Symfony Profiler

null

Proxies\__CG__\App\Entity\Entry {#1795
  +user: Proxies\__CG__\App\Entity\User {#2384 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: Proxies\__CG__\App\Entity\Image {#2028 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
  +slug: "Thoughts-on-this"
  +title: "Thoughts on this?"
  +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 121
  +favouriteCount: 232
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1711282074 {#2018
    date: 2024-03-24 13:07:54.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2144 …}
  +votes: Doctrine\ORM\PersistentCollection {#2061 …}
  +reports: Doctrine\ORM\PersistentCollection {#2084 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
  +badges: Doctrine\ORM\PersistentCollection {#2085 …}
  +children: [
    App\Entity\EntryComment {#1705
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1795 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
      +body: """
        That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
        \n
        I am so glad that interface is gone, especially when running proprietary apps.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1704297305 {#1611
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1686 …}
      +nested: Doctrine\ORM\PersistentCollection {#1680 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1702 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
      -id: 276769
      -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6106968"
      +editedAt: DateTimeImmutable @1711263846 {#1616
        date: 2024-03-24 08:04:06.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704297305 {#1711
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +"title": 276769
    }
  ]
  -id: 26680
  -titleTs: "'thought':1"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704275680
  +visibility: "visible             "
  +apId: "https://futurology.today/post/322568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704189280 {#2363
    date: 2024-01-02 10:54:40.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1795
  +user: Proxies\__CG__\App\Entity\User {#2384 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: Proxies\__CG__\App\Entity\Image {#2028 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
  +slug: "Thoughts-on-this"
  +title: "Thoughts on this?"
  +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 121
  +favouriteCount: 232
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1711282074 {#2018
    date: 2024-03-24 13:07:54.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2144 …}
  +votes: Doctrine\ORM\PersistentCollection {#2061 …}
  +reports: Doctrine\ORM\PersistentCollection {#2084 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
  +badges: Doctrine\ORM\PersistentCollection {#2085 …}
  +children: [
    App\Entity\EntryComment {#1705
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1795 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
      +body: """
        That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
        \n
        I am so glad that interface is gone, especially when running proprietary apps.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1704297305 {#1611
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1686 …}
      +nested: Doctrine\ORM\PersistentCollection {#1680 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1702 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
      -id: 276769
      -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6106968"
      +editedAt: DateTimeImmutable @1711263846 {#1616
        date: 2024-03-24 08:04:06.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704297305 {#1711
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +"title": 276769
    }
  ]
  -id: 26680
  -titleTs: "'thought':1"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704275680
  +visibility: "visible             "
  +apId: "https://futurology.today/post/322568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704189280 {#2363
    date: 2024-01-02 10:54:40.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1795
  +user: Proxies\__CG__\App\Entity\User {#2384 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: Proxies\__CG__\App\Entity\Image {#2028 …}
  +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
  +slug: "Thoughts-on-this"
  +title: "Thoughts on this?"
  +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
  +body: null
  +type: "image"
  +lang: "en"
  +isOc: false
  +hasEmbed: true
  +commentCount: 121
  +favouriteCount: 232
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1711282074 {#2018
    date: 2024-03-24 13:07:54.0 +01:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2144 …}
  +votes: Doctrine\ORM\PersistentCollection {#2061 …}
  +reports: Doctrine\ORM\PersistentCollection {#2084 …}
  +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
  +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
  +badges: Doctrine\ORM\PersistentCollection {#2085 …}
  +children: [
    App\Entity\EntryComment {#1705
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1795 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
      +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
      +body: """
        That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
        \n
        I am so glad that interface is gone, especially when running proprietary apps.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 6
      +score: 0
      +lastActive: DateTime @1704297305 {#1611
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
        "@dd56@futurology.today"
        "@Chobbes@lemmy.world"
        "@AMDIsOurLord@lemmy.ml"
        "@amju_wolf@pawb.social"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1686 …}
      +nested: Doctrine\ORM\PersistentCollection {#1680 …}
      +votes: Doctrine\ORM\PersistentCollection {#1683 …}
      +reports: Doctrine\ORM\PersistentCollection {#1702 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
      -id: 276769
      -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6106968"
      +editedAt: DateTimeImmutable @1711263846 {#1616
        date: 2024-03-24 08:04:06.0 +01:00
      }
      +createdAt: DateTimeImmutable @1704297305 {#1711
        date: 2024-01-03 16:55:05.0 +01:00
      }
      +"title": 276769
    }
  ]
  -id: 26680
  -titleTs: "'thought':1"
  -bodyTs: null
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704275680
  +visibility: "visible             "
  +apId: "https://futurology.today/post/322568"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704189280 {#2363
    date: 2024-01-02 10:54:40.0 +01:00
  }
  +__isInitialized__: true
   …2
}

null

App\Entity\EntryComment {#1705
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1795
    +user: Proxies\__CG__\App\Entity\User {#2384 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: Proxies\__CG__\App\Entity\Image {#2028 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
    +slug: "Thoughts-on-this"
    +title: "Thoughts on this?"
    +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 121
    +favouriteCount: 232
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1711282074 {#2018
      date: 2024-03-24 13:07:54.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2144 …}
    +votes: Doctrine\ORM\PersistentCollection {#2061 …}
    +reports: Doctrine\ORM\PersistentCollection {#2084 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
    +badges: Doctrine\ORM\PersistentCollection {#2085 …}
    +children: [
      App\Entity\EntryComment {#1705}
    ]
    -id: 26680
    -titleTs: "'thought':1"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704275680
    +visibility: "visible             "
    +apId: "https://futurology.today/post/322568"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704189280 {#2363
      date: 2024-01-02 10:54:40.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
  +body: """
    That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
    \n
    I am so glad that interface is gone, especially when running proprietary apps.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1704297305 {#1611
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1686 …}
  +nested: Doctrine\ORM\PersistentCollection {#1680 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1702 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
  -id: 276769
  -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6106968"
  +editedAt: DateTimeImmutable @1711263846 {#1616
    date: 2024-03-24 08:04:06.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704297305 {#1711
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +"title": 276769
}

App\Entity\EntryComment {#1705
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1795
    +user: Proxies\__CG__\App\Entity\User {#2384 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: Proxies\__CG__\App\Entity\Image {#2028 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
    +slug: "Thoughts-on-this"
    +title: "Thoughts on this?"
    +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 121
    +favouriteCount: 232
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1711282074 {#2018
      date: 2024-03-24 13:07:54.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2144 …}
    +votes: Doctrine\ORM\PersistentCollection {#2061 …}
    +reports: Doctrine\ORM\PersistentCollection {#2084 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
    +badges: Doctrine\ORM\PersistentCollection {#2085 …}
    +children: [
      App\Entity\EntryComment {#1705}
    ]
    -id: 26680
    -titleTs: "'thought':1"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704275680
    +visibility: "visible             "
    +apId: "https://futurology.today/post/322568"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704189280 {#2363
      date: 2024-01-02 10:54:40.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
  +body: """
    That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
    \n
    I am so glad that interface is gone, especially when running proprietary apps.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1704297305 {#1611
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1686 …}
  +nested: Doctrine\ORM\PersistentCollection {#1680 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1702 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
  -id: 276769
  -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6106968"
  +editedAt: DateTimeImmutable @1711263846 {#1616
    date: 2024-03-24 08:04:06.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704297305 {#1711
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +"title": 276769
}

