Symfony Profiler

[
  "entry" => App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
  "showMagazineName" => true
]

App\Twig\Components\EntryComponent {#1742
  -authorizationChecker: Symfony\Component\Security\Core\Authorization\AuthorizationChecker {#931 …}
  -newCommentMarkerCount: App\Kbin\NewCommentMarker\NewCommentMarkerCount {#1657 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
  -security: Symfony\Bundle\SecurityBundle\Security {#1101 …}
  +entry: App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
  +isSingle: false
  +showShortSentence: true
  +showBody: false
  +showMagazineName: true
  +canSeeTrash: false
  +newComments: 0
}

[
  "user" => Proxies\__CG__\App\Entity\User {#2355
    +avatar: null
    +cover: null
    +email: "Pantherina@feddit.de"
    +username: "@Pantherina@feddit.de"
    +roles: []
    +followersCount: 0
    +homepage: "front"
    +about: null
    +lastActive: DateTime @1721498243 {#2335
      date: 2024-07-20 19:57:23.0 +02:00
    }
    +markedForDeletionAt: null
    +fields: null
    +oauthGithubId: null
    +oauthGoogleId: null
    +oauthFacebookId: null
    +oauthKeycloakId: null
    +hideAdult: true
    +showSubscribedUsers: true
    +showSubscribedMagazines: true
    +showSubscribedDomains: true
    +preferredLanguages: []
    +featuredMagazines: null
    +showProfileSubscriptions: false
    +showProfileFollowings: true
    +markNewComments: false
    +notifyOnNewEntry: false
    +notifyOnNewEntryReply: true
    +notifyOnNewEntryCommentReply: true
    +notifyOnNewPost: false
    +notifyOnNewPostReply: true
    +notifyOnNewPostCommentReply: true
    +addMentionsEntries: false
    +addMentionsPosts: true
    +isBanned: false
    +isVerified: false
    +isDeleted: false
    +isBot: false
    +spamProtection: true
    +customCss: null
    +ignoreMagazinesCustomCss: false
    +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
    +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
    +entries: Doctrine\ORM\PersistentCollection {#2065 …}
    +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
    +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
    +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
    +posts: Doctrine\ORM\PersistentCollection {#2056 …}
    +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
    +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
    +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
    +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
    +follows: Doctrine\ORM\PersistentCollection {#2305 …}
    +followers: Doctrine\ORM\PersistentCollection {#2310 …}
    +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
    +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
    +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
    +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
    +reports: Doctrine\ORM\PersistentCollection {#2282 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
    +violations: Doctrine\ORM\PersistentCollection {#2204 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
    +awards: Doctrine\ORM\PersistentCollection {#2210 …}
    +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
    +categories: Doctrine\ORM\PersistentCollection {#2226 …}
    -id: 48318
    -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
    -totpSecret: null
    -totpBackupCodes: []
    -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
    +apId: "Pantherina@feddit.de"
    +apProfileId: "https://feddit.de/u/Pantherina"
    +apPublicUrl: "https://feddit.de/u/Pantherina"
    +apFollowersUrl: null
    +apInboxUrl: "https://feddit.de/inbox"
    +apDomain: "feddit.de"
    +apPreferredUsername: "Pantherina"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: false
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1721236644 {#2337
      date: 2024-07-17 19:17:24.0 +02:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1696428300 {#2336
      date: 2023-10-04 16:05:00.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  "showAvatar" => false
]

