Page 3 of 3

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-15 19:35
by Wheelerof4te
Canonical's official reaction:
https://blog.ubuntu.com/2018/05/15/trus ... snap-store
The first question worth asking, in this case, is whether the publisher was in fact doing anything wrong, considering that mining cryptocurrency is not illegal or unethical by itself.

LOL?
who informed us that the goal was to monetise software published under licenses that allow it, unaware of the social or technical consequences.

Yeah, next time someone will be unaware that his snap stole your passwords and other "technical" data.
App Stores for iOS, Android and Windows follow some standard patterns for quality and security control – automated checkpoints that packages must go through before they are accepted, and manual reviews by a human when specific issues are flagged. The Snap Store implements both of these patterns.

Now, this is atrocious...this is outright lying.
That's it, Debian forever. Screw everyone else. From this point on, Debian's model is the gold standard in Linux land.

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-15 19:52
by KBD47
Just when I think Shuttleworth and Ubuntu can't do anything more foolish....

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-16 03:27
by hrsetrdr
fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

The "snap" store, strictly Ubuntu...?

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-16 14:49
by ticojohn
hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-16 15:56
by n_hologram
ticojohn wrote:
hrsetrdr wrote:fwiw a сryptocurrency miner requires the proprietary video drivers in order to run.

Why would that be true? As best I can tell the cryptocurrency miners run a javascript in the web page. Why would that require any proprietary video drivers?

"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-16 18:22
by ticojohn
n_hologram wrote:"Require" might be inaccurate for all cases, but offloading cryptominers onto GPU is relatively trivial

Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers. But then again I am but an egg.

Re: Malware Found In The Ubuntu Snap Store

PostPosted: 2018-05-16 19:07
by n_hologram
ticojohn wrote:Granted that GPU's can be targets but I wouldn't think that it is because of proprietary video drivers

To the original quote by hrsetdr, I can't confirm if what this user is saying is true or not, because they haven't shared links and I'm not really interested in looking it up. However, I know that some hardware requires proprietary drivers in order to work as expected (eg, nvidia vs nouveau). I imagine cryptocurrency miners work "as expected" with those proprietary drivers than without it. (Again, this is mere speculation.)

The other angle I would consider is the nature of closed-source in general. When I first started using Linux, the nvidia proprietary driver was condemned for its software flaws, many of which were exploited, documented, and shared with the company. The issue with closed-source is no one can verify the code. If there were a flaw with the nouveau driver, there's a much better chance of someone in the vast Linux community catching it and working to repair it. Intel just received a similar fault for their egregious microcode.