App\Entity\EntryComment {#1705
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1795
    +user: Proxies\__CG__\App\Entity\User {#2384 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: Proxies\__CG__\App\Entity\Image {#2028 …}
    +domain: Proxies\__CG__\App\Entity\Domain {#2029 …}
    +slug: "Thoughts-on-this"
    +title: "Thoughts on this?"
    +url: "https://futurology.today/pictrs/image/c0bf70e0-b955-43e7-93c6-bc40fca62c96.png"
    +body: null
    +type: "image"
    +lang: "en"
    +isOc: false
    +hasEmbed: true
    +commentCount: 121
    +favouriteCount: 232
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1711282074 {#2018
      date: 2024-03-24 13:07:54.0 +01:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2144 …}
    +votes: Doctrine\ORM\PersistentCollection {#2061 …}
    +reports: Doctrine\ORM\PersistentCollection {#2084 …}
    +favourites: Doctrine\ORM\PersistentCollection {#2076 …}
    +notifications: Doctrine\ORM\PersistentCollection {#2083 …}
    +badges: Doctrine\ORM\PersistentCollection {#2085 …}
    +children: [
      App\Entity\EntryComment {#1705}
    ]
    -id: 26680
    -titleTs: "'thought':1"
    -bodyTs: null
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704275680
    +visibility: "visible             "
    +apId: "https://futurology.today/post/322568"
    +editedAt: null
    +createdAt: DateTimeImmutable @1704189280 {#2363
      date: 2024-01-02 10:54:40.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1692 …}
  +root: Proxies\__CG__\App\Entity\EntryComment {#1691 …}
  +body: """
    That interface is let any random app take screenshots of anything running on the same server without any way for the user to know it happens.\n
    \n
    I am so glad that interface is gone, especially when running proprietary apps.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 6
  +score: 0
  +lastActive: DateTime @1704297305 {#1611
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
    "@dd56@futurology.today"
    "@Chobbes@lemmy.world"
    "@AMDIsOurLord@lemmy.ml"
    "@amju_wolf@pawb.social"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1686 …}
  +nested: Doctrine\ORM\PersistentCollection {#1680 …}
  +votes: Doctrine\ORM\PersistentCollection {#1683 …}
  +reports: Doctrine\ORM\PersistentCollection {#1702 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1596 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1613 …}
  -id: 276769
  -bodyTs: "'anyth':11 'app':7,39 'especi':35 'glad':30 'gone':34 'happen':26 'interfac':2,32 'know':24 'let':4 'proprietari':38 'random':6 'run':12,37 'screenshot':9 'server':16 'take':8 'user':22 'way':19 'without':17"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6106968"
  +editedAt: DateTimeImmutable @1711263846 {#1616
    date: 2024-03-24 08:04:06.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704297305 {#1711
    date: 2024-01-03 16:55:05.0 +01:00
  }
  +"title": 276769
}

null

Proxies\__CG__\App\Entity\Entry {#1576
  +user: Proxies\__CG__\App\Entity\User {#2387 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#1732
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2464 …}
  +votes: Doctrine\ORM\PersistentCollection {#2448 …}
  +reports: Doctrine\ORM\PersistentCollection {#2422 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
  +badges: Doctrine\ORM\PersistentCollection {#2033 …}
  +children: [
    1 => App\Entity\EntryComment {#1641
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#1696
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1525 …}
      +nested: Doctrine\ORM\PersistentCollection {#1527 …}
      +votes: Doctrine\ORM\PersistentCollection {#1526 …}
      +reports: Doctrine\ORM\PersistentCollection {#1560 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#1606
        date: 2024-01-03 10:32:59.0 +01:00
      }
      +"title": 276098
    }
    0 => App\Entity\EntryComment {#1621
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
      +root: App\Entity\EntryComment {#1641}
      +body: """
        Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
        \n
        There are non-UI applications with similar problems though.\n
        \n
        Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285453 {#1663
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@hunger@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1723 …}
      +nested: Doctrine\ORM\PersistentCollection {#1617 …}
      +votes: Doctrine\ORM\PersistentCollection {#1625 …}
      +reports: Doctrine\ORM\PersistentCollection {#1599 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
      -id: 276249
      -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6103834"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285453 {#1555
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +"title": 276249
    }
  ]
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#2380
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2359
    date: 2024-01-03 10:08:09.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1576
  +user: Proxies\__CG__\App\Entity\User {#2387 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#1732
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2464 …}
  +votes: Doctrine\ORM\PersistentCollection {#2448 …}
  +reports: Doctrine\ORM\PersistentCollection {#2422 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
  +badges: Doctrine\ORM\PersistentCollection {#2033 …}
  +children: [
    1 => App\Entity\EntryComment {#1641
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#1696
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1525 …}
      +nested: Doctrine\ORM\PersistentCollection {#1527 …}
      +votes: Doctrine\ORM\PersistentCollection {#1526 …}
      +reports: Doctrine\ORM\PersistentCollection {#1560 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#1606
        date: 2024-01-03 10:32:59.0 +01:00
      }
      +"title": 276098
    }
    0 => App\Entity\EntryComment {#1621
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
      +root: App\Entity\EntryComment {#1641}
      +body: """
        Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
        \n
        There are non-UI applications with similar problems though.\n
        \n
        Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285453 {#1663
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@hunger@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1723 …}
      +nested: Doctrine\ORM\PersistentCollection {#1617 …}
      +votes: Doctrine\ORM\PersistentCollection {#1625 …}
      +reports: Doctrine\ORM\PersistentCollection {#1599 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
      -id: 276249
      -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6103834"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285453 {#1555
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +"title": 276249
    }
  ]
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#2380
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2359
    date: 2024-01-03 10:08:09.0 +01:00
  }
  +__isInitialized__: true
   …2
}

