Laurent Bercot
d@nny disc@ mc²anyone who genuinely tells you to curlbash in your CI is trying to do harm to you or to gain the ability to do great harm to you at some future date of their choosing
Jordan Sissel@hipsterelectron curlbash’s inability to cache makes me more upset than any other concerns like security or whatever.
@whack you can record ETag and Date headers and send them via the appropriate Cache-Control directive (hint: it is named almost completely the opposite of what you want to accomplish) and since there's no guarantees of any sort about ETag in any scenario they can just change it every time if they want but pypi usually puts on a good performance of compliance whenever anyone's watching
@whack it's If-Modified-Since for date but i forget the etag header anyway if they're being nice they'll send you a zero-length 403
Andrew Golding@hipsterelectron curlbash anywhere freaks me out a bit. That it's the way to install homebrew and sdkman is really unfortunate.
Robert Thau@hipsterelectron `curl ... | bash` is old and busted.
`curl ... | claude` is the new hotness.
Dataline@rst @hipsterelectron Keter class coghaz
@hipsterelectron When everyone started doing this everywhere I felt like I was losing my gd mind. It was beaten into us with rubber hoses to never ever ever execute anything directly from the network without a thorough audit or verified cryptographic signature. In retrospect it was another kind of glassy eyed crap that made the LLMs for everything grift inevitable. All around us, weaponized carelessness and ignorance, being a disturbing meat puppet type ignoramus as a means of psychically assaulting anyone who is smart enough to be conscious of your reign of terror.