this post was submitted on 21 Feb 2024
137 points (93.6% liked)

Linux

48287 readers
608 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

A Bitcoin investor was recently scammed out of 9 Bitcoin (worth around $490K) in a fake “Exodus wallet” desktop application for Linux, published in the Canonical Snap Store. This isn’t the first time; if nothing changes, it likely won’t be the last.

top 50 comments
sorted by: hot top controversial new old
[–] haui_lemmy@lemmy.giftedmc.com 88 points 9 months ago (2 children)

Since the snap store is proprietary, canonical should be liable for it.

[–] youngGoku@lemmy.world 11 points 9 months ago (1 children)

Yeah especially since they had a "verified safe" label on it in the snap store web page.

[–] possiblylinux127@lemmy.zip 8 points 9 months ago* (last edited 9 months ago)

The opposite of this would set a terrible precedent

[–] gila@lemm.ee 29 points 9 months ago

It's sad, but as a crypto user I'd be sketched out enough about using a centralised hot wallet app like Exodus in an official capacity, let alone entering my private key in something installed via a 3rd party app store. This probably happens on the Play Store a few times a week, and that's on a bigger platform with a full security review process. It's ultimately unavoidable.

[–] KevonLooney@lemm.ee 28 points 9 months ago (8 children)

Bitcoin is just a scam in general.

"Bro, I'll sell you this really complicated number. No one else has it."

"What can I do with it?"

"Sell it for more money to a bigger fool than you."

"I'm in.*

[–] halm@leminal.space 55 points 9 months ago (6 children)

That's not fair. You can also ruin the environment with it, it's baked into the technology.

load more comments (6 replies)
[–] RmDebArc_5@lemmy.ml 30 points 9 months ago (2 children)

“Bro, I’ll trade your food for this fancy piece of paper”

“What can I do with it”

“Trade it for more food with a bigger fool than you”

“I’m in”

(Not saying that you’re wrong, just your argument is stupid)

[–] rbn@feddit.ch 30 points 9 months ago (2 children)

The problem with most crypto compared to regular money is that it's often seen as an investment. However, one of the most important factors for a currency that is used in everyday transactions is stability and predictability. Money is supposed to ease trading goods and services as a universal middleman. It's not supposed to make someone rich who invested first.

Of course there's also inflation and deflation with regular money but as soon as that's getting out of control, it typically leads to serious economic issues.

[–] You999@sh.itjust.works 2 points 9 months ago

Not to sound like a shill or anything but that's what's great about monero. Its actually used on a daily basis as money because it wasn't designed to be an investment vessel. Unlike most crypto currencies monero is one a few if not the only crypto currency that could suffer from inflation as there is an unlimited supply however this works out in avarage uses favor as there's no scarcity based value which means there's less speculation trading leading to a more stable price. I'm not sure what the long term effects of having an unlimited supply of monero is but their justification is that it's a predictable fixed ammount added which will prevent hyper inflation.

Once again I'm not a crypto shill, I'm literally saying investing in crypto is a bad idea and to only use it for it's utility.

load more comments (1 replies)
[–] Honytawk@lemmy.zip 3 points 9 months ago (1 children)

“Trade it for more food with a bigger fool than you”

Or of course buy any other commodity that you require in life. Which isn't the case with any crypto.

[–] RmDebArc_5@lemmy.ml 4 points 9 months ago

That only works if you find someone who accepts your money. The difference to crypto is that most people accept money, only few accept crypto

[–] HumanPenguin@feddit.uk 10 points 9 months ago

Of course based on that definition. Fiat currency is the same. Just without the complex number.

I am really not a huge fan of crypto. But honestly all modern (post gold standard) money. Is entirly based on users confidence in the nations backing it. The proof of work used for bit coin. Really is no more a matter of faith in folks dumb enough to buy it from you later.

[–] TrainsAreCool@lemmy.one 6 points 9 months ago

Uh oh, you've awakened the crypto bros...

[–] otter@lemmy.ca 2 points 9 months ago (1 children)

That's a bit how currency works in general, the only reason why that piece of paper / metal has value is because we agree that it does (mainly large banks will back it). People also buy and sell currency

The issue is around it being seen as an investment more than as a currency?

[–] delirious_owl@discuss.online 1 points 9 months ago

Its a currency. The finance sector us cancer for commoditizng everything. They've caused famines by markets trading of food.

[–] Nibodhika@lemmy.world 2 points 9 months ago

That's how all currencies work.

"Bro, I'll sell you this piece of paper with a number in it" etc.

load more comments (2 replies)
[–] pineapplelover@lemm.ee 15 points 9 months ago (1 children)

Targeting linux desktop. Damnn

[–] xavier666@lemm.ee 6 points 9 months ago (2 children)
[–] conorab@lemmy.conorab.com 6 points 9 months ago

Truly, the year of the Linux desktop!

[–] LiveLM@lemmy.zip 2 points 9 months ago

For all the wrong reason, I can totally see some coiner bro tweeting this headline going "this is why your should use #windows when handling your #bitcoin" 🙄

[–] GeorgeBushJrJr@lemm.ee 10 points 9 months ago

It's a good thing bitcoin is more secure than fiat money

[–] dog_@lemmy.world 9 points 9 months ago
[–] coolmojo@lemmy.world 7 points 9 months ago (6 children)
[–] danielfgom@lemmy.world 7 points 9 months ago (1 children)

That's is the genuine one. There is a genuine company called Exodus for Crypto. The problem is that a scammer made their own clone and nobody verified whether they really are from the Exodus company.

If you check the manifest on Flathub you'll see they verified it belongs to the real Exodus

[–] coolmojo@lemmy.world 1 points 9 months ago

Yes. You are right. Thanks. Just listened to the Linux Matters podcast episode about this. Crazy.

[–] danielquinn@lemmy.ca 4 points 9 months ago* (last edited 9 months ago) (1 children)

42,396 installs.... Holy shit.

Edit, from the article:

This “Exodus” application published in the Snap store was indeed a scam application. There is a genuine organisation that developed a real, seemingly ’legitimate’ cryptocurrency wallet application. This is not that.

Any chance that the FlatHub one is legit?

[–] TheGrandNagus@lemmy.world 5 points 9 months ago

Apparently the Flathub one is indeed legit

[–] delirious_owl@discuss.online 2 points 9 months ago (3 children)

I mean FlatHub isn't safe in general. You could just target someone downloading the package and give them a malicious package instead. FlatHub doesn't check sigs, so its a hot mess

[–] danielfgom@lemmy.world 4 points 9 months ago* (last edited 9 months ago) (1 children)

They seem to be doing more on that side than Canonical is. But I agree, it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked before publishing.

I hope this is a wake up call for Snaps and Flatpaks.

Apps from the repo have the security, which is why I always default to the distribution repo

[–] qaz@lemmy.world 1 points 9 months ago (1 children)

it should be MANDATORY that the developer is thoroughly vetted and approved and the code run and checked Brexit before publishing.

Brexit?

[–] danielfgom@lemmy.world 2 points 9 months ago

Damn autocorrect...

[–] AProfessional@lemmy.world 1 points 9 months ago* (last edited 9 months ago) (1 children)

The repo is gpg signed. I don’t know why you think thats not sufficient.

“packages” don’t exist like traditional distros. Its a large repo of data.

[–] delirious_owl@discuss.online 1 points 9 months ago (1 children)

Point me to the documentation that describes this

[–] AProfessional@lemmy.world 1 points 9 months ago (1 children)
[–] delirious_owl@discuss.online 1 points 9 months ago (1 children)

This isn't even the right project's documentation

[–] AProfessional@lemmy.world 0 points 9 months ago (1 children)

… I assumed you knew the basics.

Flatpak uses ostree for all data. https://docs.flatpak.org/en/latest/under-the-hood.html

I'm disappointed you criticize the project so harshly with no knowledge of it.

[–] delirious_owl@discuss.online 1 points 9 months ago (1 children)

No, my point is that if flat pak doesn't document that they cryptographically verify the authenticity of packages, then they dont.

Even the ostree docs say that it supports it gpg encryption. It supports it. It doesn't enforce it. That depends on the implementation.

I will continue to harshly criticize projects that leave users vulnerable. Want to prove me wrong? Link me to the flat pak docks that clearly say that all packages are cryptographically verified after download and before upload.

[–] AProfessional@lemmy.world 0 points 9 months ago* (last edited 9 months ago)

Look, Flatpak does, and it’s secure. You can spread misinformation if you like but don’t be proud of it.

You clearly have no capacity to accept new information in good faith.

[–] possiblylinux127@lemmy.zip 1 points 9 months ago (1 children)

Its not terrible but its certainly not great either

[–] delirious_owl@discuss.online 1 points 9 months ago (1 children)

Its pretty terrible compared to normal OS package managers.

[–] possiblylinux127@lemmy.zip 1 points 9 months ago (1 children)

How so? I just open up gnome software an search for the application I need

[–] delirious_owl@discuss.online 1 points 9 months ago

Cryptographic verification of the packages authenticity

[–] qaz@lemmy.world 2 points 9 months ago* (last edited 9 months ago)

It’s produced without upstream involvement but does seem to be legit so far. I placed a post seeking clarification about the Flatpak situation on Reddit 6 months ago. I quickly got a response after posting it. However, the response was from some scammers and I never got a response from the company behind it itself.

[–] TheImpressiveX@lemmy.ml 0 points 9 months ago

LOL, you should have DYOR and used a cold wallet. You clearly don't understand the complexities of Bitcoin, have fun staying poor!

/s

load more comments
view more: next ›