Why would you ever want to do 'curl please-pwn-my-computer-so-hard | bash'?

izacus · on April 7, 2016

Same reason you want to `brew please-pwn-my-computer-so-hard` or `apt-get please-pwn-my-computer-so-hard` or `please-pwn-my-computer-so-hard.exe`.

There's little practical distinction between piping a shell script from a random site or downloading a binary from it.

creshal · on April 7, 2016

> or `apt-get please-pwn-my-computer-so-hard`

Installing a package manually vetted by distribution maintainers, signed and verified with GPG, is the same as blindly running a random script off the internet?

I don't think you appreciate how much effort Linux distributions invested into creating safe ways of distributing software.

forgotmypassw · on April 7, 2016

The difference being that distro packages are distributed in a safe matter (signing and verification) whereas a website could be hijacked and the script replaced or you could get MITM'd if you access it over HTTP.

oneweekwonder · on April 7, 2016

http://brew.sh/

`/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/in...

https://rvm.io/rvm/install

`\curl -sSL https://get.rvm.io | bash`

https://www.npmjs.com/package/nodejs-oneline/tutorial

`curl -sL https://deb.nodesource.com/setup | sudo -E bash -z`

It is a trend. I can find more examples, the above is just places I remember seeing this behaviour.

creshal · on April 7, 2016

Of course these fucking devops #yolo #hashtag hipsters have no clue of how to safely distribute software.

ake1 · on April 7, 2016

maybe he's actually curling https://please-pwn-my-computer-so-hard.own-domain.com/script... ?