It’s incredibly frightening how much all modern software expects you to download an entire toolchain to run it.
If it want anything resembling a secure toolchain you end up stuck with ancient software or C projects only.
Java? Here’s a grade *binary* included in the git “source” repo. Rust? Please go download rust via rustup, if you don’t have the version from this week gfy. Go? Basically the same, with tons of dependencies fetched from random git repos. JavaScript? lol, you’re screwed.
This is why I run almost everything in isolated containers now
Indeed, definitely a base requirement these days, but what about bitcoin or something where you don’t want that container to get pop’d? Modern software is trash.
What do you mean by pop’d?
Compromised/hacked/pwned/0wned/etc :)
I don’t think the balance between security and convenience can ever be solved. It’s a constant game of ever-evolving trade offs. The answer for two distinct entities can be drastically different and that’s a good thing.
For some that’s as extreme as only running code your wrote/verified yourself. For others it’s “YOLO I want the latest and greatest no matter the risks”
It's not about modern is trash, it's about modern devs are lazy and like fancy stufs instead thinking about the tradeoff of their choices
What’s even scarier is how quickly some projects break. You can run a Lisp project from 20 years ago and still expect it to work. Try that with a JavaScript project and watch it fail when it can’t find its “leftpad” dependency.
