2016-05-04, 19:31
I'm guessing most devs who would know ducked out a while back, but didn't ruuk work on an addon a while ago specifically for encrypting passwords or addons?
2016-05-04, 21:25
(2016-05-04, 19:24)Lunatixz Wrote:(2016-05-04, 13:39)DarkHelmet Wrote: This really made me think. Some addon creators do not upload their addons to the official repo for whatever reasons. The German kodinerds forum even has two own repos (their position to legal/illegal addons is basically the same as here though). While I basically trust the guys I think it's wise to not create temptations.
I have Google Music, Amazon Prime Music and Prime Video addons installed. To make them work I had to enter my Google and Amazon account usernames and password. Can these theoretically be obtained by another addon? This is what I would call a pretty big temptation.
Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
Thanks for clearing it up. The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work. Assuming it's an addon, which many might use, Amazon account information would be quite a target for shady addon devs. The account name and password is stored by the addon.
Can I REALLY trust every one of the developers that far? I mean my Amazon account is attached to my credit card and whatnot, creating quite a honey pot. This really makes me think. I do not even have that many addons installed but what about other users?
2016-05-04, 22:31
(2016-05-04, 21:25)DarkHelmet Wrote:(2016-05-04, 19:24)Lunatixz Wrote:(2016-05-04, 13:39)DarkHelmet Wrote: This really made me think. Some addon creators do not upload their addons to the official repo for whatever reasons. The German kodinerds forum even has two own repos (their position to legal/illegal addons is basically the same as here though). While I basically trust the guys I think it's wise to not create temptations.
I have Google Music, Amazon Prime Music and Prime Video addons installed. To make them work I had to enter my Google and Amazon account usernames and password. Can these theoretically be obtained by another addon? This is what I would call a pretty big temptation.
Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
Thanks for clearing it up. The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work. Assuming it's an addon, which many might use, Amazon account information would be quite a target for shady addon devs. The account name and password is stored by the addon.
Can I REALLY trust every one of the developers that far? I mean my Amazon account is attached to my credit card and whatnot, creating quite a honey pot. This really makes me think. I do not even have that many addons installed but what about other users?
Not sure what you mean by "The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work"?
As for trust... I can safely say i've only seen sketchy code from fly by night pirate developers. Any reputable developer takes pride in their work and most associate themselves with Team Kodi and release here on this forum. This doesn't mean third party developers are malicious code writers, many aren't. It's just more likely you will find issue within pirated software.
BTW we haven't touched on the evils of third-party repos and plugin hijacking which is why it's just as important to vett your repo sources/developers.
2016-05-04, 22:47
i want to put another perspective. Why do addons keep competing with each other? i think this is the baseline and the root of a very fundemental resolation. deleting each other is the way how they compete, but the real question is why? They dont earn fortune out of it for sure. Reputation, immaturity?
2016-05-04, 22:56
(2016-05-04, 22:47)boogiepop Wrote: i want to put another perspective. Why do addons keep competing with each other? i think this is the baseline and the root of a very fundemental resolation. deleting each other is the way how they compete, but the real question is why? They dont earn fortune out of it for sure. Reputation, immaturity?
Outside of the Kodi forum gates.. it's like the wild west! Who knows what drives them, but it's not likely for the good of the community... and more likely to line their pockets.
2016-05-04, 23:23
(2016-05-04, 22:31)Lunatixz Wrote:(2016-05-04, 21:25)DarkHelmet Wrote:(2016-05-04, 19:24)Lunatixz Wrote: Let's clear this up... Yes, any personal information entered into a plugin can theoretically be stolen...
Trust that plugins found here (though not in the official repo) should be considered safe and legal... There are MANY factors that keep plugins out of the official repo.
Thanks for clearing it up. The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work. Assuming it's an addon, which many might use, Amazon account information would be quite a target for shady addon devs. The account name and password is stored by the addon.
Can I REALLY trust every one of the developers that far? I mean my Amazon account is attached to my credit card and whatnot, creating quite a honey pot. This really makes me think. I do not even have that many addons installed but what about other users?
Not sure what you mean by "The Prime Video addon will hit mainstream with Krypton, because it needs inputstream to work"?
I meant that the addon only works with Krypton. Therefore not many users will have it installed now.
2016-05-05, 03:11
I would just like to say that I don't think primaeval is trolling. He has several good points that are valid topics to discuss. I don't entirely agree with everything he said, but what he said isn't unreasonable.
There are reasonable expectations for what computers can and cannot do. Someone who sees a program as nice and as polished as Kodi will have a reasonable expectation that there isn't a gaping hole in security (that requires that they vet Python code). They should still be careful of what they download, but remember that tons of sites are violating Kodi trademarks and making bad-add-ons look totally legitimate. At least, enough for an initial download.
As Kodi gets easier for the everyday user, things like this only becomes more of an issue. Kodi is a power user's tool that is now within reach of everyone.
I don't think we're at the point were something drastic, like ripping out python, is necessary, but we are on that path. It might not be the only path, but something will need to be done, and the sooner the better. We might not need tinfoil hats and totally sandboxed/locked down applications, but at the very least things like warnings and levels of control. A way for Kodi to still be powerful, while not having the "front door" unlocked by default.
