this post was submitted on 26 Feb 2024
33 points (92.3% liked)

Linux

48363 readers
1451 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I am not a member of the Anti-Snap crowd (although of course the server sources should be open source), but there is obviously a lot to improve. Flathub/Flatpak should also take note!

top 6 comments
sorted by: hot top controversial new old
[–] [email protected] 15 points 9 months ago* (last edited 9 months ago) (3 children)

Real tldr: someone downloaded a fake app and was scamed and here are the author's recommendations:

  • Mandate & verify that all published applications using financial and/or cryptocurrency branding are officially published directly by the upstream developers
  • Change the store so all initial Snapcraft store name registrations are gated behind human review
  • Gate the first month of a new snap uploads behind human review
  • Block all interface connection requests behind a human review, including automatically connected ones like network and home
  • Fully staff the team doing the above to respond to registration, interface connection and upload requests in a timely fashion
  • Send out a clean snap update (as we did in 2018) to all clients that have the scam snaps still installed
  • Publishers should have their ’newness’ on the platform highlighted with a ‘New Publisher’ badge
  • Snaps that are less than $M (2?) months old should have a ‘New Application’ badge
  • Snaps that have fewer than $N (50?) installs should not appear in search results
  • The store should make prominent notes to users that newly published snaps and snaps from new publishers should be viewed with extreme caution
  • Provide better education to users on the risks of installing finance and cryptocurrency software from the Snap store
  • Review and update all wording in graphical and web software store-fronts to ensure users aren’t given a false impression that malware is ‘safe’

Me: What are your recommendations, dear lemmy users? I bet you can come up with much better recommendations

[–] [email protected] 6 points 9 months ago

App Store moderation (because this is what we’re talking about) is a hard and labor intensive problem. I’m not sure it can be done well enough at scale for free without introducing easily gained mechanics.

That said, this seems just a list of ways to blame someone else for messing up and getting scammed.

[–] [email protected] 5 points 9 months ago

The idea of a package maintainer that is vetted by the distribution channel comes to mind. That's the model that has worked with most distros so far. I don't see why it wouldn't work here.

[–] [email protected] 1 points 9 months ago (1 children)

I like the recommendations but I would also just ban cryptocurrency wallets from the app stores (and traditional finance apps capable of transferring funds electronically). There’s not much you can do to stop scams in that space but if the devs distribute their own apps, at least the user can verify they’re at the original developer’s site or repo or whatever and possibly hold them accountable.

That probably won’t help on the scams — people in the crypto world get scammed more than aging grandparents, it seems. But I don’t want Canonical or Flathub to be held liable due to a lack of moderation resources. If they can ever automate moderation to the degree it’s safe, bring back the finance app category with some safeguards.

[–] [email protected] 1 points 9 months ago

Yeah for some apps downloading from the offical site is a good idea.

[–] [email protected] 3 points 9 months ago

I don't recommend downloading from unofficial distrobution channels without verifying a hash. That said, why doesn't Exodus give Linux users a PPA? Mac and Windows both have auto updates for the Exodus wallet.