Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> That’s actually something you don’t want nowadays.

No, that is something you don't want. I and many others, do want this functionality.



Even you don't want this, you only want it sometimes, for some apps. Which is exactly what they said.

I mean, would you like VSCode tracking your mouse movements across the entire desktop and your keypresses and then sending them off to Microsoft? Probably not, so we're all in agreement.


I don't use VSCode or other user hostile programs like it so I don't care what kind of anti-features it enables. I don't want my actually useful tools hobbled in order to deal with such programs.


xz wasn’t “user hostile”, and so weren’t countless other pieces of software affected by supply chain attacks. Nothing is hobbled if you can give it explicit permission (which you may well do on xeyes).

The days where you downloaded your software from the sunsite or tsx11.ai.mit.edu FTP servers and could be confident that it and all its dependencies were trustworthy are unfortunately gone for a very long time.


The xz-utils hack didn't care about the window system at all. It also hasn't actually caused any known damage and I'm sure if the american three letter agencies cared the perpetrator would have been dealt with by now. Project takeovers of that kind is not something regular users need to be worried about because the cost of pulling one off is too righ to waste on petty crime. It's yet another boogeyman and scaring people into giving up their computing freedom for "security" migh as well have been the goal of the operation.


> The xz-utils hack didn't care about the window system at all

It's an example, demonstrating that the mentality of "I don't use bad software" doesn't really work.

> giving up their computing freedom for "security" might as well have been the goal of the operation

How could you possibly reasonably argue that you're losing "computing freedom" because now you have the power to deny or allow applications from doing things? You're literally gaining freedom - that's not something you were able to do before. Now, you have the freedom to deny applications accessing something you don't think they need.


Did the POSIX security model (users, file permissions) also impact your “computing freedom”? Is your CPU constantly running in kernel mode? Do you have all physical memory mapped into all address spaces, and as read/write/executable? Are you allowing all software to listen on outward ports without any packet filter?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: