this post was submitted on 12 Nov 2024
41 points (88.7% liked)
Linux
48364 readers
1038 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
You can self-host your own relay, what is there to worry about?
You are not running the software cause you do not trust the ppl running it? So you do host the software anyway? Just because it is OS and just because you can run it on your own hardware does not mean you can blindly trust it.
You can literally monitor where the data is being transmitted. There is no need to trust anyone. If it was sending data to anything that isn’t your relay server, you’d be able to easily prove it.
It could install software that transmits the data some time else. Basically something virus would do. The code can be hidden somewhere or loaded from somewhere with simple code.
Those are basic tactics used for years by malware. If just simply monitoring would be enough to protect against malware then we would have way less problems.
You should never run untrusted code or code by untrusted ppl.
Sounds like you made up your mind on RustDesk being malware, even though there is no proof. All of your replies are "could/can" without even a hint of factual information on RustDesk being some sort of Chinese backdoor, so I guess we can stop this discussion.
I am talking about it in general. If you trust it or not depends on you. I am just saying that the argument that it is OS or that you can host the server yourself does not automatically mean that it is safe. That applies to any software.
This thread has a lot of reasons against rustdesk and also discusses some alternatives: https://discuss.tchncs.de/post/21632052
Bad coding practices is not malware, that just means the devs are not experts. Also, these were fixed when pointed out by the users, which is the whole point of being open source. The only reasonable issue is the direct modification of the GDM config, which required the user to click a button.
What about the certificate installation on windows? Besides, I never claimed it’s malware, but it’s certainly software I wouldn’t trust.
When running older Rustdesk versions on wayland it would display a notification saying "Rustdesk doesn’t support Wayland yet", containing a button labeled "Fix it", which is the button you’re referring to. There’s no way for the user to know that clicking this button will edit their GDM config and disable Wayland.
That’s simply bad software practice, which was fixed once pointed out. Fact is that if they had done this on purpose, they wouldn’t have changed it and instead, would’ve came up with an excuse to keep it the same way.
I don’t keep track of who says what on this app. Many people in this thread have the idea that RustDesk is some sort of Chinese spyware that is secretly transmitting their files to the CCP. If that’s not your opinion, then I guess we are not in disagreement.
Yes, that’s the wrong way to do it, which is why they changed it. I’m not saying this is perfect software developed by experts, but the idea that RustDesk should be avoided at all cost is insane, specially when they have fixed every issue that was raised.
The only thing they are missing is a security audit done by a third party, which costs money and I doubt they care enough to pay for that just to stop all the finger pointing.
We're not in disagreement about whether rustdesk is malware or not, but I think the developers being incompetent is also a perfectly valid reason to avoid it. Sure, they have fixed most if not all major issues that were reported to them eventually, but who knows when they'll mess something up again.
Also, some issues weren't really resolved timely, take for example the issue where rustdesk autostarted on each boot. That one has been actively ignored for over a year, which is the opposite of building trust.
This is not correct. While they have removed it from being installed on newer installs/updates, the certificate remains on the system that ran the corresponding version installer/upgrade unless it will be manually removed by the few percent that got the news.
As I mentioned, I use remotes occasionally, so I'm trying a low fuss solution. If my bread and butter were remote support, I'd probably invest time in a more customized set-up
China wants so see all our clients browser history in order for their secret AI to produce exactly what we want to buy next as cheap and fast as possible. World domination secured.