

4·
22 days agoWow, thanks for this. That is very helpful context. And thanks for your original post too, or I’d never have asked.
Wow, thanks for this. That is very helpful context. And thanks for your original post too, or I’d never have asked.
it is detectable […] server side, if you download the script [vs] pipe it into a shell
I presume you mean if you download the script in a browser, vs using curl to retrieve it, where presumably you are piping it to a shell. Because yeah, the user agent is going to reveal which tool downloaded it, of course. You can use curl to simply retrieve the file without executing it though.
Or are you suggesting that curl makes something different in its request to the server for the file, depending on whether it is saving the file to disk vs streaming it to a pipe?
Nailed it. Things have changed to allow cheaper (interpretable in several ways) developers to create “good enough” software as quickly as possible. If that involves inefficient frameworks, technology, and practices that unlock this, then so be it; if the “best” code is the code that makes money, and money is what corporations prioritize above all else, and there is a way to do that quicker and cheaper, the outcome is obvious and now ubiquitous. Furthermore, if nobody at the top cares, why should anyone on the ground care? The problem compounds.
Priorities are fucked.