Proxies\__CG__\App\Entity\Entry {#1576
  +user: Proxies\__CG__\App\Entity\User {#2387 …}
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
  +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
  +title: "Is it actually dangerous to run Firefox as root?"
  +url: null
  +body: """
    I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
    \n
    I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
    \n
    I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
    \n
    This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
    """
  +type: "article"
  +lang: "en"
  +isOc: false
  +hasEmbed: false
  +commentCount: 88
  +favouriteCount: 93
  +score: 0
  +isAdult: false
  +sticky: false
  +lastActive: DateTime @1712572029 {#1732
    date: 2024-04-08 12:27:09.0 +02:00
  }
  +ip: null
  +adaAmount: 0
  +tags: null
  +mentions: null
  +comments: Doctrine\ORM\PersistentCollection {#2464 …}
  +votes: Doctrine\ORM\PersistentCollection {#2448 …}
  +reports: Doctrine\ORM\PersistentCollection {#2422 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
  +badges: Doctrine\ORM\PersistentCollection {#2033 …}
  +children: [
    1 => App\Entity\EntryComment {#1641
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: null
      +root: null
      +body: """
        Usig *anything* as root is a security risk.\n
        \n
        Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
        \n
        So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
        \n
        Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
        \n
        Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 8
      +score: 0
      +lastActive: DateTime @1711208212 {#1696
        date: 2024-03-23 16:36:52.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1525 …}
      +nested: Doctrine\ORM\PersistentCollection {#1527 …}
      +votes: Doctrine\ORM\PersistentCollection {#1526 …}
      +reports: Doctrine\ORM\PersistentCollection {#1560 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
      -id: 276098
      -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6099001"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704274379 {#1606
        date: 2024-01-03 10:32:59.0 +01:00
      }
      +"title": 276098
    }
    0 => App\Entity\EntryComment {#1621
      +user: App\Entity\User {#264 …}
      +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
      +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
      +image: null
      +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
      +root: App\Entity\EntryComment {#1641}
      +body: """
        Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
        \n
        There are non-UI applications with similar problems though.\n
        \n
        Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
        """
      +lang: "en"
      +isAdult: false
      +favouriteCount: 3
      +score: 0
      +lastActive: DateTime @1704285453 {#1663
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +ip: null
      +tags: null
      +mentions: [
        "@HiddenLayer5@lemmy.ml"
        "@hunger@programming.dev"
      ]
      +children: Doctrine\ORM\PersistentCollection {#1723 …}
      +nested: Doctrine\ORM\PersistentCollection {#1617 …}
      +votes: Doctrine\ORM\PersistentCollection {#1625 …}
      +reports: Doctrine\ORM\PersistentCollection {#1599 …}
      +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
      +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
      -id: 276249
      -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
      +ranking: 0
      +commentCount: 0
      +upVotes: 0
      +downVotes: 0
      +visibility: "visible             "
      +apId: "https://programming.dev/comment/6103834"
      +editedAt: null
      +createdAt: DateTimeImmutable @1704285453 {#1555
        date: 2024-01-03 13:37:33.0 +01:00
      }
      +"title": 276249
    }
  ]
  -id: 26893
  -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
  -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
  +cross: false
  +upVotes: 0
  +downVotes: 0
  +ranking: 1704359289
  +visibility: "visible             "
  +apId: "https://lemmy.ml/post/10062491"
  +editedAt: DateTimeImmutable @1711170613 {#2380
    date: 2024-03-23 06:10:13.0 +01:00
  }
  +createdAt: DateTimeImmutable @1704272889 {#2359
    date: 2024-01-03 10:08:09.0 +01:00
  }
  +__isInitialized__: true
   …2
}

null

App\Entity\EntryComment {#1641
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641}
      0 => App\Entity\EntryComment {#1621
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
        +root: App\Entity\EntryComment {#1641}
        +body: """
          Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
          \n
          There are non-UI applications with similar problems though.\n
          \n
          Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285453 {#1663
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@hunger@programming.dev"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1723 …}
        +nested: Doctrine\ORM\PersistentCollection {#1617 …}
        +votes: Doctrine\ORM\PersistentCollection {#1625 …}
        +reports: Doctrine\ORM\PersistentCollection {#1599 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
        -id: 276249
        -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6103834"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285453 {#1555
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +"title": 276249
      }
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#1696
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1525 …}
  +nested: Doctrine\ORM\PersistentCollection {#1527 …}
  +votes: Doctrine\ORM\PersistentCollection {#1526 …}
  +reports: Doctrine\ORM\PersistentCollection {#1560 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#1606
    date: 2024-01-03 10:32:59.0 +01:00
  }
  +"title": 276098
}

