Uh oh. Seems there's been an issue lately with Global Themes for KDE, which has ended up causing a total wipe of data. The issue is that KDE Global Themes can run arbitrary code, so they can really mess with your system, so you're advised not to use them.
Writing on Mastodon the official KDE account put out a warning across multiple posts copied below:
WARNING: Global themes and widgets created by 3rd party developers for Plasma can and will run arbitrary code. You are encouraged to exercise extreme caution when using these products.
A user has had a bad experience installing a global theme on Plasma and lost personal data.
https://www.reddit.com/r/kde/comments/1bixmbx/do_not_install_global_themes_some_wipe_out_all/
Global themes change the look of Plasma, but also the behavior. To do this they run code, and this code can be faulty, as in the case mentioned above. The same goes for widgets and plasmoids.
Continuing…
We are calling on the community to help us locate and quarantine defective software by using the "Report" buttons available on each item in the KDE Store.
Please see the attached image to locate them.
And more…
Meanwhile, KDE is taking measures to properly warn users before each download and we are also putting in place ways of auditing and curating what is uploaded to the KDE store.
https://blog.davidedmundson.co.uk/blog/kde-store-content/
Nevertheless, this will take time and resources. We recommend all users to be careful when installing and running software not provided directly by KDE or your distros.
And remember to report any faulty products you find!
As written up by David Edmundson in the blog link above, this specific case was not intentional but as a result of "a mistake in some shell parsing". Edmundson suggests that if you have used the KDE addon store give it a look over.
Quite a problem, that's going to need some proper long-term solutions to prevent this happening again.
This certainly isn't the first time we've seen issues with scripts nuking a Linux system. Like how a Steam bug removed everything for a user back in 2015. Linux distros by default all really need more protections in place on the rm command.
Article taken from GamingOnLinux.com.
Quoting: redneckdrowHere's looking at you, GNOME devs, I'm still sore about you relegating desktop icons to a blasted extension! What's the point of an empty desktop?My computing background is part-Mac (10.3 was where I learned my *nix basics), so I really like an empty desktop.
But Xfce lets me have that with a simple toggle - it should never be missing from the desktop-environment entirely, because I know that weirdies like me are a tiny minority! 
Quoting: PenglingQuoting: redneckdrowHere's looking at you, GNOME devs, I'm still sore about you relegating desktop icons to a blasted extension! What's the point of an empty desktop?My computing background is part-Mac (10.3 was where I learned my *nix basics), so I really like an empty desktop.
well my desktop is mostly empty. but sometimes just before bed ( usually waay too late ) i remember something and place a text file on the desktop for the next day.
could i add it to some note taking app ? Sure
could i add it to the calendar ? Sure
But .. can i be bothered, and are the above as immediately visible as a file splat right in front of me saying " Remember to do this thing 11!!1 today " (that took 2 seconds to make & 2 seconds to delete)
(same applies if i install a game and want a reminder what i did with a desktop icon temporarily)
desktop notes, icons or even widgets are not really needed i guess.. although it is nice to see my Ryzen stretching it's legs with a Core usage widget when compiling some shaders for an emulator like RPCS3 in real time.. or sometimes realizing a single core is locked at 100% on the flatpak that pretended to quit but actually didn't .....
yea icons and widgets can be real useful at times.
Last edited by Lofty on 21 March 2024 at 10:53 pm UTC
Quoting: SamsaiIt might be possible to sandbox these things, but that will inevitably lead to these systems becoming less flexible and that will result in complaints about KDE and GNOME restricting user freedom or whatever. Maybe that'll still be worth it for themes but for widgets that'll get pretty tricky.
That's _exactly_ what they should be doing. Most people can live inside a browser (sandbox) for the entire time they use a computer, there's little reason to believe a sandbox would make some things impossible for a widget.
Such as simply restrict access for that running code to only very specific areas that are relevant to it. So it won't be able to go on rampage on your data.
Last edited by Shmerl on 22 March 2024 at 3:41 am UTC
Quoting: pbThat reminds of that one time when I wrote a little script for myself to rename photos based on exif data, and a friend wanted me to share it, so I did, and he used it in a slightly different way and lost a bunch of photos. Sharing is caring, but trust no one.
Haha, I made such an script recently and luckily had a backup :D
Quoting: PenglingQuoting: redneckdrowHere's looking at you, GNOME devs, I'm still sore about you relegating desktop icons to a blasted extension! What's the point of an empty desktop?My computing background is part-Mac (10.3 was where I learned my *nix basics), so I really like an empty desktop.
I do like the desktop metaphor. Having a computer desktop that's not able to hold some files is like having a table desktop that's not able to hold my pencil and some papers. (My humble, of course.)
Then of course, both the computer and the table desktop tend to hold more than some things while time goes by... And in my observation, people having a mess on the computer desktop are the same that have a mess on their real one. :D
Last edited by Eike on 22 March 2024 at 1:21 pm UTC
Quoting: EikeI currently have a small mess on my real desktop, but my virtual one is slick and cleanQuoting: PenglingQuoting: redneckdrowHere's looking at you, GNOME devs, I'm still sore about you relegating desktop icons to a blasted extension! What's the point of an empty desktop?My computing background is part-Mac (10.3 was where I learned my *nix basics), so I really like an empty desktop.
I do like the desktop metaphor. Having a computer desktop that's not able to hold some files is like having a table desktop that's not able to hold my pencil and some papers. (My humble, of course.)
Then of course, both the computer and the table desktop tend to hold more than some things while time goes by... And in my observation, people having a mess on the computer desktop are the same that have a mess on their real one. :D
QuoteWhile the name "global theme" is a major part of the problem, the way it can also completely overwrite the desktop layout if this checkmark is set makes obvious that a global theme does a lot more than just change some CSS and colours.
Perhaps another checkmark with "allow executing code" can be added to this popup before enabling the theme, blocking the added plasmoids and arbitrary code if not enabled.
Along with a rebrand, like how Minecraft renamed it's Texture Packs to Resource Packs as they added model and sound support, to reflect their actual abilities.
This has made me aware to that I should be careful with them, having stuck to my distro's included global theme and using the separate Style configurations to tweak/rice it to my liking.
Which has let me achieve what I want fully in Plasma 5, though currently changing these settings have been broken for me in Plasma 6, so I've been sticking to my mostly functional but lightly borked old Plasma 5 themes.
Plasmoids executing arbitrary code was obvious to me, especially with how Windows supposedly removed them over concerns over malicious RCE using them.
I am okay with them executing arbitrary code as this is needed for their level of functionality, but do limit my use of extensions to a minimal set of ones I trust, similarly to how I treat my browser.
Of course this is not how everyone treats their software, that said, KDE Plasma is designed expecting users to tweak it more, whereas GNOME's over-reliance on extensions for basic features makes it as if not more concerning.
Patreon
PayPal
See more from me