The original post: /r/linux by /u/feelosofee on 2024-12-25 01:01:10.
Dear Visualz Team,
I am writing this open letter to raise awareness and request clarification regarding certain technical and security practices observed in your application.
In earlier versions of the .deb
package distributed for Linux, it appears that the post-installation script set Chromium (embedded within your Electron-based application) as setuid root. This approach raises serious concerns due to the potential security risks it introduces to users' systems.
Additionally, I couldn’t help but notice striking similarities between Visualz and PhotoMosh/Mosh-Pro (developed by Airtight Interactive). The interface, effects, and general functionality suggest that Visualz may have drawn heavily from PhotoMosh, which has recently evolved into Mosh-Pro with audio-reactive effects.
While inspiration is common in software development, PhotoMosh/Mosh-Pro operates with a more transparent and ethical approach, offering clear documentation, no invasive practices, and a competitive pricing model. This transparency contrasts starkly with the concerns raised about Visualz, especially regarding the lack of communication about risky practices like setuid root modifications.
To foster transparency and build trust within the community, I kindly ask for clarification on the following points:
- What was the technical reasoning behind setting Chromium as setuid root?
- Is this practice still present in the latest versions of Visualz?
- What security measures have been implemented to mitigate the risks associated with such modifications?
- How does Visualz differentiate itself from PhotoMosh/Mosh-Pro, given the apparent similarities?
Referencing Background Information:
- Official website: visualzstudio.com
- Email: [[email protected]](mailto:[email protected])
This letter is shared on public forums to engage the community of potential and current users. I hope you will take this opportunity to respond, clarify, and address these concerns transparently.
For those exploring software for audio-reactive visual performances, I recommend considering the following open-source projects that prioritize transparency and user empowerment:
- modV: A powerful, open-source, modular visual performance tool designed for live visuals.
- Ossia Score: An interactive sequencer for intermedia authoring, allowing precise scripting of interactive scenarios.
- Chataigne: A free, open-source software designed to synchronize and control various devices and software for live performances and interactive installations.
All of those apps are nowadays super-easy to install and unobtrusive to the stability of your system, as they are available either as AppImages or Flatpaks.
After decades in this field, we are finally witnessing the moment when Linux is truly able to shine in the realms of media manipulation, high-performance audio and graphics processing, gaming, and beyond. So let's not settle for anything less than tools that respect our systems, our security, and our creative freedom.