For a "modern" programmer a .sh file hosted in some random webserver which you t...

bonoboTP · 2026-01-15T18:07:58 1768500478

Curl|bash isn't any less safe than installing from random a ppa, or a random npm or pip package. Or a random browser extension or anything. The problem is the random, not the shell script. If you don't trust it, don't install it. Also thinking that sudo is the big danger nowadays is also a red herring. Your personal files getting stolen or encrypted by ransomware is often worse than having to reinstall the OS.

OoooooooO · 2026-01-15T12:45:27 1768481127

sudo run "some link to a shell script"

Never understood why that became so common place ...

cbarrick · 2026-01-15T15:30:01 1768491001

It's not really different than downloading a .msi or .exe installer on Windows and running it. Or downloading a .pkg installer on macOS and running it (or running a program supplied in a .dmg). Or downloading a .deb or .rpm on Linux and running it.

It's all whether or not you trust the entity supplying the installer, be it your package manager or a third party.

At least with shell scripts, you have the opportunity to read it first if you want to.

LoganDark · 2026-01-16T17:07:04 1768583224

It is different: you give it sudo immediately so it doesn't have to ask.

Of course, many installers ask for administrator access anyway...

cbarrick · 2026-01-16T17:14:28 1768583668

I don't think it's functionally different if you write sudo on the command line or if the installer uses sudo in the script.

As you said, most installers need to place binaries in privileged locations anyway.

SAI_Peregrinus · 2026-01-15T14:14:42 1768486482

Stick the script in a. deb & tell 'em to use dpkg, much less suspicious.

BobBagwill · 2026-01-15T16:15:22 1768493722

Because everyone uses airgapped disposable micro VM's for everything, right? No one would be stupid or lazy enough to run them on their development laptop or production server, right? Right!?!

Maybe the good side-effect of LLM's will be to standardize better hygiene and put a nail in the coffin of using full-fat kitchen sink OS images for everything.

TeMPOraL · 2026-01-15T18:56:52 1768503412

No, of course every reasonable developer works with a bag full of disposable e-vapes, each one used to run a single command on and then thrown into a portable furnace.

crotobloste · 2026-01-15T15:02:43 1768489363

But people check shell scripts before running them... right?

u8080 · 2026-01-15T15:48:21 1768492101

As well as .debs and other

LoveMortuus · 2026-01-16T09:43:26 1768556606

I don't... I just tell myself that if anything bad happens I can always just format the computer and start anew.

ffsm8 · 2026-01-15T15:25:08 1768490708

Modern?

It's been over a decade since this became a norm...

And 10 years since https://news.ycombinator.com/item?id=17636032

The link sadly seems to be dead though

cortesoft · 2026-01-15T17:47:32 1768499252

I consider a decade ago modern

4gotunameagain · 2026-01-15T11:12:14 1768475534

Shots fired !

I wish you were wrong.