pixelscript

pixelscript, 1 year ago

The point of the firewall is not to make your computer an impenetrable fortress. It’s to block any implicit port openings you didn’t explicitly ask for.

Say you install a piece of software that, without your knowledge, decides to spin up an SSH server and start listening on port 22. Now you have that port open as a vector for malware to get in, and you are implicitly relying on that software to fend it off. If you instead have a firewall, and port 22 is not one of your allowed ports, the rogue software will hopefully take the hint and not spin up that server.

Generally you only want to open ports for specific processes that you want to transmit or listen on them. Once a port is bound to a process, it’s taken. Malware can’t just latch on without hijacking the program that already has it bound. And if that’s your fear, then you probably have a lot of way scarier theoretical attack vectors to sweat over in addition to this.

Yes, if you just leave a port wide open with nothing bound to it, either via actually having the port reserved or by linking the process to the port with a firewall rule, and you happened to get a piece of actual malware that scanned every port looking for an opening to sneak through, sure, it could. To my understanding, that’s not typically what you’re trying to stop with a firewall.

In some regards a firewall is like a padlock. It keeps out honest criminals. A determined criminal who really wants in will probably circumvent it. But many opportunistic criminals just looking for stuff not nailed down will probably leave it alone. Is the fact that people who know how to pick locks exist an excuse to stop locking things because “it’s all pointless anyway”?

pixelscript, 1 year ago (edited 9 months ago)

The way I understand it is like this:

The grand theory of classic package managers is the idea that lots of programs all need the same core libraries to function. An analogy would be like noticing most construction jobs need nails. So instead of making everyone bring their own copy of nails, resulting in dozens of redundant copies of it lying around, they have a single nails package that everyone can use.

But there are different versions of nails out there. Each version picks up unique new features, and drops legacy ones. Recent builds may incorporate and thus require the new features, making them incompatible with old versions of nails that don’t have them. On the other hand, some builds may still use and rely on legacy features of nails, and are thus incompatible with the new versions. You may run into a scenario where you want Software A that needs nails version 14+, but also Software B that can only run on nails v <13, and you just can’t, because they don’t overlap.

Additionally, there may just be a totally different competing package out there, screws, that does largely the same job as nails, but in a completely different way that is totally incompatible with projects that expect nails. So if you need Software C that relies on nails, but also Software D that relies on screws, you might cause problems by installing both.

What a distro is is essentially a group of devs declaring that they are putting together some specific list of libraries (like, say, nails v14), and then sculpting up a bundle of software around those specific libraries. Can’t cope with nails v14? That sucks. No package for you, then.

In that sense, distros are differentiated by what libraries and other low-level system softwares are available to the programs you wish to install on them. If you want your program to be available natively on every distro, it needs to be compatible with every competing set of libraries each distro has elected to use.

It is possible to just say “fuck it” to the distro’s built-in libraries, and instead bundling the specific version of nails or screws or whatever you project needs directly with it. Build your own with blackjack and hookers, as it were. That’s exactly what Flatpak does, among others. But it’s trading flexibility for redundancy. In the age of cheap and plentiful storage memory, many people think this trade is well worth it. But it makes many formalists cringe.

pixelscript, 1 year ago (edited 1 year ago)

I guess by “Windows installer” I actually meant the setup wizard that runs the first time you boot an OEM machine from the factory. The thing 99% of Windows users actually see. Not sure if that’s significantly different.

And if you want to claim even that is terrible, I really have to question by what metric you’re measuring. Is it because it doesn’t give you the options you want, like creating an offline user account, or because it’s full of bloat screens for products like OneDrive? Sure, I guess. But I’d say having these criticisms are very specifically the kind of things that make you an outlier compared to the average person I’m talking about. These are things normal people don’t bat an eye at. Giving them more control just intimidates them.

And yeah, I’m sure you agree, “provided [they] can create a USB” is a huge ask for a lot of people. Child’s play for us, but weird and scary black magic to most. Guides can and do make it crystal clear what to do, but as long as it feels spooky to download and run the magic programs, no one will feel comfortable doing it.

pixelscript, 1 year ago

If the current tools work fine, have decades of historic support and battle testing, and the alternatives offer little to no net benefit, uhh, why?

pixelscript, 1 year ago

I think those of us that treat social media services this way are a minority in the grand picture. If BlueSky continues to be effective, network effect will pull in a steady stream of users, including ones that may have balked before.

It is poising itself to be a 1:1 drop-in replacement for Twitter. Federated services like Mastodon aren’t that (and aren’t trying to be).

I wholly believe that the majority of Twitter users have no interest in federated platforms as alternatives. By comparison, platforms like Mastodon feel vaguely like Twitter but more fractured and isolated. Everyone was on Twitter. Comparatively no one is on Mastodon. Discovery is awful and micromanaging instances and subscriptions is tedious busywork. “Why can’t it just be all in one convenient place, like on Twitter? This is so stupid and complicated,” I expect most would complain.

Federated platforms are loved by us because we value the fine control and we like putting in effort to curate our feeds. The complexity is the appeal. But I think it’s negative appeal to the type of person who has gotten accustomed to an algorithm doing all of that for them, and I think that’s most people. You can use federated platforms out of the box and they’ll “just work” without all the tinkering, but it will be very bland and vapid. It only becomes great when you put in work to make it great for yourself.

The thing BlueSky seems to be promising is that big, monolithic platform that Twitter was and most people want. And I think they’re the only notable player in that game, so they’ll completely corner that market. As long as they don’t trip over any footguns (and I don’t believe making the beta invite-only is one of them), I believe they’re going to succeed greatly.