kravietz 🦇Jan 19

Ryan Chenkie:

Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

Note: Google allows the ad sponsors to specify an URL that will be displayed on the ad (original brew.sh here), but the click takes you to the malware domain brewe.sh.

#Apple #HomeBrew #Google #MacOS

Ryan Chenkie (@ryanchenkie) on X

⚠️ Developers, please be careful when installing Homebrew. Google is serving sponsored links to a Homebrew site clone that has a cURL command to malware. The URL for this site is one letter different than the official site.

X (formerly Twitter)
Show threadhardyjohnsonJan 19
@kravietz don’t worry Homebrew have conditioned everyone to just copy a curl pipe to shell command into their terminal, what could go wrong?
Show threadblaue_FledermausJan 20
@hardyjohnson @kravietz
For someone less familiar with with it, don't most Linux command line installations look like "copy and paste this random commands"?
How is that homebrew's fault?
Show threadmathewJan 21
@blaue_Fledermaus @hardyjohnson @kravietz No, most Linux command line installations look like asking the package manager to install it. The package manager uses a standard set of online archives, and downloads are verified cryptographically. Kinda like the Mac app store, in fact.
Show threadblaue_FledermausJan 21
@mathew
Yes, but for someone unfamiliar it just looks random.
@hardyjohnson @kravietz
Show threadmathewJan 21

@blaue_Fledermaus @hardyjohnson @kravietz What I'm saying is that installing stuff on Linux doesn't generally involve pasting random stuff into a terminal.

https://www.techdrivein.com/2016/04/new-ubuntu-software-center-1604-xenial.html

Meet the brand new Ubuntu Software Center in Ubuntu 16.04 LTS

Finally! Ubuntu Software Center (USC) has always been one of *the* most bloated of all default Ubuntu apps, I couldn't even remember the la...

Show threadblaue_Fledermaus
@mathew
At least in my experience, a lot of software related to programming is not directly available in the app stores, usually the official documentation and other tutorials only give terminal commands (sometimes outdated).
Only rarely there's a (not officially supported) flatpack or snap.
@hardyjohnson @kravietz
Jan 21 at 5:40pmWeb
Show threadmathewJan 21
@blaue_Fledermaus @hardyjohnson @kravietz True, but people engaged in programming should know better than to pipe curl to sh. Often there's another way to install.
Show threadblaue_FledermausJan 21
@mathew
It may be nice to know, but I just want to get the thing running to get going with my work.
Just give me a link to the store with a install button, or a flatpack, snap, or deb.
Maybe when tinkering on my free time.
Show threadmathewJan 21
@blaue_Fledermaus Absolutely agree, software should be packaged properly for Linux.