Comment by EGreg
19 hours ago
I used to think that HN is full of enlightened open minded people who are open to correcting misconceptions if presented with new evidence, and adopting better practices.
But I have encountered a lot of groupthink, brigading downvotes etc. So I stopped having high expectations over the years.
In the case of Wordpress plugins, it’s bloody obvious that loading arbitrary PHP code in your site is insecure. And with npm plugins, same thing.
Over the years, I tried to suggest basic things… pin versions; require M of N signatures by auditors on any new versions. Those are table stakes.
How about moving to decentralized networks, removing SSH entirely, having a cryptocurrency that allows paying for resources? Making the substrate completely autonomous and secure by default? All downvoted. Just the words “decentralized” and “token” already make many people do TLDR and downvote. They hate tokens that much, regardless of their necessity to decentralized systems.
So I kind of gave up trying to win any approval, I just build quietly and release things. They have to solve all these problems. These problems are extremely solvable. And if we don’t solve them as an industry, there’s going to be chaos and it’s going to be very bad.
I'm not a crypto expert but how would that have solved this?
1. Make a website 2. Website has trusted code 3. Code update adds a virus
How do your suggestions fix those? Not trying to be dismissive I work on zero trust security perhaps I'm missing something crypto has to offer here?
You don’t need to be a crypto expert, blockchain is just to avoid the double-spend problem for the currency that is needed in the ecosystem.
If you want everything to be free, you don’t need it.
If you want everything to be centralized, you don’t need it. But being centralized, you introduce a massive single point of failure: the sysadmin of the network. Just look at how many attacks there have been, eg trying to backdoor SSH for instance.
Anyway… the answer to what you asked lies in the approach to updates. Why did you choose to run this update that had a virus?
Remember I mentioned pinned versions and M of N auditors signing off on each update? Start there. Why can’t these corporations with billions of dollars hire auditors to certify the next versions of critical widely used packages?
Or how about the community does these audits instead of just npm requiring two-factor authentication for the author? Even better — these days you could have a growing battery of automated tests writen by AI that operates an auditor and signs off on the result as one of the auditors.
This should be obvious. A city of people should have a gate, and the guards shouldn’t just import a trojan horse through a gate anytime at 3am. What is this LOL
Finally, I would recommend running untrusted apps and plugins on completely other machines than the trusted core. Just communicate via iframes. You can have postMessage and the protocol can even require human approval for some things. In that case byebye to worries about MELTDOWN and SPECTRE and other side-channel and timing attacks too.
I could go on and on… the rabbithole goes deep. I built https://safebots.ai in case you are curious to discuss more — get in touch via my profile.
I think you're behind the times, you need to replace "crypto" with "AI" now.
Amusingly he’s one step ahead of you, see the link to his website above - it has crypto and AI agents.
> I used to think that HN is full of enlightened open minded people who are open to correcting misconceptions if presented with new evidence, and adopting better practices.
Well, I don't think the average HNer has much of a say in how WordPress is operated, or even uses WordPress by preference.