I think that distributing general software via curl | sh is pretty bad for all the reasons that curl sh is bad and frustrating.

But I do make an exception for "platforms" and package managers. The question I ask myself is: "Does this software enable me to install more software from a variety of programming languages?"

If the answer to that question is yes, which is is for k3s, then I think it's an acceptable exception. curl | sh is okay for bootstrapping things like Nix on non Nix systems, because then you get a package manager to install various versions of tools that would normally try to get you to install themselves with curl | bash but then you can use Nix instead.

K3s is pretty similar, because Kubernetes is a whole platform, with it's own package manager (helm), and applications you can install. It's especially difficult to get the latest versions of Kubernetes on stable release distros, as they don't package it at all, so getting it from the developers is kinda the only way to get it installed.

Relevant discussion on another thread: https://programming.dev/post/33626778/18025432

One of my frustrations that I express in the linked discussion is that it's "developers" who are making bash scripts to install. But k3s is not just developers, it's made by Suse who has their own distro, OpenSuse, using OpenSuse tooling. It's "packagers" making k3s and it's install script, and that's another reason why I find it more acceptable.

If you have an old android phone, then you can repurpose it into a Linux server.

Or an old computer. But you probably don't need to buy anything to get started.

Yes:

https://moonpiedumplings.github.io/blog/scale-22/#exhibition-hall

The Facebook/Meta table had a booth where they had an ARM macbook that was running steam and they were installing games on it.

I never got uefi images booting properly on those grub multi boot utility drives. Granted the last time I bothered with it was like 10 years ago now

I haven't had any issues with Ventoy, everything I've attempted to boot works. Doesn't matter how it does it if it works.

I thought you were going to link to this.

Kasmvnc?

curl -fsSL https://soar.qaidvoid.dev/install.sh | sh

I hate this, but I've mentioned before in the other threads related to this that I make an exception for package managers due to their ability to install packages themselves.

Am I just supposed to not distribute my software? And don’t say “distros will do it” because that’s clearly a shit non-solution. No distro has made a package for any of the software I’ve written.

Systems that protect people mean bureaucracy. And bureaucracy means slowness. It means many niche libraries or programs won't get packaged. It means that it won't get updated to the latest version immediately either, even if they receive security updates.

But as a consequence of these systems, Debian 12 remained entirely untouched by the XZ backdoor, when almost every other distribution was hit. That's a pretty big deal.

As a consequence of a lack of these systems, many Windows programs are still floating around with vulnerable versions of curl, having included the software into their "package" but never bothering to update it.

I care more about the security of the users than the feelings of the developers. It's that simple. Developers are a tiny fraction of total computer users. The needs of the many outweigh the wants of the few.

Hilarious, but not a security issue. Just shitty Bash coding.

It absolutely is a security issue. I had a little brain fart, but what I meant to say was "Security isn't just protection from malice, but also protection from mistakes".

Let's put it differently:

Hilarious, but not a security issue. Just shitty C coding.

This is a common sentiment people say about C, and I have a the same opinion about it. I would rather we use systems in place that don't give people the opportunity to make mistakes.

I wish we had a viable alternative. Maybe the Linux community could work on that instead of moaning about it.

Viable alternative for what? Packaging.

I personally quite like the systems we have. The "install anything from the internet" is exactly how Windows ends up with so much malware. The best way to package software for users is via a package manager, that not only puts more eyes on the software, but many package managers also have built in functionality that makes the process more reliable and secure. For example signatures create a chain of trust. I really like Nix as a distro-agnostic package manager, because due to the unique way they do things, it's impossible for one package's build process to interfere with another.

If you want to do "install anything from the internet" it's best to do it with containers and sandboxing. Docker/podman for services, and Flatpak for desktop apps, where it's pretty easy to publish to flathub. Both also seem to be pretty easy, and pretty popular — I commonly find niche things I look at ship a docker image.

FYI, DeVault’s Stallman Report explicitly attacks the FSF as well as Stallman.

I read the report. You are free to show me exactly where it criticizes the FSF beyond their interactions with Stallman.

I took it mean that the report was such a deceitful and irrational work, presented in such a duplicitous manner as to constitute an attack on the senses of the community.

I'll just copy my older comment, and put it here

Begin quote:

Stallman doesn’t seem to get that pedophilia is wrong because of the hierarchy of power, and the power imbalances between older/younger people, not because of some inherent wrongness about being attracted to a prepubescent person. This is shown by how he condemns some pedophilia, but is accepting of 12+/past puberty. (I despise this logic, because it would also make gay sex and sodomy wrong, as well).

I find this deeply ironic, because his primary issue with proprietary software is the way that it gives developers levels of power over users. From his article Why Open Source Misses the Point

But software can be said to serve its users only if it respects their freedom. What if the software is designed to put chains on its users? Then powerfulness means the chains are more constricting, and reliability that they are harder to remove.

You would expect someone who is so in tune with the hierarchies that appear with software developers, publishers, and users, to also see those same hierarchies echoed in relationships between people of vastly different ages, but instead, we get this. I’m extremely disappointed.

These failures to understand hierarchy and power, are exactly why Stallman shouldn’t be in a position of power. Leaders should continually prove that they understand hierarchy and the effects of their actions on those below them. Someone who doesn’t understand how their power could affect another, shouldn’t be a leader.

End quote.

And I'll add onto this a little bit: Although Stallman seems to have redacted his earlier claim about pederasty, continuing to defend the legality of the possession of CSAM (beyond safe harbor/hospitality provisions), is very problematic, and clearly shows that he hasn't learned his lesson. CSAM ownership should be heavily disincentivized, to disincentivize the selling/buying of CSAM, as that's one of the most effective ways to stop more CSAM production.

I don't view pointing out that Stallman is not fit for a position of leadership to be an "attack" on the FSF or the free software community. And although the information gathering of the linked post is very, very impressive, it doesn't really invalidate what was said in the Stallman Report, or the Stallman Report's core points.

No, it is lock in. If apple allowed for multiple app stores other than their own, then users could pay for an app on one app store, and then not have to pay again on another, potentially even on non-apple devices.

I encountered this when I first purchased minecraft bedrock edition on the amazon kindle. Rather than repurchasing it on the google play store when on a non-amazon, I simply tracked down the Amazon app store for non-amazon devices, and redownloaded it from there. No lock in to Amazon or other android devices, both ways.

Now, the Apple app store would still probably not work on androids... but now they would actually have to compete for users on the app store, by offering something potentially better than transferable purchases across ecosystems.

I suspect the upcoming Epic store for iOS and android may be like that... pay for a game/app on one OS, get it available for all platforms where you have the Epic store. But the only reason the Epic store is even coming to iOS is because Apple has been forced to open up their ecosystem.

Because much of mozilla's funding is from a deal with google, that's why.

US$300 million annually. Approximately 90% of Mozilla's royalties revenue for 2014 was derived from this contract

From https://en.wikipedia.org/wiki/Mozilla_Foundation

A lot of money, but not enough to actually to actually do a lot. They keep cutting features their "customers" like. Why?

Because development is expensive.

Google props mozilla up to pretend they don't have a monopoly on the internet. Just enough money to barely keep up, not enough to truly stay competitive.

Mozilla wants to not rely on google money, so they are trying to expand their products. AI is overhyped, but still useful, and something worth investing in.

Secure boot + encryption is enough for evil maids. They already said they had an encrypted system.