"The implicit assumption central to this way of organising the economy is that anything legally on sale is "safe". That it has been checked and approved by experts that know what they are doing and have the consumer interest as top priority.
People will not rush back home to their chemistry labs to check what is in their purchased food, whether it corresponds to the label (assuming that such a label even exists) and what might be the short or long term health effects. They dont have the knowledge, resources and time to do that for all the stuff they get exposed to."
What you describe is a feature of a high-trust society, where you don't have to double-check every single transaction or interaction you enter into, but can take most statements on trust. This allows people to get on with the fundamental task at hand, rather than dealing with the overhead of checking their food in the chemistry lab, or whatever the equivalent is for the specific transaction.
I have read suggestions that this was a major contributor to the growth of the Western economies, relative to other low-trust societies. If this was the case, we are in for a bumpy ride, as we seem to be rapidly changing from a high-trust to a low-trust society.
Having worked in many low-trust countries, I very much agree with that assertion. And seeing the effects of the trust-decay in our own, and the trajectory it sets, reinforces that view.
"I have read suggestions that this was a major contributor to the growth of the Western economies, relative to other low-trust societies." I'm not sure I follow, what are other low trust societies? Otherwise I'm with you here - living in a cabin in the woods survivalist-mode does nothing to progress a society.
Societies with lots of corruption, adulteration, theft, forgery, counterfeit, etc that goes under-punished. If you are frequently burned by your transactions and interactions with business, government, etc you're going to have low trust.
> living in a cabin in the woods survivalist-mode does nothing to progress a society.
Not everyone's goal is to progress a society though. If one's goal is to live a quiet life and do what makes them happy, what's wrong with living in a cabin in the woods?
That would only be a fundamental problem if everyone owes something to society. That's a much different conversation though, whether everyone is born into a debt that must be paid back to society.
If handiwork and subsistence farming are not what makes you happy, living in a cabin in the woods will not make you happy, because when you cannot outsource them to the rest of society, nearly all your time will be spent doing those things in order to survive.
Even once these basics are sorted, you will only live happily outside society as long as you are lucky enough to stay healthy.
If handiwork and producing or finding your own food is what makes you happy, then why does it matter whether you are outsourcing to society?
The second sounds like a separate goal unto itself. There's absolutely nothing wrong with that goal, or with having multiple goals, but if you start by saying doing X makes you happy then it doesn't really make sense to say doing X won't actually make you happy because you aren't doing Y.
I think the point is more that there are a very limited number of very specific lifestyles that can exist outside of a society. If you happen to thrive in one of those lifestyles, awesome, cabin in the woods works great for you.
But you can't do that if your passion is making music, or mathematics, or computer programming, or electrical tinkering, etc. There just isn't an option to follow the vast majority of pursuits except if you also engage in society.
People don't have the physical or mental ability to live alone. Their version of "alone" is a world where there are institutions that exist to protect their property, guarantee their transactions, and where they are supplied with a massive amount of high-quality manufactured goods. Paying for them doesn't make you somehow independent of society, it's the nature of society. You're trading bits of paper with government promises printed on them.
There's a big difference in living alone versus living in a big city though. Living in a cabin in the woods, as the example here, doesn't mean alone and cut off from everyone else. It likely just means a quieter, more self sufficient life.
Presumably if one is actually living alone in the woods they wouldn't be dependent on the larger societal systems like money, security, manufactured goods, etc. How would the get the money to start with without having a job that interacts with the outside world?
> Not everyone's goal is to progress a society though.
Thank you. That was my initial thought too. Why is progress the goal? Not everything has to "progress" at all times. What progress needs to be made anyway? And towards what end? Who decides that?
There's an inherent good to stopping progress and spending some time in a cabin in the woods.
If we never stop and enjoy now, then why bother with tomorrow?
The really challenge I've had with "progress" as a goal is that it so frequently is missing the context of what we're trying to progress towards.
The idea seems to be that starting with what we have today and taking another step forward is always the right move. Never go backwards, and its okay if we don't define our goals beforehand as long as we keep moving our feet.
Yeah that's a really interesting take. To me, whether it has an end really depends on how you define progress and what the goals are.
In the common sense where progress is little more than moving our feet, there's no end unless civilization collapses.
