Malicious KDE theme can wipe out all your data - eviltoast
  • Pantherina@feddit.de
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    8 months ago

    This makes no sense.

    The equivalent would be

    A: have a hotdog you buy, which you eat with your teeth and your gut and you know how to do it (and also that hotdog doesnt interfere with your body, its a theme not actual molecules that comparison still makes no sense)

    B: have a hotdog that decides how it is eaten, and manipulates your body to eat it in any arbitrary way

    • @Pantherina
      I’m sorry that this bug have happened.

      But did you, or whoever faced this bug, “eat” it with your “teeth” though? No they didn’t. Why? Because like any proprietary software, OpenSource tools also come with certain terms and conditions that user is expected to read, digest, understand, accept, and then utilize the tool:

      https://fosstodon.org/@Mehrad/112128648273530651

      User had all the possible chance in the world to read the code and make sure it doesn’t do what it’s not supposed to do.
      🧵👇

      • Pantherina@feddit.de
        link
        fedilink
        arrow-up
        1
        ·
        8 months ago

        Yes for sure, but Firefox, Android etc are also all opensource and allow to install only opensource components, still their model is way more secure.

        But for sure, KDE will never become as restricted, as otherways these extensions would not exist.

        • @Pantherina
          I agree, although there are three things worth mentioning:

          1. The conventional Android is not that opensource. It is bundled with tons of proprietary Google stuff. That’s why de-googled Android does not provide as smooth experience.

          2. Android does not restrict you to “only OpenSource” components. WhatsApp for example is widely used and is not FLOSS.

          🧵 👇🏼

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago
            1. Degoogled Android is just as possible. There are nearly all the tools needed (apart from system level stuff like backups) that work without many privileges or with a fine grained permission system
            2. Never said that, but its security allows you to use random stuff and not fear malware. GrapheneOS just does the last % to complete it, like storage and contact scopes.