Remix.run Logo
Gualdrapo 6 hours ago

I don't feel like spending my money on some horrible corpo pulling out stuff like this, even if I've been using linux since 2006. Who can tell if they will do this to other OS in the future?

ptx 5 hours ago | parent | next [-]

My understanding is that the monitor doesn't do anything by itself - it's just Windows detecting the device and automatically downloading and installing LG:s proprietary add-on software. The monitor itself isn't attacking the machine by exploiting vulnerabilities or spoofing user input or anything like that.

So you won't have this problem if you're running Linux and other Free Software under your own control. The problem in this case is just another example of why proprietary software can't be trusted.

embedding-shape 5 hours ago | parent [-]

> My understanding is that the monitor doesn't do anything by itself

The understanding should also included that unless LG actually asked Microsoft to implement this autoinstalling malware, it wouldn't have been installed by itself.

I think parent commentator is making the argument that they don't want to financially support companies who engage in these sort of things, regardless if this particular scenario applies to their environment or not.

ptx 4 hours ago | parent [-]

Sure, but I was addressing the question that was asked (although perhaps it was asked rhetorically): LG cannot do this to you if you don't install their proprietary software, so Linux users are safe (assuming they use a trustworthy distro).

You could choose to buy from another vendor, but other vendors have the same incentives to abuse your trust in the same way once they manage to persuade you into running their proprietary software on your machine.

leni536 5 hours ago | parent | prev [-]

This is probably Windows pulling LG software through Windows Update bases in EDID. Linux won't ever do this BS.

delta_p_delta_x 5 hours ago | parent | next [-]

> Linux won't ever do this BS.

Arch Linux's AUR was recently hit by an actual malware supply-chain attack[1], which I would claim is arguably worse than adware. NPM is regularly in the news for supply-chain attacks. And then there was the XZ utils debacle in 2024. I concede that Microsoft is in part responsible for facilitating something like this, but just because something is free and open-source or based on Linux doesn't make it a universal panacea for malware or supply-chain pwnage.

[1]: https://lists.archlinux.org/archives/list/aur-general@lists....

delusional 5 hours ago | parent | prev [-]

I wouldn't be so categorical. This isn't really a kernel concern, and I could completely believe that there are some distros out there that pull in random packages based on hardware detection.

The saving grace of linux currently is that volunteers package most of the software, and they don't generally package malware. There is no structural guarantee there, and if we invite corporate interests to package at some point (like flatpack and snap wants to) this is 100% going to happen eventually.