• flambonkscious
    link
    fedilink
    English
    arrow-up
    8
    ·
    9 months ago

    And that, ladies and germs, is how to NOT handle a security incident.

    • FenrirIII@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      9 months ago

      But will it hurt them financially? Past evidence shows most companies see no repercussions for lax security

      • flambonkscious
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        Great point! Generally they sweat it out as the collective memory fades, I believe.

        Some way to record and rank how they dealt with it would be ideal

        • i_am_not_a_robot@discuss.tchncs.de
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          That file is disturbing. Why does it do everything via external processes and shell commands? Stuff like calling ls -l to list files in a directory is not portable, and parsing the output of commands intended for humans and building shell commands without careful escaping is dangerous.

        • UnsavoryMollusk@lemmy.world
          link
          fedilink
          arrow-up
          8
          ·
          edit-2
          9 months ago

          Sure thing :

          r/selfhosted

          7 mo. ago

          Op : No-Way3489

          Title : Community consensus on Rustdesk with all the controversy in such a short time?

          I have recently found out about Rustdesk looking for an Anydesk alternative, and it is amazing. Or so I thought. I have come to learn since its open release in 2021 not all has been a pretty sight. So I would like to know what people generally still think of Rustdesk to this very day. Do you still use the software or have you stopped using the software since you learned the things below?

          • They “fixed” Wayland compatibility by disabling Wayland permanently switching users back to X11, even if they would not use Rustdesk or remove Rustdesk as it would change their system configuration permanently. (see here)

          • They will commercialise the software but are still not communicating what parts they will commercialise. (source)

          • They are obfuscating their Chinese whereabouts. Here is their Chinese company profile. Here is a news website that also makes mention of it. They have relay servers in China as well.

          • They are still advertising the software as open source while the software is in fact not entirely open source and relies on binary files for their GUI. The nightly build is changing this but the stable client on their homepage is still not entirely open source. If you were to compile this stable version and use only actual source code and not binaries, you would have non-functioning software, because it is not 100% open source. Again, this is becoming irrelevant but they advertised it as such for two years while they should not have done so. Keep such practices in mind when entrusting a software manufacturer with your devices. This is not transparency, this is not trust.

          Then the comments bring alternatives or the fact that criticism of any kind is banned on Rustdesk’s subreddit.