(www.javaadvent.com)

200 points ingve | 2 comments | 07 Dec 25 11:51 UTC | HN request time: 0s | source

Show context

tuhgdetzhh ◴[07 Dec 25 15:13 UTC] No.46182258[source]▶

>>46181076 (OP) #

I'm always a bit shocked how casual people people wget and execute shell scripts as part of their install process.

This is the equivalent of giving an author of a website remote code execution (RCE) on your computer.

I get the idea that you can download the script first and carefully read it, but I think that 99% of people won't.

replies(5): >>46182378 #>>46182490 #>>46183270 #>>46184246 #>>46184808 #

OptionOfT ◴[07 Dec 25 17:16 UTC] No.46183270[source]▶

>>46182258 #

Equally I don't like how many instructions and scripts everywhere use shorthands.

Sometimes you see curl -sSLfO. Please, use the long form. It makes life easier for everybody. It makes it easier to verify, and to look up. Finding --silent in curl's docs is easier than reading through every occurrence of -s.

   curl --silent --show-error --location --fail --remote name https://example.com/script.sh

Obligatory xkcd: https://xkcd.com/1168/

replies(5): >>46183416 #>>46185213 #>>46186791 #>>46189653 #>>46191309 #

1. scrame ◴[08 Dec 25 00:08 UTC] No.46186791[source]▶

>>46183270 #

agreed. i get if you're great at cli usage or have your own scripts, but if you're publishing for general use, it should be long form. that includes even utility scripts for a small team.

also, putting it out long-form you might catch some things you do out of habit, rather than what's necessary for the job.

replies(1): >>46190315 #

2. ndsipa_pomu ◴[08 Dec 25 09:40 UTC] No.46190315[source]▶

>>46186791 (TP) #

Another possible advantage is that I invariably have to check the man page to find the appropriate long-form option and sometimes spot an option that I didn't know about.

↑

Java Hello World, LLVM Edition