If you trust your distro official binary packages, you should know most distro sign their packages after compiling and the package manager verifies this in case they have been somehow tampered by a rogue mirror or such. This simple concept has somehow evaded the windows world, like forever, which is why they have to do it manually, which of course given the laziness of the average windows user, they never do.
Right, but it's difficult for me to forget how recently this was broken...
aptitude package manager (Debian, Ubuntu & derivatives thereof use aptitude) had an issue in springtime 2019 where an attacker could bypass the signature checking on packages. Combine that expolit with subversion of DNS resolution for an aptitude repo
and then an attacker could serve bogus software updates and packages to all Debian based boxes (not hard as aptitude was still recommending configuring http links because signing packages is infallible!)
fixed now of course, but does anyone
really know whether a malicious actor knew this beforehand, and now every Debian based machine has the latest greatest rootkit installed? fixing aptitude doesn't matter in that worst case scenario.
That situation immediately got me looking for alternative models; source based package managers, such as those in Gentoo, FreeBSD, Crux, Nix, Guix etc are looking very attractive. Nothing stops bugs in these package managers either, but the situation with aptitude demonstrates that having a limited number of repo mirrors serving package binaries is a more fragile model than I'd previously considered. At least a similar such bug in source based package managers would also require a simultaneous attack against dozens of different source code repos too (although targeting e.g. gnu git servers would be simple but effective in those circumstances, all easier said than done of course)
And is the Tor Browser even available through Linux software repos? It's available through the torporject repo... but we're coming onto the topic of Tor Browser itself further down...
A typical windows user is used to the idea that binaries are downloaded from random web pages, the concept of an official repository is alien to them. Microsoft attempted something with their software shop thing, but with little success. (Bad) habits are hard to break, especially when reinforced over decades of IT malpractice.
yeah, these people would be very easy to manipulate (hence the internal Electrum popup, which alot of people just assumed they could trust, because they didn't understand that popups could be coming from someone who is not the Electrum devs).
Do you still get pop ups? I'm surprised, none of my browsers are allowed to do it, and my Desktop Environment seldom does it, except the occasional Want to save? prompt if i forgot saving a document or such. In Windows i remember some malware faking the whole popup so even the "close" button triggers whatever it wanted to trigger, its just a lost cause, there is no salvation for that OS.
"unsolicited" popups literally haven't happened to me in years, it's possible I might be easier to trick because of that, provided the trick was clever enough.
There is Tor, and there is Tor Browser, which is Firefox with Tor bundled and a bunch of preset settings. I don't particularly like Tor Browser, as you can point any browser to Tor anyway, but it was made for lazy people, especially in Windows where its harder to explain people how to configure things properly. It beats me how could people use Tor in Windows to begin with, kinda defeats the whole idea, but even Satoshi apparently made that mistake, ugh.
Well, it's true that Tor Browser is little different than the regular Firefox browser. But even for users who
don't use the tor network daemon from the Tor Browser Bundle (such as me), configuring Firefox to use Tor Browser's settings and plugins is not to be taken lightly... a large part of the Tor Browser set of presets is to make the browser difficult to fingerprint, which is a vast topic (which extends beyond the browser into the OS and the underlying hardware), so any small mistakes or oversights in a self-configured Firefox are guaranteed to weaken your anonymity.
As for satoshi... I get the feeling that maybe Windows was a way for satoshi to help obscure his/their identity further. It's pretty common for *nix users to also be proficient Windows users, or just capable of quickly learning the Windows way of doing something. What you're saying only underlines this point more: if satoshi really was using Windows the whole time while developing Bitcoin and communicating here on Bitcointalk.org, the chances that he was being surveilled by intelligence agencies are pretty high. It seems more likely that either being a Windows user was an elaborate smokescreen, or that satoshi was working with or for intelligence agencies all along. whether that's good or bad depends on what the objective of the Bitcoin project was
I don't mind the 70ies, it also brought us the C language and the Unix kiss principle. Microsoft and others actually got into shortcuts, and some other not very fair practices such purchasing companies to deliver products they never had in the first place (See historical IBM/Microsoft DOS deal).
Yep, the Unix fundamentals and the C language are still incredibly relevant today. Android phones, all Apple devices and your home router are running and relying on those Unix basic components, and are reliable and secure in a large part because of Unix. And it's fundamentally the same as it was in the 1970's.
Microsoft are (and always were) a bunch of lazy crooks that won initially because they were well-connected in business, not because they had good products. Even if they produced some decent software since then (and I emphasize the "some"), both the foundations of their OS and their basic business ethics are irreparably rotten.
