Remix.run Logo
tialaramex 5 hours ago

> no mechanism in standard Linux distributions

Now, when I first ran Linux in the mid-1990s, this was true. "Plug-and-play" is just peaking over the horizon. Other systems have had it for years (the Amigans for example) but for the PC it's pretty new.

But today a whole lot of mechanism is spun up when the kernel realises something new was added. A netlink socket talks to a udev daemon, in userspace and that daemon, being ordinary userspace software can do whatever it wants including of course run a bunch of arbitrary shell scripts, which can in turn do whatever they want. So yes of course they could download arbitrary software, or delete all your files with a Z in their name.

> from a vendor

Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.

[Speaking more specifically of fwupd, which is ultimately fed by hardware vendors directly]

> but those are curated

I'm sure Microsoft considers that they are curating their system too. We both just think (I assume you're not here to defend Microsoft) their curation sucks.

I want to be sure we're pointing at the right thing here. The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux. The problem is what was delivered.

pessimizer 30 minutes ago | parent [-]

> Where the Adware comes from is of no consequence to the end user. "Um actually, the file came from Microsoft's servers" is irrelevant.

Wrong. If I have a business relationship with MS where I've agreed to accept adware, this is meaningful. If I've bought a monitor that never informs me that it is installing adware, especially adware on their servers that could change at any time, this is a problem. It is different when the mailman opens my mailbox than when the person who cuts my grass opens my mailbox.

> The problem isn't that your Windows PC can end up running software because a device was plugged in, that's actually convenient and a benefit to many people and that works in Linux.

It's also a problem that Linux has allowed itself to be invaded by a creepy octopus of a user-hating system with tons of mutual dependencies, trying to gradually replace everything on your OS.

The problem is that Windows is running things without your explicit approval. The problem with Windows and new Linux is that it even has the ability to do so. Security became protecting the system from the user, rather than protecting the user from the network and devices.

The idea that userspace can do anything in userspace is a bit of a red herring, though. The question is how the malware gets into userspace in the first place. In the case of Windows and systemd, the malware is integral to the OS itself.

> that's actually convenient and a benefit to many people

To reiterate, it is not in any way convenient or a benefit to anyone that software is installed silently and secretly by their monitor. The idea that having to approve arbitrary software installation is some great inconvenience doesn't pass the laugh test.