this post was submitted on 07 Aug 2023
1143 points (97.2% liked)

Programmer Humor

19480 readers
224 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 

System32Comics Art

Webtoon gallery

you are viewing a single comment's thread
view the rest of the comments
[–] korstmos@kbin.social 161 points 1 year ago (7 children)

Because paying a few grand a year for a certificate somehow makes your software more trustworthy

[–] magic_lobster_party@kbin.social 56 points 1 year ago

The original Twitter checkmark

[–] Zalack@startrek.website 36 points 1 year ago (1 children)

You're being sarcastic but even small fees immediately weed out a ton of cruft.

[–] xigoi@lemmy.sdf.org 27 points 1 year ago (1 children)

They also weed out a lot of legitimate software, especially if it's non-commercial.

[–] Zalack@startrek.website 19 points 1 year ago (1 children)

I'm not saying there aren't downsides, just that it isn't a totally crazy strategy.

[–] RippleEffect@lemmy.world 21 points 1 year ago (1 children)

Well it at least is an obstacle. Broke hackers won't get it or will have to work harder to get around it.

[–] Ddhuud@lemmy.world 42 points 1 year ago

That's the intention. In reality lots of genuine devs can't afford it, so people get accustomed to just ignore the whole thing.

[–] ryannathans@lemmy.fmhy.net 10 points 1 year ago

Even more lols when you are gigabyte and your private key leaks. Also when you are gigabyte and your signed driver is used to privilege escalate malware.

[–] yogurtwrong@lemmy.world 7 points 1 year ago

And you can still bypass it if you put your software in a .zip

[–] smolyeet@lemmy.world 4 points 1 year ago

And that’s why certificates can be revoked, that’s the whole point, trust. It only costs a few hundred a year per Microsoft’s documentation and approved vendors so it doesn’t seem that much of an ask. At the very least you can look up the developer yourself, harder to do if the package has no identity associated with it

[–] Tathas@programming.dev 2 points 1 year ago

Gigabyte has entered the chat.