Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
troupo 2 days ago

> My problem with it is that it encourages unsafe behavior.

Then why don't Linux distributions encourage safe behaviour? Why do you still need sudo permissions to install anything on most Linux systems?

> How many times will a novice user follow that pattern until some jerk on discord

I'm not a novice user and I will use this pattern because it's frankly easier and faster, especially when the current distro doesn't have some combination of things installed, or doesn't have certain packages, or...

keyringlight 2 days ago | parent | next [-]

I think a lot of this comes down to assumptions about the audience and something along the lines of "it's not a problem until it is". It's one aspect I wonder about with migrants from windows, and all the assumptions or habits they bring with them. Microsoft has been trying to put various safety rails around users for the past 20 years since they started taking security more seriously with xp, and that gets pushback every time they try and restrict or warn.

ChocolateGod 2 days ago | parent | prev | next [-]

> Why do you still need sudo permissions to install anything on most Linux systems?

You don't with Flatpak or rootless containers, that's partially why they're being pushed so much.

They don't rely on setuid for it either

johnisgood 2 days ago | parent [-]

Flatpak and AppImage.

Or download & compile & install to a PREFIX (e.g. ~/.local/pkg/), and use a symlink-manager to install to e.g. ~/local (and set MANPATH accordingly, too). Make sure PATH contains ~/.local/bin, etc. It does not work with Electron apps though. I do "alias foo="cd ... && ./foo".

aragilar a day ago | parent | prev | next [-]

Because you're making system-wide changes which affect more than just your user?

There are and there has been distros that install per user, but at some level something needs to manage the hardware and interfaces to it.

troupo a day ago | parent [-]

> Because you're making system-wide changes which affect more than just your user?

Am I? How am I affecting other users by installing something for myself?

Even Windows has had "Install just for this user or all users?" for decades

mingus88 2 days ago | parent | prev | next [-]

I’m not a novice user anymore either, but I care about my security and privacy.

When I see a package from a repo, I have some level of trust. Same with a single binary from GitHub.

When I see a curl|bash I open it up and look at it. Who knows what the heck is doing. It does not save me any time and in fact is a huge waste of time to wade through random shell scripts which follow a dozen different conventions because shell is ugly.

Yes you could argue an OS package runs scripts too that are even harder to audit but those are versioned and signed and repos have maintainers and all kinds of things that some random http GET will never support.

You don’t care? Cool. Doesn’t mean it’s good or safe or even convenient for me.

troupo a day ago | parent [-]

Repos and maintainers etc. are just a long unauditable supply chain [1]. And everyone is encouraged to blindly trust this chain with sudo access.

It's worse than that. If your distro doesn't have some package, you're encouraged to just add PPA repos and blindly trust those.

Quite a few companies run their own repos as well, and adding their packages is again `sudo add repo; sudo install`

Yes, it's not as egregious as just `curl | bash`, but it's not as far removed from it as you think.

[1] E.g. https://en.wikipedia.org/wiki/XZ_Utils_backdoor

umanwizard 2 days ago | parent | prev [-]

> Why do you still need sudo permissions to install anything on most Linux systems

Not guix :)

One of the coolest things about it.