If one goes at it from the angle of the goal bring "enough", the end really is just getting to a point of maintaining what we already have. Wanting to secure the basics like shelter and reliable access to food and water is met with much less than what we have today. Surely there's some level of convenience and enjoyment that make sense beyond just the basics, but are we not there yet? And if we are, would progress best be focused on the goal of maintaining what we have that gives the most people an enjoyable life while minimizing our impact on the rest of the environment and everything that allowed humans to be here in the first place?
The comment I was replying to was talking about the growth of the economies and society progress. It's not about owing, it's about what is happening - and I think we agree that if the goal of everybody in a society is to live a quiet life, there will be no progress. Maybe we'd even witness the contrary: a regress of said society, to the extent we can call sparse people living by themselves in the woods a "society". If that sounds negative and you feel the need to defend it, it's maybe because you actually agree it's a negative for the society. While being good for the individual, right.
> and I think we agree that if the goal of everybody in a society is to live a quiet life, there will be no progress
That's actually where it gets really interesting though. Progress isn't absolute, it's relational and requires first defining the goal. If one's goal is to live a quiet life where they minimize their dependence on others, living in a cabin in the woods and finding their solution for food and water is progress. That obviously doesn't fit for a larger society where the goal is generally increasing dependence and trust on the larger society, but neither is right or wrong.
If one's goal is to live a quiet life where they minimize their dependence on others, it is incumbent on them to figure out how to keep anybody who wants what they have from just coming in and taking it. That requires a society. Your deed to your land is civilization. Part of societal progress is making it so that deed can be trusted to keep people from just taking your cabin in the woods and throwing you out.
This has to be negotiated with the people who would want to take your cabin in the woods and throw you out.
They're having the same problems with political extremism as the US. To be clear, this is both that political figures are leaning towards the extreme ends of their ideologies, as well as a culture of dogma and isolation that pushes them and their citizens towards extremes.
Henry David Thoreau lived in a cabin for 2 years & that probably had societal impact...
string from Wiki: "Thoreau's philosophy of civil disobedience later influenced the political thoughts and actions of notable figures such as Leo Tolstoy, Mahatma Gandhi, and Martin Luther King Jr."
From what I remember, his reasons for living in the cabin are only explained at the end of the book. I wonder if people forget or are unaware of his intentions and just remember the 'dropping out of society' part.
my memory doesn't recall much beyond his long stretches of describing nature there...
but the point is: maybe going off-grid can be relevant? changes also can also occur in "small bubbles of reality" and their impact can be extensive or narrow, still, they are a change..?
...and then he came back and spread his contributions to the society, notable figures inclusive. Had he stayed in that cabin and only wrote in his diary, we'd had no idea a Thoreau ever lived. So this was not an example.
i live in a cabin in the woods, we have different lifestyles too.
im very technical, my nieghbour 'grizzly annie' is the opposite, but we trade back n forth.
Trust is an indispensable element of successful business strategy. But not all businesses are using this strategy till the end. I mean you can gain trust and sometimes use that trust to make people believe you in any cases.
> Then you go use linux and everyone copy-pastes commands other people wrote straight into the terminal.
This is exactly the same bias in action. When I started using Linux nobody was doing that, and even if somebody gave you a script, its actions were verifiable by reading the relevant man pages.
I still don't run install.sh files I didn't read or at least skimmed, for example.
Do you also audit the sources of the programs installed by that install.sh? Do you make sure the binaries and sources match? If not, why? What makes the shell script so special that it must be audited with care, but the binaries are fine?
I do not use any "install.sh" that installs freestanding binaries. All of the ones I use just sets up repositories, and I make sure that the repositories are the correct/legit ones. If I have to install a freestanding binary, I compile it from source and install.
Since all the repositories are signed there must be a big breach to compromise these packages since the infrastructure is generally distributed. Different servers, keys, etc.
> What makes the shell script so special that it must be audited with care...
Because I need to know what changes I'm incorporating into my system(s), and plan accordingly, or prevent any change which is not in line with my system administration principles.
> ...but the binaries are fine?
They are not fine, but they are signed at multiple levels and checksummed, so they are a lower risk.
Your risk model is kinda perverse. You're saying you trust package maintainers because they sign things. So if I send you a signed script that checksums itself before running will you run that without audit?