App\Entity\EntryComment {#1641
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641}
      0 => App\Entity\EntryComment {#1621
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
        +root: App\Entity\EntryComment {#1641}
        +body: """
          Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
          \n
          There are non-UI applications with similar problems though.\n
          \n
          Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285453 {#1663
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@hunger@programming.dev"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1723 …}
        +nested: Doctrine\ORM\PersistentCollection {#1617 …}
        +votes: Doctrine\ORM\PersistentCollection {#1625 …}
        +reports: Doctrine\ORM\PersistentCollection {#1599 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
        -id: 276249
        -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6103834"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285453 {#1555
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +"title": 276249
      }
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#1696
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1525 …}
  +nested: Doctrine\ORM\PersistentCollection {#1527 …}
  +votes: Doctrine\ORM\PersistentCollection {#1526 …}
  +reports: Doctrine\ORM\PersistentCollection {#1560 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#1606
    date: 2024-01-03 10:32:59.0 +01:00
  }
  +"title": 276098
}

App\Entity\EntryComment {#1641
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641}
      0 => App\Entity\EntryComment {#1621
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
        +root: App\Entity\EntryComment {#1641}
        +body: """
          Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
          \n
          There are non-UI applications with similar problems though.\n
          \n
          Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 3
        +score: 0
        +lastActive: DateTime @1704285453 {#1663
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
          "@hunger@programming.dev"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1723 …}
        +nested: Doctrine\ORM\PersistentCollection {#1617 …}
        +votes: Doctrine\ORM\PersistentCollection {#1625 …}
        +reports: Doctrine\ORM\PersistentCollection {#1599 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
        -id: 276249
        -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6103834"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704285453 {#1555
          date: 2024-01-03 13:37:33.0 +01:00
        }
        +"title": 276249
      }
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: null
  +root: null
  +body: """
    Usig *anything* as root is a security risk.\n
    \n
    Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
    \n
    So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
    \n
    Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
    \n
    Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 8
  +score: 0
  +lastActive: DateTime @1711208212 {#1696
    date: 2024-03-23 16:36:52.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1525 …}
  +nested: Doctrine\ORM\PersistentCollection {#1527 …}
  +votes: Doctrine\ORM\PersistentCollection {#1526 …}
  +reports: Doctrine\ORM\PersistentCollection {#1560 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
  -id: 276098
  -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6099001"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704274379 {#1606
    date: 2024-01-03 10:32:59.0 +01:00
  }
  +"title": 276098
}

null

App\Entity\EntryComment {#1621
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Usig *anything* as root is a security risk.\n
          \n
          Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
          \n
          So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
          \n
          Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
          \n
          Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 8
        +score: 0
        +lastActive: DateTime @1711208212 {#1696
          date: 2024-03-23 16:36:52.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1525 …}
        +nested: Doctrine\ORM\PersistentCollection {#1527 …}
        +votes: Doctrine\ORM\PersistentCollection {#1526 …}
        +reports: Doctrine\ORM\PersistentCollection {#1560 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
        -id: 276098
        -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099001"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704274379 {#1606
          date: 2024-01-03 10:32:59.0 +01:00
        }
        +"title": 276098
      }
      0 => App\Entity\EntryComment {#1621}
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
  +root: App\Entity\EntryComment {#1641}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#1663
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1723 …}
  +nested: Doctrine\ORM\PersistentCollection {#1617 …}
  +votes: Doctrine\ORM\PersistentCollection {#1625 …}
  +reports: Doctrine\ORM\PersistentCollection {#1599 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#1555
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +"title": 276249
}