App\Twig\Components\UserInlineComponent {#2091
  +user: Proxies\__CG__\App\Entity\User {#2355
    +avatar: null
    +cover: null
    +email: "Pantherina@feddit.de"
    +username: "@Pantherina@feddit.de"
    +roles: []
    +followersCount: 0
    +homepage: "front"
    +about: null
    +lastActive: DateTime @1721498243 {#2335
      date: 2024-07-20 19:57:23.0 +02:00
    }
    +markedForDeletionAt: null
    +fields: null
    +oauthGithubId: null
    +oauthGoogleId: null
    +oauthFacebookId: null
    +oauthKeycloakId: null
    +hideAdult: true
    +showSubscribedUsers: true
    +showSubscribedMagazines: true
    +showSubscribedDomains: true
    +preferredLanguages: []
    +featuredMagazines: null
    +showProfileSubscriptions: false
    +showProfileFollowings: true
    +markNewComments: false
    +notifyOnNewEntry: false
    +notifyOnNewEntryReply: true
    +notifyOnNewEntryCommentReply: true
    +notifyOnNewPost: false
    +notifyOnNewPostReply: true
    +notifyOnNewPostCommentReply: true
    +addMentionsEntries: false
    +addMentionsPosts: true
    +isBanned: false
    +isVerified: false
    +isDeleted: false
    +isBot: false
    +spamProtection: true
    +customCss: null
    +ignoreMagazinesCustomCss: false
    +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
    +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
    +entries: Doctrine\ORM\PersistentCollection {#2065 …}
    +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
    +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
    +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
    +posts: Doctrine\ORM\PersistentCollection {#2056 …}
    +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
    +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
    +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
    +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
    +follows: Doctrine\ORM\PersistentCollection {#2305 …}
    +followers: Doctrine\ORM\PersistentCollection {#2310 …}
    +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
    +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
    +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
    +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
    +reports: Doctrine\ORM\PersistentCollection {#2282 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
    +violations: Doctrine\ORM\PersistentCollection {#2204 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
    +awards: Doctrine\ORM\PersistentCollection {#2210 …}
    +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
    +categories: Doctrine\ORM\PersistentCollection {#2226 …}
    -id: 48318
    -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
    -totpSecret: null
    -totpBackupCodes: []
    -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
    +apId: "Pantherina@feddit.de"
    +apProfileId: "https://feddit.de/u/Pantherina"
    +apPublicUrl: "https://feddit.de/u/Pantherina"
    +apFollowersUrl: null
    +apInboxUrl: "https://feddit.de/inbox"
    +apDomain: "feddit.de"
    +apPreferredUsername: "Pantherina"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: false
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1721236644 {#2337
      date: 2024-07-17 19:17:24.0 +02:00
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1696428300 {#2336
      date: 2023-10-04 16:05:00.0 +02:00
    }
    +__isInitialized__: true
     …2
  }
  +showAvatar: false
}

[
  "date" => DateTimeImmutable @1700784125 {#1372
    date: 2023-11-24 01:02:05.0 +01:00
  }
]

App\Twig\Components\DateComponent {#2172
  +date: DateTimeImmutable @1700784125 {#1372
    date: 2023-11-24 01:02:05.0 +01:00
  }
}

[
  "createdAt" => DateTimeImmutable @1700784125 {#1372
    date: 2023-11-24 01:02:05.0 +01:00
  }
  "editedAt" => null
]

App\Twig\Components\DateEditedComponent {#1348
  +createdAt: DateTimeImmutable @1700784125 {#1372
    date: 2023-11-24 01:02:05.0 +01:00
  }
  +editedAt: null
}

[
  "magazine" => Proxies\__CG__\App\Entity\Magazine {#1940
    +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
    +name: "linux@lemmy.ml"
    +title: "linux"
    +description: """
      From Wikipedia, the free encyclopedia\n
      \n
      Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
      \n
      Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
      \n
      ### Rules\n
      \n
      - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
      - No misinformation\n
      - No NSFW content\n
      - No hate speech, bigotry, etc\n
      \n
      ### Related Communities\n
      \n
      - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
      - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
      - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
      - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
      \n
      Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 1319
    +entryCommentCount: 27225
    +postCount: 5
    +postCommentCount: 76
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1728164725 {#1456
      date: 2024-10-05 23:45:25.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
    +entries: Doctrine\ORM\PersistentCollection {#1690 …}
    +posts: Doctrine\ORM\PersistentCollection {#1589 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
    +bans: Doctrine\ORM\PersistentCollection {#1560 …}
    +reports: Doctrine\ORM\PersistentCollection {#1550 …}
    +badges: Doctrine\ORM\PersistentCollection {#1621 …}
    +logs: Doctrine\ORM\PersistentCollection {#1680 …}
    +awards: Doctrine\ORM\PersistentCollection {#1630 …}
    +categories: Doctrine\ORM\PersistentCollection {#1721 …}
    -id: 73
    +apId: "linux@lemmy.ml"
    +apProfileId: "https://lemmy.ml/c/linux"
    +apPublicUrl: "https://lemmy.ml/c/linux"
    +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
    +apInboxUrl: "https://lemmy.ml/inbox"
    +apDomain: "lemmy.ml"
    +apPreferredUsername: "linux"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1728168731 {#1454
      date: 2024-10-05 22:52:11.503583 UTC (+00:00)
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1698929468 {#1461
      date: 2023-11-02 13:51:08.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  "showAvatar" => false
]

