New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I understand your position, but we are operating under different threat models.
Marix is a desktop SSH client built on Electron.
Under this model, limited outbound connections caused by the OS / Chromium network stack
(e.g. certificate validation, DNS resolution) are considered acceptable and unavoidable.
There is no auto-update, no remote code loading, no telemetry, and no privileged execution.
All outbound traffic can be blocked via firewall without breaking core SSH functionality.
If your requirement is a zero-network-surface client, a CLI-only tool is indeed the correct choice.
Marix is not targeting that threat model.
Please do not use LLM. Please explain each and every single connection made by Marix on startup saying exactly what function it serves.
You said here it does updates.
And now you say it doesn't
If none of it is necessary, then why do it?
Marix is the threat.
That request is not technically well-defined.
Marix does not create or manage individual outbound sockets directly.
On startup, outbound TLS connections are initiated by the Chromium/Electron runtime
(OS trust store validation, DNS resolution, certificate checks, renderer initialization).
There is no supported or reliable way to map each TCP connection observed at runtime
to a specific application-level feature with one-to-one accuracy.
This limitation applies equally to all Electron applications.
What I can state precisely is:
If you believe a specific connection enables data exfiltration or arbitrary code execution,
please point to the exact code path or provide a reproducible proof-of-concept.
Share what?
Another blind man...
I recognize this type of speech from somewhere...
Reguards
There is no contradiction here.
A version check means fetching static metadata (e.g. latest version number or changelog).
It does NOT mean auto-update, binary download, or remote code execution.
Marix does not implement:
Regarding outbound connections:
Marix does not control or initiate individual startup sockets.
These are created by the Chromium/Electron runtime (certificate validation, DNS resolution, renderer initialization),
and there is no supported mechanism to map each TCP connection to a specific feature one-to-one.
This is a limitation of the Electron platform itself, not of Marix.
If you believe Marix introduces a concrete security vulnerability,
please provide:
General statements or reinterpreting terminology are not security findings.
I give in. PSA: don't run this garbage.
I’m referring to technical findings or evidence.
If there’s nothing concrete to share, there’s nothing to discuss further.
Claims without technical evidence don’t constitute a security assessment.
Claims without technical evidence don’t constitute a security product.
One must applaud OP resilience and those who bash. Interesting battle.
At this point, no concrete vulnerability, code path, or exploit has been presented.
General statements about “attack surface” without technical evidence are not a security assessment.
Marix does not claim to be a “security product”. It is a desktop SSH client with a documented threat model and no auto-update, telemetry, or remote code execution.
Further discussion without specific technical findings is no longer productive.
Good luck trying to find a user that wants to use this kind of 'product' that isn't secure. The spyware screenshot posted before, is more than enough valid evidence that there may be evidence that the user's own data is being shared.
Why are yall falling for the bait 🤦
It's like reddit karma farmers, report/block and move on
This type of engagement is exactly what they want
I dunno about applause but he is definitely persistent.
I continue to believe that an ssh client is one of the worst things imaginable to vibe code but whatever.
A TCP connection screenshot without payload analysis, packet inspection, or code review is not evidence of spyware.
If you believe user data is being shared, please point to:
Speculation is not a security finding.
You are the one who need to explain how a fresh install caused that.
The discussion should focus on behavior and guarantees, not assumptions about how the code was written.
A fresh install making outbound TCP connections is not, by itself, a security issue.
Marix opens outbound connections only for well-defined purposes such as:
If you believe any of these connections involve data exfiltration, please point to:
Without that, there is no actionable security finding to address.
I'm not even replying to a generated AI reply.
Guys, if you want to use this, make sure that you're using it in your own risk. Huge red flags here!
I'm here watching, and I'll respond if I think it's worthwhile.
For clarity to other readers: all outbound connections are documented, user-initiated or update-related, and no user data is transmitted without explicit action.
Further discussion requires technical specifics rather than labels.
Another one for the hall of fame...
Mockery isn’t a technical argument.
Using LLMs doesn't make you intelligent. Got any more nonsensical gems?
Please show us the documentation that documents each outbound connection.
Yes please. We want technical specifics about every outbound connection.
Personal attacks don’t contribute to a technical discussion.
For clarity:
Marix documents all application-level outbound connections that are explicitly initiated by its own code (e.g. optional version metadata fetches).
It does not and cannot document every network connection created by the underlying OS, Chromium engine, certificate validation mechanisms (OCSP/CRL), DNS resolution, or TLS trust infrastructure, as these are outside application control and vary by platform, network, and policy.
This is consistent with how Electron, Chromium, and modern desktop applications operate.
If you believe a specific application-controlled code path initiates an outbound connection that is undocumented or transmits user data, please point to the exact code location.
Otherwise, requiring enumeration of all runtime network activity of Chromium or the OS is neither technically meaningful nor a standard security practice.
OP you better stop replying. Because:
Continue what you are doing, just not here. Go to hostloc, mjj’s will absorb your app, replicate it and sell.
Wrong answer!
Would buy it actually, will be more secured than this
.