Java Hello World, LLVM Edition

(www.javaadvent.com)

200 points ingve | 1 comments | 07 Dec 25 11:51 UTC | HN request time: 0s | source

Show context

tuhgdetzhh ◴[07 Dec 25 15:13 UTC] No.46182258[source]▶

>>46181076 (OP) #

I'm always a bit shocked how casual people people wget and execute shell scripts as part of their install process.

This is the equivalent of giving an author of a website remote code execution (RCE) on your computer.

I get the idea that you can download the script first and carefully read it, but I think that 99% of people won't.

replies(5): >>46182378 #>>46182490 #>>46183270 #>>46184246 #>>46184808 #

VMG ◴[07 Dec 25 19:19 UTC] No.46184246[source]▶

>>46182258 #

The thing that gets installed, if it is an executable, usually also has permissions to do scary things. Why is the installation process so scrutinized?

replies(2): >>46187131 #>>46195853 #

1. davnicwil ◴[08 Dec 25 00:59 UTC] No.46187131[source]▶

>>46184246 #

I think there's a fundamental psychological reason for this - people want to feel like some ritual has been performed that makes at least some level of superficial sense, after which they don't have to worry.

You see this in all the obvious examples of physical security.

In the case of software it's the installation that's the ritual I guess. Complete trust must be conferred in the software itself by definition, so people just feel better knowing for near certain that the software installed is indeed 'the software itself'.

↑