Hacker News new | ask | show | jobs
by _zagj 159 days ago
> TikTok deemed I should not have access to my account ever again, and X (formerly Twitter) is delaying a response to my appeal to the suspension, but I have not much hope; I reckon it's gone for good. I may have lost all the personal contacts and content from there, but on the bright side, that has taught and made me see some other things, besides the importance of being a little smarter to not blindly install extensions like my life depended on it.

Well, losing access to both TikTok and X could be considered a bright side as well. But more seriously, isn't it tragic that you can't just blindly assume any piece of OSS isn't malware, anymore?
1 comments
esseph 158 days ago
Not sure why OSS is mentioned here, should just say "software". And it's always been like this (be careful).
link
_zagj 158 days ago
> And it's always been like this

Not, it hasn't. The open source community was much smaller, and much more tightly knit 20 years ago, and it was intrinsically much higher-trust.

link
esseph 158 days ago
Maybe out of ignorance, but that didn't span every internet subculture.

The whitehats/grayhats have always been super paranoid.

link
_zagj 158 days ago
Were you active on SF or Savannah 20+ years ago? Everyone knew everyone else, and it was a much higher-trust society (think Minneapolis before Somalis).

> The whitehats/grayhats have always been super paranoid.

Yeah, they were always "super paranoid," but it was about something that could, and admittedly eventually did happen--but not for many years later. I remember in the Perl community, there was a big scandal where some module was "phoning home" on install (for the sake of telemetry), which the author fixed in response to the outcry. I remember a hapless Debian contributor who, in an attempt to silence Valgrind warnings, inadvertently reduced the entropy used for keygen (after some miscommunication with OpenSSL upstream), and was unfairly accused by some of intentionally backrdooring it. That was the extent of OSS malware back then.

Then along comes Github, and lets anyone upload anything, doesn't do even the minimal vetting of forcing you to explain what your project is and why it should be on GH, doesn't make you explicitly select an OSI-approved license, lets your freely fork other people's projects and even duplicate the project's name (making it difficult to identify canonical repos). It fosters a culture of just forking whatever you want, pulling in whatever you want, uploading any codeslop, ecourages MIT over copyleft, and has gamified crap like star rankings and activity graphs.

link
esseph 157 days ago
I dabbled in a lot of mid-to-late 90s scenes, especially in irc, including w00w00. We were sharing a lot of code between "trusted" members.
link