I only discovered this recently, and it’s very handy.
Piping scripts directly to bash is a security risk. You can always download the scripts, inspect them and run locally if you so choose.
I only discovered this recently, and it’s very handy.
Piping scripts directly to bash is a security risk. You can always download the scripts, inspect them and run locally if you so choose.
“I’ll do what’s easy even if it’s not good” is a terrible approach to, well, anything. I would expect people in this community to look for guidance on what the best way to do things is. Seems I’m wrong.
Well look, the people at helper-scripts, they have done the legwork, often as groups, the probably that you even COULD do a better installation section is already very unlikely … no more than that it’s implausible. These people are more dedicated, they started earlier and they’re already done, you are not going to do a better job than them, even if you tried, by the time you did, which realistically, unless you’re doing linux for money, you probably won’t even finish, but even then by the time you’ve re-invented the entire wheel, they will have progressed further, and there is more of them than there is of you, you will NEVER catch up.
But listen, I hear you, I hear your paranoia, your belief that there are bad people out there out to get you. Well I’m sorry but I have to tell you, those people simply do not care enough to break in to helper-scripts. Even if they did they’d get found out. It hasn’t even happenned yet even though the effort has been a huge success of people just like you coming together and dealing to put an end to the endless linux bullshiterry and making things actually work.
The odds that someone will manage to infiltrate without anyone figuring it out are so low that they are in fact insignificant.
Unless you have the resources of multiple militaries at your disposal, there is simply NO justification from trying to do your own helper-scripts, by yourself and then keep them for yourself. None, it’s mental illness to even attempt.
It’s not just this site though is it? I have been seeing a proliferation of
curl | shellbullshit for some time now. Lots of sites doing it and people are posting those commands in forums, etc. telling others how easy it is to install that shiny piece of software! “But people should know better” I hear you whine, “They should read scripts before executing them.” But we all know people won’t do that. Especially not the sort of people who are arguing in favor of this practice, and certainly not the newbs these are targeted at.Read the scripts ? Why would anyone do that ? To truly understand even a relatively simply 10 page script can easily take an entire afternoon, this is a completely unrealistic demand.
There is a piece of infrastructure missing, whether it’s no place to put ready to use LXC files, software installation script or configuration.nix files, there is a HUGE gap between the software that actually works, and the ability to go from nothing to a working computer.
I have used my computer for my entire life, well over 30 years and even having spent my ENTIRE summer doing linux bullshittery, I still barely have anything working. Everything is delivered in a near broken mostly unusable state and that’s after you’ve spent multiple days to just get there.
Almost nothing works and you simply don’t have enough time left in your life to even try making it work.
So yes, people should pipe scripts into root shells without reading them because that’s what any real person would do. They really really should stop listening to all the nannies telling them to waste all their time re-inventing the wheel and achieving nothing.
Maybe computers just aren’t for you.
I think it’s the rest of IT doing computers wrong, they’ve been very wrong for a very long time and getting wrong, unlockable bootloaders, motherboard-locked CPUs, it’s clear where all this “security” stuff is going, they’re building a prison one brick at a time.