piping random scripts from the internet into bash is the worst way of installing things. imagine if there was an operating system where this was the main way of installing things, and people just googled the program name, clicked the first link, and ran an executable file with admin permissions. imagine that


seriously though after having used a package manager windows just scares me

at least with piping a bash script you can look at what it's doing first, there's not really anything you can do to make sure InstallFreeGame.exe isn't doing anything bad

Show thread

good thing everyone either uses chocolatey/scoop or the windows store, right


right guys

Show thread

@lynnesbian "curl | sudo bash" is a bad idea even if you inspected the script before because it is possible for a web server to detect this and only send you malicious code in that case, serving harmless code otherwise if you download the file to inspect it before running it: idontplaydarts.com/2016/04/det

Of course that doesn't make running obfuscated binary executables without any signatures from random web servers any more reasonable either.

@silentium that is a very interesting attack vector

i would still assume that there's pretty much nobody using this, whereas windows installers that turn out to be viruses are more common than that

@lynnesbian You are probably right, but it is still a bad idea for project websites to propagate this as their primary way of installing their software. It leads to people getting used to this behaviour and be careless with other "curl | bash" instructions in the future as well.

Sign in to participate in the conversation

@lynnesbian@fedi.lynnesbian.space's anti-chud pro-skub instance for funtimes