Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)C

cschreib

@ cschreib @programming.dev

Posts
1
Comments
8
Joined
3 yr. ago

  • Separate community for AI coding?

    Jump

  • As much as I dislike AI, programming is a field where there's always something for someone to hate. E.g., should we ban C++ articles because there's a lot of Rust fans that hate them?

    Your two options are not exclusive. Just create a community to discuss AI programming, cross post to the generic programming community if you think it's relevant, and let people upvote/downvote as they see fit.

  • How to stop Wayland from broadcasting my selected text?

    Jump

  • This may be KDE Connect. I noticed this happening between my desktop and my phone when installing that app (non KDE desktop). A bit scary at first.

  • Am in the only one who cringes at install instructions that require piping some curl output into bash?

    Jump

  • Am in the only one who cringes at install instructions that require piping some curl output into bash?

    Jump

  • Thank you for the nuanced answer!

    You ask why I feel this is less secure: it seems the lowest possible bar when it comes to controlling what gets installed on your system. The script may or may not give you a choice as to where things get installed. It could refuse to install or silently overwrite stuff if something already exists. If install fails, it may or may not leave data behind, in directories I may or may not know about. It may or may not run a checksum on the downloaded data before installing. Because it's a competely free-form script, there is no standard I can expect. For an application, I would read the documentation to learn more, but these scripts are not normally documented (other than "use this to install"). That uncertainty, to me, is insecure/unsafe.

  • Am in the only one who cringes at install instructions that require piping some curl output into bash?

    Jump

  • I do, but some of these scripts are quite complex and hard to parse. When all I would really need to do this myself is a direct download URL and unzip/untar in a folder of my choice, it's a pain.

  • Am in the only one who cringes at install instructions that require piping some curl output into bash?

    Jump

  • Indeed, looking at the content of the script before running it is what I do if there is no alternative. But some of these scripts are awfully complex, and manually parsing the odd bash stuff is a pain, when all I want to know is : 1) what URL are you downloading stuff from? 2) where are you going to install the stuff?

    As for running the program, I would trust it more than a random deployment script. People usually place more emphasis on testing the former, not so much the latter.

  • Linux @programming.dev
    cschreib @programming.dev

    Am in the only one who cringes at install instructions that require piping some curl output into bash?

  • What it's like to be a developer in 2024

    Jump

  • I don't know what shady shit you're referring to. They do AI, but I don't use any of that. IMO their core strength is the search engine and how it works for you rather than against.