App\Twig\Components\MagazineInlineComponent {#2545
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
    +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
    +name: "linux@lemmy.ml"
    +title: "linux"
    +description: """
      From Wikipedia, the free encyclopedia\n
      \n
      Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
      \n
      Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
      \n
      ### Rules\n
      \n
      - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
      - No misinformation\n
      - No NSFW content\n
      - No hate speech, bigotry, etc\n
      \n
      ### Related Communities\n
      \n
      - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
      - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
      - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
      - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
      \n
      Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
      """
    +rules: null
    +subscriptionsCount: 1
    +entryCount: 1319
    +entryCommentCount: 27225
    +postCount: 5
    +postCommentCount: 76
    +isAdult: false
    +customCss: null
    +lastActive: DateTime @1728164725 {#1456
      date: 2024-10-05 23:45:25.0 +02:00
    }
    +markedForDeletionAt: null
    +tags: null
    +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
    +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
    +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
    +entries: Doctrine\ORM\PersistentCollection {#1690 …}
    +posts: Doctrine\ORM\PersistentCollection {#1589 …}
    +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
    +bans: Doctrine\ORM\PersistentCollection {#1560 …}
    +reports: Doctrine\ORM\PersistentCollection {#1550 …}
    +badges: Doctrine\ORM\PersistentCollection {#1621 …}
    +logs: Doctrine\ORM\PersistentCollection {#1680 …}
    +awards: Doctrine\ORM\PersistentCollection {#1630 …}
    +categories: Doctrine\ORM\PersistentCollection {#1721 …}
    -id: 73
    +apId: "linux@lemmy.ml"
    +apProfileId: "https://lemmy.ml/c/linux"
    +apPublicUrl: "https://lemmy.ml/c/linux"
    +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
    +apInboxUrl: "https://lemmy.ml/inbox"
    +apDomain: "lemmy.ml"
    +apPreferredUsername: "linux"
    +apDiscoverable: true
    +apManuallyApprovesFollowers: null
    +privateKey: null
    +publicKey: null
    +apFetchedAt: DateTime @1728168731 {#1454
      date: 2024-10-05 22:52:11.503583 UTC (+00:00)
    }
    +apDeletedAt: null
    +apTimeoutAt: null
    +visibility: "visible             "
    +createdAt: DateTimeImmutable @1698929468 {#1461
      date: 2023-11-02 13:51:08.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +showTitle: true
  +fullName: false
  +stretchedLink: false
  +showAvatar: false
}

[
  "subject" => App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
]

App\Twig\Components\VoteComponent {#2612
  +subject: App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
  +formDest: "entry"
  +showDownvote: true
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
}

[
  "subject" => App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
]

