From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 9210 invoked from network); 27 Feb 2023 21:42:52 -0000 Received: from minnie.tuhs.org (50.116.15.146) by inbox.vuxu.org with ESMTPUTF8; 27 Feb 2023 21:42:52 -0000 Received: from minnie.tuhs.org (localhost [IPv6:::1]) by minnie.tuhs.org (Postfix) with ESMTP id 12D4B432D7; Tue, 28 Feb 2023 07:42:50 +1000 (AEST) Received: from mpv-out-ksl-1.case.edu (mpv-out-ksl-1.CWRU.Edu [129.22.103.228]) by minnie.tuhs.org (Postfix) with ESMTPS id 614BA432D6 for ; Tue, 28 Feb 2023 07:42:47 +1000 (AEST) Received: from mpv-local-cfd-1.CWRU.Edu (EHLO mpv-local-cfd-1.case.edu) ([129.22.103.203]) by mpv-out-ksl-1.case.edu (MOS 4.4.8-GA FastPath queued) with ESMTP id AKO28985; Mon, 27 Feb 2023 16:42:45 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=smtp-primary; t=1677534165; bh=35Is0LL1f3Rvma5DPau9NWgdToIfoYJ8ShqXTqHM1MI=; l=1387; h=Message-ID:Date:MIME-Version:Reply-To:Cc:Subject:To:References: From:In-Reply-To:Content-Type:Content-Transfer-Encoding; b=JO1OvT+SQFfkBXpgxF9/XP9c8z1AaBuOjsMkvGSgw+oB2JE7eJ/E8czpYoOeYubmwN sehDA9b13Ko9KXeBh/1cfmGjFJbcZCL/q0crPpxNq7aDYM6RWh3bdAo0IbityaQYwYv yZXOA4oYzxSO3dLaLRlNfzI5S8AImE6c8UcT7PO2hhBY2jxt0odDUXg0dFSQavDSw2Z zAW9KDISXlN+z0GRFDO16IVBwEPKQW9K/lpD0ojmd0uh5U6MDu+v+BsyRt53weUD5q/ AN5TDvkOqq6FIUpyigpPfk/RFCyukBQvXsCicCOayy1Von+/rSmQcVBnbN4+Skjr2G5 ggHGipGA== Received: from mail-qv1-f70.google.com (EHLO mail-qv1-f70.google.com) ([209.85.219.70]) by mpv-local-cfd-1.case.edu (MOS 4.4.8-GA FastPath queued) with ESMTP id AZJ28496; Mon, 27 Feb 2023 16:42:45 -0500 (EST) Received: by mail-qv1-f70.google.com with SMTP id pp11-20020a056214138b00b0056c228fa15cso4066604qvb.4 for ; Mon, 27 Feb 2023 13:42:45 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=case.edu; s=g-case; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:cc:reply-to:user-agent:mime-version :date:message-id:from:to:cc:subject:date:message-id:reply-to; bh=35Is0LL1f3Rvma5DPau9NWgdToIfoYJ8ShqXTqHM1MI=; b=eaN/OkLV6GTFjF+divkqL0inHOQV7f8CuDWsXQULBCfCLO4eqcdVx0VoIvWPFMCEXQ SEZsepDXeIlHDci6Z9l+hIgoiuUbIUZztxG1qsfGw8wqGSPD0vFxIG6u59L4A22GhwRi 41y2fEOiQZBWXyq+1HF/WnfTnJZuHtfMPtwypkIOoD4OwiqJuihwnuuAAdGwAqWQva68 czFVGv9QiE7Wdg/2tWxGVroy0khO8hkwfwbN+/Oj6qQ6B2QoraOr4XmB4GW/5Sli7Trl OnNVexk55ztXW/q6yLazbMVxrjtoHVfBDCDy5jiaHMPJ0wpIgvwBmT9gkkCgUc2JTItZ S55A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:in-reply-to:organization:from:references :to:content-language:subject:cc:reply-to:user-agent:mime-version :date:message-id:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=35Is0LL1f3Rvma5DPau9NWgdToIfoYJ8ShqXTqHM1MI=; b=NO14eA3c1hmW79lmJ5qF4ZlKBQnkmTD+m2ZyiFXYjHLFpKxeTqYwJaHErXJJnxqYMf Ku9HKSw6GYKLN+akOaGnVfOmWb4QpeZpzS1taRS2wPMseXuFs9z6teKxJHY5b635cEVk jM48l5ULjuDV+3ipzbzUAcSWmy3YbdksM5aYKJBm79fIKhcctCpiZQCL5173PlctKNkE ORpdT+U0TLnaU3KU1TiCCp4LlZqHNt8nVt1K3eD9j3CRa1N4JY2V5RqjL1aHXc3DomPb S3RubXNUm1dzvBsoxVEWPP5qAWfYuAMqsyqbSPlNW7+STWTI6gXB3Og0pK5Ifb35HD3N hfGw== X-Gm-Message-State: AO0yUKWGwzYj0F6kEFiFiSsi7BVKEl9EdggTGh7Snb5DSgTP3BW7bVar LXc561qTTOrjFNObfjsYecG0ZiCv6WAkgpwEpkCMZ0y6xISQGviqoofLhp3CyfQ2fRjdFrLIx1k 8ZXDVlwU= X-Received: by 2002:ad4:5949:0:b0:56e:9e34:9298 with SMTP id eo9-20020ad45949000000b0056e9e349298mr18242055qvb.8.1677534165251; Mon, 27 Feb 2023 13:42:45 -0800 (PST) X-Google-Smtp-Source: AK7set+OBXFXxPtKgRethvvZ2eCxKf1UERd4eLKzZffWWztcVwXqF9oEu2JY12oLGc+MHraYkuCmmA== X-Received: by 2002:ad4:5949:0:b0:56e:9e34:9298 with SMTP id eo9-20020ad45949000000b0056e9e349298mr18242028qvb.8.1677534164939; Mon, 27 Feb 2023 13:42:44 -0800 (PST) Received: from [10.3.1.12] (v129-22-118-111.tisvpn.CWRU.Edu. [129.22.118.111]) by smtp.gmail.com with ESMTPSA id t3-20020a05620a034300b006fa16fe93bbsm5629112qkm.15.2023.02.27.13.42.43 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 27 Feb 2023 13:42:44 -0800 (PST) Message-ID: <5a7aa991-7656-3faf-b34a-d613736716fd@case.edu> Date: Mon, 27 Feb 2023 16:42:41 -0500 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Content-Language: en-US To: Dan Cross References: <16241ceb-fe92-7f25-bda0-0b327847728d@case.edu> <735c811e-62ce-5384-b83f-a3887baac89d@case.edu> From: Chet Ramey Organization: ITS, Case Western Reserve University In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Mirapoint-IP-Reputation: reputation=Fail, source=NONE, refid=n/a, actions=MAILHURDLE TAG X-Mirapoint-IP-Reputation: reputation=good-1, source=Fixed, refid=n/a, actions=tag X-Junkmail-Status: score=8/90, host=mpv-out-ksl-1.case.edu X-Junkmail-PrAS-Raw: score=8/90, refid=2.7.2:2023.2.27.202426:17:8.707, ip=, rules=__YOUTUBE_RCVD, DKIM_SIGNATURE, __X_GOOGLE_DKIM_SIGNATURE, __X_GM_MESSAGE_STATE, __X_GOOGLE_SMTP_SOURCE, __HAS_MSGID, __SANE_MSGID, __MSGID_HEX_844412, DATE_TZ_NA, __MIME_VERSION, __USER_AGENT, __MOZILLA_USER_AGENT, __HAS_REPLYTO, __HAS_CC_HDR, __MULTIPLE_RCPTS_CC_X2, __CC_NAME, __CC_NAME_DIFF_FROM_ACC, __SUBJ_REPLY, __BOUNCE_CHALLENGE_SUBJ, __BOUNCE_NDR_SUBJ_EXEMPT, __TO_MALFORMED_2, __TO_NAME, __TO_NAME_DIFF_FROM_ACC, __TO_GMAIL, __HAS_REFERENCES, __REFERENCES, __HAS_FROM, FROM_EDU_TLD, __IN_REP_TO, __CT, __CT_TEXT_PLAIN, __CTE, CTE_7BIT, __REPLYTO_SAMEAS_FROM_ADDY, __REPLYTO_SAMEAS_FROM_ACC, __FROM_DOMAIN_IN_ANY_CC2, __HEADER_ORDER_FROM, __RCPT_DOMAIN_NOT_TO, __REPLYTO_SAMEAS_FROM_DOMAIN, __DKIM_ALIGNS_1, __DKIM_ALIGNS_2, __FUR_HEADER, __ANY_URI, __URI_MAILTO, __URI_WITH_PATH, __URI_ENDS_IN_SLASH, __URI_NO_WWW, __CP_URI_IN_BODY, __FRAUD_URGENCY, [TRUNCATED], so=2010-03-03 19:42:08, dmn=2016-08-03-0138 Message-ID-Hash: AWJ3UTYMV6ANWPMYFQDUUEGN65GMNXLS X-Message-ID-Hash: AWJ3UTYMV6ANWPMYFQDUUEGN65GMNXLS X-MailFrom: chet.ramey@case.edu X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: segaloco , COFF X-Mailman-Version: 3.3.6b1 Precedence: list Reply-To: chet.ramey@case.edu Subject: [COFF] Re: [TUHS] Re: Generational development [was Re: Re: Early GUI on Linux] List-Id: Computer Old Farts Forum Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On 2/27/23 4:22 PM, Dan Cross wrote: > [COFF] > > On Mon, Feb 27, 2023 at 4:16 PM Chet Ramey wrote: >> On 2/27/23 4:01 PM, segaloco wrote: >>> The official Rust book lists a blind script grab from a website piped into a shell as their "official" install mechanism. >> >> Well, I suppose if it's from a trustworthy source... >> >> (Sorry, my eyes rolled so hard they're bouncing on the floor right now.) > > I find this a little odd. If I go back to O'Reilly books from the > early 90s, there was advice to do all sorts of suspect things in them, Sure. My sense is that the world is a less trustworthy place today, that there are more bad actors out there, and that promoting unsafe practices like this does little good. If practices like this become the norm (and they have), it gets very easy to trick someone (or worse, compromise the server and replace the script with something that does just a little bit extra). Blindly executing code you get from elsewhere as root isn't a great idea. Look at the compromises the Python community has been dealing with recently, involving replacing common packages on well-known repository sites with malicious ones. -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, UTech, CWRU chet@case.edu http://tiswww.cwru.edu/~chet/