Like how it happened for Bartender, another macOS app which required a lot of permissions. It was sold to a company and they told no one, until a user noticed via the now defunct MacUpdater that the app signature changed.
Ben Surtees (Bartender’s original developer) burned all the good will accumulated over years in one moment. Never again can anyone trust software under that name.
Bartender was not a supply chain attack! The app was sold for monetary reasons to another developer for monetary reasons.
There were no targets involved. There were no nation-states involved. There were no attacks involved. You might not like the new developer, but this whole discussion of a nation-state and 9 figure payoff is totally ridiculous.
Depends on the target and what you can get. Think about Bartender, an app requiring an insanely high level of trust and permissions, which was quietly sold.
If you know of someone specific you want to target who uses it, the investment could pay off.
For example, we know from your blog posts that you use LittleSnitch. Someone who wanted to target you might do a lot to spy on you by buying LittleSnitch, probably.
Think of your own apps, too. I don’t think you’d do the same that Ben Surtees did and sell everything in secret, but then again I don’t personally know you. You may have a price that I’m not aware of. For that reason alone, even as I trust the current code is not nefarious, I can never give StopTheMadness access to every website and can only use it selectively, which is inconvenient.
The point is that it shows it can happen. You’re a browser extension developer, surely you know how often it happens that developers of popular extensions are approached by shady businesses and sometimes do even sell.
> You can dream up a bunch of absurd hypothetical scenarios, but they are not the reality.
As someone else has pointed out to you, not hypothetical.
> Nobody wants to target me. Nobody cares about me. I am insignificant.
You give yourself too little credit. I know of several developers and other people with influence who use your extensions with complete trust. Compromising you means compromising them, which means compromising even more people. Jia Tan has aptly demonstrated you don’t need to directly attack your final target, only a link in the chain, even if it looks insignificant.
> surely you know how often it happens that developers of popular extensions are approached by shady businesses and sometimes do even sell.
Yes, developers of free extensions who sell for a pittance.
I don't have a popular extension. My extension is relatively expensive and thus unpopular. I don't have enough users to be interesting to shady businesses. My extension is more valuable to me than to anyone else, because I, one person, can make a living from it.
> As someone else has pointed out to you, not hypothetical.
That link seems a bit silly. There's a screenshot with no explanatory context whatsoever. There's a list of items, many of which look quite mundane and uninteresting. Certainly it is not suggesting acquiring the company for millions of dollars. It sounds like someone—could even be an intern for all we know—is interested in attacking the app from the outside.
> I know of several developers and other people with influence who use your extensions with complete trust. Compromising you means compromising them, which means compromising even more people.
What is the value of compromising these people? Oh noes, the CIA can now write Daring Fireball articles!
> Jia Tan has aptly demonstrated you don’t need to directly attack your final target, only a link in the chain, even if it looks insignificant.
What chain? I have no third-party dependencies. If someone can compromise Apple's operating systems, then my software or Little Snitch is the least of our worries.
I do specifically and intentionally avoid using NPM, because of frequent compromises. Little Snitch is not even JavaScript, so no worries there.
Various intelligence agencies are willing to pay 2-3M for a working exploit for iphone or android. I think that they would be fine with paying 50M for a userbase that has a high population of devs, admins, etc. Being able to backdoor someone like this in the right organization down the line is probably worth 50M.
> Various intelligence agencies are willing to pay 2-3M for a working exploit for iphone or android.
Little Snitch is not a working exploit for iPhone or Android.
> I think that they would be fine with paying 50M for a userbase that has a high population of devs, admins, etc. Being able to backdoor someone like this in the right organization down the line is probably worth 50M.
No, sorry, this is absurd. A ton of products have a high population of devs, admins, etc. These are not getting acquired by intelligence agencies. Give me one example. There's nothing inherently valuable about this population.
Who is a Little Snitch customer worth 50M to attack? Name them.
> Said motivation could be a nation state handing them $XXX million dollars
You're missing the most important part of the motivation here: why in the world would a nation-state give a damn about Little Snitch, especially to the tune of $XXX million dollars?
A nation-state could pay $XXX million to your significant other to spy on you. But again, a nation-state doesn't give a damn about you.
>why in the world would a nation-state give a damn about Little Snitch, especially to the tune of $XXX million dollars?
Per user hacked, it can be very cheap¹ compared to bribing anyone. And give data/access that SO can't get.
State is not interested in you until it does. Being Jewish, Polish, Gypsy, Gay. Or just WrongThinking. Or maybe it becomes super cheap and easy to process all information?
