this post was submitted on 02 Oct 2023

159 points (97.0% liked)

Linux

56339 readers

900 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

159

Snap store from Canonical hit with malicious apps (www.gamingonlinux.com)

submitted 2 years ago by adonis@kbin.social to c/linux@lemmy.ml

18 comments fedilink hide all child comments

Canonical are currently dealing with a security incident with the Snap store, after users noticed multiple fake apps were uploaded so temporary limits have been put in place.

top 18 comments

sorted by: hot top controversial new old

[–] moose@reddthat.com 42 points 2 years ago (3 children)

I stopped using the Snap Store the moment I realized the majority of the Snaps were uploaded by totally random people who have zero relationship with the app itself.

For example: https://snapcraft.io/publisher/kz6fittycent

You’re telling me this guy is personally involved with all 43 snaps he’s published? You want me to believe he’s going to dutifully maintain all 43 of them?

Yeah. Okay. Sure. Totally.

It’s like, there’s a man on the street corner selling chicken nuggets he swears he got from McDonalds. Do you want to buy nuggets from him or just walk around the corner and get them from McDonalds yourself?

[–] cmhe@lemmy.ml 21 points 2 years ago (1 children)

I dislike the snap store as well, but what you describe is how packaging works on Debian as well. Anyone can make, maintain a package. And there are people there that maintain even more packages.

However, there is a difference when uploading it to the repos, you either have to be a Debian developer or find one to sponsor your package first. After a while of doing good work, you can also request becoming one yourself.

This additional burden makes it more difficult for malicious people to go through.

Personally I prefer this separation of software developer and package maintainer, because that makes it a bit more difficult for malicious devs to push packages directly or for them to not package them the optimal way for the distro.

[–] wiki_me@lemmy.ml 9 points 2 years ago (1 children)

I think that in practice it prevents them completely, i never heard of any type malware uploaded to debian or nix and flathub for that matter.

[–] possiblylinux127@lemmy.zip 2 points 2 years ago

I guess its a reminder to verify your apps

[–] BitingChaos@lemmy.world 11 points 2 years ago

After realizing the Godot package in Ubuntu was terribly outdated, I checked their snap store.

There are half a dozen Godot packages on Snapcraft, uploaded by random people. There is no indication of which a user should actually get, as none are "official". The one package that has a "verified" check also has a full description of just the word "blah", so it's clear it's not the real one and the "verified" checkmark means nothing.

Anyone that wants to upload something can. Non-functional, non-tested apps, others' work, abandoned apps, malware, etc.

And then the system ties your hands behind your back and refuses to let you control things like updates.

Snaps are an abortion and it has been turning people off to Ubuntu like crazy.

[–] YamiYuki@lemmy.kde.social 1 points 2 years ago (1 children)

Isn't it the same for Flatpak?

[–] possiblylinux127@lemmy.zip 2 points 2 years ago

Somewhat but its not nearly as bad

[–] xkforce@lemmy.world 29 points 2 years ago (1 children)

Ubuntu is trying to reinvent Windows, malware risk and all

[–] lemmy_nightmare@sh.itjust.works 2 points 2 years ago

Lol 🤣

[–] DocBlaze@lemmy.world 23 points 2 years ago* (last edited 2 years ago)

ahem attention Walmart shoppers. PSA.

Do NOT. ever. EVER. use the snap store.

EVER.

Other responsible distros like mint have gone as far as disallowing it for good reason.

Alright now, have a good day, kiddies.

[–] possiblylinux127@lemmy.zip 23 points 2 years ago

Cause we all needed another reason to not use snaps

[–] lvxferre@lemmy.ml 18 points 2 years ago

At those times I'm glad that I ditched Ubuntu for Mint. Less stupid shit to deal with. (That was partially motivated by snaps. I've seen bored snails in alcoholic stupor running faster than snaps.)

[–] Schorsch@feddit.de 12 points 2 years ago

Ah snap!

[–] BitingChaos@lemmy.world 8 points 2 years ago (2 children)

After any Ubuntu install:

    apt purge snapd

[–] TimeSquirrel@kbin.social 5 points 2 years ago

There's an easier and better way: Install Debian instead.

[–] IvidappAvidapp@mastodon.social -1 points 2 years ago

@BitingChaos @adonis It's the uncontrollable data usage for me😰😰 ...Every app update minimum 300mb 😭😭😭 #snaps

[–] VisuallyHuman@lemmy.world 7 points 2 years ago* (last edited 2 years ago)

༼ つ ◕_◕ ༽つ ANDDD this is why I use Fedora with Flatpak/Flathub. I like my Open Source-ness "sauce" in my packages, they're also sandboxed, but they're lightweight(and easier to review), they share dependencies when needed and it keeps me away from Canonical.

[–] ipsirc@lemmy.ml 6 points 2 years ago