Ah yes, so straightforward.

I’m confident that if the host is compromised I’m screwed regardless.

I have to assume that we’re in this situation because because the app does not exist in our distro’s repo (or homebrew or whatever else). So how do you go about this verification? You need a trusted public key, right? You wouldn’t happen to be downloading that from the same website that you’re worried might be sending you compromised scripts or binaries? You wouldn’t happen to be downloading the key from a public keyserver and assuming it belongs to the person whose name is on it?

This is such a ridiculously high bar to avert a “security nightmare”. Regular users will be better off ignoring such esoteric suggestions and just looking for lots of stars on GitHub.

So tell me: if I download and run a bash script over https, or a .deb file over https and then install it, why is the former a “security nightmare” and the latter not?

The security concerns are often overblown. The bigger problem for me is I don’t know what kind of mess it’s going to make or whether I can undo it. If it’s a .deb or even a tarball to extract in /usr/local then I know how to uninstall.

I will still use them sometimes but for things I know and understand - e.g. rustup will put things in ~/.rustup and update the PATH in my shell profile and because I know that’s what it does I’m happy to use the automation on a new system.

I realise you’re trolling but actually yes. This is why I use Debian stable where possible - if egregious malware shows up it will probably be discovered by all the folks using rolling distros first.

🙅 Write a script or shell alias for important or frequent tasks
👍 Pray it’s in my ctrl-r history the next time I need it

I feel this in my soul. With a side of “modern memory-safe languages are great” vs “the consistency and efficiency of shared libraries is what makes distributions great even if they’re written in C”.

I will mention that I have JS disabled by default and your website shows up as a completely blank white page. You’re certainly not obliged to cater to weirdos like me, but you may be interested to know that there are some people who browse the web this way for speed, privacy or security reasons. Most websites I visit this way are fine because they are server-side rendered.

If you are feeling ambitious and want to go “serverless”, try out DecSync and a compatible android app for contact sync. This represents all your contacts as files on disk in a way that avoids conflicts, and you can use SyncThing to keep your devices in sync 100% peer to peer. Unfortunately on your desktop you’ll probably have to use something like radicale on localhost and the plugin to convert it into CardDAV for your regular email client to understand.

Continued not to show me anything AI-related

People like me keep buying more F-91Ws when the old ones break or get lost

What’s the deal with the Google ad that shows a legit URL but takes users to another? That seems like the biggest issue here and the article just rolls past it like that’s totally normal.

It’s convenient until you want to upgrade the distro.

Hmm wasn’t there some kerfuffle recently about how the kernel was going to start self-issuing CVEs en masse? Is this the result of that plan?

If you can write correct C++ you’ll be able to write Rust code that compiles first time. Don’t stress, you’re learning the good stuff.

IrfanView, now that’s the good stuff

I probably wouldn’t bother. I can think of two scenarios you might get spied on.

1. Through your browser you’ve granted a website access to your webcam (Zoom etc.) and left a tab open. Maybe it could activate it when you weren’t expecting?
2. Someone has used a vulnerability to take control of your computer to the degree it can access your webcam directly. Desktop linux software doesn’t usually have meaningful isolation between software running as the same user, so at this point they can grab all your data, passwords, take screenshots, etc. and the webcam is just the cherry on top.

I expect most people don’t do (1) very often, let alone for sketchy websites, so IMO it doesn’t make much difference either way.

*A formerly chill laid back community up until someone posted it on Lemmy 😀

I was comparing frozen diced veggies a couple of years back (in Australia) and noticed that the store-brand version was approximately 1/3 broccoli stems by volume, which certainly explained the cost difference.