Francisco TolmaskyJul 5, 2024
I really hate the term “side-loading.” We shouldn’t need a word for the normal way we’ve been installing apps for the past 40 years. If tomorrow Apple decided they were going to start only letting you visit web pages they approved of, we wouldn’t call some sort of alternating system that let you see *the rest of the fucking internet* “side-paging”. We’d instead call the whole thing bullshit.
Show threadJeff AtwoodJul 5, 2024
@tolmasky trading binaries makes this a far more dangerous game than the web
Show threadFrancisco Tolmasky

@codinghorror We didn’t call it side loading binaries on macOS either. Arguably the AppStore has done nothing for security, that’s all sandboxing. Apple constantly allows scam apps on the store, takes forever to take them down, lets them advertise [1], and often lists them higher in search! To quote Phill Schiller: “Is no one minding the store?!” Arguably it’s worse for security since people are convinced everything there is safe. It’s the TSA of app security.

1. https://www.bitdefender.com/blog/hotforsecurity/shady-authenticator-apps-flood-apple-and-google-app-stores-after-twitter-shifts-from-sms-based-2fa/

Shady Authenticator Apps Flood Apple and Google App Stores After Twitter Shifts from SMS-Based 2FA

Security researchers are sounding the alarm over a wave of questionable authenticator apps flooding the Apple App Store and Google Play after Twitter’s recent shift from SMS-based 2FA [https://www.

Hot for Security
Jul 5, 2024 at 9:22pmIvory for iOS
Show threadJeff AtwoodJul 5, 2024
@tolmasky yeah, that's all fine, but to say "just like the web" isn't correct when you are dealing with binaries. There is a movement to put binaries on the web (webassembly?) https://webassembly.org/
WebAssembly

WebAssembly (abbreviated Wasm) is a binary instruction format for a stack-based virtual machine. Wasm is designed as a portable compilation target for programming languages, enabling deployment on the web for client and server applications.

Show threadMiguel ArrozJul 5, 2024

@codinghorror @tolmasky There's a big difference between a user explicitly downloading, installing and running a binary, and the browser downloading and running some binary that does who knows what from some advertising company when I open the newspaper website.

Either I trust the provider of the software I install on my Mac… or I don't. The means of distribution are irrelevant, as long as there's a system that guarantees the binary isn't tampered along the way (and there is, code signing).

Show threadFrancisco TolmaskyJul 5, 2024
@codinghorror I see the perception that this is a future technology still persists… https://x.com/tolmasky/status/1575992502234255360
Francisco Tolmasky (@[email protected]) (@tolmasky) on X

It’s interesting that Figma didn’t usher in a new age of super cool web apps. They released a super impressive WASM app *6 years ago*. Everyone was blown away & then proceeded to… talk about WASM as a future technology & just went back to arguing about React vs. Vue or whatever.

X (formerly Twitter)
Show threadJeff AtwoodJul 5, 2024
@tolmasky could be worse, could be Android