moment! thanks!
kouts
@kouts
Sep 06 2018 09:00
:thumbsup:
Chris Reeves
@evs-chris
Sep 06 2018 19:45
I agree with the first answer
can't do it if you don't fully trust the code you're running
you can get close with embedded engines, but you still have potential to leak or slip here and there, especially if you're trying to sandbox in your host environment (node in particular)
Cerem Cem ASLAN
@ceremcem
Sep 06 2018 19:56
can't we create a secure sandbox (even by trial and error) if we had have a complete test suite? or, let's think we created a complete virtual machine for that purpose (by virtualbox, LXC, qemu, doesn't matter) which would be secure enough and we pass the input, we get the result.
Chris Reeves
@evs-chris
Sep 06 2018 19:57
I'd say virtual machine would qualify as reasonably secure
you could still exploit hardware bugs if you were serious though
the rowhammer and spectre style exploits will probably continue to pop up for a while
I personally wouldn't trust containers at this point, as most container platforms make it clear that they're not impenetrable, at least last time I evaluated them
Cerem Cem ASLAN
@ceremcem
Sep 06 2018 20:00
the rowhammer was frightening one
Chris Reeves
@evs-chris
Sep 06 2018 20:02
I'm amazed that people manage to keep WordPress sites relatively uncompromised
Cerem Cem ASLAN
@ceremcem
Sep 06 2018 20:03
:))
Chris Reeves
@evs-chris
Sep 06 2018 20:04
activex, to this day, baffles me
who thought COM on the internet was a good idea?
of course, my lack of trust in external code is funny, since that's how I make a living
people trust my stuff to run in their browser, and I generally trust my browser to sandbox reasonably well
Cerem Cem ASLAN
@ceremcem
Sep 06 2018 20:07

of course, my lack of trust in external code is funny, since that's how I make a living

:DDD lol

in the past, I wrote and run a script for cleanup some outputs with rm -rf $build_dir/, which left $build_dir empty and... the black scene...
until that time, I believe no virus can be harmful more than a stupid user :)
Chris Reeves
@evs-chris
Sep 06 2018 20:14
I've somehow made it my whole career without killing root 😁. I did once naively try to update a kernel remotely... killed production until I could rebuild servers in a local noc