Hacker News .hnnew | past | comments | ask | show | jobs | submitlogin

Funny how people complain about piping wget into bash, but will happily install and run random node/ruby/whatever packages downloaded from a random github repository.[1]

The truth is that program isolation sucks terribly on all operating systems that one might reasonably use for a development machine. Fixing that would be so great, but a lot of work.

[1] Perhaps you're the lone wolfling who doesn't do that, but I have seen this kind of behaviour from people on the don't-pipe-wget-into-shell bandwagon.



Certificate pinning helps with Github, but doesn't help with <random website that I've never visited before>.

(Still doesn't help if the software package itself - that is the canonical copy - is malicious - but prevents MITMing from anyone that doesn't have that particular certificate, at least.)

That being said, you have a (very) valid point. Modern OSes are... not exactly secure.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: