Hacker News new | ask | show | jobs
by Dalewyn 904 days ago
Are we even in the same universe?

The vast majority of the world still downloads and runs executables uploaded by individuals, albeit perhaps not on a bulletin board or forum (most of those have been killed and replaced by social media).
1 comments
wokwokwok 904 days ago
This argument comes up reasonably regularly.

No, the majority of the world does not download and run binaries from non-reputable sources.

The distinction between reputable and non-reputable varies, but broadly easily spoofable user uploaded content falls into the non-reputable.

Most people download software from trust worthy websites like the official chrome website.

Indeed, the fact that people are continually scammed by this sort of attack is why Apple now refuses to run unsigned binaries by default.

To pretend nothing is wrong here is like pretending JavaScript supply chain attacks don’t exist because you don’t want them to exist.

…and yet. They do exist; wanting it not to be true does not make it so.

Likewise, downloading and running arbitrary binaries from a forum is naive.

You simply want nothing bad to happen.

That does not mean nothing bad will actually happen.

Even if you trust the authors of the posts, how reputable is the forum itself? Are the binary hashes posted? (No, they aren’t).

> I'm new in this forum

^ does not inspire confidence.

link
HakanAbbas 904 days ago
Yes, I'm new in hydrogenaud.io. However, I have been active since 2018 in "encode.su".

This year, "3rd Global Data Compression(gdcc.tech)" organized by Huawei and Barcelona Autonoma University was held. In this competition, I have the world 3rd place in the "Professional Task 6 - Ultra Fast" category(JABBAR). And I spent only 2 weeks of the 5-month competition process for this degree.

We can only share and test such a specific work in specific environments.

link
userbinator 904 days ago
You are simply toeing the line of corporate propaganda, that says people must always submit to centralised authority instead of exercising their own judgement.

That is what is leading us to dystopia.

We are not "pretending", we are simply stating that the magnitude of risk is absolutely tiny.

Insecurity is freedom. Don't let them take away the latter in the name of security.

"There is nothing to fear but fear itself."

link
bigfishrunning 903 days ago
How is sharing source "submitting to a centralized authority"

I don't run any binaries if i can help it

link
wokwokwok 903 days ago
you think the risk is tiny, but:

A) the risk exists.

B) you’ve taken no steps to verify that it’s tiny

C) you’re trusting new users just as much as well established users

D) your community is not as obscure and tiny as you imagine when it floats to the top of HN.

It’s not corporate dictatorship to say “there are bad actors out there looking to take advantage of naive users”; it’s reality.

You can refuse to acknowledge that reality, that’s your choice.

However, it’s probably irresponsible to encourage other people to do so.

link
x86a 904 days ago
take the L
link