1. 27
  1. 6

    Right then. All of us Mac users need to find a new BitTorrent client :)

    (I don’t personally care THAT much - I use BT once in a blue moon to download Linux distros :)

    1. 2

      Or, perhaps better, get involved and help out with the release process so that it becomes more secure.

      I read on HN that in-app upgrades were not affected, only their website. If that’s true, sounds like better security surrounding their web / release process there is needed.

      1. 2

        Why does this keep happening? Are they storing the key on the web server, then getting hacked?

        1. 4

          Last time this happened, there was never a proper post-mortem and the site was never brought offline. I don’t think they know how the previous compromise happened, nor that they did rebuild the compromised system.

          If I had to guess, I would say that this second compromise is just the first attackers using their previously established foothold

      2. 1

        Unfortunately Transmission is just dead stupid simple, and I don’t want anything else.

        Who wants to build a new bittorrent client?

        1. 1

          You could create a fork that is just a vetted mirror of the repo, every commit would be reviewed by you or a team before being merged, you would have to build and supply your own releases from that source code though. There may be a project that does exactly this for transmission for mac already? For linux distros it is a bit simpler as you could probably rely on the distro doing the merging, reviewing and building for you?

        2. 1

          Not a solution everyone, but: compile from source and run the open source client Deluge. I use Deluge on my RPi, which is my always-on NAS which also happens to support Torrenting thanks to Deluge :)

        3. 4

          We had a thread on the previous incident.

          1. 2

            What concerns me most is the developers' response to this incident. They clearly haven’t patched their server since the first time.

            I am a very happy transmission user on Linux but I can’t help thinking that for a piece of network software, the developers are not security conscious enough.

            1. 1

              I can recommend Deluge, which is very simple, lightweight but also powerful and really stable. It has many useful features which can make your life easier and supports extensions.

              The feature I like most about it is the nice WebUI which allows you to run a seedbox in your home network and control it completely remotely over your internal home network and even, if you dare an set a password for the interface, remote control it over the web. It’s a web-server after all.

              1. 1

                It is time to switch to something like Aria2.

                1. 1

                  They aren’t very responsive to multiple inquiries about the PGP key. They ignored request on the first hack as well. https://github.com/transmission/transmission/issues/16