Plurrrr

a tumblelog
09 Nov 2019

The Night Fire: excellent

After midnight I finished The Night Fire, a Renée Ballard and Harry Bosch novel by Michael Connelly. An excellent read, highly recommended.

Salvation Lost

In the afternoon I started in Salvation Lost, The Salvation Sequence Book 2 by Peter F. Hamilton. I liked the first book in the sequence a lot, so I have high expectations for this sequel.

Curl to shell isn't so bad

Piping curl to s(hell) claims that using curl example.com/install.sh | sh to install software is a “glaring security vulnerability”. I’ve seen this claim many times in other places as well, with strong terms like “malpractice”.

I don’t get it. you’re not running some random shell script from a random author, you’re running it from a software vendor who you already trust to run software. Are you going to audit all of oh-my-zsh? Probably not. So why give extra gravity to their install script? If you trust oh-my-zsh, then why distrust their install script?

Source: Curl to shell isn't so bad, an article by Martin Tournoij.