Closed douxxu closed 2 months ago
A zipfile was found in the body of your issue. The sha1sum of the zip was: 75070c18543a2c56606b912ff8978e9e5a38a517
Hello there 👋 Thanks for submitting your first issue to the Pi-Apps project! We'll try to get back to you as soon as possible. In the meantime, we encourage you join our Discord server, where you can ask any questions you might have.
Please respond as soon as possible if a Pi-Apps maintainer requests more information from you. Stale issues will be closed after a lengthy period of time with no response.
Does this work on both Wayland and X11?
Also, if you are installing the menu launcher to all home directories, why not instead install it to a global location like /usr/share/applications/py-autoclicker.desktop
Does this work on both Wayland and X11?
I used it in both kde x11 and kde wayland, seems to works fine
Also, if you are installing the menu launcher to all home directories, why not instead install it to a global location like
/usr/share/applications/py-autoclicker.desktop
Oh yeah, I didn't though about it, i'll soon update it, but I'll need to modify the uninstall script too. Can we do it one published or must we wait ? I'm not hurry anyways
Can we do it one published or must we wait ? I'm not hurry anyways
I do not completely understand what you are asking here, but feel free to update your github repo, and then upload a new zip file to this issue once you have changed the uninstall script.
Can we do it one published or must we wait ? I'm not hurry anyways
I do not completely understand what you are asking here, but feel free to update your github repo, and then upload a new zip file to this issue once you have changed the uninstall script.
Ok no problem
Hey, just modified the code, here is the new zip:
A zipfile was found in the body of an issue comment. The sha1sum of the zip was: 2005703b4ac24e6a803a4a2f033d3274a4f16801
Where is this app actually installing itself to? Is it just staying downloaded in /tmp?
I don't see any directories being removed in the uninstall
script.
Where is this app actually installing itself to? Is it just staying downloaded in /tmp?
Actually, the installer (installer.py
) ask you to install the auto clicker necessary files into a custom directory you choose, and deletes himself and the GitHub repo. But the uninstall can't actually uninstall the chosen directory.. maybe I have to ask to input manually the path ?
Where is this app actually installing itself to? Is it just staying downloaded in /tmp?
Actually, the installer (
installer.py
) ask you to install the auto clicker necessary files into a custom directory you choose, and deletes himself and the GitHub repo. But the uninstall can't actually uninstall the chosen directory.. maybe I have to ask to input manually the path ?
None of the other apps in pi-apps ask the user to specify an installation directory... why would anyone want that for an autoclicker? Just throw it in /opt or something
Otherwise, any time this updates, it will get stuck and wait for the user to specify an installation directory, and that is assuming they even remember where they put it the first time.
Yeah right, I'll modify it and make a simpler installer without gui in bash for pi apps, i'll
Damn I missclicked.. so I was saying that I'll upload the zip when I finished it
Hey, just rewrote the install and uninstall files, here is the new zip file Py-autoclicker.zip
A zipfile was found in the body of an issue comment. The sha1sum of the zip was: c1965a0d4de5d04d9969b851f6b0ca8f7a49bcd0
Regardless of the applications intended functionality, I do not trust or suggest advertising a single maintainer untrusted 3rd party keystroke generator.
It is not safe for us to advertise as you could maliciously update the application to execute keystrokes without our knowledge once the application has a large enough install base to execute an attack.
I would only be comfortable with an application with such functionality being advertised if it came from the official debian repos which have requirements and maintainers that vet applications for malicious intent before updating.
Regardless of the applications intended functionality, I do not trust or suggest advertising a single maintainer untrusted 3rd party keystroke generator.
It is not safe for us to advertise as you could maliciously update the application to execute keystrokes without our knowledge once the application has a large enough install base to execute an attack.
I would only be comfortable with an application with such functionality being advertised if it came from the official debian repos which have requirements and maintainers that vet applications for malicious intent before updating.
The same could be said for any 3rd-party application run by a single maintainer. Currently it only does mouse clicks, not keystrokes. If we adopt a standard against single maintainers, and apply it fairly, then many pre-existing apps would need review and potential removal. From a codebase perspective, I see nothing uniquely dangerous here - any python script could be maliciously updated to add new functionality unrelated to its original stated purpose. @theofficialgman, if you are concerned about a malicious update for this app in particular, then ensuring it cannot auto-update for existing users would seem like a simple solution.
Regardless of the applications intended functionality
To my understanding, autoclickers are useful for certain websites and games
The same could be said for any 3rd-party application run by a single maintainer. Currently it only does mouse clicks, not keystrokes.
Clicks are keystrokes. There is no difference between the two.
If we adopt a standard against single maintainers, and apply it fairly, then many pre-existing apps would need review and potential removal.
This isn't the problem. See below.
From a codebase perspective, I see nothing uniquely dangerous here - any python script could be maliciously updated to add new functionality unrelated to its original stated purpose.
The applications original purpose is a keystroke injector. It would be trivial for it to be edited to inject a number of malicious commands (eg: rm -rf /
). Other applications are not keystroke injectors originally and would require additional work (and permissions) to add such functionality.
The application has root privileges which is something no other application that is part of pi-apps has https://github.com/douxxu/Py-autoclicker/blob/5dca26db662fdb28f331178d422fa68eaaa80e5f/src/Py-autoclicker.py#L207
@theofficialgman, if you are concerned about a malicious update for this app in particular, then ensuring it cannot auto-update for existing users would seem like a simple solution.
I do not want the application period for the reasons above.
To my understanding, autoclickers are useful for certain websites and games
imho, the applications value is vastly outweighed by its risk. users can accept that risk themselves by seeking it out on their own but I do not want to promote such an application and take that risk on myself.
Very well then.
What is the name of the app?
Py-autoclicker
Where is the app hosted?
Github: repo base
About the app
Upload file or Add PR Link
Py-autoclicker.zip
Confirmations