App\Twig\Components\BoostComponent {#2679
  +formDest: "entry"
  +subject: App\Entity\Entry {#1836
    +user: Proxies\__CG__\App\Entity\User {#2355
      +avatar: null
      +cover: null
      +email: "Pantherina@feddit.de"
      +username: "@Pantherina@feddit.de"
      +roles: []
      +followersCount: 0
      +homepage: "front"
      +about: null
      +lastActive: DateTime @1721498243 {#2335
        date: 2024-07-20 19:57:23.0 +02:00
      }
      +markedForDeletionAt: null
      +fields: null
      +oauthGithubId: null
      +oauthGoogleId: null
      +oauthFacebookId: null
      +oauthKeycloakId: null
      +hideAdult: true
      +showSubscribedUsers: true
      +showSubscribedMagazines: true
      +showSubscribedDomains: true
      +preferredLanguages: []
      +featuredMagazines: null
      +showProfileSubscriptions: false
      +showProfileFollowings: true
      +markNewComments: false
      +notifyOnNewEntry: false
      +notifyOnNewEntryReply: true
      +notifyOnNewEntryCommentReply: true
      +notifyOnNewPost: false
      +notifyOnNewPostReply: true
      +notifyOnNewPostCommentReply: true
      +addMentionsEntries: false
      +addMentionsPosts: true
      +isBanned: false
      +isVerified: false
      +isDeleted: false
      +isBot: false
      +spamProtection: true
      +customCss: null
      +ignoreMagazinesCustomCss: false
      +moderatorTokens: Doctrine\ORM\PersistentCollection {#2135 …}
      +magazineOwnershipRequests: Doctrine\ORM\PersistentCollection {#2073 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#2072 …}
      +entries: Doctrine\ORM\PersistentCollection {#2065 …}
      +entryVotes: Doctrine\ORM\PersistentCollection {#2066 …}
      +entryComments: Doctrine\ORM\PersistentCollection {#2067 …}
      +entryCommentVotes: Doctrine\ORM\PersistentCollection {#2054 …}
      +posts: Doctrine\ORM\PersistentCollection {#2056 …}
      +postVotes: Doctrine\ORM\PersistentCollection {#2109 …}
      +postComments: Doctrine\ORM\PersistentCollection {#2162 …}
      +postCommentVotes: Doctrine\ORM\PersistentCollection {#2302 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#2117 …}
      +subscribedDomains: Doctrine\ORM\PersistentCollection {#2105 …}
      +follows: Doctrine\ORM\PersistentCollection {#2305 …}
      +followers: Doctrine\ORM\PersistentCollection {#2310 …}
      +blocks: Doctrine\ORM\PersistentCollection {#2280 …}
      +blockers: Doctrine\ORM\PersistentCollection {#2296 …}
      +blockedMagazines: Doctrine\ORM\PersistentCollection {#2217 …}
      +blockedDomains: Doctrine\ORM\PersistentCollection {#2195 …}
      +reports: Doctrine\ORM\PersistentCollection {#2282 …}
      +favourites: Doctrine\ORM\PersistentCollection {#2201 …}
      +violations: Doctrine\ORM\PersistentCollection {#2204 …}
      +notifications: Doctrine\ORM\PersistentCollection {#2211 …}
      +awards: Doctrine\ORM\PersistentCollection {#2210 …}
      +subscribedCategories: Doctrine\ORM\PersistentCollection {#2272 …}
      +categories: Doctrine\ORM\PersistentCollection {#2226 …}
      -id: 48318
      -password: "$2y$13$ltFqzTJ0eHIMY8NTIUV0JOoX1AZlaj64ntUxYh5oQTJrg6.lxQmuC"
      -totpSecret: null
      -totpBackupCodes: []
      -oAuth2UserConsents: Doctrine\ORM\PersistentCollection {#2246 …}
      +apId: "Pantherina@feddit.de"
      +apProfileId: "https://feddit.de/u/Pantherina"
      +apPublicUrl: "https://feddit.de/u/Pantherina"
      +apFollowersUrl: null
      +apInboxUrl: "https://feddit.de/inbox"
      +apDomain: "feddit.de"
      +apPreferredUsername: "Pantherina"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: false
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1721236644 {#2337
        date: 2024-07-17 19:17:24.0 +02:00
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1696428300 {#2336
        date: 2023-10-04 16:05:00.0 +02:00
      }
      +__isInitialized__: true
       …2
    }
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1940
      +icon: Proxies\__CG__\App\Entity\Image {#1434 …}
      +name: "linux@lemmy.ml"
      +title: "linux"
      +description: """
        From Wikipedia, the free encyclopedia\n
        \n
        Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).\n
        \n
        Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word “Linux” in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.\n
        \n
        ### Rules\n
        \n
        - Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.\n
        - No misinformation\n
        - No NSFW content\n
        - No hate speech, bigotry, etc\n
        \n
        ### Related Communities\n
        \n
        - [!opensource@lemmy.ml](https://lemmy.ml/c/opensource)\n
        - [!libre_culture@lemmy.ml](https://lemmy.ml/c/libre_culture)\n
        - [!technology@lemmy.ml](https://lemmy.ml/c/technology)\n
        - [!libre_hardware@lemmy.ml](https://lemmy.ml/c/libre_hardware)\n
        \n
        Community icon by [Alpár-Etele Méder](https://www.iconfinder.com/pocike), licensed under [CC BY 3.0](https://creativecommons.org/licenses/by/3.0/)
        """
      +rules: null
      +subscriptionsCount: 1
      +entryCount: 1319
      +entryCommentCount: 27225
      +postCount: 5
      +postCommentCount: 76
      +isAdult: false
      +customCss: null
      +lastActive: DateTime @1728164725 {#1456
        date: 2024-10-05 23:45:25.0 +02:00
      }
      +markedForDeletionAt: null
      +tags: null
      +moderators: Doctrine\ORM\PersistentCollection {#1693 …}
      +ownershipRequests: Doctrine\ORM\PersistentCollection {#1698 …}
      +moderatorRequests: Doctrine\ORM\PersistentCollection {#1752 …}
      +entries: Doctrine\ORM\PersistentCollection {#1690 …}
      +posts: Doctrine\ORM\PersistentCollection {#1589 …}
      +subscriptions: Doctrine\ORM\PersistentCollection {#1679 …}
      +bans: Doctrine\ORM\PersistentCollection {#1560 …}
      +reports: Doctrine\ORM\PersistentCollection {#1550 …}
      +badges: Doctrine\ORM\PersistentCollection {#1621 …}
      +logs: Doctrine\ORM\PersistentCollection {#1680 …}
      +awards: Doctrine\ORM\PersistentCollection {#1630 …}
      +categories: Doctrine\ORM\PersistentCollection {#1721 …}
      -id: 73
      +apId: "linux@lemmy.ml"
