Show them this Ken Thompson paper of 1984: "Reflections on Trusting Trust" https... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		efortis 7 months ago \| parent \| context \| favorite \| on: Active NPM supply chain attack: Tinycolor and 40 P... Show them this Ken Thompson paper of 1984: "Reflections on Trusting Trust" https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref... And then hardware compromises… I don't mean install anything. I mean, it's not a problem particular to the JS ecosystem.

lrvick 7 months ago [–]

I full source bootstrapped a Linux distro from hex0 all the way to nodejs binaries just to deal with trusting trust risks.

"just give up" is not a valid strategy.

https://codeberg.org/stagex/stagex

efortis 7 months ago | [–]

where can I follow you? blog, x?

lrvick 7 months ago | | [–]

https://lance.dev has my mastodon etc. My friends and I also run the #! community, https://hashbang.sh #!:matrix.org

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact