←back to thread

Java Hello World, LLVM Edition

(www.javaadvent.com)
200 points ingve | 1 comments | 07 Dec 25 11:51 UTC | HN request time: 0s | source
Show context
tuhgdetzhh ◴[07 Dec 25 15:13 UTC] No.46182258[source]
I'm always a bit shocked how casual people people wget and execute shell scripts as part of their install process.

This is the equivalent of giving an author of a website remote code execution (RCE) on your computer.

I get the idea that you can download the script first and carefully read it, but I think that 99% of people won't.

replies(5): >>46182378 #>>46182490 #>>46183270 #>>46184246 #>>46184808 #
OptionOfT ◴[07 Dec 25 17:16 UTC] No.46183270[source]
Equally I don't like how many instructions and scripts everywhere use shorthands.

Sometimes you see curl -sSLfO. Please, use the long form. It makes life easier for everybody. It makes it easier to verify, and to look up. Finding --silent in curl's docs is easier than reading through every occurrence of -s.

   curl --silent --show-error --location --fail --remote name https://example.com/script.sh
Obligatory xkcd: https://xkcd.com/1168/
replies(5): >>46183416 #>>46185213 #>>46186791 #>>46189653 #>>46191309 #
1. lionkor ◴[08 Dec 25 12:06 UTC] No.46191309[source]
Aren't there tools for which the short flags are standardized (e.g. POSIX) but the long flags aren't?