App\Entity\EntryComment {#1621
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Usig *anything* as root is a security risk.\n
          \n
          Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
          \n
          So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
          \n
          Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
          \n
          Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 8
        +score: 0
        +lastActive: DateTime @1711208212 {#1696
          date: 2024-03-23 16:36:52.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1525 …}
        +nested: Doctrine\ORM\PersistentCollection {#1527 …}
        +votes: Doctrine\ORM\PersistentCollection {#1526 …}
        +reports: Doctrine\ORM\PersistentCollection {#1560 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
        -id: 276098
        -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099001"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704274379 {#1606
          date: 2024-01-03 10:32:59.0 +01:00
        }
        +"title": 276098
      }
      0 => App\Entity\EntryComment {#1621}
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
  +root: App\Entity\EntryComment {#1641}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#1663
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1723 …}
  +nested: Doctrine\ORM\PersistentCollection {#1617 …}
  +votes: Doctrine\ORM\PersistentCollection {#1625 …}
  +reports: Doctrine\ORM\PersistentCollection {#1599 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#1555
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +"title": 276249
}

App\Entity\EntryComment {#1621
  +user: App\Entity\User {#264 …}
  +entry: Proxies\__CG__\App\Entity\Entry {#1576
    +user: Proxies\__CG__\App\Entity\User {#2387 …}
    +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
    +image: null
    +domain: Proxies\__CG__\App\Entity\Domain {#2465 …}
    +slug: "Is-it-actually-dangerous-to-run-Firefox-as-root"
    +title: "Is it actually dangerous to run Firefox as root?"
    +url: null
    +body: """
      I have a few Linux servers at home that I regularly remote into in order to manage, usually logged into KDE Plasma as root. Usually they just have several command line windows and a file manager open (I personally just find it more convenient to use the command line from a remote desktop instead of directly SSH-ing into the system), but if I have an issue, I’ve just been absentmindedly searching stuff up and trying to find solutions using the preinstalled Firefox instance from within the remote desktop itself, which would also be running as root.\n
      \n
      I never even thought to install uBlock Origin on it or anything, but the servers are all configured to use a PiHole instance which blocks the vast majority of ads. However, I do also remember using the browser in my main server to figure out how to set up the PiHole instance in the first place, and that server also happens to be the most important one and is my main NAS.\n
      \n
      I never went on any particularly shady websites, but I also don’t remember exactly which websites I’ve been on as root, though I do seem to remember seeing ads during the initial pihole setup, because it didn’t go very smoothly and I was searching up error messages trying to get it to work.\n
      \n
      This is definitely on me, but it never crossed my mind until recently that it might be a bad idea to use a browser as root, and searching online everyone just states the general cybersecurity doctrine to never do it (which I’m now realizing I shouldn’t have) but no one seems to be discussing how risky it actually is. Shouldn’t Firefox be sandboxing every website and not allowing anything to access the base system? Between “just stop doing it” and “you have to reinstall the OS right now there’s probably already a virus on there,” how much danger do you suppose I’m in? I’m mainly worried about the security/privacy of my personal data I have stored on the servers. All my servers run Fedora KDE Spin and have Intel processors if that makes a difference?
      """
    +type: "article"
    +lang: "en"
    +isOc: false
    +hasEmbed: false
    +commentCount: 88
    +favouriteCount: 93
    +score: 0
    +isAdult: false
    +sticky: false
