After midnight I finished The Night Fire, a Renée Ballard and Harry Bosch novel by Michael Connelly. An excellent read, highly recommended.
In the afternoon I started in Salvation Lost, The Salvation Sequence Book 2 by Peter F. Hamilton. I liked the first book in the sequence a lot, so I have high expectations for this sequel.
Piping curl to s(hell) claims that using curl
example.com/install.sh | shto install software is a “glaring security vulnerability”. I’ve seen this claim many times in other places as well, with strong terms like “malpractice”.
I don’t get it. you’re not running some random shell script from a random author, you’re running it from a software vendor who you already trust to run software. Are you going to audit all of oh-my-zsh? Probably not. So why give extra gravity to their install script? If you trust oh-my-zsh, then why distrust their install script?
Source: Curl to shell isn't so bad, an article by Martin Tournoij.