• tool@lemmy.world
      link
      fedilink
      English
      arrow-up
      16
      ·
      1 year ago

      This is the first lesson you have to learn as a Linux enthusiast, NEVER run commands you don’t know from the internet

      “Nah, just curl this random web address and pipe it over to a sudo bash shell, everything will be fine!”

      I hate how this is becoming the official install method for more and more shit. It’s like dude, really? You may as well stick your dick in a garbage disposal, both of those actions are equally safe.

      You’re dreaming if you think I’m not going to wget it and read it to see what it does first.

      • pm_boobs_send_nudes@lemmy.world
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        As a lawyer I feel the same about people not reading contracts and signing stuff or just clicking the accept button. But hey, that’s just how it is unfortunately.

      • schaeferpp@discuss.tchncs.de
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        1 year ago

        To be fair: This is what everyone expects when you install software for Windows. Just download a more or less “good looking” binary blob, execute it with administrative privileges and hope that it will do what you want it to do.

      • Crazazy [hey hi! :D]@feddit.nl
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        Even worse is when the bash script you downloaded is only there to do some uname checks and then download and execute more code from the internet

      • __dev@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        At least it’s transparent and often doesn’t require root, unlike say a debian package.

    • glassware@lemmy.world
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      And never run commands copied from a web page, even if you do know them.

      JavaScript’s copy/paste API means a website owner or an attacker can change the contents of your clipboard after you press copy, and you’ll end up pasting malicious commands into your shell. I think Firefox blocks this now, don’t know about Chrome.

    • kautau@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      1 year ago

      Honestly you shouldn’t run commands on any OS if you don’t know what they are doing. An elevated powershell command or something on a Mac with SIP disabled (which some “tutorials” will call for) can also do horrible things to a machine

      • Programmer Belch@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Also any automatic modification of config files (with echo and tee) can screw up your configuration without you knowing what it changed. It’s better to just edit config files while reading the comments inside or the man page.