Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
AlienRobot 7 hours ago

The real problem is people believing "plugins" are not full software.

If you install a dozen mini-apps from random developers you never heard about, you can't complain if one is malware.

Krita also has a plugin system based on Python. Any "plugin" has the same level of access as running a python script.

Personally I blame operating systems for not providing a way to isolate how programs interact with user files.

Groxx 4 hours ago | parent | next [-]

Krita: that is a decision by Krita(/GIMP) and not anything inherent in "plugins" or "python" - it could be a bubblewrap/firejail contained process, for example (other OSes have similar-ish options but there's always something, e.g. don't use cpython). They have chosen to continue to put their users at risk by not doing anything at all like that.

There are of course complications, costs, and downsides associated with doing that. It might not be worth it currently, or performance costs might be too high, or the community might be overwhelmingly using abandoned plugins that won't be updated, etc. It's still a decision to remain complacent until forced by attacks though, it's well beyond common knowledge that these things happen so you can't really call it ignorance.

pdpi 6 hours ago | parent | prev [-]

Software engineers at large would benefit from playing World of Warcraft, and seeing the ongoing fight between Blizzard and add-on authors.

WoW's whole UI is built in the same Lua environment as add-ons, and Blizzard has implemented some interesting restrictions (like the taint system[0]) to prevent add-ons from completely automating gameplay.

0. https://wowpedia.fandom.com/wiki/Secure_Execution_and_Tainti...

Groxx 5 hours ago | parent | next [-]

Thanks! I've been meaning to read up on taint systems, looks interesting :)

I'm somewhat convinced that taint-influenced capabilities is a good future model to pursue. Computers are fast, I'm fairly confident that it chould be done at whole-computer scale and still be reasonable... though probably not with a million electron apps. Which is likely a good thing in aggregate (I say as a fan of web tech and the very compelling features such things offer. Great for minor or PoC, not for major pieces of software).

AlienRobot 6 hours ago | parent | prev [-]

World of Warcraft is one of the most popular MMO's ever made.

You simply can't expect every software that wants a plugin system to have the same security practices as the most used software in the world.

In fact, there are many reasons why you might want a plugin to have full filesystem and internet access, such as batch processing or simply adding things directly from webpages. Sandboxing this will just make plugins less useful.

In the end it's a problem of trust. You're installing software from untrustworthy developers because you trust the name of the application those plugins are associated with.

You could fix the problem in Obsidian, but the same problem will happen in other software. Some of which simply can't justify bothering with sandboxing plugins. This is just the way plugins are.

pdpi 5 hours ago | parent [-]

> You simply can't expect every software that wants a plugin system to have the same security practices as the most used software in the world.

I'm not saying that I think they should, or that I expect them to. I'm saying that it's one particular implementation of sandboxing that has a bunch of interesting properties, and that makes it worth studying.