zlacker

[return to "The Philips Hue ecosystem is collapsing"]
1. karlsh+h3[view] [source] 2023-09-26 23:41:16
>>pictur+(OP)
> Javascript plus a "curl | sudo sh" attitude to life equals "yeah no, I am never touching this thing".

I get why there are people that don’t like how some installers do this, but this trope is really turning into the “but I don’t even own a TV” of OSS commentary.

Just use the Docker image if you don’t like it. Or get their appliance which actually supports ongoing development.

◧◩
2. bryanc+a4[view] [source] 2023-09-26 23:47:41
>>karlsh+h3
Also, no one’s forcing you to pipe curl into sudo sh. I don’t think a software project listing this as an installation method is that big of a red flag to be honest.
◧◩◪
3. jrockw+k8[view] [source] 2023-09-27 00:10:32
>>bryanc+a4
Why is "sudo" emphasized so heavily, anyway? Running as your ordinary user, that shell script can send someone your session cookies, authenticate with your SSH agent, and really anything that you can do. Sure, maybe not running as root protects the integrity of the OS and prevents some persistent keylogging attacks, but honestly... you don't need a keylogger when you just grab the cookies, or install your own binaries farther up in the path (good old ~/.local/bin/firefox instead of /usr/bin/firefox).

Frankly, being anything other than super paranoid is almost a little reckless.

Also, shit-talking Home Assistant is a pretty weird take. I wouldn't write it in Python configured half in YAML and half in SQLite either, but ... not having to write it myself was the fun part.

◧◩◪◨
4. noduer+va[view] [source] 2023-09-27 00:22:42
>>jrockw+k8
I don't use any of this home automation junk, but this kind of begs the question - why would such an app need root access to your devices in the first place?
◧◩◪◨⬒
5. IggleS+qe[view] [source] 2023-09-27 00:47:23
>>noduer+va
Shit gets complicated, and being able to dynamite a railroad track through a mountain of nuance is just easier.

"Oh, that path is actually not a temp directory and requires permissions different than the user account?" - sudo

"Oh your firewall blocks my outgoing telemetry data?" - sudo

"Oh your firewall blocks my localhost request but I don't actually realize that's what happens but when I try it with sudo it just works everywhere?" - sudo

There are myriad reasons apps want root access, and almost none of them are good reasons, but that doesn't mean it's not simpler for them to get sudo from a user than it is to get dev eyes addressing (let alone understanding) the nuance.

[go to top]