Logic2 security posture

In my personal opinion, extensibility (and the freedom to use the machine to its full extent without “battling” against security sandboxes) trumps the fear of malicious marketplace content, right now.

I think that the Saleae extension market place is way too small currently to be interesting as attack vector, especially given its users are not the typical “I can’t phone you via e-mail, what is wrong with the internet on my phone?”-Grannies, but engineers (some of which may of course be Grannies). Once a critical mass of 3rd party extension is reached, it may be worthwhile to re-evaluate your position with respect to content moderation, but right now I think that this would pose a barrier for someone trying to contribute (and do you more harm than good).

Sticking a device into a USB port already requires a huge amount of trust, and it’s not as if anyone is forced to install any 3rd party extensions. Not saying that your points and concerns are not valid, @natevw, on the contrary.

I would love some “official statement” for the Logic 2 software, what kind of behaviour is expected (by itself and any “well-behaved” extension), to ease setting up firewall rules for the ones who feel better when some rules are enforced, and to provide some guideline for extension developers what the community would deem OK, and leave the rest to peer review. It may be worthwhile to think about a contingency plan, how to act if an extension is actually reported as malicious, but this is also reactive and not proactive (like most things when it comes to security).

Maybe it would also be good to inform the user before installing any non-official (read: Saleae) extensions that there are risks involved (I guess concerning security, stability, performance).

2 Likes