Conversation

Notices

1. Embed this notice
   ✧✦Catherine✦✧ (whitequark@mastodon.social)'s status on Thursday, 08-May-2025 02:31:20 JST ✧✦Catherine✦✧

   in reply to

   • Cassandra Granade 🏳️‍⚧️

   @xgranade interestingly, highly disciplined languages like Rust actually benefit this part of the "ecosystem" because the high-quality feedback from the compiler can be used to refine the result (where otherwise you'd have a much harder time making something that doesn't segfault)

   • Embed this notice
     Cassandra Granade 🏳️‍⚧️ (xgranade@wandering.shop)'s status on Thursday, 08-May-2025 02:31:22 JST Cassandra Granade 🏳️‍⚧️

     in reply to

     The whole thing flies in the face of the kind of engineering discipline that leads to formal specifications, IDLs and APIs, reproducible builds, linters and fuzzers and memory-safe languages.

     To throw that all out in favor of sparkling `cat /dev/urandom | sh` just breaks my brain. Why do people think that's an OK way to make software?

   • Embed this notice
     Cassandra Granade 🏳️‍⚧️ (xgranade@wandering.shop)'s status on Thursday, 08-May-2025 02:31:23 JST Cassandra Granade 🏳️‍⚧️

     in reply to

     (And yes, I've used `curl | sh` and even mentioned it positively in my gemlog yesterday. It's bad, but on some occasions the best of a bunch of bad options. That's not the case here, though.)

   • Embed this notice
     Cassandra Granade 🏳️‍⚧️ (xgranade@wandering.shop)'s status on Thursday, 08-May-2025 02:31:24 JST Cassandra Granade 🏳️‍⚧️

     I just cannot put myself in the headspace of a programmer who hits a button that pipes word mcnuggets directly into the terminal and runs them.

     We've known that `curl | sh` is bad for a long time, how does that get better if the thing you curl is a badly designed RNG?