Learning about running untrusted JS:

- can't expose your other JS so use VM2
- but VM2 will probably leak and doesn't protect against while(true) so run in a container
- but then you read containers can't be trusted! Kernel exploits galore! For real security use full virtualization
- But KVM might have bugs too! The real way to go is bare metal.
- You're gonna airgap that, right?

Follow

@teleclimber

I'm not sure what qualifies as being any other kind of JS.

Like, what *are* the mechanisms for trusting JS, really?

@deejoe on the nodejs side the situation is kind of crazy. It's amazing there aren't more hostile modules out there. They could do so much damage so easily, and npm is the perfect thing to spread them.

Sign in to participate in the conversation
Mastodon

Fast, secure and up-to-date instance, welcoming everyone around the world. Join us! 🌍
Up since 04/04/2017. ✅

Why should you sign up on mstdn.io?

This instance is not focused on any theme or subject, feel free to talk about whatever you want. Although the main language is english, we accept every single language and country.

We're connected to the whole ActivityPub fediverse and we do not block any foreign instance nor user.

We do have rules, but the goal is to have responsible users.

The instance uses a powerful server to ensure speed and stability, and it has good uptime. We follow state-of-the-art security practices.

Also, we have over 300 custom emojis to unleash your meming potential!


Looking for a Kpop themed instance? Try kpop.social