1: it can even be free. You either give us backdoor to all your users or you rot in jail. Here's a complementary beating up or pictures of your kids, to argument our position further.
> it can even be free. You either give us backdoor to all your users or you rot in jail.
It is already a thing, at least in UK and AU [1]:
> Both countries now claim the right to secretly compel tech companies and individual technologists, including network administrators, sysadmins, and open source developers – to re-engineer software and hardware under their control, so that it can be used to spy on their users. Engineers can be penalized for refusing to comply with fines and prison; in Australia, even counseling a technologist to oppose these orders is a crime.
Well, that is obvious, is it not? It means They are interested in The Plan and have enough power that a vague comment is all you gonna get. Cannot have Them finding out that we are on to Them. Though of course, The Plan already accounts for that, so They already know and will do Something about it. Want facts? Wake up, do your Research!
In my previous company, we "simply" used fixed versions for our dependencies. And we had our own NPM registry that only had already approved packages for specific version. Approval required a security review by someone from the Security team… At first I was super annoyed by this. But I started to like this approach. It also reduced surprises while developing in a team… "it works on my machine" was rare since everyone was using the exact same versions. And moving to a newer version was done on a regular basis but it was an intentional thing we did.
they run it throuh a tool that checks online whether any cves relate to that version. They don't care whether you actually hit the vuln, if there's a cve it's "bad". That's usually the level i see.
I mean the union is correct in this case. Robots will replace jobs. A union’s job is to make sure there are jobs for people in the company they are already in.
Usually unions would speak the truth (“robots = jobs go away”) but pair this with some suggestions: eg trying to upskill the affected worker so that they can be moved to a different department).
While I was working in Germany I always felt better at a company with a strong union.
Fundamentally the union should be getting the workers a fair deal for their labour (conditions and wages); once the union starts interfering with the technical aspects or blocking labour saving investment it quickly sours the whole arrangement.
It's not even about blocking investment, they just want to make sure the employees still have jobs. You can invest if you find something else to do with the employee.
The main problem with unions in Germany is that they block companies from adapting to changes in the environment quickly. Companies become heavy behemoths and end up suffering from it, which ends up damaging their own employees as well.
I can try convince you. In unionized companies one can’t fire employees from the 53rd birthday. That makes them similar to care home at the end. Young folks come and go and are minority at the end. Dynamics decrease not from the size, but from getting old. Since the salaries are more or less the same the oldtimers have maxed out bonuses. What do young guys get? Basically nothing since the bonus pool must be distributed equally in the company.
I like the concept of the union, but I think that IG Metall is not the good implementation of that. At least not for white collar workers.
Isn’t “nothing is truly safe” a common saying on HN? Safe is an absolute term and since nothing can be safe people usually avoid using safe as a standalone attribution to something. It is usually qualified in some way.
I was just curious. This “nothing is safe” is just burnt into my brain and simply wanted to know the reason because it sounded so far fetched that safe is not absolute. But I totally agree.
Even with that there is nothing from you accidentally using [i]. Also there are just a ton of Swift APIS and bridge API that take an index and then crash… for full coverage you would need hundreds of safe wrappers… (doing what you propose though at least gives you. Some peace of mind..
Also Swift has a lot of other areas where it just lacks any safeguards… Memory issues are still a thing. It’s using ARC under the hood after all.
Infinite recursion is still a thing (not sure if this would even detectable - probably not).
Misuse of APIs.
And it introduces new issues: which methods are being called depends on your imports.
In my experience Swift lulls you into a false sense of safety while adding more potential safety issues and “only” solving some of the less important ones. objc has null ability as well. Which can warn u if used appropriately. objc also has lightweight generics. In practice this is all you need.
> And it introduces new issues: which methods are being called depends on your imports.
also depending on how you casted it, it will call the method of the cast, not the actual one in the instance (which completely caught be off-guard when i started swift)
> objc also has lightweight generics. In practice this is all you need.
i feel this too sometimes; sometimes simple really is best... tho i think some of these decisions around complexity is to allow for more optimization so c++ can be chucked away at some point...
You can simply import Swift packages and either they expose an Objc interface or you can provide it yourself – by wrapping it in Swift and exposing the things you need via @objc etc. You can - at the same time - also hide the wrapped framework and make it an impl. detail of the wrapper so that you could switch the wrapped framework while keeping your app code mostly stable. This also reduces the number of imported symbols… import 3rdPartyFramework imports all symbols, extensions, classes, types etc. vs. import MyWrapper only brings in the things you really need.
reply