      +apProfileId: "https://lemmy.ml/c/linux"
      +apPublicUrl: "https://lemmy.ml/c/linux"
      +apFollowersUrl: "https://lemmy.ml/c/linux/followers"
      +apInboxUrl: "https://lemmy.ml/inbox"
      +apDomain: "lemmy.ml"
      +apPreferredUsername: "linux"
      +apDiscoverable: true
      +apManuallyApprovesFollowers: null
      +privateKey: null
      +publicKey: null
      +apFetchedAt: DateTime @1728168731 {#1454
        date: 2024-10-05 22:52:11.503583 UTC (+00:00)
      }
      +apDeletedAt: null
      +apTimeoutAt: null
      +visibility: "visible             "
      +createdAt: DateTimeImmutable @1698929468 {#1461
        date: 2023-11-02 13:51:08.0 +01:00
      }
      +__isInitialized__: true
       …2
    }
    +image: null
    +domain: App\Entity\Domain {#278
      +entries: Doctrine\ORM\PersistentCollection {#244 …}
      +name: "madaidans-insecurities.github.io"
      +entryCount: 1
      +subscriptionsCount: 0
      +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
      -id: 1090
    }
    +slug: "Just-read-Madaidans-Insecurities-Do-you-know-how-much-is"
    +title: "Just read Madaidans Insecurities. Do you know how much is still relevant?"
    +url: "https://www.madaidans-insecurities.github.io/linux.html"
    +body: """
      Basically\n
      \n
      - Sandboxing is bad, bubblewrap (used in Flatpak) is a really good implementation though. Firefox and other apps are not very well sandboxed though\n
      - The kernel is endangered through user namespaces (used in Flatpak and Podman/Docker containers i.e. in Distrobox and Toolbox too)\n
      - the root password can be extracted veeery easily, especially when entering it through a terminal. Windows “okay” button might actually be more secure!\n
      - X11 is insecure, okay we know that\n
      - the kernel is very bloated and everything in there has all the permissions, which is not needed\n
      - Kernel bugs are often not fixed quickly or at all\n
      - Stable Distros are insecure if only CVE bugs are backported, as many security bugs dont get a CVE\n
      \n
      I am currently experimenting with the hardened Kernel and hardened_malloc, I use GrapheneOS since over a year.\n
      \n
      On Linux its a bit more difficult though, as Flatpak and Distrobox dont work anymore.\n
      \n
      This would mean user namespaces need to be enabled again, which I can’t seem to make work with\n
      \n
      `sudo sysctl -w kernel.unprivileged_users_clone=1`\n
      \n
      But the file doesnt exist and creating it doesnt work, probably needs to be a karg or something?\n
      \n
      I am testing all this using the hardened mod of Ublue (a slight Fedora deviation using its image-based distribution model):\n
      \n
      [github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)\n
      \n
      The images are rather opinionated though and have things like Flatpak removed, making them nearly unusable.\n
      \n
      Maybe nix is a solution? Would this be a good idea?\n
      \n
      Another point, bubblejail is not yet in the Fedora repos, which would be a way to make secure sandboxing accessible. [Here](https://github.com/rusty-snake/fedora-extras/tree/main/bubblejail) is a spec file from rusty-snake.\n
      \n
      What do you know about this?
      """
    +type: "link"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 8
    +favouriteCount: 36
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1700929355 {#1843
      date: 2023-11-25 17:22:35.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2423 …}
    +votes: Doctrine\ORM\PersistentCollection {#2288 …}
    +reports: Doctrine\ORM\PersistentCollection {#1861 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2409 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1541 …}
    +badges: Doctrine\ORM\PersistentCollection {#1531 …}
    +children: []
    -id: 16138
    -titleTs: "'insecur':4 'know':7 'madaidan':3 'much':9 'read':2 'relev':12 'still':11"
    -bodyTs: "'/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':220 '/rusty-snake/fedora-extras/tree/main/bubblejail)':271 '1':177 'access':267 'actual':63 'anoth':248 'anymor':151 'app':18 'backport':110 'bad':4 'base':215 'basic':1 'bit':141 'bloat':78 'bubblejail':250 'bubblewrap':5 'bug':92,108,114 'button':61 'clone':176 'contain':37 'creat':184 'current':121 'cve':107,118 'deviat':210 'difficult':143 'distribut':216 'distro':102 'distrobox':40,148 'doesnt':181,186 'dont':115,149 'easili':51 'enabl':160 'endang':28 'enter':54 'especi':52 'everyth':80 'exist':182 'experi':122 'extract':49 'fedora':209,256 'file':180,275 'firefox':15 'fix':96 'flatpak':8,34,146,231 'get':116 'github.com':219,270 'github.com/qoijjj/hardened-images](https://github.com/qoijjj/hardened-images)':218 'github.com/rusty-snake/fedora-extras/tree/main/bubblejail)':269 'good':12,246 'grapheneo':132 'harden':125,128,203 'i.e':38 'idea':247 'imag':214,222 'image-bas':213 'implement':13 'insecur':69,104 'karg':193 'kernel':26,75,91,126 'kernel.unprivileged':174 'know':72,283 'like':230 'linux':138 'make':168,233,264 'malloc':129 'mani':112 'mayb':237 'mean':154 'might':62 'mod':204 'model':217 'namespac':31,156 'near':235 'need':90,157,189 'nix':238 'often':94 'okay':60,70 'opinion':225 'password':46 'permiss':86 'podman/docker':36 'point':249 'probabl':188 'quick':97 'rather':224 'realli':11 'remov':232 'repo':257 'root':45 'rusti':278 'rusty-snak':277 'sandbox':2,23,266 'secur':66,113,265 'seem':166 'sinc':133 'slight':208 'snake':279 'solut':241 'someth':195 'spec':274 'stabl':101 'sudo':171 'sysctl':172 'termin':58 'test':198 'thing':229 'though':14,24,144,226 'toolbox':42 'ublu':206 'unus':236 'use':6,32,131,201,211 'user':30,155,175 'veeeri':50 'w':173 'way':262 'well':22 'window':59 'work':150,169,187 'would':153,242,259 'x11':67 'year':136 'yet':253"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1700870525
    +visibility: "visible             "
    +apId: "https://feddit.de/post/5981126"
    +editedAt: null
    +createdAt: DateTimeImmutable @1700784125 {#1372
      date: 2023-11-24 01:02:05.0 +01:00
    }
  }
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
}

