I agree, more or less, with your statement. However, I also stated that I found the No Coin addon to not be to my liking. Also, I further stated that uBlock does a good job of blocking the cryprocurrency mining. And I think that uBlock is a pretty well known addon.None1975 wrote: Just install xul-ext-noscript. Do not use unclear origin and quality addons.
Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
Malware Found In The Ubuntu Snap Store
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
I am not irrational, I'm just quantum probabilistic.
- stevepusser
- Posts: 12930
- Joined: 2009-10-06 05:53
- Has thanked: 41 times
- Been thanked: 71 times
Re: Malware Found In The Ubuntu Snap Store
Oh, Snap!
Sorry, someone had to say it.
Sorry, someone had to say it.
MX Linux packager and developer
Re: Malware Found In The Ubuntu Snap Store
uBlock is great for this, of course they need to stay current with the changes to "mining" that will surely evolve/grow.Bulkley wrote:ticojohn, thanks for the tip. I found this: uBlock Origin Developers Take Steps to Block Cryptocurrency Mining Scripts
Keep an eye on memory and CPU usage, if it is going crazy for an extended period and/or for an unknown reason it could be a miner at work, damn gremlins.
I think they work similar to those deep browser cookies (can't recall the actual name for them, LTO or something), there used to be an add-on that could remove them. Anyway, as soon as the browser opens, they go to work, regardless of the site you are on, nasty buggers.
Should be highly illegal, sorta like someone stealing your cable, biting off your internet/wifi etc... If you are going to make money off my sh*t, where is my cut?
Re: Malware Found In The Ubuntu Snap Store
Build from source, or only use a "trusted" repo, and even then keep a close eye on your system. Even trusted packagers can go crazy or get hacked etc... Remember the Russian Debian dev. last year that was arrested and the Russian gov. confiscated all his gear/rigs, Debian had to quickly cancel his keys and access to help prevent unfortunate things from happening....Lysander wrote:So what's the takeaway from this? Use only software in the official repos? I don't use Snaps [don't know what they are, never looked into it], haven't used Flatpak in Stretch and I've only used one AppImage, which was Libreoffice 6 from the official site.
EDIT, so a snap
So similar to a Windows .exe file, as far as I can see. What is the screening process for these before they are uploaded to the snap store?is a squashFS filesystem containing your app code and a snap.yaml file containing specific metadata. It has a read-only file-system and, once installed, a writable area.
is self-contained. It bundles most of the libraries and runtimes it needs and can be updated and reverted without affecting the rest of the system.
is confined from the OS and other apps through security mechanisms, but can exchange content and functions with other snaps according to fine-grained policies controlled by the user and the OS defaults.
The reality is the Ubuntu Snap store is a crap shoot, Casino or the Wild Wild West (take your pick), there is little/no code inspection or quality control...see here:
"All apps uploaded the Snap store undergo automatic testing to ensure that they work and install correctly for users on multiple Linux distros. Both apps were uploaded as proprietary software so their code was not available to check. However, Snap apps are not checked line-by-line for anything suspicious or out-of-the-ordinary. Therefore, under the current framework, there was simply no way to detect or prevent this “malware” from being bundled up with an app and made available on the Snap store. Any theoretical pre-detection would’ve been hard to do given that both of the affected apps were uploaded as proprietary software. Their code was not available to check."
ref: https://www.omgubuntu.co.uk/2018/05/ubuntu-snap-malware
Re: Malware Found In The Ubuntu Snap Store
I disagree, with Ubuntu not being needed, it serves a purpose and fills a role...I do agree that Snap packages are not needed and I would include Flatpack and appimages as well.None1975 wrote:Snap packets and Ubuntu are not needed.
