Warning! Stacer is Malware!

[Mauser]

I hope I am posting this in the correct section. If not please move to where it belongs. I just came across watching a video on Invidious of Stacer. Looks like an interesting cool application. I installed it from Souceforge since it wasn't available in any of the MX Linux or Debian or Flatpaks repositories. Looks like a good application to add to the repository if the MX Linux developers see fit to do so. https://sourceforge.net/projects/stacer/

[xali]

this is an older post about stacer viewtopic.php?f=108&t=42228

[Mauser]

By the way. I made a mistake suggesting that Stacer be added to the MX Linux repos. Don't add it because Stacer will break the volume selector for your keyboard. Thanks to Stacer my volume control on my keyboard no longer works. I can only adjust the volume with the mouse. I also found out that Stacer removed the keyboard shortcuts and changed file permissions on me which makes Stacer Malware. I got my shortcuts back and file permissions straightened out. Still no volume control from the keyboard.

[JayM]

The AppImage version of Stacer works just fine. But as I don't have a laptop and my desktop computer's keyboard doesn't have volume control keys on it, I can't tell you anything about how Stacer affects that. I don't think it's very nice to label it malware because it may have caused a problem on one computer though, especially without filing a bug report with the Stacer dev first. Just because it may have broken your volume control doesn't necessarily mean that it breaks it for everyone.

[spanizdogs]

I did just a test with Appimage of Stacer on a labtop Toshiba Satellite Pro .

All media buttons/key's working (clementine). No remapping by Stacer of the keyboard.

I did't try the repo version.

[wulf]

I had Stacer running a while back and to be honest I had no problem with it at all, and it uninstalled cleanly for me. If I discover something that gets my curiosity and it's not in the repo's, I'll always go to Github and download from there if I decide I trust it. At least that way, you have the option to review the code or/and read the comments of the users and the dev(s) rather than relying on a 3rd party download site, although in this case, Skidoo showed in his post on another thread that the sourceforge download was legitimate. I think in this case Mauser, you were unlucky that the program wiped-out some settings. Other than that, it's a nice slick utility with a pretty interface, but technically it doesn't really do anything extra that can't be done through the terminal, but it does put it all in one place for convenience I suppose.

[skidoo]

another day, another same ol' same...

Keyboard volume control got broken by Stacer [Solved]
Post by Mauser » Wed May 22, 2019
http://forum.mxlinux.org/viewtopic.php?f=104&t=50456

I got that Malware from Sourceforge

Really?

Malware?

methinks you're wrongfully defaming sourceforge.
Congrats on solving, but this smells like a too-typical example of the consequences
from engaging in instantgrabification, didntreadthefinemanual behavior.

Hurr Durr, iwannapony an' sourceforge ain't zackly a PPA, so eveething should be fine, right...

[skidoo]

https://github.com/oguzhaninan/Stacer/issues
zero reports of malware / adware / badware

anyhow, let's compare the served-by-github debfile vs the project's served-by-AWS debfile:

https://sourceforge.net/projects/stacer/files/v1.1.0/stacer_1.1.0_amd64.deb/download
$ sha512sum stacer_1.1.0_amd64.deb
19bcb87f3d99ce090ab1fb917f65f7dd74f0b1e4fc19272eae0ad8d5c66d3dbe53cbdb50841bbd9a0e16f03201cd6cc5f0bc1a57eda41fd096ed275cf762d84a stacer_1.1.0_amd64.deb

---------------------------------------------------------

https://github.com/oguzhaninan/Stacer/releases
https://github.com/oguzhaninan/Stacer/releases/download/v1.1.0/stacer_1.1.0_amd64.deb
^--- redirect ---v
https://github-production-release-asset-2e65be.s3.amazonaws.com/72979287/49435c80-7522-11e9-921b-a9445444247a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20190523%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20190523T195057Z&X-Amz-Expires=300&X-Amz-Signature=67753ea03f6d3ea25a149e4e409c224b688f0b52ce9d5f7639d50d1c8940317f&X-Amz-SignedHeaders=host&actor_id=11653911&response-content-disposition=attachment%3B%20filename%3Dstacer_1.1.0_amd64.deb&response-content-type=application%2Foctet-stream

$ sha512sum stacer_1.1.0_amd64.deb
19bcb87f3d99ce090ab1fb917f65f7dd74f0b1e4fc19272eae0ad8d5c66d3dbe53cbdb50841bbd9a0e16f03201cd6cc5f0bc1a57eda41fd096ed275cf762d84a stacer_1.1.0_amd64.deb

[Head_on_a_Stick]

I've just tried the github .deb in my buster system, it seemed to work fine and didn't cause me any problems.

Nice application, if you like that sort of thing.

[skidoo]

Nice application, if you like that sort of thing.

FYI, and to clarify: no, I don't favor these bloatware applications & absolutely would not recommend stacer.

What tripped muh trigger here was the wrongful defamation of sourceforge.
The site, under new ownership these past few years, has really tried to cleanup its act & the CEO has participated in the various linux-related subreddits, fielding in-the-trenches questions, and (empathisizing with but) refuting recent allegations, and defending against historical FUD dregded up by donttrytoconfusemewiththefacts detractors.

Considering that google.code threw in the towel due to that hassle of _attempting_ to screen for malware (and stubbed inject-it-later installers), along with the curl|sudo c'est la vie attitude among the growing horde of iwannapony users (and devs pushing warez via golang//pip//etc sudo-permissioned "module" install+ auto-updates)... it's unreasonable to expect that any freehosting site can successfully remain entirely malware-free.