“I run an immutable distro, BTW”

Proxmox or Docker?

It’s not mutually exclusive? I have a 3-node proxmox config on which I have 3 VMs running as kubenetes nodes to which I deploy containers. I also have some VMs setup for things which either don’t work well as containers or which I simply don’t want as containers (e.g. a couple Windows VMs for doing Windows things). Also home assistant runs in a VM since it was just easier to do USB passthrough this way.

I understand that running things in a VM provides better security than running them in a container.

Not sure what you mean by this - containers are typically easier to secure as they’re minimalist. But I doubt anyone is using VMs because they think they’re more secure.

And I still don’t care. Bad is bad even if a community is doing it.

Edit: Sorry if that was aggressive. This is a horrible practice and that community is the worst. They use HTTP by default? Encourage running scripts pointing to GH repositories controlled by community members? It’s just aching for the sort of supply-chain attacks we’re seeing with things like NPM has been enduring.

I have a very no-exceptions rule about encouraging people to do a curl|bash install and would just remove that. Provide a link to the script, people can run it if they want. Encouraging the behavior of just directly running scripts off the internet is a bad habit.

In your Proxmox console, enter the following command: bash -c "$(curl -fsSL https://raw.githubusercontent.com/…)

Do not do this. Never run scripts like this directly without inspecting them first. Do not tell people to run your exciting new script like this. Provide a link to the script and encourage users to inspect it first then run it.

Same? HTTP/1.1 ran the entire internet for 20 years and is used by a ton of sites. It’s fine for a personal website.

There is zero question about it. It will be absolutely fine for some dude’s static website over a residential internet connection.

HTTP 1.1 is more than good enough for serving a static website.

Read the comments. Self hosters are little more than users anyway.

Maybe computers just aren’t for you.

It’s not just this site though is it? I have been seeing a proliferation of curl | shell bullshit for some time now. Lots of sites doing it and people are posting those commands in forums, etc. telling others how easy it is to install that shiny piece of software! “But people should know better” I hear you whine, “They should read scripts before executing them.” But we all know people won’t do that. Especially not the sort of people who are arguing in favor of this practice, and certainly not the newbs these are targeted at.

This wasn’t satire?

🤣 🤣

🤣

OMG this is so dumb.

Edit: I’m thinking this was satire?

Until then, people who have sacrificed enough of their weekend to the linux gods will be pipe internet text into their root consoles

“I’ll do what’s easy even if it’s not good” is a terrible approach to, well, anything. I would expect people in this community to look for guidance on what the best way to do things is. Seems I’m wrong.

Yeah - it’s remarkable that I receive pushback about it. I guess it’s down to the technical immaturity of your average home-gamer vs. people who support Linux systems for a living?

Why would any sensible competent tech user copy paste from other places because this one worked.

Because sites like this and people like you are normalizing the practice. I have seen numerous curl | sh commands pasted on lemmy telling people “how easy it is to install blank”.

Upgrade what? The LXC/VM you just removed because of a wonky script?

Did you purposefully misunderstand me? How did you not know that I meant “how do you update the thing you installed with a rando shell script” and not “how do you update something after removing it”?

You can install with package managers and include with it a helper script to setup the service. No big deal.

But can you spot the difference between http://myservice.com/script.sh and http://myserv1ce.com/script.sh if you use a font that doesn’t make it clear? If you get people used to just copy/pasting/running scripts then there’s a risk they’ll run something entirely different by accident.

There’s no good reason to install things this way.

Neat. Now you have a snowflake install. How do you upgrade it?

The URL can point to a different file. People can post maliciously similar URLs and trick you into running something else.

With a repository you have some semblance of “people have looked at this before”. Packages are signed and it will provide a standard way to uninstall and upgrade in the future.

There’s literally no good reason to replace it with a shell script on a website.