Re: Malware Found In The Ubuntu Snap Store
yeah, well even a stray cat fills a role, are they really needed? I don't know... The one good thing about the snap idea is at least it runs in a semi-contained way in the user's home. I don't see why they would all have access to an active internet connection though?HuangLao wrote:I disagree, with Ubuntu not being needed, it serves a purpose and fills a role...I do agree that Snap packages are not needed and I would include Flatpack and appimages as well.None1975 wrote:Snap packets and Ubuntu are not needed.
Maybe if they set up some tighter controls, like a form when installed that says "this app accesses this, because of this, Allow (Y/N)?"
They really want to open up things on linux quite a bit I believe, because this will allow money to flow to developers. I'm not totally against it, but it's just not my thing.
resigned by AI ChatGPT
Re: Malware Found In The Ubuntu Snap Store
I think that's to assist the auto update of snaps. Another Windows feature.
Money pouring into Linux? That's been happening for 20+ years, especially the last 10-15 years. But, I agree most of these ideas that I consider unnecessary, are necessary for some corporate client somewhere...systemd as an example.
Money pouring into Linux? That's been happening for 20+ years, especially the last 10-15 years. But, I agree most of these ideas that I consider unnecessary, are necessary for some corporate client somewhere...systemd as an example.
- Head_on_a_Stick
- Posts: 14114
- Joined: 2014-06-01 17:46
- Location: London, England
- Has thanked: 81 times
- Been thanked: 132 times
Re: Malware Found In The Ubuntu Snap Store
The bitcoin miner only runs when the snap is running, it is inactive otherwise.
I'll just leave this here:
http://kmkeen.com/maintainers-matter/
Snaps, Flatpaks & Appimages are great for convenience but they take away control (and oversight).
I'll just leave this here:
http://kmkeen.com/maintainers-matter/
Snaps, Flatpaks & Appimages are great for convenience but they take away control (and oversight).
deadbang
-
- df -h | grep > 20TiB
- Posts: 1400
- Joined: 2012-10-06 05:31
- Location: /dev/chair
- Has thanked: 79 times
- Been thanked: 175 times
Re: Malware Found In The Ubuntu Snap Store
This ^. This is what makes the GNU/Linux ecosystem what it is, and it's pretty much the reason we have "distros" at all.Head_on_a_Stick wrote:http://kmkeen.com/maintainers-matter
All the app stores I have ever used suck, because no maintainers and far too much junk.
Once is happenstance. Twice is coincidence. Three times is enemy action. Four times is Official GNOME Policy.
Re: Malware Found In The Ubuntu Snap Store
This is the core of it. The problem with things like a Snap package - like a Windows .exe file - is that a] it makes the user unaware of which other dependencies are being installed and updated and b] more importantly, it teaches them not to care in the interests of usability and a system that 'just works'. If *nix is about anything, it's about user control, system knowledge, and for each program to do one thing and to do it well - and those things aren't going to happen if people are installing packages with no idea of their contents or not even caring. It's the start of the system controlling the user, which is one of the very things that Linux tries so hard to get away from.Head_on_a_Stick wrote:
Snaps, Flatpaks & Appimages are great for convenience but they take away control (and oversight).
It's about the usefulness and effectiveness of that role. Ubuntu has got a lot of people into Linux, which is a great thing.bw123 wrote:yeah, well even a stray cat fills a role, are they really needed? I don't know...
- None1975
- df -h | participant
- Posts: 1389
- Joined: 2015-11-29 18:23
- Location: Russia, Kaliningrad
- Has thanked: 45 times
- Been thanked: 66 times
Re: Malware Found In The Ubuntu Snap Store
Yes, of course. Why do I need a system that, after some "upgrades", is breaking everything? What needs a system that turns a computer into bricks (case with Ubuntu 17.10), which is a system that does not have a clear perspective? Who needs a system with an unclear security policy (case where the snap was included and many more unknown cases we are expecting to come into the daylight). I can continue and continue ...Lysander wrote:Can you qualify "not needed"?
