←back to thread

Less is safer: How Obsidian reduces the risk of supply chain attacks

(obsidian.md)
429 points saeedesmaili | 5 comments | 19 Sep 25 22:02 UTC | HN request time: 1.301s | source
Show context
system7rocks ◴[19 Sep 25 23:16 UTC] No.45307929[source]
I’ve been using other apps than Obsidian for notes and sharing, so this is nice to read and consider. But isn’t Obsidian an electron app or whatever? Electron has always seemed resource intensive and not native. JavaScript has never struck me as “secure”. Am I just out of touch?
replies(7): >>45307982 #>>45308069 #>>45308141 #>>45308336 #>>45308343 #>>45308406 #>>45310096 #
1. CuriouslyC ◴[19 Sep 25 23:43 UTC] No.45308141[source]
Not a huge electron fan (thank god for tauri), but Obsidian is a fantastic app and you shouldn't let the electron put you off of it. You can even hook a MCP up to it and an agent can use it as a personal knowledge base, it's quite handy.
replies(1): >>45308304 #
2. codazoda ◴[20 Sep 25 00:04 UTC] No.45308304[source]
> Thank god for tauri

I’d love to try it, but speaking of security, this was the first thing I saw:

sh <(curl https://create.tauri.app/sh)

replies(1): >>45309950 #
3. edoceo ◴[20 Sep 25 03:11 UTC] No.45309950[source]
Right. But you know how to fetch and inspect (yea?) so, I with you that piping random crap to sh is bad. Maybe these snips encourage that behavior.

Tauri is trustable (for some loose definition) and the pipe to shell is just a well known happy-path.

All that to say it's a low value smell test.

Also, I'm in the camp that would rather git clone and then docker up. My understanding is it gives me a littl more sandbox.

replies(1): >>45312489 #
4. skydhash ◴[20 Sep 25 11:45 UTC] No.45312489{3}[source]
I think I would prefer to see official supports for major package managers, even with unofficial repos (Debian, Macports,...). We went from a time where software were usually tarballed to one where devs are encouraging piping to shell.
replies(1): >>45312916 #
5. CuriouslyC ◴[20 Sep 25 12:45 UTC] No.45312916{4}[source]
https://snapcraft.io/obsidian