Oddbean new post about login | logout Does anyone know if it's even possible to build an executable for Windows using e.g. Rust (though this might apply to other langs), without buying a signing certificate, and have it runnable by users without false positive virus/trojan warnings (which, actually, make it effectively impossible for users to run). I did a lot of searching and found a huge number of developers reporting this problem, but actually no solutions. Is it just impossible to distribute binaries as an independent developer? Is it just isolated to Rust and maybe Go etc? Or ...? Anyone experienced this and found a way round it?
No, you are pretty much forced to get a cert. Same with macos now too.
I hate the certificate cartel.
distributing native applications is such a nightmare
Does bitcoin core use a signing cert? I guess it does.
it does, both for MacOS and Windows it's non-trivial to do this with a deterministic build, because we can't exactly distribute the certificates to builders-who can be anyone so we first do a non-codesigned build pass, then the people with the certificates sign their binaries using the appropriate signing tool, and upload the detached signature (for both platforms) to https://github.com/bitcoin-core/bitcoin-detached-sigs these are subsequently attached in a final build pass a lot of work for what is basically security theater, but as you found there's not really a choice with these platforms
We are also in hard place at the moment because macos now also requires a stapled notarization. There are open source tools for it that seem to work well, but they introduce a big rat tail of dependencies.
What is stapled notarization?
nostr:nprofile1qqszclxx9f5haga8sfjjrulaxncvkfekj097t6f3pu65f86rvg49ehqpzamhxue69uhhyetvv9ujumn0wd68ytnzv9hxgtcppemhxue69uhkummn9ekx7mp0qy88wumn8ghj77tpvf6jumt99uj4cs7t-san, I know rust is not your speciality but is this possible in Go? nostr:nevent1qqsyuccpeak4lm7uwmdtlx8dssg8gs7k6vayd5g2sd4ezzvtakden5gppemhxue69uhkummn9ekx7mp0qgsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2qrqsqqqqqpvpxvqf
I don't think there are ways around it. I have a friend who still ships a Windows app and he had to go to loads of effort to to get a signing device. I would urge you to stop developing for Windows. The signing does not stop bad actors as the verification process is done by some Indian call center that calls you on any number you provide and all you have to do is answer and say "yes that's me." This should not be encouraged. People are making money off of you just because you comply and for the consumer it adds no safety.
Agree in general. The problem for me is not that they have an app signing process ... even if it's bad. The problem is that removing users' rights to execute programs (as per Stallman's framing) is profoundly morally wrong.
macOS let's you jump through hoops to still execute whatever you want (they just want to stop most newbie users from doing it). I can't imagine windows doesn't have that option but I don't use it and have no experience.
Defender is installed by default and will quarantine a simple rust binary and often tell the user they have been infected with a trojan. I know that sounds ridiculous but i spent a lot of time looking into it. The problem is they have no incentive to not false positive.
Even though GNU/Linux systems don't have these types of restrictions, it would be great to have better sandboxing between desktop apps for a given user. Despite the intentional malware, software exploits and RE bugs exist and would be nice to mitigate with limited scopes and etc. Does Qubes provide better isolation or are there better alternatives?
FWIW this is what flatpak does, it has pretty good sandboxing using linux kernel namespaces, not as perfect as qubes with its hardware VMs but that comes at a steep performance cost
I didn't know that about flatpak, I'll have to give it another look.
some of the other app distribution systems for linux also do sandboxing, at the least snap and steam (but i'm less familiar with how they do it, probably similar) it's especially great for browsers as they are the most common target for remote exploits nowadays, and that's one reason for Ubuntu's decision to only ship firefox as a snap nowadays
Wasn't a fan of snap, seemed like yet another package manager, but that makes a lot more sense now. It'd be great if the main package manager had it too, because that could have a lot of value for a distro.
i agree though i find a basic debian stable install + flatpak for all GUI applications works pretty well also means you can have the newest versions, instead of whatever trickled through debian 😀 but yes having it integrated would make sense, it's just that the usual way of installing applications for linux is to throw files all over the file system, which makes them neigh impossible to confine, and there's a lot of inertia in changing something like apt
I've never wanted anything more than apps to keep all of their crap local. So if I wanted to remove an app I could just 'rm -rf app/' and it would be gone without a trace. I currently do as much as I can tolerate from source, or signed tarballs, and use Taskfile.dev to create scripts to perform updates anc compile so I can keep as much data local as possible, but that's TUI apps not desktop stuff.
yes there is no strong reason why it needs to be that way, it's just a UNIX convention if you build from source you can install wherever 😀 also some distros, like guix automatically install every package to a unique new directory then symlinks the binaries and libs when needed, it doesn't do any sandboxing though! the other main practical difficulty in sandboxing is access to shared directories, like the home directory, if applications have unrestricted access there it still doesn't help much flatpak has so-called portals https://docs.flatpak.org/en/latest/portal-api-reference.html to give the user ability to give conditional specific access only when needed eg the file browser will only give a capability that gives access to the specific file selected, not everything but every application needs to have specific support for this... so that's a lot of work
stop using rust if it's pure go, there's no need to do any bullshit, it makes .exe files... WOW64 or WIN32 at your choice
um, wait, you mean "for distribution on gay homo windows store? cos nothing is stopping anyone from building .exe files and/or even building installers to place them into neat folders in a user's directory all the permission required is "administrator"