[UPDATE] Goldleaf 0.6 released

Discussion in 'GBAtemp & Scene News' started by RattletraPM, Aug 2, 2019.

  1. altorn

    altorn GBAtemp Advanced Fan

    Member
    5
    Jul 15, 2007
    Canada
    Toronto, Ontario
    Whenever I try to make a USB connection with GoldTree, I am able to go to C:\, then down to directories, for example Downloads folder then GoldLeaf hangs. Then GoldTree is stuck with its regular logs, and I can't kill the process and have to wait for 15minutes. I have a new SSD which works great, and my Switch microSD is pretty fast too. Using Atmosphere 0.9.2 emuMMC 8.1.0. I would assume my USB cable has an issue but I tried Tinfoil+NUT and I am able to install NSP's via USB no problem except some crashes once in a while. I REALLY want to use GoldLeaf but this is the only thing stopping me. Any tips?
     
  2. uyjulian

    uyjulian Homebrewer

    Member
    9
    Nov 26, 2012
    United States
    United States
    Check for non-ASCII filenames, and limit the number of files
     
  3. altorn

    altorn GBAtemp Advanced Fan

    Member
    5
    Jul 15, 2007
    Canada
    Toronto, Ontario
    There is a "Desktop" shortcut in GoldLeaf's filebrowser. Maybe I should move all my NSP's onto there so GoldLeaf and GoldTree don't try to read a lot of crap? Ok I will give it a try when I get home. Thanks for the tip!
     
  4. tabzer

    tabzer GBAtemp Fan

    Member
    3
    Feb 15, 2019
    Japan
    Totally wrong. You keep talking about something that nobody else is. And then calling those imaginary points invalid. You want the argument to be about something that you can potentially discredit instead of trying to understand what's written.


    Yeah, for two days. Depression does that I guess.
     
  5. altorn

    altorn GBAtemp Advanced Fan

    Member
    5
    Jul 15, 2007
    Canada
    Toronto, Ontario
    you guys talk shit and point at goldtree like it's the worst. what blawar is describing can be TRUE FOR ANY APPLICATION. i swear i've heard his lectures in one of my networking/security classes back in university. and he's making it sound much worse than any other app/framework/platform.
    if you can exploit goldtree via network, USB, etc. any other app running on the user's system is just as exploitable. it's just a matter of time. sure your tinfoil never exposes as many attack vectors at the moment, but who knows what will happen in the future? as long as you're connected to the internet, you're vulnerable. the malicious person just has to try harder.

    what you should be doing is creating a thread or a post that makes users aware and protect themselves from potential attacks, not only against Goldtree. Tell them to use a VPN, virus/malware scanners, run things in a VM, do regular backups, whatever makes their system a little bit more secure. a lot of your users are kids who know nothing better, yet you're protesting like those vegans in front of a steakhouse.
     
    Last edited by altorn, Aug 6, 2019
    FMCore likes this.
  6. tabzer

    tabzer GBAtemp Fan

    Member
    3
    Feb 15, 2019
    Japan
    I have nothing against goldtree. I'm more curious about how it can be exploited as @blawar suggested as opposed to being angry about it.

    Can the code to exploit it be implemented in a rogue nsp or bin file that triggers goldtree when loaded by it? Programs often serve specific functions, but if they become too much like an OS, then they could have more power than what is reasonable for their function.

    Of course we are taking risks by installing anything really, but it would be foolish to ignore the points someone makes only because you don't like them.
     
  7. blawar

    blawar GBAtemp Advanced Fan

    Member
    10
    Nov 21, 2016
    United States
    With all due respect, you do not understand anything that is being said. I'm actually in awe that these thoughts actually passed through your brain AND you thought it a good idea to post them for everyone to see. Goldtree isnt being exploited, its doing exactly what ti was designed to do, and in the process exposing your PC to unauthorized access and exploitation. No other program I can think of makes this mistake (other than malware intentionallyy doing it). Goldtree is an unlocked backdoor into your PC.
     
  8. altorn

    altorn GBAtemp Advanced Fan

    Member
    5
    Jul 15, 2007
    Canada
    Toronto, Ontario
    And that's exactly the lecture I'm talking about.

    I totally agree that Goldtree could not be intentionally performing an exploit but can have vulnerabilities that could give attackers exploits. But like I said, this can be true for every other app. Look at OwnCloud's client app, that lets you host and share your home network drive contents through the cloud. They had a vulnerability that let you do remote code execution. They fixed it, but it was a mistake like Goldtree has done. How about Windows' own RDP? Ransomware hackers were able to exploit it. Apps like this have dozens of vulnerabilities ranging from low to high risks. Who's to say none of these vulnerabilities can potentially let you have access to the physical hardware of the end user?

