|
|
|
|
|
|
by tmikaeld
3447 days ago
|
|
|
I'm surprised that so many developers run node.js on their local machine, considering that it has access to all of the users files. Of all the hundreds of dependencies that a node project has, there only need to be one bad egg. Even Commercial applications can have employees that can embed code that give them access to the machine that the application is running on, think what a single application like TeamViewer can do on the target computer. Yet, most people allow all apps to send and receive data from the internet unhinged even though they don't need it. Then there is also automated updates, you may audit an app once, but as soon as it's updated, it's an entirely different application that need to be audited again. I really do believe that we are going to see more of these cases as soon as some developer becomes desperate enough (like someone with mountains of debt and no way out) and start embedding things like ransomware or other types of blackmail. |
|
|
My idea came about when I was checking the SHA256-sum of a binary.
If the way you run a program (or a function) is by calling it by it's hash - then you can only get one program.
That means a program is an immutable thing - it can't change. It is deterministic.
My project is called Komiform, and it's not production ready yet but I'm playing around with some ideas.
https://github.com/fromheten/komiform