Raven (she/her/it) 
i just want to be able to use Signal directly in my browser and not run an electron app, sheesh
Maxx (she/her)@sparklepanic whats wrong with it using electron?
Flatpak Electron App Throws Error With `libhardened_malloc.so` · Issue #193 · secureblue/secureblue
I have tested several flatpak electron apps, including Signal, Slack, Freetube, all of them seems to give the following error: ERROR: ld.so: object '/var/run/host/usr/lib64/libhardened_malloc.so' f...
@sparklepanic hmm ill admit theres more security vulnerabilities in electron than an up to date chromium instance, but i think these guys are blowing things out of proportion a bit. and im not totally parsing the full discussion, but a lot of that seems specific to that os?
@JezebelTheApocryphal afaik it applies to all electron-based apps, and imo we should be working toward security-by-default
@sparklepanic i mean the hardened_malloc discourse, thats os-specific. and then they get in the weeds about which other os-specific rendering engine is better? electron apps have built-in vulnernabilities ofc since theyre shipped with a certain version and only have opt-in security updates (if the devs release any at all). but that's not like some electron-exclusive issue, thats an issue with any distributed app
@JezebelTheApocryphal if by OS u mean "linux" sure (as hardened_malloc can be used in practically any distro)
and yes, in the thread they are talking about specific technologies but the point that electron-apps suck at being secure should still be fair game here
@sparklepanic i do since the whole point of electron is to be cross-platform between :p and the security vulnerabilities are fair game, but just not much different from any other distributed app's vulnerabilities