this post was submitted on 07 Aug 2023
1094 points (97.2% liked)

Programmer Humor

19594 readers
977 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
1094
Good Old Windows (lemmy.world)
submitted 1 year ago* (last edited 1 year ago) by ekZepp to c/[email protected]
 

System32Comics Art

Webtoon gallery

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 153 points 1 year ago (7 children)

Because paying a few grand a year for a certificate somehow makes your software more trustworthy

[–] [email protected] 51 points 1 year ago

The original Twitter checkmark

[–] [email protected] 33 points 1 year ago (1 children)

You're being sarcastic but even small fees immediately weed out a ton of cruft.

[–] [email protected] 24 points 1 year ago (1 children)

They also weed out a lot of legitimate software, especially if it's non-commercial.

[–] [email protected] 17 points 1 year ago (1 children)

I'm not saying there aren't downsides, just that it isn't a totally crazy strategy.

[–] RippleEffect 21 points 1 year ago (1 children)

Well it at least is an obstacle. Broke hackers won't get it or will have to work harder to get around it.

[–] Ddhuud 40 points 1 year ago

That's the intention. In reality lots of genuine devs can't afford it, so people get accustomed to just ignore the whole thing.

[–] [email protected] 10 points 1 year ago

Even more lols when you are gigabyte and your private key leaks. Also when you are gigabyte and your signed driver is used to privilege escalate malware.

[–] yogurtwrong 7 points 1 year ago

And you can still bypass it if you put your software in a .zip

[–] smolyeet 6 points 1 year ago

And that’s why certificates can be revoked, that’s the whole point, trust. It only costs a few hundred a year per Microsoft’s documentation and approved vendors so it doesn’t seem that much of an ask. At the very least you can look up the developer yourself, harder to do if the package has no identity associated with it

[–] [email protected] 2 points 1 year ago

Gigabyte has entered the chat.