Comment by mjr00

Comment by mjr00 7 hours ago

> Most of the world does not care. I suspect that is more true today than ever before. There are now adults that grew up in the age of social media that have no idea how local computing works.

Yep. I was amazed when I was talking to a friend who's a bit younger (late 20s) and told him about a fangame you could just download from a website (Dr Robotnik's Ring Racers, for the record) and he was skeptical and concerned at the idea of just downloading and running an executable from somewhere on the internet.

I suspect most adults these days are like this; their computing experience is limited to the web browser and large official corporate-run software repositories e.g. app stores and Steam. Which ironically means they would do just fine on Linux, but there's also no incentive for them to switch off Windows/MacOS.

To them, Microsoft and Apple having control of their files and automatically backing up their home directory to Azure/iCloud is a feature, not a problem.

raincole 12 minutes ago

> he was skeptical and concerned at the idea of just downloading and running an executable from somewhere on the internet.

It's quite concerning that you frame this as a bad idea.

Reply View 1 reply

mjr00 7 minutes ago

> It's quite concerning that you frame this as a bad idea.
Downloading and executing other people's compiled software is how things worked for many decades. It's only been in recent years that people have come to believe that Google/Microsoft/Apple should be the final authorities on which executables are safe to run.

Reply View | 0 replies

Aurornis 6 hours ago

> and he was skeptical and concerned at the idea of just downloading and running an executable from somewhere on the internet

Ironically, being concerned and skeptical about running random executables from the internet is a good idea in general.

Reply View 8 replies

mjr00 6 hours ago

> Ironically, being concerned and skeptical about running random executables from the internet is a good idea in general.
I agree you shouldn't run random executables, but the key word is "random". In this case, Ring Racers is a relatively established and somewhat well-known game, plus it's open-source.
It doesn't guarantee it's not harmful of course, but ultimately for someone with the mindset of "I should never run any programs that aren't preapproved by a big corporation", they may as well just stick to Windows/MacOS or mobile devices where this is built into the ecosystem.

Reply View | 7 replies
- Nextgrid 5 hours ago
  
  > plus it's open-source
  Open-source only matters if you have the time/skill/willingness to download said source (and any dependencies') and compile it.
  Otherwise you're still running a random binary and there's no telling whether the source is malicious or whether the binary was even built with the published source.
  
  Reply View | 5 replies
  
  MaxBarraclough 4 hours ago
  
  It's no guarantee, but it's a positive indicator of trustworthiness if a codebase is open source.
  I don't have hard numbers on this, but in my experience it's pretty rare for an open source codebase to contain malware. Few malicious actors are bold enough to publish the source of their malware. The exception that springs to mind is source-based supply chain attacks, such as publishing malicious Python code to Python's pip package-manager.
  You have a valid point that a binary might not correspond to the supposed source code, but I think this is quite uncommon.
  
  Reply View | 0 replies
  
  mjr00 4 hours ago
  
  Of course this is true. But you can keep going down the rabbit hole. How do you know there isn't a backdoor hidden in the source code? How do you know there isn't a compromised dependency, maybe intentionally?
  Ultimately there needs to be trust at some point because nobody is realistically going to do a detailed security analysis of the source code of everything they install. We do this all the time as software developers; why do I trust that `pip install SQLAlchemy==2.0.45` isn't going to install a cryptominer on my system? It's certainly not because I've inspected the source code, it's because there's a web of trust in the ecosystem (well-known package, lots of downloads, if there were malware someone would have likely noticed before me).
  > still running a random binary
  Again "random" here is untrue, there's nothing random about it. You're running a binary which is published by the maintainers of some software. You're deciding how much you trust those maintainers (and their binary publishing processes, and whoever is hosting their binary).
  
  Reply View | 2 replies
  
  lutusp 3 hours ago
  
  > Open-source only matters if you have the time/skill/willingness to download said source (and any dependencies') and compile it.
  Not really. The fact that an application is open-source means its originator can't rug-pull its users at some random future date (as so often happens with closed-source programs). End users don't need to compile the source for that to be true.
  > Otherwise you're still running a random binary and there's no telling whether the source is malicious or whether the binary was even built with the published source.
  This is also not true in general. Most open-source programs are available from an established URL, for example a Github archive with an appropriate track record. And the risks of downloading and running a closed-source app are much the same.
  
  Reply View | 0 replies
- wat10000 2 hours ago
  
  How do they know they’ve found the legitimate Ring Racers download and not some scammer who managed to get their search result above the real one?
  Nothing wrong with downloading and running programs you trust, but there needs to be a good answer to that question.
  
  Reply View | 0 replies

wilsonnb3 6 hours ago

To be fair, downloading and running random executables from the internet is a genuinely terrible security model when the OS (like Windows, Linux, or (to a lesser extent) MacOS) does nothing to prevent it from doing anything you can do.

Reply View 0 replies