upvote

points

by lapcat19 hours ago |
comments
upvoteby emmelaich17 hours ago|
next
[-]
Some targets are more valuable than others. A firewall product has obvious security value. The fact that it requires high privilege is another reason.

I have the same thoughts about other Mac apps. e.g. iTerm2 - cause they "see" so much sensitive data.

reply
upvoteby lapcat11 hours ago|
parent|
[-]
[flagged]
reply
upvoteby hsbauauvhabzb10 hours ago|
parent|
[-]
Yeah just yolo install whatever, it’s not like applications or libraries such as axios which have a decade of trusted history would all of a sudden become malicious and do nasty things to developer machines, just chill, everything’s fine.
reply
upvoteby lapcat10 hours ago|
parent|
[-]
> Yeah just yolo install whatever

That's not even remotely what I said.

> it’s not like applications or libraries such as axios

iTerm doesn't use NPM. Little Snitch doesn't use NPM. I don't use NPM.

reply
upvoteby hsbauauvhabzb9 hours ago|
parent|
[-]
[flagged]
reply
upvoteby tomhow7 hours ago|
parent|
[-]
WTF? This is not an acceptable comment on HN, no matter who or what you're replying to. This style of commenting is not what this site is for, and destroys what it is for.

If you wouldn't mind reviewing https://news.ycombinator.com/newsguidelines.html and taking the intended spirit of the site more to heart, we'd be grateful.

reply
upvoteby heartbreak10 hours ago|
prev|
next
[-]
> I'm not even going to respond to this ridiculousness.

Why is it ridiculous? If you have electronic access to something of value and broadcast that fact on the internet, you’re at risk of a physical attack. That’s not controversial? Companies make employees do training about this for a reason.

reply
upvoteby lapcat9 hours ago|
parent|
[-]
> If you have electronic access to something of value and broadcast that fact on the internet, you’re at risk of a physical attack. That’s not controversial? Companies make employees do training about this for a reason.

You're talking as if all all "value" and all "risk" is equal, when they're definitely not. You can't equate a megacorporation with a little indie developer. Nobody cares about the latter.

I am a software developer, and I broadcast that fact on the internet. But nobody is coming to Wisconsin to hit me on the head with a wrench. That's just a silly paranoid fantasy.

If anyone hits me on the head with a wrench, it would be not be a nation-state but rather a two-bit local mugger who has no idea who I am and just wants cash from my wallet. I live in a pretty safe area though.

reply
upvoteby balamatom8 hours ago|
parent|
[-]
Nobody that you know of.
reply
upvoteby hsbauauvhabzb10 hours ago|
prev|
[-]
The same people who targeted the open source uncommercial library axios *last week*?

Access to little snitch would be worth millions to the right party.

reply
upvoteby lapcat10 hours ago|
parent|
[-]
>> I still don't know why anyone thinks that, among all developers in the world, a little indie Mac developer is getting targeted specifically.

> The same people who targeted the open source uncommercial library axios last week?

axios is an NPM package. Little Snitch doesn't use NPM. Thus, these people must be pretty damn incompetent if they were trying to target Little Snitch.

> Access to little snitch would be worth millions to the right party.

This is a bold claim with no evidence. I don't think it's true.

reply
upvoteby hsbauauvhabzb9 hours ago|
parent|
[-]
Shell (and probably root) access to tens of thousands of development machines wouldn’t be worth millions to the right party?
reply