Comments (6)
Many things wrong - it is not a virus, no, but it is not secure
There are ways to lock it
you can create a user in linux like no-fwl-user, sudo into it with some variables and limit this user's internet access to openai or
whatever will be the future site.
Leave the user's password blank.
It needs a home screen for XDG variables so a user without a home won't work.
The problem is that the UID is hardcoded:
no-fwl-user@bruno-M4HM87P-00:~$ no-fwl
(no-fwl:8997): dbind-WARNING **: 18:51:14.439: Couldn't connect to accessibility bus: Failed to connect to socket /run/user/1000/at-spi/bus_0: Permission denied
User no-fwl-user has XDG_RUNTIME_DIR=/run/user/1001
My actual user has XDG_RUNTIME_DIR=/run/user/1000 -> so this is clearly wrong.
But what this looks to be a minor issue, the x button on the corner does not work, it just minimises, so to exit you have to go to the menu and press quit or on the command line press ctrl+c to halt the process.
Examples of it working:
bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 ping -c 1 www.google.com
PING www.google.com (142.250.200.4) 56(84) bytes of data.
From gigabrix (192.168.1.137) icmp_seq=1 Destination Port Unreachable
ping: sendmsg: Operation not permitted
--- www.google.com ping statistics ---
1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms
bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 ping -c 1 openai.com
PING openai.com (13.107.246.64) 56(84) bytes of data.
64 bytes from 13.107.246.64 (13.107.246.64): icmp_seq=1 ttl=57 time=9.99 ms
--- openai.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 9.992/9.992/9.992/0.000 ms
bruno@bruno-M4HM87P-00:~$ sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 no-fwl
[2024-01-18][19:11:14][nofwl::app::setup][INFO] setup
[2024-01-18][19:11:14][utils::fs][INFO] file_read: /home/no-fwl-user/.nofwl/nofwl.conf.json
[2024-01-18][19:11:14][utils::fs][INFO] file_read: /home/no-fwl-user/.nofwl/nofwl.conf.json
[2024-01-18][19:11:14][utils::global_shortcut][INFO] global_shortcut: `Cmd+Shift+N`
[2024-01-18][19:11:14][utils::global_shortcut][INFO] global_shortcut_register
So you can see me pinging google as user no-fwl-user -> failed
So you can see me pinging openai as user no-fwl-user -> successfull
the last bit is logs from the app.
so create the no-fwl-user(up to you how you do it)
Add the firewall configuration
sudo iptables -A OUTPUT -d openai.com -m owner --uid-owner no-fwl-user -j ACCEPT
sudo iptables -A OUTPUT -p udp --dport 53 -m owner --uid-owner no-fwl-user -j ACCEPT
sudo iptables -A OUTPUT -m owner --uid-owner no-fwl-user -j REJECT
Run no-fwl
sudo -u no-fwl-user env DISPLAY=$DISPLAY NO_AT_BRIDGE=1 no-fwl
from nofwl.
I've used this app on macOS with a firewall. I've not seen any connections other than to openai.com
.
So do you have any evidence for your claim?
from nofwl.
This is a disaster waiting to happen
from nofwl.
A warning is good since it's not open source, but stating this is a virus is FUD until someone has evidence :-)
from nofwl.
A warning is good since it's not open source, but stating this is a virus is FUD until someone has evidence :-)
Although you are not exactly wrong,
the American judicial philosophy does not apply here.
On the internet, things are a virus unless proven otherwise.
"It does not open a perma connection to not openai.com when you looked" is not sufficient evidence for it not stealing your key, and then using some other method to exfiltrate it.
from nofwl.
it's not a virus, but it's definitely not safe to use.
source code has not been updated since the initial commit 693e921
fn main() {
println!("Hello, NoFWL!");
}
from nofwl.
Related Issues (20)
- Critical UI Improvement Suggestion HOT 1
- Add proxy settings HOT 1
- Why this name ? HOT 2
- 偷key的 HOT 3
- Request failed with status code 429 HOT 12
- 客户端没有内容 HOT 4
- Network Error
- Request failed with status code 401
- RTL Support
- Checking your browser before accessing "chat.openai.com".
- I get an Error for NoFWL (Screenshot Included) HOT 3
- How to..
- Binaries too big
- hardcoded user ID
- hardcoded gpt models
- error: Something went wrong. If this issue persists please contact us through our help center at help.openai.com.
- ?
- libssl.so loading error
- blank screen HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nofwl.