General Plug- In Security Questin

 
#1

With the ability of anyone making plug- ins and the ability to interface most anything as public hosted on github, who is screening or watching for viruses, malware, spyware, etc.

With robots having cameras, audio, home sensors to control monitor your home etc. Who is to know of back doors, etc.

You hear about nanny cameras audios hacked by people with unhonerable intentions. Who is the gatekeeper to vent this from happening?

Cheers

#2

Hey Mike,

This is the reason that I post the code for my plugins, but if you are concerned, I would look into network monitoring, and packet sniffing for anything you use. Really, with any program that you install on your computer, there would be a similar concern. You have local firewalls that you can use to block any port inbound or outbound on your network. I really comes down to only installing plugins from people that you trust. I am sure that if you had a concern about a specific plugin, you could ask and someone would be able to install that plugin and monitor the network traffic to make sure that there isn't something going out that wasn't advertised, but I understand that this is a larger question than about a single plugin.

I cant speak to what happens with EZ-Builder specifically, but can with EZ-AI. We have a similar plugin structure that allows users to add things that they want to add within EZ-AI. With these plugin capabilities that we added into EZ-AI, security is a major concern. This is one of the conversations that we are having internally now with EZ-AI. I think that we are going to have plugins submitted to us, and then reviewed by someone on our team, before compiling the plugins for the users. We have a much smaller user community than EZ-Robot though so this is a possibility for us right now EZ-AI plugins run in a sandbox that has permissions to certain objects within java.

#3

Hi David, thank you for your answer. It was a general question for the community. I was not saying that you or anyone on this forum would do this intentionally. I do trust your work and will use those plug-ins as needed and appreciate the work you and this community have shared.

It was a question I believe a valued one. Since they are in public domain.


Mike

#4

I didn't take it as you questioning me. It is a good question and I could only speak to how we handle it in EZ-AI. It is a valid concern. I think the community is pretty self policing on the plugins. If someone had an issue with one, I think going to the community for peoples thoughts is a good idea, but as EZ-Robot grows (especially in education) I see there possibly needing to be someone who validates that the plugins are not harming or stealing from anyone.

I never would have thought you were directing it at me directly and I hope that I didn't come off as if I was offended in any way.

#5

Not at all David. Keep up the great work.