87
Comments
  • 11
    Shame on them for being idiots, shame on you for not aliasing rm
  • 12
  • 15
    And that’s why you inspect every script you run with sudo.

    And alias rm.
  • 5
    @Root why alias rm, and to what?
  • 7
    @AlgoRythm At the least to add the -i flag so it always asks for confirmation. (There are better approaches if you want to delve into the edge cases, but this is usually sufficient.)

    Deleting things should be relatively annoying, not trivial.
  • 1
    @Root That's what Google came up with when I tried to research for myself. Seems detrimental to user experience with more than like, two files.
  • 10
    @AlgoRythm Absolutely, and that’s the point: you should think before casting data into the abyss.

    To make it a little easier on you while still offering good protection against other people’s scripts, you can make your own command for force-deleting files without asking. and if you make it a little annoying to type/invoke (e.g. `make_this_go_away /usr`) you will only ever delete things deliberately.

    That way scripts will never catch you by surprise and you won’t accidentally delete things.

    If you find yourself starting to type your custom command without thinking, add something to give you a little bit of pause, such as requiring you to type in the current system time (hh:mm).

    If you absolutely hate this forced-thinking approach and still want to mitigate the risk of trivial file deletion, another alternative is to implement a trash can: `rm` moves files to e.g. ~/trash, touches them to update their timestamp, and a cron wipes them after x days. If you accidentally delete something, you can still recover them for awhile. And you can manually delete them from the trash, too, if it’s for space reasons. (This feels far too much like a safetynet for me, though.)
  • 1
    @Root trash can't be implemented with simple mv command. Either it needs a somewhat complex script (fuck bash scripts) or just install a trash program.
  • 0
    @Root would this have saved him in the script used -f?
  • 0
    @arcsector if you replace `rm`, absolutely.
  • 0
    @Root huh, interesting. Didnt know that existed.
  • 0
    @arcsector It’s easy enough to do, and there are countless ways: symlinks, bash aliases, renaming, path fiddling, etc.
  • 0
    @Root i have it aliased but i thought that the force flag overruled the interactive flag
  • 5
    Well... It isn't so easy at all.

    Eg. sudo is a broken concept as it messes with the environment and thus can do a lot of things you wouldn't expect.

    Eg. aliases won't work in sudo unless you alias sudo...

    http://gnu.org/savannah-checkouts/...

    ... As bash only checks the first word for aliasing.

    Don't use sudo. Remove it. Wipe it.

    It's bad, broken and insecure.

    The second thing: Source of that bug was - if my grumpy brain remembers correctly - NVIDIA bumblebee for optimus laptop cards.

    If it isn't in a distro, you've downloaded it from the net, and you need to run it as root... Well. Stop right there.

    I don't like websites recommending root sh'ing something, even less when they advertise sudo.

    The simplest way is not to execute it. Read it. Run it step by step if possible.

    Otherwise, spin up a container / VM and let it run there.

    As simple set -x after a bash shebang e.g. will print out all commands.

    Honestly, reading is easier. Shell scripts aren't hard.

    Last but not least: Bumblebee's driver script had to deal with e.g. the fact that at that time libraries like the OpenGL extension from Xorg vs Mesa couldn't coexist. It was one or the other, requiring either configuration or nuking it from the orbit.

    Many other scripts fall into this category of "shenanigans", e.g. relinking a shared library from /use/lib/XY to /use/lib/XY.bla.

    I say shenanigans because you've just messed up the system. Quite a lot of people suffer an ordeal of bugs later, because it seemed innocent, but upgrades / broken symlinks / messed up library cache and so on were caused by it.

    Don't touch the system.

    If you do, document it.

    A lot of user installations are broken because people fiddle with it to e.g. install drivers / other stuff / ... Without having any kind of clue what they're doing.

    Sad story, but true.

    Question what the script does.

    Search for alternatives. Don't trust blindly something someone wrote some time ago.
  • 2
    @Root I've aliased rm as follows:

    alias rm='rm -rf'

    Because I got tired of not being able to delete directories easily enough.

    It hasn't bitten me yet...
  • 1
    The absolutely retarded number is smileys below that show everything that’s wrong with GitHub and Microsoft.
  • 2
    "linux doesn't have viruses"
  • 3
    Yep.. remember like yesterday how a fellow dev sent a script for me.. with a line in it written as sudo rm -rf /"$VAR".. yep, with no safeguards. Yep i was about to smash his head after he told me that this script was sent to non-tech people already. Yep.
  • 1
    @YADU Genuinely this was what i thought everyone was saying. Then realized they are talking about a more safer command not a suicidal one.
  • 2
    Of all the people who i thought i cant trust a script from.. a company like nvidia wasnt one of them.. will take a closer look at the shit anyone gives me..

    Also how do you take a look at the script if it somehow is 1.2GBs big with the binary and all somehow embedded inside !?
  • 1
    @Pogromist we make our own viruses on linux
  • 1
    i remember seeing this here MONTHS ago. repost after repost after repost...

    @purist their drivers fuck up Windows installs like it's candy, you expected anything better on Linux?
Add Comment