At the very least, people will have different views about the matter. It's not a bad thing to be able to discuss all of those views in this thread. As long as everyone can be reasonably nice about it ;)
There are reasonable expectations for what computers can and cannot do. Someone who sees a program as nice and as polished as Kodi will have a reasonable expectation that there isn't a gaping hole in security (that requires that they vet Python code). They should still be careful of what they download, but remember that tons of sites are violating Kodi trademarks and making bad-add-ons look totally legitimate. At least, enough for an initial download.
As Kodi gets easier for the everyday user, things like this only becomes more of an issue. Kodi is a power user's tool that is now within reach of everyone.
I don't think we're at the point were something drastic, like ripping out python, is necessary, but we are on that path. It might not be the only path, but something will need to be done, and the sooner the better. We might not need tinfoil hats and totally sandboxed/locked down applications, but at the very least things like warnings and levels of control. A way for Kodi to still be powerful, while not having the "front door" unlocked by default.
At the very least, people will have different views about the matter. It's not a bad thing to be able to discuss all of those views in this thread. As long as everyone can be reasonably nice about it ;)
2016-05-05, 03:20
Also, slightly off topic to the main point (but was brought up a couple of times): I really really like the idea of a trusted community add-on repo that contains no pirate/bootleg content. Keep in mind, the trust would have to come from reputation, as it would be unofficial. Even if doesn't help the newbies, it would help the power users and add-on devs to have a non-pirate repo be home to add-ons that are not suitable (depending on the reason) for the official Kodi.tv repo. Things like skin mods, add-ons that are legal to distribute/use but contain some closed source parts, add-ons that are stuck in a prolonged "beta" but are not harmful (i.e., Philips Hue lights add-on), etc. A repo still maintained and large enough to be worth people's time to submit to.
It's a nice idea, at least.
It's a nice idea, at least.
2016-05-05, 09:14
(2016-05-05, 03:11)Ned Scott Wrote: I would just like to say that I don't think primaeval is trolling. He has several good points that are valid topics to discuss. I don't entirely agree with everything he said, but what he said isn't unreasonable.
There are reasonable expectations for what computers can and cannot do. Someone who sees a program as nice and as polished as Kodi will have a reasonable expectation that there isn't a gaping hole in security (that requires that they vet Python code). They should still be careful of what they download, but remember that tons of sites are violating Kodi trademarks and making bad-add-ons look totally legitimate. At least, enough for an initial download.
As Kodi gets easier for the everyday user, things like this only becomes more of an issue. Kodi is a power user's tool that is now within reach of everyone.
I don't think we're at the point were something drastic, like ripping out python, is necessary, but we are on that path. It might not be the only path, but something will need to be done, and the sooner the better. We might not need tinfoil hats and totally sandboxed/locked down applications, but at the very least things like warnings and levels of control. A way for Kodi to still be powerful, while not having the "front door" unlocked by default.
At the very least, people will have different views about the matter. It's not a bad thing to be able to discuss all of those views in this thread. As long as everyone can be reasonably nice about it
Trolling was maybe a harsh word on my part, but it has been said repeatedly that python sandboxing is not an option (which I didn't know).
"Kodi is a power user's tool that is now within reach of everyone" is exactly the main issue, really, not python addons. You can see it everyday in the forums (at least on the Android side) that users are using Kodi with little to no knowledge on how a computer work.
On a properly secured computer, the worst an addon can do is trash your Kodi install, because Kodi is supposed to sandboxed. Taking Android, where each app is sandboxed, there is now way an addon could change your HOST file, for instance.
Python was maybe a poor choice as the addon language in the first place, but I hardly see it being replaced based on those concerns only. I heard MrMC has plans to implement javascript (because it's the builtin script language on tvOS), but I must say I don't see that leading anywhere....
Bottom-line:
- Should the "power users" be punished because "everyone" has no clue of what they're doing? I don't think so (anymore)...
- Should python be replaced by something else more secure? Surely, but assuming someone takes up the task, it will take years...
- Is it sane that Kodi is used by millions of computer-illiterate users? Probably not...
2016-05-05, 09:23
For sure, whatever happens shouldn't nerf power users.
2016-05-05, 09:34
It may be worth mentioning that it is also possible to "hi-jack" an addon simply by pushing an addon with the same ID as an existing one but with a higher version number (provided the user has your repo installed).
So theoretically a developer could push a rogue YouTube addon to their repo with a bumped version number, anyone with that repo and the official YouTube addon (from the org repo) would get their addon updated to the rogue addon (if they have auto updates on they might not even notice it).
This rogue addon could behave exactly the same as the official one, but under the hood could be doing anything it felt like; if it runs a service it wouldn't even need to be started, simply having it installed would be enough.
So theoretically a developer could push a rogue YouTube addon to their repo with a bumped version number, anyone with that repo and the official YouTube addon (from the org repo) would get their addon updated to the rogue addon (if they have auto updates on they might not even notice it).