    If you want to help, don't half-ass it and suggest ways for us end users to protect ourselves when dealing with junk coming from the internet.
     
    Last edited by altorn, Aug 6, 2019
  9. blawar

    blawar GBAtemp Advanced Fan

    Member
    10
    Nov 21, 2016
    United States
    I have already told @XorTroll how to fix it many times. At the very least, he needs to sandbox / whitelist directories, and I would highly recommend removing write access completely. However he is selling the "read and write everything" as a feature, when its really not, its an exploit waiting to happen.

    I do not get the impression he really cares if goldleaf users get hacked due to his software.
     
    Last edited by blawar, Aug 6, 2019
  10. Ev1l0rd

    Ev1l0rd (⌐◥▶◀◤) Developer - noirscape

    Member
    10
    Oct 26, 2015
    Netherlands
    Site 19
    Ever heard of timezones kiddo?

    Contrary to what the lot of you might think, I have other priorities than dealing with idiots on GBATemp.

    And I'm directly refuting his points, he just keeps up tossing the same bs about oversizing a problem that isn't really there because it relies on the user acting like a fucking moron whilst at the same time not addressing the point I've made before about this only hurting his trustworthiness.

    But sure, enjoy living in your little bubble where blawar is the god of the Switch scene. If you're ever interested in leaving it, go ahead. Because he's the polar opposite.
     
  11. blawar

    blawar GBAtemp Advanced Fan

    Member
    10
    Nov 21, 2016
    United States
    You are deflecting the argument, my trustworthiness has nothing to do with goldtree's security issues.

    If you did not notice, for betetr or for worse this is the majority of the scene. Most people in the scene are not programmers, hackers, etc, they are normal people who do not know anything about security or the risks involved.

    Goldleaf relying on the user to have knowledge of computer security that goldleaf's author himself does not posses is not realistic.
     
  12. Ev1l0rd

    Ev1l0rd (⌐◥▶◀◤) Developer - noirscape

    Member
    10
    Oct 26, 2015
    Netherlands
    Site 19
    I think the majority of people realize that if you start plugging in random devices or running random software, you're bound to shoot yourself in the foot.
     
  13. altorn

    altorn GBAtemp Advanced Fan

    Member
    5
    Jul 15, 2007
    Canada
    Toronto, Ontario
    as a developer, you're expected to assume every user is either an idiot or malicious.
     
  14. blawar

    blawar GBAtemp Advanced Fan

    Member
    10
    Nov 21, 2016
    United States
    You completely missed my argument. I am not saying the user will plug a random USB device into their PC, I am saying a malicious third party could do it, or hijack a homebrew app to do it for them since users are expected to connect their switch to it.
     
  15. tabzer

    tabzer GBAtemp Fan

    Member
    3
    Feb 15, 2019
    Japan
    Don't be condescending with me. It's been a couple good days since you made a request to @blawar and he delivered for you. You didn't follow up so it seemed like you wised up. My bad. You are doubling down on being daft.

    Like when? Like when you say his points are invalid because he works on proprietary software?

    Or that one time where you wanted to pretend that tinfoil does the same thing as goldleaf?

    Nut is tinfoil's gateway to a PC. Does Nut have write access?

    Goldtree is Goldleaf's gateway to a PC. Does it have write access?

    He literally spells it out for you, and you can't seem to decide which angle to take. Code isn't as emotional as your "argument" tends to be.
     
    Last edited by tabzer, Aug 6, 2019 - Reason: typos
  16. uyjulian

    uyjulian Homebrewer

    Member
    9
    Nov 26, 2012
    United States
    United States
    Anyone can write a homebrew app that emulates a keyboard, mouse, and MSD to automatically execute an executable on the connected computer.

    You don't want random people plugging in stuff like USB killers into your computer? Time to get the epoxy out.
     
    Last edited by uyjulian, Aug 6, 2019
  17. tabzer

    tabzer GBAtemp Fan

    Member
    3
    Feb 15, 2019
    Japan
    Yep, yet somehow there's still stories, mass warnings, and outrage about it when it happens anyway.
     
  18. chaxelos

    chaxelos Member

    Newcomer
    2
    Feb 5, 2016
    selecting USB doesnt do anything it just stuck on that screen and freeze. im on reinx 8.0 any fix?
     
  19. Halo69

    Halo69 Member

    Newcomer
    1
    Aug 6, 2019
    United States
    Can someone explain to me what is the Goldleaf.nsp is???
    (I know about the .nro and .exe but not the .nsp)
     
  20. Halo69

    Halo69 Member

    Newcomer
    1
    Aug 6, 2019
    United States
    Update: nevermind i know what it is now :)
     
Loading...