OMG rm -rf ~ in a valentine bash script and its partly my fault??!?!

Tuesday, February 12, 2013

OMG rm -rf ~ in a valentine bash script and its partly my fault??!?!

A valentines day bash script (no, really) turned up being promoted on Hacker News. The instructions to run it were:

bash <(curl http...

This downloads a script from the internet and runs it straight away. The user doesn’t get to inspect the script and ensure it does what they suppose it to do.

No, really. Not at all a good idea to encourage people to execute anything they blindly download from the Internet. Its beyond stupid.

I’m one of several people saying so on Hacker News.

And in a fit of silliness I go fork it and add

rm -rf ~

and put in a pull-request entitled “its a really bad idea to execute scripts you blindly download from the internet”.

And it got merged. Gobsmacked. Was not expecting that. Was not wanting that at all.

17 or so minutes later, that line got removed. So for those 17 minutes, anyone using the script as instructed would have deleted their entire home folder.

I think I was the muppet they got to pull the trigger of the gun they pointed. I think it was all a big joke that just got decidedly non-funny. Lesson learned.

Take heed!

UPDATE 2013-02-13 well its been over a day now and the valentines page still encourages people to blindly download and execute scripts from the Internet despite all the talking at the owner. Perhaps the owner is planning his own little prank? Sad.