Comments (23)
I'm talking about these two:
from embed.
I agree with Fernandez and please can you provide a Linux version too? Why would I trust you? I don't want to install a black box on my computer. Moreover, I'd like to know whether your plugin relies on NPAPI as it's going to become unsupported by Firefox: https://blog.mozilla.org/futurereleases/2015/10/08/npapi-plugins-in-firefox/
Why not using something like WebChimera to build a plugin-free solution?
@fernandezpablo85 Maybe we can try to do some reverse engineering on those native installers to understand a bit what they do. I can use xar or ark to open the pkg archive under Linux.
from embed.
Ok it works with "7z x torrentsTime-download.pkg":
Bom PackageInfo Payload Scripts [TOC].xml
[gouessej@localhost torrentsTime]$ more PackageInfo
<pkg-info format-version="2" identifier="com.torrentstime.plugin" version="1.0.6.0" overwrite-permissions="false" install-location="/" auth="root">
<payload installKBytes="30425" numberOfFiles="6"/>
<scripts>
<postinstall file="./postinstall"/>
</scripts>
</pkg-info>
from embed.
I personally don't trust this plugin as long as it's not open source. All this is clearly to earn money with the vpn service operated by the same team themself : anonymousvpn.org. The vpn is really expensive BTW.
from embed.
Exactly. It's mainly for profit project.
from embed.
At least on OS X, it installs an NaCl executable, which presumably talks to a helper process /Library/PrivilegedHelperTools/com.torrents-time.helper started by launchd.
Unfortunately, this helper process aborts under Darling on Linux after talking to 5.79.65.173 and then doing some socket operations (opening and closing a socket several times). I did not investigate further.
from embed.
Without open-sourcing the actual plugin, I see no point in trusting this project.
from embed.
Ye, it's so obvious that it's for profit/harm that's why they do not open source it. Popcorn Time was something different, they open sourced it all. There is big hype around this plugin atm, after PirateBay implemented it, people forget that PirateBay is not managed by old crew, it's for profit site for a long time now. Now you can't be sure that this plugin will actually not install some malware, it's recognized as Trojan-Downloader.Win32.Generic, which means it downloads/installs something (malware?) without your consent.
from embed.
@LubosD Thanks. It seems to talk to a server located in Netherlands in Amsterdam.
@devlo Which virus scanner do you use under Windows? Have you tested with Winclam (open source)?
from embed.
@gouessej
Kaspersky.
from embed.
The helper process now seems to run under Darling (I'll commit fixes later).
I don't know how to enable the NaCl (pexe) part though. So if somrone is eager to run proprietary binaries on Linux, there is probably a way :-D
from embed.
@devlo, @gouessej : Some executable packers/obfuscators trigger generic trojan warnings in virus scanners (since why would a program obfuscate its inner workings/layout?) but that doesn't necessarily mean malware is involved. My point is, without the actual source, there's simply no way to know.
Another issue I see with source of plugin not being available is documented in #9
from embed.
Not this one. No packer or obfuscator will generate code with network syscalls. You can pretty much get all what's going on from debugging it and looking at assembler code - that's how reverse engineering works.
from embed.
Interesting, though something as simple as an update check would generate that as well, no?
Could you share a decompilation?
from embed.
Yes, it can be false positive, that's why you see generic in Trojan-Downloader.Win32.Generic.
from embed.
Hey guys
Sorry for the late response, we are very busy.
I'm sorry, but I can't quite understand the concerns you've mentioned. There is nothing suspicious in our technology! It's straight forward, efficient and honest. Yes, Honest with a capital H.
It is a state of the art craftsmanship made to stream torrents from your browser and then to be able to convert them to a streamable format and play them with our video player. It has absolutely no other hidden aspects.
We'll be happy to answer any specific professional concern.
from embed.
And they deleted my comment so yet again
http://blog.andrew.im/post/139084882590/torrents-time-security-issues
from embed.
It's really pathetic to delete comments that show bugs in your software... It shows what kind of people are developing this.
from embed.
I'm sorry, but I can't quite understand the concerns you've mentioned.
This is very sad…
from embed.
@DoubleRainbow If you're honest, why don't you simply release the source code of your plugin? It would show that you're transparent, that you have nothing to hide and it would help some developers to improve it too. Plugins are going to become unsupported in major web browsers (and yours still doesn't work under GNU Linux), why not accepting some help to move to a plugin-free solution?
from embed.
@gouessej
It's obvious why it's closed source, because it's FOR PROFIT solution/plugin.
from embed.
Their website mentions they want to implement advertising solutions inside the player. That's why it's closed source.
I can't imagine a better way to get indicted by the govt.
from embed.
@Codeusa Very good article. As described, there is absolutely no reason to use this application as long as it's not being improved upon by an open source community.
from embed.
Related Issues (20)
- NativeClient: NaCl module crashed
- The plugin doesn't work HOT 2
- Plugin not Work. Error! 1063 HOT 2
- change audio channel
- Doesn't seem to work on Chromium HOT 1
- Problem showing poster HOT 1
- Player freezes during buffering
- 64-bit support required
- Still not working
- How do i remove the plugin on OSx? HOT 1
- Unquoted Service Paths
- Subtitles not working HOT 1
- Some questions
- The player only works. 2 time out of 3 HOT 1
- Have an issue with a JavaScript line HOT 1
- Subtitles
- Why this url keep player loading and never play? HOT 1
- How to get rid of torrentsTime on Mac HOT 3
- The Subtitles don't work
- Does this still works
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from embed.