@FiXato We share one with our neighbours in the basement, which is basically a laundry room/storage πŸ˜… but back in NL I used to have one in the kitchen

brian reinstalls linux 

@FiXato That's kind of already happening. I reject certain German words and expressions for the Swiss German counterparts πŸ˜… although as most people know High German I try to learn them anyway πŸ˜‚

@lanodan My bad, I only checked github. I guess that mirror is just a bit out of date πŸ˜…

@lanodan But isn't it obvious. entr is obviously dead as it hasn't seen a single commit single 2016. It obviously isn't cool because it's written in C. And it's obviously not hip anyway as it doesn't provide any examples related to javascript.. </sarcasm>

@qoheniac @allo @climagic Such code doesn't change depending on whether it's being ran or not though. Which is quite trivial to do with the whole piping into bash thing. It wouldn't be very difficult to only add a backdoor when being piped into bash and not doing so when the install script is downloaded as it is.

@qoheniac @allo @climagic Too bad that a large group of projects now using this is essentially 'raising' the younger generation that this is ok and just blindly run any code. Sure it's quick and easy to get up and running (pretty much the reason why precompiled binaries are being offered since forever), but not so sure if it's all worth it in the long run.

@allo @qoheniac @climagic Worst part is that half of these install scripts just add an apt repository and install it from there.. Why not just list your apt repository, the key and what package to install and let me deal with it all myself? πŸ˜‘ (same with rpm etc of course)

@qoheniac @climagic There are still plenty of way to figure out while sending out the http output whether it's being piped into bash or a file/stdout. Meaning that the output could be altered by the server depending on that. Simply curl'ing/wget'ing the shell script, analyzing it locally and then executing is a much safer alternative.

@climagic I stopped reading after "bash <(curl http" because even with https this is bad

@Gina At a previous all remote job we had a yearly limit (I believe it was 1000EUR) to spend on hardware etc you needed to get your work done. I believe my dad always had something similar

@amolith Neat, that kinda looks like what I was looking for not too long ago. Will check it out for sure, thanks for sharing.

Show more
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!