[
  "domain" => App\Entity\Domain {#278
    +entries: Doctrine\ORM\PersistentCollection {#244 …}
    +name: "madaidans-insecurities.github.io"
    +entryCount: 1
    +subscriptionsCount: 0
    +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
    -id: 1090
  }
]

App\Twig\Components\DomainComponent {#3072
  +domain: App\Entity\Domain {#278
    +entries: Doctrine\ORM\PersistentCollection {#244 …}
    +name: "madaidans-insecurities.github.io"
    +entryCount: 1
    +subscriptionsCount: 0
    +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
    -id: 1090
  }
}

[
  "domain" => App\Entity\Domain {#278
    +entries: Doctrine\ORM\PersistentCollection {#244 …}
    +name: "madaidans-insecurities.github.io"
    +entryCount: 1
    +subscriptionsCount: 0
    +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
    -id: 1090
  }
]

App\Twig\Components\DomainSubComponent {#3022
  +domain: App\Entity\Domain {#278
    +entries: Doctrine\ORM\PersistentCollection {#244 …}
    +name: "madaidans-insecurities.github.io"
    +entryCount: 1
    +subscriptionsCount: 0
    +subscriptions: Doctrine\ORM\PersistentCollection {#266 …}
    -id: 1090
  }
}

[
  "label" => "Sidebar position"
  "settingsKey" => "KBIN_GENERAL_SIDEBAR_POSITION"
  "values" => [
    [
      "name" => "Left"
      "value" => "LEFT"
    ]
    [
      "name" => "Right"
      "value" => "RIGHT"
    ]
  ]
  "defaultValue" => "RIGHT"
]

App\Twig\Components\SettingsRowEnumComponent {#3160
  +label: "Sidebar position"
  +help: ""
  +settingsKey: "KBIN_GENERAL_SIDEBAR_POSITION"
  +values: [
    [
      "name" => "Left"
      "value" => "LEFT"
    ]
    [
      "name" => "Right"
      "value" => "RIGHT"
    ]
  ]
  +defaultValue: "RIGHT"
  +reloadRequired: true
}

[
  "label" => "Dynamic lists"
  "settingsKey" => "KBIN_GENERAL_DYNAMIC_LISTS"
]

App\Twig\Components\SettingsRowSwitchComponent {#3232
  +label: "Dynamic lists"
  +help: ""
  +settingsKey: "KBIN_GENERAL_DYNAMIC_LISTS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Rounded edges"
  "settingsKey" => "KBIN_GENERAL_ROUNDED_EDGES"
]

App\Twig\Components\SettingsRowSwitchComponent {#3295
  +label: "Rounded edges"
  +help: ""
  +settingsKey: "KBIN_GENERAL_ROUNDED_EDGES"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Infinite scrolling"
  "help" => "Automatically load more content when you reach the bottom of the page."
  "settingsKey" => "KBIN_GENERAL_INFINITE_SCROLL"
]

App\Twig\Components\SettingsRowSwitchComponent {#3351
  +label: "Infinite scrolling"
  +help: "Automatically load more content when you reach the bottom of the page."
  +settingsKey: "KBIN_GENERAL_INFINITE_SCROLL"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Sticky navbar"
  "help" => "The navbar will stick to the top of the page when you scroll down."
  "settingsKey" => "KBIN_GENERAL_FIXED_NAVBAR"
]

