Language Selection

English French German Italian Portuguese Spanish

The Malware Problem (and a solution)

Filed under
Linux
Software
Security

So, there have been some discussions about possible solutions for this issue. Some have proposed that we add a review process to all of this, so that anything that gets uploaded gets a security check from some KDE developers. That's a neat idea on paper. But only there. This couldn't possibly work out, for two reasons: 1) Manpower - We simply don't have enough of that. 2) Responsibility - Who wants to be responsible for letting Malware slip through your fingers? This can happen to anyone, and it would be pretty embarrassing. I certainly wouldn't want to be responsible for anything.

Back when we designed the scripting system for Amarok 2 (QtScript, in-process), Ian Monroe and I realized that there isn't really any way to make it secure on a technical level. Sandboxing, automatic malware detection, flying cars - all this works somehow in theory, but in reality it requires some Bruce Schneier to do it, which we don't have (there is only only one Schneier, I guess). So basically we realized that the system would be unsafe, and that we would have to live with it. Amarok is very vulnerable to Malware scripts, because scripts can access most of Amarok, and Qt, and whatnot. Any Joe Schmoe could hack up a two-liner script that deletes your $HOME. So we accepted that reality, and tried to think of some other methods for making it all safer. What we came up with is this:

Rest here




More in Tux Machines

Android Leftovers

Firefox vs. Flash

  • Firefox to start blocking Flash content in August
    In Firefox 48, Mozilla will enable a new Firefox plug-in blocklist by default. Initially the blocklist will be small, mostly containing URLs of Flash SWF files that have been identified by Mozilla as supercookies (i.e. cookies that are very hard to shake off) or fingerprinting files (i.e. they scan your system and create a unique fingerprint, again usually for tracking purposes).
  • Firefox sets kill-Flash schedule
    Mozilla yesterday said it will follow other browser markers by curtailing use of Flash in Firefox next month. The open-source developer added that in 2017 it will dramatically expand the anti-Flash restrictions: Firefox will require users to explicitly approve the use of Flash for any reason by any website. As have its rivals, Mozilla cast the limitations (this year) and elimination (next year) as victories for Firefox users, citing improved security, longer battery life on laptops and faster web page rendering.

Security News

OSS Leftovers

  • Why Open Source is gaining momentum in Digital Transformation?
    Once upon a time in IT, using open source simply meant Linux instead of Windows, or maybe MySQL instead of Oracle. Now, there is such a huge diversity of open source tools, and almost every leading digital business and tech startup is making extensive use of them. It’s been a remarkable turnaround for open source over the last 10 years, placing the trend firmly at the heart of the digital revolution. The explosive growth of e-commerce, mobile and social media has completely altered the customer’s lifestyle and buying habits. Today, organizations are expected to engage with customers in Omni-channel environment. They need to create a customer journey. This is the driver of digital transformation.
  • Building an Open Source Company: Interview with GitLab's CEO
    Please note that while we think of ourselves as an open source company it would be more accurate to call it an open core company since we ship both the open source GitLab Community Edition and the close source GitLab Enterprise Edition. Thanks to paxcoder for pointing this out on Hacker News. GitLab began as a labor of love from Dmitriy Zaporozhets and Valery Sizov, who built the first version together in 2011. Like many open source authors, they were only able to work on the project part time. Sid Sijbrandij joined forces a year later and created GitLab.com, the first SaaS offering and first experiment with monetization. Today GitLab is a model for open source sustainability and stewardship. It is being used in over 100,000 organizations including RedHat, NASA, Intel, Uber, and VMWare, to name just a few. Large organizations buy enterprise licenses, sustaining and growing both the company and the free open source project. GitLab now has over 90 employees, including Sid and Dmitriy who serve as CEO and CTO, respectively.
  • You can now build your own Wire client
    Interview with Wire CTO and co-founder Alan Duric about open source.
  • 50 Top Open Source Marketing Applications
    Clearly, open source marketing apps have their place. These days, marketing departments are responsible for a sizable percentage of enterprise application purchases and deployment decisions. In fact, Gartner has predicted that by 2017 chief marketing officers (CMOs) will spend more on IT than chief information officers (CIOs) do. While the accuracy of that forecast is open to debate, marketing teams are certainly becoming more involved in the selection of software. The marketing automation industry alone is now worth an estimated $1.62 billion per year, and many marketing teams are also involved in choosing content management systems, customer relationship management, ecommerce software and other solutions.