
GStreamer and the state of Linux desktop security - discreditable
https://lwn.net/SubscriberLink/708196/845f9287f1936dcf/
======
digi_owl
To me the problem here is "user friendliness" gone wild.

Chrome wants to be friendly so it downloads automatically rather than show a
dialog (the download can be triggered by JS no less!). Then Gnome comes along
and index every new file so the user can find it using the DE provided search
functionality. This indexer in turn makes use of media codecs that happens to
be insecure.

Never mind that disabling any of these things are likely to be somewhere
between hard and impossible because "my precious UX".

I see some of the commenters on LWN talking about people moving to Linux
because of security. Maybe some did so. But for me at least the security part
was secondary to moving to a OS were i felt in control, rather than battling
obfuscations and overly eager (almost puppy like) automation.

Sadly recent years have seen the same kind of idiocy creep into Linux as the
big DEs try to make "year of the desktop" happen. This while apparently never
realizing that the one thing that made the Windows desktop such a fixture was
that Microsoft would bend over backwards to maintain backwards compatibility
even while making strides in security and stability.

Damn it, 32-bit Windows 10 installs can to this day run win16 binaries on
modern day CPUs (64-bit can't because of mutually exclusive CPU modes). Good
luck doing that with binaries compiled against any of the major DE toolkits
(or their surrounding support libs) from even a few years ago (i have
personally witnessed glib shit itself in subtle ways just because of a point
release).

The day Linus hands over maintainership of the kernel is the day the same kind
of idiocy infests it as well.