It’s trust all the way down and always has been. You just have a different idea of how you formally signal and convey trust than someone else.
I paste commands into the terminal because I can read exactly what they do and they are delivered over a connection where my user agent has verified the TLS certificate of the server. In fact I’m electing to trust directly rather than transitively the source of the software.
The only thing signed files prevents is modification in transit (and at rest on macOS/iOS and Windows, Linux doesn’t do that). Linux is ripe with time of check vs time of use race conditions.
I think I failed to make myself clear. I don't trust the package maintainers, I trust the supply chain and the process.
For example, a well maintained APT repository contains multiple levels of signatures, and these signatures are stored in a keyring. You import the keyring, and it contains public key of every package maintainer, plus the repository manager. So, package maintainers sign their packages, and repository maintainer signs the repository, plus the packages via their checksums. Packages' own signatures and own checksums provides consistency and authenticity checks, and repository maintainer's signature makes sure that nothing in the repository moves after the repository is signed and published.
So, you have to compromise at least two private keys (or two people) to compromise a repository. If you're working with a critical repository, you can use "m of n" scheme for the repository signing keys, so you need to compromise m+1 people to do something nefarious.
> So if I send you a signed script that checksums itself before running will you run that without audit?
Hard no. You don't have a verifiable chain behind that script. Even if you do, scripts are always read and examined. Period.
> I can read exactly what they do and they are delivered over a connection where my user agent has verified the TLS certificate of the server.
Yes, a TLS certificate guarantees that MITM is impossible for now. But it doesn't guarantee that server has not been compromised and the file changed at rest. We have seen that happened in the past.
> The only thing signed files prevents is modification in transit ...
No. Both RPM and APT repositories' signature chains ensure that files are not modified at rest or at transit, plus the files are put into the repositories with an approval of a real human being.
These signatures are tip of a "web of trust" iceberg, and not mere automated signatures.
Moreover, if a software doesn't inspire confidence and doesn't pass the smell test, it doesn't get installed on my system anyway, regardless of its form.
If I have to install it, I install it to an isolated VM, and destroy the VM as soon as my work is done with it.
I think the replies saying how terrible this is are missing it. The Linux community is a high-trust community and has continuously earned that trust over and over again. The times when it's been broken are so few it's newsworthy each time it happens.
Anyone who's like "well I don't copy/paste shell code into my terminal" is just virtue signaling. I'm willing to bet their editor Vim/Emacs/VSCode is overflowing with plug-ins and code written by just some guy on Github. I bet they've ran containers that are written by just some guy too.
It's a really cool feature that you can just download a random binary off Github, run it, and not really have to worry about it.
> everyone copy-pastes commands other people wrote straight into the terminal
I know a lot of people that use Linux and not many of them operate this way. Most care about their software sources. "Everyone" is certainly not the case.
And yet when I complained about `curl | sh` on HN the other day, I got ridiculed. "Everyone" is too much, but even on a purportedly "hacker" website, people find the idea of perusing a shell script before executing it preposterous.
Something that's hard to remember, but helps a little: if you get 3 people saying stupid things, that's only 3 people -- not necessarily representative of the people out there.
But `curl | sh` is no less secure. Download this file and execute it. Functionally the same outcome. Tell me how doing that is materially different than `apt get`. Both employ signing and checksums (just with different PKI). One delegates trust to a package maintainer while the other trusts the author directly. I truly don’t understand the paranoia and consider it tinfoil hat security theater.
It’s worse than that. Find a random blog that gives you shell commands that add random repositories to your apt sources.list, adds the ssl keys, and installs packages from the repo, all through a paste to the command line.
People will not rush back home to their chemistry labs to check what is in their purchased food, whether it corresponds to the label (assuming that such a label even exists) and what might be the short or long term health effects. They dont have the knowledge, resources and time to do that for all the stuff they get exposed to."
What you describe is a feature of a high-trust society, where you don't have to double-check every single transaction or interaction you enter into, but can take most statements on trust. This allows people to get on with the fundamental task at hand, rather than dealing with the overhead of checking their food in the chemistry lab, or whatever the equivalent is for the specific transaction.
I have read suggestions that this was a major contributor to the growth of the Western economies, relative to other low-trust societies. If this was the case, we are in for a bumpy ride, as we seem to be rapidly changing from a high-trust to a low-trust society.