    +lastActive: DateTime @1712572029 {#1732
      date: 2024-04-08 12:27:09.0 +02:00
    }
    +ip: null
    +adaAmount: 0
    +tags: null
    +mentions: null
    +comments: Doctrine\ORM\PersistentCollection {#2464 …}
    +votes: Doctrine\ORM\PersistentCollection {#2448 …}
    +reports: Doctrine\ORM\PersistentCollection {#2422 …}
    +favourites: Doctrine\ORM\PersistentCollection {#1405 …}
    +notifications: Doctrine\ORM\PersistentCollection {#1383 …}
    +badges: Doctrine\ORM\PersistentCollection {#2033 …}
    +children: [
      1 => App\Entity\EntryComment {#1641
        +user: App\Entity\User {#264 …}
        +entry: Proxies\__CG__\App\Entity\Entry {#1576 …2}
        +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
        +image: null
        +parent: null
        +root: null
        +body: """
          Usig *anything* as root is a security risk.\n
          \n
          Using *any* UI application as root is a bigger risk. That’s because every UI toolkit loads plugins and what not from all over the place and runs the code from those plugins (e.g. plugins installed system wide and into random places some environment variables point to). Binary plugins get executed in the context of the application running and can do change every aspect of your program. I wrote a small image plugin to debug an issue once that looked at all widgets in the UI and wrote all the contents of all text fields (even those obfuscated to show only dots in the UI) to disk whenever some image was loads. Plugins in JS or other non-native code are more limited, but UI toolkits tend to have binary plugins.\n
          \n
          So if somebody manages to set the some env vars and gets root to run some UI application with those set (e.g. using sudo), then that attacker hit the jackpot. In fact some toolkits will not even bring up any UI when run as root to avoid this.\n
          \n
          Running any networked UI application as root is the biggest risk. Those process untrusted data by definition with who knows what set of plugins loaded.\n
          \n
          Ideally you run the UI as a normal user and then use sudo to run individual commands as root.
          """
        +lang: "en"
        +isAdult: false
        +favouriteCount: 8
        +score: 0
        +lastActive: DateTime @1711208212 {#1696
          date: 2024-03-23 16:36:52.0 +01:00
        }
        +ip: null
        +tags: null
        +mentions: [
          "@HiddenLayer5@lemmy.ml"
        ]
        +children: Doctrine\ORM\PersistentCollection {#1525 …}
        +nested: Doctrine\ORM\PersistentCollection {#1527 …}
        +votes: Doctrine\ORM\PersistentCollection {#1526 …}
        +reports: Doctrine\ORM\PersistentCollection {#1560 …}
        +favourites: Doctrine\ORM\PersistentCollection {#1564 …}
        +notifications: Doctrine\ORM\PersistentCollection {#1593 …}
        -id: 276098
        -bodyTs: "'anyth':2 'applic':12,65,158,193 'aspect':72 'attack':167 'avoid':187 'bigger':17 'biggest':198 'binari':56,139 'bring':178 'chang':70 'code':38,129 'command':230 'content':99 'context':62 'data':203 'debug':83 'definit':205 'disk':115 'dot':110 'e.g':42,162 'env':149 'environ':52 'even':104,177 'everi':22,71 'execut':59 'fact':172 'field':103 'get':58,152 'hit':168 'ideal':214 'imag':80,118 'individu':229 'instal':44 'issu':85 'jackpot':170 'js':123 'know':208 'limit':132 'load':25,120,213 'look':88 'manag':144 'nativ':128 'network':191 'non':127 'non-nat':126 'normal':221 'obfusc':106 'place':34,50 'plugin':26,41,43,57,81,121,140,212 'point':54 'process':201 'program':75 'random':49 'risk':8,18,199 'root':4,14,153,185,195,232 'run':36,66,155,183,189,216,228 'secur':7 'set':146,161,210 'show':108 'small':79 'somebodi':143 'sudo':164,226 'system':45 'tend':136 'text':102 'toolkit':24,135,174 'ui':11,23,94,113,134,157,181,192,218 'untrust':202 'use':9,163,225 'user':222 'usig':1 'var':150 'variabl':53 'whenev':116 'wide':46 'widget':91 'wrote':77,96"
        +ranking: 0
        +commentCount: 0
        +upVotes: 0
        +downVotes: 0
        +visibility: "visible             "
        +apId: "https://programming.dev/comment/6099001"
        +editedAt: null
        +createdAt: DateTimeImmutable @1704274379 {#1606
          date: 2024-01-03 10:32:59.0 +01:00
        }
