Hacker News new | past | comments | ask | show | jobs | submit login

The proper alternative is some sort of lightweight virtualization like Docker, with a proper security policy in place. You can mostly do this today

    curl <blah> | docker run --rm -t -i ubuntu sh
but the containerizing naturally locks down/virtualizes some stuff you might want the script to be doing, like installing stuff locally.

I think cleaning this up and making it friendly enough is a solvable UX problem, but I haven't quite solved it yet.




I can't tell if you're trolling, but "put some Windex on it" (or in this case, containerization) is hardly a solution, only a bad workaround. The root cause of curl | sh being a broken paradigm to begin with is left unaddressed.


I'm not sure that curl | sh is a "broken paradigm" -- no more broken than than running JavaScript in a browser. The only difference between the two is in the sandboxing.

The solution I'm proposing isn't to add Windex, but to cleanly wrap whatever curlpipesh is doing. Make it equivalent to opening a browser tab: interact with it safely, keep what you like, and throw everything away if you don't like the way things look.

Curlpipesh can be just like loading a site. We have the technology to do it; we just need to figure out the UX.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: