You say that like doing so is a negative thing. How do you think executable code gets on a system in the first place?
Either an Admin builds from source, an Admin installs a binary from a source they deem trustworthy, or you YOLO, download something sketchy to an older system and watch what your Network Analyzer/reverse engineering stack spits out.
App stores changed none of that in terms of fundamental activity one needs to do. They just lull users into a false sense of security because "someone else did it". I've run into too many devs who salivated over the idea of embedding cryptominers in game clones to believe it isn't done on a semi-regular basis.
> App stores changed none of that in terms of fundamental activity one needs to do.
This just isn’t true: app stores vary but they added some key changes — developers have a reputation to worry about, stores restrict what APIs you can call, and it provides a single place to force updates or pull malware. That’s not perfect, of course, but it’s better than just installing whatever you find online — Facebook et al. wouldn’t be upset with Apple if it wasn’t working.
> I've run into too many devs who salivated over the idea of embedding cryptominers in game clones to believe it isn't done on a semi-regular basis.
Reminds me of early days in my career when my mentor and I were discussing user issues with a library we maintained. I didn't realize it at the time, but he was messing with me by suggesting we add some hooks to report usage statistics back to us and use that to improve things.
I was young and naive so excuse that I got really excited at the genius of the idea. If not for his wry smile, I would have happily run off and implemented just that.
It's telling that you got grayed out that fast for what I don't think is an uncommon programming life lesson to try to instill.
What people run on their machine is no one's business but theirs. Undisclosed/non-consensual information leakage is unethical, and immoral. Period. I'm also not entirely on the status-quo of "accept the EULA or F off" form of disclosure or consent facilitation either. If someone reaches out, by all means, get the detailed info you need, but don't pull it. Let them push it. Other folk's machines don't become yours by virtue of executing some version of a computation you wrote once, no matter how badly Microsoft, IBM, Intel, and the FAANG's wish that were the case.
Note, this would be considered anti-thetical to most corporate or for-profit interests in the computing space; so don't be surprised if you get blowback or static for it.
“Trust” is something you can give, though, as long as it’s not to the whole world.
Do you trust the Debian project? I mean, there’s reasons to trust them but if you don’t, then don’t run Debian.
If you do: the package repositories carry their chain of trust, since they’re signed by Debian maintainers- not the application developers themselves.
That’s a large distinction.
App stores didn’t give us trust; they have developers direct access to users and, crucially, the ability to charge for software- which was not a consideration for package managers before.
And Apple for the most part has been trying to carry the “burden” of ensuring trust, at a high cost.
Either an Admin builds from source, an Admin installs a binary from a source they deem trustworthy, or you YOLO, download something sketchy to an older system and watch what your Network Analyzer/reverse engineering stack spits out.
App stores changed none of that in terms of fundamental activity one needs to do. They just lull users into a false sense of security because "someone else did it". I've run into too many devs who salivated over the idea of embedding cryptominers in game clones to believe it isn't done on a semi-regular basis.