OS: Debian 12.4 Bookworm / DE: Enlightenment
Debian Wiki | DontBreakDebian, My config files on github
Debian Wiki | DontBreakDebian, My config files on github
Re: Malware Found In The Ubuntu Snap Store
What drew me to Debian, what keeps me with Debian is Apt. Not only is package management relatively easy, I know that when I install a package from the Debian repositories that said package will be clean. That's simply not true when taking software packages from random suppliers on the Internet.
-
- Posts: 459
- Joined: 2013-06-16 00:10
Re: Malware Found In The Ubuntu Snap Store
"B-but muh convenience"Bulkley wrote:What drew me to Debian, what keeps me with Debian is Apt. Not only is package management relatively easy, I know that when I install a package from the Debian repositories that said package will be clean. That's simply not true when taking software packages from random suppliers on the Internet.
the crunkbong project: scripts, operating system, the list goes on...bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Malware Found In The Ubuntu Snap Store
This.Bulkley wrote:What drew me to Debian, what keeps me with Debian is Apt.
And this.Lysander wrote: If *nix is about anything, it's about user control, system knowledge, and for each program to do one thing and to do it well
It is fundamentally important for a Linux distribution to provide it's users with trusted software. That is what made Linux unique and different from the rest. Package management and good, clean repositories are the core of every distro. Now, both Canonical and Red Hat are trying to provide low key actors the opportunity to squeeze in their software into Linux ecosystem.
Canonical tried this before with PPAs, but those had two critical flaws:
a) eventually incompatible libs will break newer versions of software.
b) they weren't distro-agnostic.
You don't have to be an expert to understand what snaps and Flatpaks imply. Users get easy way to install previously unavailable software at the cost of not knowing (and not caring) about what exactly they get. Sources anyone? You really think they will let us see the sources after these new package managers become the norm? I don't think so.
"But, Wheeler, aren't you pro-flatpak?" Yes, I am, for now. I still think Flatpak has more chance of ethically distributing software than snaps. Reasons being that it's more transparent, has a cleaner repo, has multiple repos, sources are not hidden on some random page, etc.
Re: Malware Found In The Ubuntu Snap Store
This. If I wanted to use Windows I would use it. Keep Linux free of this junk.bw123 wrote:If you want linux to work like windows, it will work like windows.
Edit: regarding Ubuntu: when Ubuntu allows garbage like this onto new Linux users computers it ruins any argument for using Ubuntu. And hurts Linux altogether.
-
- Posts: 1454
- Joined: 2015-08-30 20:14
Re: Malware Found In The Ubuntu Snap Store
Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
That's it, Debian forever. Screw everyone else. From this point on, Debian's model is the gold standard in Linux land.
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
LOL?The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.
Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.
Now, this is atrocious...this is outright lying.App Stores for iOS, Android and Windows follow some standard patterns for quality and security control – automated checkpoints that packages must go through before they are accepted, and manual reviews by a human when specific issues are flagged. The Snap Store implements both of these patterns.
That's it, Debian forever. Screw everyone else. From this point on, Debian's model is the gold standard in Linux land.
Re: Malware Found In The Ubuntu Snap Store
Just when I think Shuttleworth and Ubuntu can't do anything more foolish....
Re: Malware Found In The Ubuntu Snap Store
fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.
The "snap" store, strictly Ubuntu...?
The "snap" store, strictly Ubuntu...?
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein).
(Albert Einstein).
- ticojohn
- Posts: 1284
- Joined: 2009-08-29 18:10
- Location: Costa Rica
- Has thanked: 21 times
- Been thanked: 44 times
Re: Malware Found In The Ubuntu Snap Store
Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.
I am not irrational, I'm just quantum probabilistic.
-
- Posts: 459
- Joined: 2013-06-16 00:10
Re: Malware Found In The Ubuntu Snap Store
"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivialticojohn wrote:Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.
the crunkbong project: scripts, operating system, the list goes on...bester69 wrote:There is nothing to install in linux, from time to time i go to google searching for something fresh to install in linux, but, there is nothing