App\Twig\Components\SettingsRowSwitchComponent {#3410
  +label: "Sticky navbar"
  +help: "The navbar will stick to the top of the page when you scroll down."
  +settingsKey: "KBIN_GENERAL_FIXED_NAVBAR"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show top bar"
  "settingsKey" => "KBIN_GENERAL_TOPBAR"
]

App\Twig\Components\SettingsRowSwitchComponent {#3466
  +label: "Show top bar"
  +help: ""
  +settingsKey: "KBIN_GENERAL_TOPBAR"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Turbo mode (experimental)"
  "settingsKey" => "KBIN_GENERAL_TURBO"
]

App\Twig\Components\SettingsRowSwitchComponent {#3522
  +label: "Turbo mode (experimental)"
  +help: ""
  +settingsKey: "KBIN_GENERAL_TURBO"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Mark new comments"
  "settingsKey" => "KBIN_MARK_NEW_COMMENTS"
]

App\Twig\Components\UserSettingsRowSwitchComponent {#3580
  +label: "Mark new comments"
  +help: ""
  +settingsKey: "KBIN_MARK_NEW_COMMENTS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show "Support Us" block"
  "settingsKey" => "KBIN_GENERAL_SUPPORT_US_BLOCK"
  "defaultValue" => true
]

App\Twig\Components\SettingsRowSwitchComponent {#3643
  +label: "Show "Support Us" block"
  +help: ""
  +settingsKey: "KBIN_GENERAL_SUPPORT_US_BLOCK"
  +defaultValue: true
  +reloadRequired: true
}

[
  "label" => "Show subscribed users"
  "settingsKey" => "KBIN_SUB_CHANNEL_USERS"
]

App\Twig\Components\UserSettingsRowSwitchComponent {#3701
  +label: "Show subscribed users"
  +help: ""
  +settingsKey: "KBIN_SUB_CHANNEL_USERS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show subscribed magazines"
  "settingsKey" => "KBIN_SUB_CHANNEL_MAGAZINES"
]

App\Twig\Components\UserSettingsRowSwitchComponent {#3757
  +label: "Show subscribed magazines"
  +help: ""
  +settingsKey: "KBIN_SUB_CHANNEL_MAGAZINES"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show subscribed domains"
  "settingsKey" => "KBIN_SUB_CHANNEL_DOMAINS"
]

App\Twig\Components\UserSettingsRowSwitchComponent {#3813
  +label: "Show subscribed domains"
  +help: ""
  +settingsKey: "KBIN_SUB_CHANNEL_DOMAINS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Auto media preview"
  "help" => "Automatically expand media previews."
  "settingsKey" => "KBIN_ENTRIES_SHOW_PREVIEW"
]

App\Twig\Components\SettingsRowSwitchComponent {#3869
  +label: "Auto media preview"
  +help: "Automatically expand media previews."
  +settingsKey: "KBIN_ENTRIES_SHOW_PREVIEW"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Compact view"
  "settingsKey" => "KBIN_ENTRIES_COMPACT"
]

App\Twig\Components\SettingsRowSwitchComponent {#3925
  +label: "Compact view"
  +help: ""
  +settingsKey: "KBIN_ENTRIES_COMPACT"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show users’ avatars"
  "settingsKey" => "KBIN_ENTRIES_SHOW_USERS_AVATARS"
]

App\Twig\Components\SettingsRowSwitchComponent {#3981
  +label: "Show users’ avatars"
  +help: ""
  +settingsKey: "KBIN_ENTRIES_SHOW_USERS_AVATARS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show magazines’ icons"
  "settingsKey" => "KBIN_ENTRIES_SHOW_MAGAZINES_ICONS"
]

App\Twig\Components\SettingsRowSwitchComponent {#4037
  +label: "Show magazines’ icons"
  +help: ""
  +settingsKey: "KBIN_ENTRIES_SHOW_MAGAZINES_ICONS"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show thumbnails"
  "settingsKey" => "KBIN_ENTRIES_SHOW_THUMBNAILS"
  "defaultValue" => true
]

App\Twig\Components\SettingsRowSwitchComponent {#4093
  +label: "Show thumbnails"
  +help: ""
  +settingsKey: "KBIN_ENTRIES_SHOW_THUMBNAILS"
  +defaultValue: true
  +reloadRequired: true
}

[
  "label" => "Auto media preview"
  "help" => "Automatically expand media previews."
  "settingsKey" => "KBIN_POSTS_SHOW_PREVIEW"
]

