(dotat.at)

257 points todsacerdoti | 1 comments | 22 Oct 24 12:36 UTC | HN request time: 0.212s | source

Show context

cedws ◴[22 Oct 24 18:08 UTC] No.41916973[source]▶

>>41913610 (OP) #

I think the idea of a shared filesystem in general is bad. It’s not the 80s anymore where we’re logging on to a shared mainframe. Applications should be completely sandboxed from each other by default and only allowed to see what they need to see. Real sandboxing by default (not like systemd’s opt in sandboxing, which is an absolute mess) would eliminate entire classes of vulnerabilities.

replies(3): >>41918852 #>>41919130 #>>41924052 #

1. blackbear_ ◴[23 Oct 24 11:56 UTC] No.41924052[source]▶

>>41916973 #

> It’s not the 80s anymore where we’re logging on to a shared mainframe.

Modern high performance clusters still follow that logic, and are found in almost all large universities or companies doing research on heavy computational topics (artificial intelligence, comp. chemistry, comp. biology, comp. engineering, and so on)

↑

Against /tmp