Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

today's howtos

Leftovers: Gaming

Pro tip: Find tons of open-source Android software with F-Droid

If you're looking for truly open-source software for the Android platform, you don't have to do a ton of searching or check through licenses from within the Google Play Store. All you have to do is download a simple tool called F-Droid. With this tool, you can download and install apps (from quite a large listing) as easily as you can from the Google Play Store. You won't, however, find F-Droid in the Google Play Store. Instead, you have to download the .apk file and install it manually. Once it's installed, the rest is just a matter of searching for an app and tapping to install. Read more

Librem 15 Linux Laptop Set To Close At Around $400k USD

The manufacturing goal was $250k USD and thanks to the extension they're now set to close the campaign at the end of today at around $400k. With the extra funds, they're planning to add hardware kill switches for the microphone/camera and for all RF/WiFI/Bluetooth adapters. Those behind the project are also looking at replacing the HDMI port with two mini Thunderbolt ports. Read more