App\Twig\Components\SettingsRowSwitchComponent {#4149
  +label: "Auto media preview"
  +help: "Automatically expand media previews."
  +settingsKey: "KBIN_POSTS_SHOW_PREVIEW"
  +defaultValue: false
  +reloadRequired: true
}

[
  "label" => "Show users’ avatars"
  "settingsKey" => "KBIN_POSTS_SHOW_USERS_AVATARS"
  "defaultValue" => true
]

App\Twig\Components\SettingsRowSwitchComponent {#4205
  +label: "Show users’ avatars"
  +help: ""
  +settingsKey: "KBIN_POSTS_SHOW_USERS_AVATARS"
  +defaultValue: true
  +reloadRequired: true
}

[
  "label" => "Comment reply position"
  "help" => "Display the comment reply form either at the top or bottom of the page. When 'infinite scroll' is enabled the position will always appear at the top."
  "settingsKey" => "KBIN_COMMENTS_REPLY_POSITION"
  "values" => [
    [
      "name" => "top"
      "value" => "TOP"
    ]
    [
      "name" => "bottom"
      "value" => "BOTTOM"
    ]
  ]
  "defaultValue" => "TOP"
]

App\Twig\Components\SettingsRowEnumComponent {#4261
  +label: "Comment reply position"
  +help: "Display the comment reply form either at the top or bottom of the page. When 'infinite scroll' is enabled the position will always appear at the top."
  +settingsKey: "KBIN_COMMENTS_REPLY_POSITION"
  +values: [
    [
      "name" => "top"
      "value" => "TOP"
    ]
    [
      "name" => "bottom"
      "value" => "BOTTOM"
    ]
  ]
  +defaultValue: "TOP"
  +reloadRequired: true
}

[
  "label" => "Show Comment Avatars"
  "help" => "Display/hide user avatars when viewing comments on a single thread or post."
  "settingsKey" => "KBIN_COMMENTS_SHOW_USER_AVATAR"
  "defaultValue" => true
]

App\Twig\Components\SettingsRowSwitchComponent {#4319
  +label: "Show Comment Avatars"
  +help: "Display/hide user avatars when viewing comments on a single thread or post."
  +settingsKey: "KBIN_COMMENTS_SHOW_USER_AVATAR"
  +defaultValue: true
  +reloadRequired: true
}

[
  "magazine" => null
  "tag" => null
]

App\Twig\Components\RelatedMagazinesComponent {#4384
  +limit: 4
  +tag: null
  +magazine: null
  +type: "random"
  +title: "random_magazines"
  +refreshedRandom: false
  -repository: App\Repository\MagazineRepository {#4385 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
}

[
  "magazine" => null
]

App\Twig\Components\ActiveUsersComponent {#4474
  +magazine: null
  -userRepository: App\Repository\UserRepository {#603 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
}

[
  "magazine" => null
  "tag" => null
]

App\Twig\Components\RelatedCategoriesComponent {#4533
  +limit: 4
  +tag: null
  +magazine: null
  +type: "random"
  +title: "random_categories"
  +refreshedRandom: false
  -repository: App\Repository\CategoryRepository {#4534 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
}

[
  "magazine" => null
  "tag" => null
]

App\Twig\Components\RelatedPostsComponent {#4604
  +limit: 4
  +tag: null
  +magazine: null
  +type: "random"
  +post: null
  +title: "random_posts"
  +refreshedRandom: false
  -repository: App\Repository\PostRepository {#4603 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
  -mentionManager: App\Service\MentionManager {#2340 …}
}

[
  "magazine" => null
  "tag" => null
]

App\Twig\Components\RelatedEntriesComponent {#4673
  +limit: 4
  +tag: null
  +magazine: null
  +type: "random"
  +entry: null
  +title: "random_entries"
  +refreshedRandom: false
  -repository: App\Repository\EntryRepository {#558 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -twig: Twig\Environment {#1252 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
  -mentionManager: App\Service\MentionManager {#2340 …}
}

App\Twig\Components\SupportUsBlock {#4742
  +subject: ? App\Entity\Contracts\VotableInterface
  +url: ? string
  -twig: Twig\Environment {#1252 …}
  -cache: Symfony\Component\Cache\Adapter\TraceableTagAwareAdapter {#600 …}
  -requestStack: Symfony\Component\HttpFoundation\RequestStack {#1328 …}
  -partnerBlockRepository: App\Repository\PartnerBlockRepository {#4743 …}
}

[
  "magazine" => null
]

App\Twig\Components\FeaturedMagazinesComponent {#4835
  +magazine: null
  -twig: Twig\Environment {#1252 …}
  -repository: App\Repository\MagazineRepository {#4385 …}
}