Summary: | Set a maximum volume and maximum volume increase to prevent physical harm (ear damage) | ||
---|---|---|---|
Product: | [Plasma] plasma-pa | Reporter: | myndstream |
Component: | general | Assignee: | Plasma Bugs List <plasma-bugs> |
Status: | CLOSED UPSTREAM | ||
Severity: | critical | CC: | me, nate, nowrep |
Priority: | NOR | ||
Version: | 5.18.8 | ||
Target Milestone: | --- | ||
Platform: | Debian stable | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: |
Description
myndstream
2022-01-15 13:04:32 UTC
> It's more of a general GNU/Linux bug than a KDE/plasma-pa one
Indeed. There isn't anything we can do about this in KDE, unfortunately. The diversity of hardware available to people ensures that there isn't a "one size fits all" maximum volume that we could impose. Some people have loud honkin' speakers that can blow out your eardrums, for which a maximum volume below the physically possible maximum volume might be a good idea. But some people have weak laptop speakers that you have to crank up to 150% volume just to hear anything.
I would recommend you start a conversation at a lower layer of the audio stack, possibly with the PulseAudio or PipeWire developers.
(In reply to Nate Graham from comment #1) > I would recommend you start a conversation at a lower layer of the audio > stack, possibly with the PulseAudio or PipeWire developers. Done: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/-/issues/1331 I haven't tested this with PipeWire. I still think there should be a limit on the KDE level. Then there could be additional security precautions on the level of pulseaudio and a third limit in the operating system / kernel. This way even if one limit fails or gets maliciously changed/removed there would be additional measures that make sure that physiological harm is prevented. I'm considering creating a new issue about this (more or less): on the KDE level there could still be measures that could help prevent physiological harm (ear damage) beyond volume and volume-increase limits: for example there could be forms of notifications that warn the user when the volume is very loud or gets/got increased a lot. We won't do that for the same reason I already gave you: we have no way of measuring the *actual* volume because all audio hardware is different, so a "this might be too loud" notification could be misleading and would definitely be annoying to pretty much everyone who isn't you. :) Did you suffer ear hearing damage from the volume on your computer being too loud at some point? (In reply to Nate Graham from comment #4) > We won't do that for the same reason I already gave you: we have no way of > measuring the *actual* volume because all audio hardware is different, so a > "this might be too loud" notification could be misleading and would > definitely be annoying to pretty much everyone who isn't you. :) Measuring the *actual* volume is absolutely unnecessary to solve this. It's already capped at 150% in the GUI so the notification could only show at 200% which you can't even configure without running the command above. Scenario 1) a person gains remote access to a computer but does not have root access to it: he can directly and easily cause physiological harm with this Scenario 2) a person gains physical access to a computer but does not have root access to it: he can directly and easily cause physiological harm with this Scenario 3) a person gains physical access to a mobile phone running GNU/Linux but does not have root access to it: he can directly and easily cause physiological harm with this These are extraordinarily unlikely scenarios, and if a nefarious person has unauthorized remote root or unauthorized non-root local access to the machine, you're already screwed in 500,000 other ways too. It's like if there are already armed intruders in your house; you're way beyond the point of notifications and warnings being heplful. The solution is to prevent unauthorized access of that sort from happening. (In reply to Nate Graham from comment #6) > These are extraordinarily unlikely scenarios What? They aren't. There's way more effort in preventing other kinds of vulnerabilities that require prior access to a machine such as all privilege escalation vulnerabilities such as the recent PwnKit. Not only that but you could also leave your phone unattended but unlocked for a few seconds or some roommate may want to do a "prank" etc. This is more than irresponsible. > and if a nefarious person has unauthorized remote root or unauthorized non-root local access to the machine, you're already screwed in 500,000 other ways too. It's like if there are already armed intruders in your house; you're way beyond the point of notifications and warnings being heplful. The solution is to prevent unauthorized access of that sort from happening. Completely false too: here you can still limit the damage. For example, we still have things like laws and law enforcement which (among other things) can mitigate the amount of damage in this scenario, *especially* if that particular damage is theoretically very easy to inflict for basically everyone (no advanced tech-skills required or alike) and can directly cause large physiological damage (while other damage may not be physiological or often end up not causing harm). |