upvote

points

by m13212 hours ago |
comments
upvoteby consp12 hours ago|
next
[-]
> GNOME Calculator (currency exchange rates),

Which would crash (technically hang) if you blocked it. [0]

[0] https://forums.debian.net/viewtopic.php?p=818264

reply
upvoteby emj9 hours ago|
prev|
next
[-]
People still care about these things on Debian. But as is said 20 years ago there was no need, because the default was to be sane.
reply
upvoteby worthless-trash11 hours ago|
prev|
next
[-]
Are these malware ?
reply
upvoteby m13211 hours ago|
parent|
[-]
Per se? No, maybe with the exception of GNOME Shell which literally runs code from the Internet unsandboxed. Can the traffic they silently generate be used for malicious purposes? Absolutely.
reply
upvoteby WD-428 hours ago|
parent|
[-]
Wasn’t it KDE that had malware in its theme store not too long ago? Let that sink in for a bit. You changed around some icon themes and it executed arbitrary code.

And let’s not pretend that kde wouldn’t have an extension system if it could - but it’ll never have one because implanting one in that c++ spaghetti nightmare will never happen.

reply
upvoteby m1328 hours ago|
parent|
[-]
I think you meant to reply to this: https://news.ycombinator.com/item?id=47702680

But if not, I'm not criticizing GNOME in isolation here. It's just what I use and what I'm most familiar with. KDE has the same issues and it does have an extension system too. It's called KNewStuff.

reply
upvoteby youcouldalwz9 hours ago|
prev|
next
[-]
you could always run kwin_wayland and prevent all that phoning home...
reply
upvoteby k4rnaj1k8 hours ago|
prev|
[-]
Problem with updates is that without automatic ones, users could stay on outdated systems and possibly get hacked through some vulnerability(of which there are many). While on the other hand, having explicit confirmations for each network request would be crazy annoying.

Maybe some middleground of having the tool OP sent built-in would be a good option.

reply
upvoteby m1328 hours ago|
parent|
[-]
I run all my systems with all outgoing connections blocked by default, and yes, it is annoying.

But it wasn't always this way, and so, I don't think it has to be. People just need to start paying attention to this.

The impact of a lot of those vulnerabilities would be mitigated if the affected programs didn't connect to the network in the first place.

As for updates in general, I really like the model adopted by Linux update managers and BSD port systems. The entire repository metadata is downloaded from a mirror and cached locally, so the search terms never leave your machine. Downloads happen from the nearest mirrors, there's no "standard" mirror software (unless rsync and Apache count?) so they don't report what was downloaded by whom back to any central system and you can always host your own. Everything is verified via GPG. And most importantly, nothing happens on its own; you're expected to run `apt/dnf update` yourself. It won't randomly eat your bandwidth on a metered connection or reveal your OS details to a public hotspot.

Simple, non-invasive, transparent, (almost) all-encompassing, and centrally configurable.

reply