- cross-posted to:
- technology
- cross-posted to:
- technology
And that, ladies and germs, is how to NOT handle a security incident.
But will it hurt them financially? Past evidence shows most companies see no repercussions for lax security
Great point! Generally they sweat it out as the collective memory fades, I believe.
Some way to record and rank how they dealt with it would be ideal
They may as well say…
Bug fixes and enhancements
Self host RustDesk if you need an alternative.
Nope thanks, after this “fix” for wayland support on linux i do not touch this software https://github.com/rustdesk/rustdesk/blob/1.1.9/src/platform/linux.rs#L411-L422 Basically editing the config to disable wayland without user interaction.
I had no idea! That’s mental.
That file is disturbing. Why does it do everything via external processes and shell commands? Stuff like calling
ls -l
to list files in a directory is not portable, and parsing the output of commands intended for humans and building shell commands without careful escaping is dangerous.
Yeah, just prompt the user.
You may want to reconsider that : https://www.reddit. com/r/selfhosted/comments/14kjvkg/community_consensus_on_rustdesk_with_all_the/
I can’t access that (Reddit blocked in DNS), care to summarise?
Sure thing :
r/selfhosted
7 mo. ago
Op : No-Way3489
Title : Community consensus on Rustdesk with all the controversy in such a short time?
I have recently found out about Rustdesk looking for an Anydesk alternative, and it is amazing. Or so I thought. I have come to learn since its open release in 2021 not all has been a pretty sight. So I would like to know what people generally still think of Rustdesk to this very day. Do you still use the software or have you stopped using the software since you learned the things below?
-
They “fixed” Wayland compatibility by disabling Wayland permanently switching users back to X11, even if they would not use Rustdesk or remove Rustdesk as it would change their system configuration permanently. (see here)
-
They will commercialise the software but are still not communicating what parts they will commercialise. (source)
-
They are obfuscating their Chinese whereabouts. Here is their Chinese company profile. Here is a news website that also makes mention of it. They have relay servers in China as well.
-
They are still advertising the software as open source while the software is in fact not entirely open source and relies on binary files for their GUI. The nightly build is changing this but the stable client on their homepage is still not entirely open source. If you were to compile this stable version and use only actual source code and not binaries, you would have non-functioning software, because it is not 100% open source. Again, this is becoming irrelevant but they advertised it as such for two years while they should not have done so. Keep such practices in mind when entrusting a software manufacturer with your devices. This is not transparency, this is not trust.
Then the comments bring alternatives or the fact that criticism of any kind is banned on Rustdesk’s subreddit.
-