• CCCP Enjoyer@lemmygrad.ml
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago
      1. Systemd is the most egregious pile of shit poetteringware in linux, hands down. It’s a gigantic, slow, bloated mess that runs as pid0 and keeps getting bigger as it consumes all other unix services. It violates every single unix and kiss principal. The attack surface is massive and, becuase it’s pid0, has the highest level of privilege escalation attacks. The recent xz backdoor (absolutely state-sponsored btw) was made possible because of the integration of sshd (and xz) into systemd. It’s been a cve nightmare forced onto us by redhat/ibm despite our protests. It may as well have been written by the cia. Systemd alternatives like runit are superior in every respect, particularly speed and security, while adhering to unix and kiss philosophy.

      2. Not all js is malicious, but it’s objectively the most vulnerable and commonly expolited component by malicious actors in browsers (webassembly will be worse). It’s also an objectively terrible and idiosyncratic language on its own. Good css can eliminate a lot of the most worthless uses of js, but in many cases it’s still a necessary evil in frontend and web design. The best compromise we have is to only use trustworthy, foss 1st-party code and restrict 2nd/3rd party code. It’s also always a good idea to run your browser in a sandbox (bsdjail, bwrap, firejail) with no access to user files or dbus.