This rogue addon could behave exactly the same as the official one, but under the hood could be doing anything it felt like; if it runs a service it wouldn't even need to be started, simply having it installed would be enough.
2016-05-05, 09:57
Ignoring whether or not an addon provides it's content legitimately either in terms of Kodi's terms or anyone else's (because I don't think it is especially relevant to the security part of this discussion) unfortunately the issue of trust remains the salient point, as I mentioned in my earlier post (more at this link): http://forum.kodi.tv/showthread.php?tid=...pid2326300
So whilst I wholeheartedly support some type community based "trusted" list, from a user protection point of view this probably needs to be independant from Kodi.tv so that it can refer to all addons, regardless of their purpose (since if I understand correctly, in general Kodi doesn't wish to prevent users deciding how to use the program, only to prevent misuse and misassociation of the Kodi name/trademark).
In addition, per my quote and earlier post, since a currently trusted addon can at any time become untrusted for one or another reason (and simply push an update, which the user may receive automatically without knowledge), this list would probably only be able to act 'after the fact' and provide a warning that an addon has gone rogue and suggest users delete and change any connected passwords, etc.
I guess this is not a lot different to how the internet world acts now. Many programs, apps, etc, even from major companies do their best to manage security but sometimes a flaw is found, or they are hacked, and users are only made aware after the fact, and generally the only solution is delete or update the offending app, and change passwords.
I will again reiterate what I said earlier that there are also many legitimate addons, or addons that are not really piracy based but still fall outside Kodi.tv's (or even other site's) definitions and are now (sometimes forcibly because of these various policies) only available via alternative repos. This is a pity and contributes somewhat to how all this can be managed.
Probably also a major difference here is that outside Kodi.tv the kodi world quickly becomes fragemented with many diverse and competing factions (both legitimate and not), so its unlikely that information regarding a rogue addon will appear on any regular tech news and probably won't even reach the majority of the non power users (who are still using these power addons of course...).
So, who could be responsible for managing such a global 'trusted' list? I really do not know...
(2016-05-02, 19:28)jmh2002 Wrote: Even a trusted developer can decide to have a bit of a melt down for whatever reason (commonly it seems to be either other developers or ungrateful users upsetting them), throw all the toys out of the sandpit, and do something perhaps regrettable.
So whilst I wholeheartedly support some type community based "trusted" list, from a user protection point of view this probably needs to be independant from Kodi.tv so that it can refer to all addons, regardless of their purpose (since if I understand correctly, in general Kodi doesn't wish to prevent users deciding how to use the program, only to prevent misuse and misassociation of the Kodi name/trademark).
In addition, per my quote and earlier post, since a currently trusted addon can at any time become untrusted for one or another reason (and simply push an update, which the user may receive automatically without knowledge), this list would probably only be able to act 'after the fact' and provide a warning that an addon has gone rogue and suggest users delete and change any connected passwords, etc.
I guess this is not a lot different to how the internet world acts now. Many programs, apps, etc, even from major companies do their best to manage security but sometimes a flaw is found, or they are hacked, and users are only made aware after the fact, and generally the only solution is delete or update the offending app, and change passwords.
I will again reiterate what I said earlier that there are also many legitimate addons, or addons that are not really piracy based but still fall outside Kodi.tv's (or even other site's) definitions and are now (sometimes forcibly because of these various policies) only available via alternative repos. This is a pity and contributes somewhat to how all this can be managed.
Probably also a major difference here is that outside Kodi.tv the kodi world quickly becomes fragemented with many diverse and competing factions (both legitimate and not), so its unlikely that information regarding a rogue addon will appear on any regular tech news and probably won't even reach the majority of the non power users (who are still using these power addons of course...).
So, who could be responsible for managing such a global 'trusted' list? I really do not know...
2016-05-05, 10:53
IMO there are a couple issues to tackle
- secure credential storage / key ring / whatever
- an alternative to python that can easily be run in a sandbox (JS actually sounds pretty good for it)
- implement a permission system similar to iOS/Android
But all these security features will only ever apply if the user is installing stuff on his own - preloaded boxes can still have any malicious crap installed. And as the majority of dumb piracy users is either following a youtube tutorial and execute whatever command they tell them to do (format c: ), or just buy a preloaded box, not really much will change in terms of security for these kind of users.
- secure credential storage / key ring / whatever
- an alternative to python that can easily be run in a sandbox (JS actually sounds pretty good for it)
- implement a permission system similar to iOS/Android
But all these security features will only ever apply if the user is installing stuff on his own - preloaded boxes can still have any malicious crap installed. And as the majority of dumb piracy users is either following a youtube tutorial and execute whatever command they tell them to do (format c: ), or just buy a preloaded box, not really much will change in terms of security for these kind of users.
2016-05-05, 11:04
(2016-05-05, 10:53)da-anda Wrote: IMO there are a couple issues to tackle
- secure credential storage / key ring / whatever
Yes, at least so that if an addon goes rogue it can perhaps make a mess of the Kodi install, perhaps even steal it's own login credentials, but hopefully not those of other addons that are installed. This would at least limit any serious consequences that might be able to occur.
Thank you da-anda.
