Kaito
daniel:// stenberg://A random guy telling the world how to install some new software. An illustration.
The video: https://youtu.be/kRmZ5zmMS2o
NVIDIA's Jenson Hwang launches NemoClaw to the OpenClaw community
Simon ๐ฎ
@bagder I couldn't find it on your e-log, but have you ever written about piping into bash, since it's such a common occurance?
Duco
petur ๐ถ๐บ๐ฆ๐ต๐ธ๐น๐ผ
Fennix
Hannah (With a snake problem ๐)
โ
climbertobby
Sijmen ๐งโ๐ป@bagder we should take that to the next level with a sh: protocol handler + QR codes!
Magnesium
Ludwig Vielfrass@bagder at least itโs not โsudo bashโ?
Not that that makes me feel much better.
๐ธ โถnarkitty lumi-nhac 
@bagder at least it's not being piped to some llm, i guess
install.md is horrifying
(not that i think the software itself is good or should be used. all genai shit is bad and should be shunned)
install.md is horrifying
(not that i think the software itself is good or should be used. all genai shit is bad and should be shunned)
Read along with Matt@bagder I always think of the pipegreppers union art when I see this in install docs
(edited to add a white background, this was unreadable before haha)
Franklin Delano Stallone@bagder It still feels weird we decided it was okay to just run a bash script off the web without looking at it.
At least if the URL gets compromised it can only affect your own files.
irelephant
kasperd@kasperd Not everyone but imo it is definitely far more popular than it should be.
draeath
โ Fish Id Wardrobe
Martin Uecker@fishidwardrobe @fds @bagder It is worse, as it might leave no trace. But regular users should do neither.
@fishidwardrobe @fds @bagder It dramatically reduces the risk because of various checks being done. The XY utils backdoor was found by a debian developer. But there is also another benefit: if there is a compromise, it can be traced reliably.
Nick Gully@bagder 100 billion dollar black jacket right there. You should ask for one.
Maccy Goat@bagder โ
โ
โVibe installing
schelmo
Karl@bagder people running this kind of software are exactly the kind of people who would run a curl-pipe-bash, so it checks out.
foxwrk
`Da Elf@bagder Being a UNIX (these days, linux because that's the flow) guy ... NVIDIA driver blobs can kiss my skinny white butt. Was over it 20 years ago.
WHy do you hurt yourselves. I have emergency numbers for people that like to cut themselves and I don't actually see a divergence. This scares me. I've been upside down at Mach1+ and jumped out of perfectly good helos
yetzt
highvoltage@bagder People do this so much, I'm surprised there's not a burl alias like wcurl
F
steve mookie kongI love blindly piping random shell scripts into bash. I'm surprised random guy didn't ask to use sudo too.
cc: @[email protected]
cc: @[email protected]
Silver Owl@bagder Can confirm, this is the standard way to install software now.
chebra@SilverOwl @bagder Beware, yesterday I saw `llm "how to install XXX" | sudo bash`
Melroy van den Berg@bagder Joke's on you:
wget -qO- https://curl.se/install-curl.sh | sudo bash
Knut Branson@bagder if curl needs another command-line option, how about something like --run
MrGrumpyMonkey@bagder The longer I look at this image, the worse it gets.
Super Owl@mrgrumpymonkey @bagder It irritates me. That man is majorly dis-invited from my #linux geek club. With any luck the Unix gods will smite him.
Nils Goroll ๐๏ธ
@bagder they are advanced in cyber cyber security: they have moved the "sudo" bit from the command line into the downloaded script ๐คฆ๐ปโโ๏ธ
๐ชจ
mmu_man
artlog
Carlos SolรญsI mean, it could have been
wget into zsh !
Kevin Boyd (he/him) ๐จ๐ฆ
atopoeia-o
Lucy
JauntyWunderKindIt's "Enterprise Ready" Daniel!!!
zhenech@bagder I don't see random guys name on https://curl.se/sponsors.html ๐ค
Oliver
thepwnicorn@bagder as a security engineer I can say: "AaaAaaAaaAaaaah"