Es­to pa­só más o me­nos cuan­do to­da­vía al­guno creía que "The Blair Wi­tch Pro­jec­t" era al­go im­por­tan­te, así que se­gu­ra­men­te era 1999, 2000, po­né­le, que es­ta­ba le­yen­do la co­lum­na "Mo­vie An­swer Man" de Ro­ger Eber­t, y pen­sé epa, ten­go al­go que de­cir so­bre eso.

Le man­dé un mail acer­ca de co­mo el gé­ne­ro de "found foota­ge" ya era vie­jo, ci­tan­do "Ho­lo­caus­to Ca­ni­ba­l" y el "Ar­thur Gor­don Py­m" de Poe (que cla­ro, es un ma­nus­cri­to en­contra­do­). In­ter­cam­bia­mos al­gu­nos mail­s, y siem­pre se veía que pres­ta­ba aten­ción a lo que leía an­tes de res­pon­de­r, asi que fué una lin­da con­ver­sació­n. Me ter­mi­nó pre­gun­tan­do cuan­do era la me­jor épo­ca pa­ra vi­si­tar Bue­nos Ai­res, le di­je que pri­ma­ve­ra u oto­ño, le di­je que ca­paz que es­ta­ría bue­no ve­nir pa­ra el BA­FI­CI, y a la lar­ga pa­ra­mo­s.

No es gran co­sa co­mo ané­c­do­ta, pe­ro me hi­zo dar­me cuen­ta que lle­vo más de quin­ce años le­yen­do sus cri­ti­cas y ar­tícu­los (y des­pués su blo­g, y su feed de twi­tte­r).

Me acuer­do de ver­lo ha­cien­do un ca­meo en una se­rie pe­do­rra de TV (la del ti­po con el pe­rro má­gi­co que le trae el dia­rio de ma­ña­na) y pen­sar, he­y, yo a ese lo co­noz­co (o al­go así).

Aho­ra que se mu­rió, pa­re­ce que fue con to­dos lo mis­mo que fue con­mi­go, ami­ga­ble, in­te­re­san­te y ama­ble.

Era la cla­se de ti­po que es­cri­bió crí­ti­cas de Gar­gan­ta Pro­fun­da, y es­cri­bió el guión de una pe­li de Russ Me­ye­r, y siem­pre es­tu­vo dis­pues­to a ad­mi­tir que una pe­lícu­la po­día ser ba­su­ra, pe­ro por lo me­nos bue­na ba­su­ra, si uno la to­ma­ba en sus tér­mi­no­s.

Se lo va a ex­tra­ña­r.

Ear­lier I men­tio­ned a ha­ck I use when I need to get a clean bro­w­ser qui­ck. He­re it is agai­n:

rm -f ~/.config/ralsina/devicenzo.conf
curl https://devicenzo.googlecode.com/svn/trunk/devicenzo.py | python

Sin­ce that got pos­ted on re­ddit (no, not li­nking it), it tri­gge­red "in­te­res­tin­g" ar­gu­men­ts. Ba­si­ca­lly many we­re sho­cked (sho­cked) about run­ning ar­bi­tra­ry in­ter­net co­de lo­ca­lly in this man­ne­r. It's in­se­cu­re. Whi­le I am by no means a se­cu­ri­ty ex­per­t, at least I know I am ig­no­ran­t.

Le­t's exa­mi­ne that in­se­cu­ri­ty claim a li­ttle, in the con­text of what I was pro­po­sin­g. I am tr­ying to te­ll peo­ple "he­re's a sma­ll web bro­w­ser that re­qui­res no se­tup and sin­ce it's not your main bro­w­se­r, you can nuke it and re­set its sta­te ea­si­ly be­fo­re run­ning it, like this".

So, wha­t's wrong wi­th doing it that wa­y, ac­cor­ding to the co­m­men­ter­s:

It's insecure because you can't see the code before running it because it's piped.

We­ll, that makes it exac­tly as in­se­cu­re as eve­ry un­sig­ned bi­na­ry you ever do­wn­loade­d. Or, le­t's be ho­nes­t, eve­ry she­ll scrip­t, py­thon scrip­t, perl script etc you ha­ve ever do­wn­loade­d. Or you au­dit the­m?

Who exac­tly is being pre­ven­ted from au­di­ting it by ha­ving it pre­sen­ted this wa­y? Is the in­ter­sec­tion of "peo­ple who can au­dit this scrip­t" and "po­ple who do­n't un­ders­tand pi­pes" not emp­ty?

For tho­se who can au­di­t, this makes no di­ffe­ren­ce. For tho­se who can't au­di­t, this makes no di­ffe­ren­ce.

It would be better if I provided a hash of the file to know it's not tampered

And how would you know the hash is not tam­pe­re­d? Wat you wan­t, rea­lly is a di­gi­tal sig­na­tu­re of the scrip­t.

If you trust google (and usua­ll­y, peo­ple do­), then you know tha­t:

1. The script was uploaded by me (che­­ck the his­­to­­­ry of the fi­­le)

2. The script has not been ta­m­­pe­­red from the re­­po (si­n­­ce it's a se­­cu­­re co­n­­ne­c­­tion and ye­s, the­­re is a hash of the re­­vi­­sio­­n)

If you do­n't trust google, then you do­n't know who uploaded it, and if you do­n't trust me, you do­n't ca­re who uploaded it, even if it's sig­ned (be­cau­se it's sig­ned by so­meo­ne you do­n't trus­t).

How does the user know it's not malware?

He does­n'­t. Li­fe is like tha­t.

Why should the user trust you?

He should­n'­t. OTOH, we­re he so in­cli­ne­d, he can che­ck who wro­te it, and that I am a real per­so­n, wi­th a long his­to­ry of sha­ring co­de on­li­ne and no clai­ms of ever pus­hing ma­lwa­re.

This is more insecure because it downloads on every run

You do­n't need to run ma­lwa­re mo­re than on­ce, an­ywa­y. So, not mu­ch of a di­ffe­ren­ce.

This propagates bad habits

So does Dunki­n' Do­nu­ts, and noone pos­ts about it at re­ddi­t. But in any ca­se, su­re, it's a bad ha­bi­t. Big dea­l.

So, is it se­cu­re? He­ll no! Is it sig­ni­fi­can­tly le­ss se­cu­re than ins­ta­lling a ran­dom PPA you see men­tio­ned in a fo­ru­m? Ma­y­be sli­gh­tl­y. Is it le­ss se­cu­re than run­ning ran­dom un­sig­ned bi­na­rie­s? He­ll no. Is it le­ss se­cu­re than do­wn­loading and run­ning it? No. Is it le­ss se­cu­re than buil­ding a ran­dom thing from sour­ce? He­ll no.

But is it le­ss se­cu­re than the other rea­lis­tic wa­ys in whi­ch I can gi­ve you a 100+ li­ne chunk of py­thon co­de that wo­rks as a web bro­w­se­r? I do­n't thi­nk so.

In the con­text of "he­re's the co­de for it, it can do this", this is not sig­ni­fi­can­tly in­se­cu­re. It's mo­re or le­ss as in­se­cu­re as the al­ter­na­ti­ve­s. Wi­th the ad­van­ta­ge tha­t, if you wan­t, you can au­dit it. It's 128 li­nes of co­de (a­s­su­ming you trust Qt and Py­Qt and Py­tho­n, etc)

So the­re.