        +"title": 276098
      }
      0 => App\Entity\EntryComment {#1621}
    ]
    -id: 26893
    -titleTs: "'actual':3 'danger':4 'firefox':7 'root':9 'run':6"
    -bodyTs: "'absentmind':73 'access':301 'actual':287 'ad':129,202 'allow':298 'alreadi':322 'also':95,133,159,182 'anyth':111,299 'bad':246 'base':303 'block':124 'browser':137,251 'command':30,48 'configur':117 'conveni':44 'cross':236 'cybersecur':262 'danger':329 'data':346 'definit':230 'desktop':53,91 'didn':210 'differ':368 'direct':56 'discuss':283 'doctrin':263 'error':220 'even':102 'everi':294 'everyon':257 'exact':186 'fedora':357 'figur':143 'file':35 'find':41,80 'firefox':85,291 'first':154 'general':261 'get':224 'go':212 'happen':160 'home':8 'howev':130 'idea':247 'import':165 'ing':59 'initi':205 'instal':105 'instanc':86,122,151 'instead':54 'intel':362 'issu':68 'kde':21,358 'line':31,49 'linux':5 'log':19 'm':270,334,337 'main':140,170,338 'major':127 'make':366 'manag':17,36 'messag':221 'might':243 'mind':238 'much':328 'nas':171 'never':101,173,235,265 'one':166,279 'onlin':256 'open':37 'order':15 'origin':107 'os':316 'particular':177 'person':39,345 'pihol':121,150,206 'place':155 'plasma':22 'preinstal':84 'probabl':321 'processor':363 'realiz':272 'recent':240 'regular':11 'reinstal':314 'rememb':134,185,200 'remot':12,52,90 'right':317 'riski':285 'root':24,99,194,253 'run':97,356 'sandbox':293 'search':74,218,255 'security/privacy':342 'see':201 'seem':198,280 'server':6,114,141,158,352,355 'set':147 'setup':207 'sever':29 'shadi':178 'shouldn':274,289 'smooth':214 'solut':81 'spin':359 'ssh':58 'ssh-ing':57 'state':259 'stop':307 'store':349 'stuff':75 'suppos':332 'system':62,304 'though':195 'thought':103 'tri':78,222 'ublock':106 'use':46,82,119,135,249 'usual':18,25 'vast':126 've':70,190 'virus':324 'websit':179,188,295 'went':174 'window':32 'within':88 'work':227 'worri':339 'would':94"
    +cross: false
    +upVotes: 0
    +downVotes: 0
    +ranking: 1704359289
    +visibility: "visible             "
    +apId: "https://lemmy.ml/post/10062491"
    +editedAt: DateTimeImmutable @1711170613 {#2380
      date: 2024-03-23 06:10:13.0 +01:00
    }
    +createdAt: DateTimeImmutable @1704272889 {#2359
      date: 2024-01-03 10:08:09.0 +01:00
    }
    +__isInitialized__: true
     …2
  }
  +magazine: Proxies\__CG__\App\Entity\Magazine {#1567 …}
  +image: null
  +parent: Proxies\__CG__\App\Entity\EntryComment {#1722 …}
  +root: App\Entity\EntryComment {#1641}
  +body: """
    Plugins are a code execution vulnerability by design;-) Especially with binary plugins you can call/access/inspect everything the program itself can. All UI toolkits make heavy use of plugins, so you can not avoid those with almost all UI applications.\n
    \n
    There are non-UI applications with similar problems though.\n
    \n
    Running anything with network access as root is an extra risk that effects UI and non-UI applications in the same way.
    """
  +lang: "en"
  +isAdult: false
  +favouriteCount: 3
  +score: 0
  +lastActive: DateTime @1704285453 {#1663
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +ip: null
  +tags: null
  +mentions: [
    "@HiddenLayer5@lemmy.ml"
    "@hunger@programming.dev"
  ]
  +children: Doctrine\ORM\PersistentCollection {#1723 …}
  +nested: Doctrine\ORM\PersistentCollection {#1617 …}
  +votes: Doctrine\ORM\PersistentCollection {#1625 …}
  +reports: Doctrine\ORM\PersistentCollection {#1599 …}
  +favourites: Doctrine\ORM\PersistentCollection {#1628 …}
  +notifications: Doctrine\ORM\PersistentCollection {#1630 …}
  -id: 276249
  -bodyTs: "'access':54 'almost':36 'anyth':51 'applic':39,45,68 'avoid':33 'binari':11 'call/access/inspect':15 'code':4 'design':8 'effect':62 'especi':9 'everyth':16 'execut':5 'extra':59 'heavi':25 'make':24 'network':53 'non':43,66 'non-ui':42,65 'plugin':1,12,28 'problem':48 'program':18 'risk':60 'root':56 'run':50 'similar':47 'though':49 'toolkit':23 'ui':22,38,44,63,67 'use':26 'vulner':6 'way':72"
  +ranking: 0
  +commentCount: 0
  +upVotes: 0
  +downVotes: 0
  +visibility: "visible             "
  +apId: "https://programming.dev/comment/6103834"
  +editedAt: null
  +createdAt: DateTimeImmutable @1704285453 {#1555
    date: 2024-01-03 13:37:33.0 +01:00
  }
  +"title": 276249
}

null

null