Raven (she/her/it) 
i just want to be able to use Signal directly in my browser and not run an electron app, sheesh
Maxx (she/her)@sparklepanic whats wrong with it using electron?
Flatpak Electron App Throws Error With `libhardened_malloc.so` · Issue #193 · secureblue/secureblue
I have tested several flatpak electron apps, including Signal, Slack, Freetube, all of them seems to give the following error: ERROR: ld.so: object '/var/run/host/usr/lib64/libhardened_malloc.so' f...
@sparklepanic hmm ill admit theres more security vulnerabilities in electron than an up to date chromium instance, but i think these guys are blowing things out of proportion a bit. and im not totally parsing the full discussion, but a lot of that seems specific to that os?
@JezebelTheApocryphal afaik it applies to all electron-based apps, and imo we should be working toward security-by-default
@sparklepanic i mean the hardened_malloc discourse, thats os-specific. and then they get in the weeds about which other os-specific rendering engine is better? electron apps have built-in vulnernabilities ofc since theyre shipped with a certain version and only have opt-in security updates (if the devs release any at all). but that's not like some electron-exclusive issue, thats an issue with any distributed app
@JezebelTheApocryphal if by OS u mean "linux" sure (as hardened_malloc can be used in practically any distro)
and yes, in the thread they are talking about specific technologies but the point that electron-apps suck at being secure should still be fair game here
also the ux of electron apps isn't the greatest and tools like signal would be better off being able to be launched in the browser (they could make it only compatible with a recently patched browser for instance)
@sparklepanic and ux complaints should be sent to the devs lol. electron is a full node js stack, it can do any ux that you can display in any web browser
@JezebelTheApocryphal oh yeah, i get that. i just don't get why we need it to be this way and instead focus on developing well for the browser itself combined with PWAs would not need electron at all
@sparklepanic honestly just cause web-native apps werent as viable when electron got released, so it had mass adoption and a lot of staying power at this point. we'll transition to better webapps, but itll take time. in the mean time while were still stuck with them, i dont believe theyre as bad and vulnerable as everybody makes them out to be
@JezebelTheApocryphal i tend to have a more "security-by-default" viewpoint than you do but i hope ur right that things will improve!