Hacker News new | past | comments | ask | show | jobs | submit login

On a side note, had this been a case with an MacOSX application or Windows application, would you have petitioned Apple or MSFT?



Altering desktop apps seems like it wouldn't have as much impact since those aren't being marketed through integrated app stores. It seems attempts at selling counterfeit copies online is the biggest problem for those. They get removed from Ebay generally, but have turned up on Craigslist occasionally.

Still, there are quite a few programs out there that use open-source in violation of the GPL. In particular, there are quite a few video-conversion or DVD apps using ffmpeg improperly on both Windows and OS X. (Use on Linux is proper, and users get needed patches) Aside from denying users the ability to make more changes with the relevant source, the apps are also generally poorly maintained. Even some with frequent GUI updates have failed to stay current with the core code. There have been several ffmpeg updates to address exploits using malformed videos, but users of many of the utilities are still vulnerable. The true open source projects are maintained very well, it's the apps where people are out to make a quick buck with a GUI on some free code and ignore the license that are the offenders. Projects such as VLC saw immediate updates.

The many utilities that hide their use of ffmpeg and related open-source generally don't get listed in the security alerts such as this. http://www.securityfocus.com/bid/15743

Even Pre OS X Mac applications had many resources that were easily modified With ResEdit and other tools. It would have been more work to alter code with security features, but changing the about box, splash screens, icons, and menu/dialog text was trivial and didn't require programming skills. Of course the sort of resources modularity used it was made international localization so easy.

I never did hear of any apps being hijacked, but those were comparatively innocent times.


Interesting question... but we are not exactly petitioning Google for anything here. We just point the problem out and maybe they care enough about it and will fix it. otherwise we'll just have to live with it, or leave to other platform... I think we would have done the same if it were for Apple or MSFT




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: