Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You don't.


How do I run it on my computer?


Best case is you get the source or binary package from your trusted package manager and run/compile that.

If that is not available, and you still really need the result of that piece of code, fetch the code, compile it and run it.

Code distribution has inherent dangers and cannot be safely made extremely effortless and comfortable. Accounting can be bothersome, but is necessary for code.


Why don't we just put a trusted package manager into the web browser?


We already have one in the system, why duplicate the effort?

Also, It is important to keep the number of authorized sources of code to a system small.

If you insist on using that horrible language, you can deliver a webapp that runs in a JavaScript runtime through the OS package manager. That ensures proper accounting for the users.


So how will I do all that in seconds on any platform with only a URL that is end-to-end encrypted and gives me multiple runtime options?

What happens when the "authorized code source" doesn't agree with my program?


In most distros you don't even need the URL but just the name and get the program in seconds, including signed code that is vetted for by maintainers. Usually you also have many runtime options in the config file, if not in the program itself, but that are details.

When your authorized source of code doesn't agree with a program then there is a problem, either with your source or with the program. There are too many parameters to describe all scenarios. For example, if distros refuse to provide a certain program, then you most likely are better off without it, if Apple doesn't let you install a program on your iphone, then you picked the wrong gatekeeper. Apple is a tyrant and puts its interests above yours. If you enter their garden you are on your own and I care very little for the problems there.

I'm not saying that code delivery is optimal like it is in the most popular distributions. But the Web is not the solution.

Speed is not the only metric.


Maybe for you, but I don't want any gatekeeper.

I want to decide what is "good for me", I want things fast and on any platform from my phone to laptop to car to TV.

Luckily we have choices, and I choose to use the web. You can use a browser that disabled all of this, as long as your gatekeeper allows you to.


Oh, also you have at least such an authorized source of code unless you have writtem every bit of software yourself. You might be unaware what the sources are.

If you use Google Chrome with auto updates, for example, you've made Google an authorized source of code for your system. More general, your browser developer gets to decide for you what technologies your browser supports by default.

Most OS' facilitate automatic or semiautomatic update mechanism. Then the organization who develops these updates and sends them to you is a source of code, that is authorized by you by virtue of you installing the OS.

A gatekeeper is a good thing if you have the last say. So you choose one that works in your interest and you decide whats good for you when you disagree. And you do have gatekeepers that work, but they work in your interest and for you so you don't notice nor complain.

Not having any gatekeeper means basically letting run any code on your machine. I detailed before why that is a bad idea from the security perspective and for it's other consequences.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: