The recommended way to install Rust

It's still bad practice you idiot

You mean Android?

C++ doesn't have this problem.

Attached: tubdknqfc3v21.png (581x369, 297K)

Attached: pihole.jpg (1063x882, 295K)

No, Android is a trademark of Google's operating system based on heavily modifier Linux kernel and custom userspace providing a software layer API to the running programs.

>lose wifi
>execute unfinished script

doesn't sh wait for EOF?

I guess Pi-hole sucks now

>dnsmasq for brainlets
>this installation method
Not really surprising desu

You can install it as a package if you use Yunohost

this curl method is also used by Haskell Stack. You'll still whine about it if it was a flatpack, tar gz or a ppa to add, just because it's Rust

Don't bother. Gnufags are literally retarded. He will continue spewing his bullshit every time he noticed the keyword.

I bet no one here can explain why curl ... | sh is worse than downloading a .tar.xz from the same site and running make install on it.

with the tar you atleast get a chance to look at wtf you just downloaded

Nope, sh will execute complete lines as soon as it sees them. You can solve this by wrapping the script in a subshell with () or wrapping the script in a function and calling the function at the end.

it's not but there is one catch
you can set up the server so that it either detects curl as client or even curl being piped into sh (based on buffering parameters. I might find links if you are interested)
thus following scenarios are technically unsafe
>reviewing the script in browser and then curl | sh
>downloading the script locally to review it and then curl | sh
because the curl | sh can produce different result
Both are tight to trusting the provider of the website hosting the script, tar, package etc. before executing it anyway.

Oh no no no no..
trannysisters, what should we do?!

Yes, but do you? Look at every line of code, that is?

No just download it on a burner VM and run.

How do you tell if the burner VM is compromised? Why not just run curl ... | sh in the burner VM, if you're going to use one anyway?

well you CAN verify independent hashes on the file doing a manual download.

Do you get the hash from the same website you got the tarball from?

99% of people doesn't care and it makes no difference
that 1% is free to use an alternative method

kek

In practice downloading tarballs probably, in reality everything has a million mirrors, they just use package managers and built in keyrings to handle that shit instead.

The 1% is enough to deter the broadest low hanging fruitish attacks.

Pipe a shell script from a serbian domain straight into sh? Sure why the fuck not, that's what virtual machines are for.

>VM
>not easily escapable

Your arguing doesn't matter because objectively curl | sh is always unsafer

Attached: 1409784208894.jpg (518x517, 24K)

Can't argue with this. I guess I'm a nigger.

rustup is in nix so you can get it through there

Yeah, I've heard of the buffering thing. It's pretty interesting, and a good argument against piping curl to sh, but it seems unlikely, and there are other things an evil web admin could do to spread malware, like only serving malware to 0.01% of IPs, which would make it unlikely that a savvy person would find it, and still give you 100 botnet members if the software has a million users. The possibility of an attack like that means you still have to read every line of source code you download, or verify the hash or GPG signature from an external source. If you don't do this for all software, you might as well pipe curl to sh.

does rustup itself just grab unverified archives too? rust doesn't have really have std versioning.

There is literally nothing wrong with being a nigger.

Thanks man.

If I cannot install it via my package manager, I ain't using it. Fuck off.

I don't use rust, I'm reading how this junk works right now. If you use Nix or you're on NixOS, that stuff shouldn't be a problem, but it's pretty mindblowing how shit the primary installation method for rust is. They seem to have NIH syndrome. I wouldn't use some script off the internet, I'm sure there is a package for pretty much every distro, and if not, like I mentioned, it's in nix, so you can get it that way and maybe keep it contained instead of letting it all over your system.

Packages (except AUR/OBS/etc) won't handle their nightly bullshit that everyone depends on for literally no reason.

Reply to myself,
I didn't know what rustup was. It's totally pointless to use on Nix because you can install the different rust versions side by side without a problem and swap them out or use a nix shell to access them, rustup is only useful for developers on systems that don't have built-in support for multiple application versions.

Ruby, Python, Perl and node all have similar tools.

Nope

>pyenv
>rubyenv
>perlbrew/plenv
>anyenv

Oops

after working with Python's tools I started to think Rust's aren't that bad after all

>recommended installation procedure is RCE

Attached: 1539038132671.jpg (960x960, 69K)

curl into less or a file, then curl into bash

>folks

Attached: f6e625c53b9d056708f763f225dea616.png (498x456, 367K)

how do you know that the data hasn't changed the second time!?

curl sh.rustup.rs >/tmp/rustup
*check rustup for suspicious traits*
sh /tmp/rustup

really hard huh

Attached: brainlet_ding_ding.jpg (326x294, 18K)

The paradigm of caring about safety of ones that themselfs don't care is what is destroying tech.
Prove me wrong.

no it's not really hard you inbred imbecile
>curl into less or a file, then curl into bash
it literally says curl twice

Attached: (You).jpg (512x395, 48K)

there's no need to be mad, retard, use your brain for once instead of blindly following what you're being told by some stranger on internet

Shell is not.

Apt-get install rust

>doesn't want to integrate with existing package managers
>doesn't trust devs to just clone the repo and build it

Lol bbl

>>doesn't trust devs to just clone the repo and build it
to be fair, rust has bootstrapping issue so this is less of an option
>>doesn't want to integrate with existing package managers
I wouldn't. Package managers suck balls for development when you want to have a library versions under control and have isolated builds. Per project. Thus have access to multiple versions of compiler and multiple versions of individual libraries. Given the massive fragmentation of package managers, it's hard to decide. I'm not sure if apt and custom PPA repo would be adequate, nobody uses Nix or Guix which could probably do the job.
And it's not Rust's team problem to spoon-feed every single package manage with custom package format to ship it, it's package manager teams' issue.
Plus Rust might have killed some flexibility with plugins into cargo instead of standalone programs with possible wrapper in cargo to run it project-wide, but I'm not totally sure how these works.

>Package managers suck balls for development when you want to have a library versions under control and have isolated builds
this is why in those cases you build from source, from specific tag or commit, but as you've said:
>to be fair, rust has bootstrapping issue so this is less of an option
maybe rust should fix its shit?

Ever thought about what happens when the buffer is full?

Attached: 1556555918412.png (720x984, 109K)

Honey you can dl a script and read it without executing it don't be a brainlet.

AHAHAHAHAHAHAHA

Attached: 1556556258296.png (720x891, 84K)

This is why we have the AUR.

I'm new to Rust, so I went to OP's page and looked at the sample code, and saw this:

let something = 33

They didn't say, but I wonder what this would do:

something = 33

If that does something else, they are fucked in the head. If that is an illegal statement, they are fucked in the head. What kind of imbecile wants you to type "let" over and over when it does absolutely nothing? Does it make normies more comfortable or something?

idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

Attached: bashmov.gif (768x400, 50K)

It's retarded to get mad about design style. something = 33 is meaningless in rust though.

What's the purpose of rust again?

Compiletime safety checking. Unfortunately it's been repurposed into a social justice vehicle for uppity webshits who desperately need someone to hold their leash.

i don't rust, but "let" could be variable definition with initialization, and "let-less" could be just assignment of existing variable. using "let" over and over could be shadowing, which is stupid, but understandable.

>It's retarded to get mad about design style

Are you serious? What if that moron did this, would this be fine style to you:

today we will let something = 33 and that will be nice

same exact concept. should that not make me "mad" either?

Some people like stupid bullshit, it's subjective. There was a whole movement in the 80s like that.

Nearly every other language on the planet distinguishes variable definition from reassignment. If anything, Python is retarded for not doing it.

Python doesn't really have variables, it has objects. Same goes for rust, it doesn't have variables it has bindings.

Python is meant to be very expressive and not especially suitable for large programs, so it's not really a poor design decision.

because it lets you initialize variables in a more flexible way, one example would be if I wanted to initialize it from another variable and then drop that variable when I'm done with it
let something;
{
let config = 33;
something = config;
}
println!("{}", something);

Firstly, explicit declaration makes it obvious rather it is global or local variable. And this is not just readability issue but also unintended reassignment issue instead of shadowing global symbol with local.
Next is scoping. This is less of an issue in Python since majority of objects are allocated, garbage collected and thus don't have lexical lifetime - unlike stack-allocated memory. Scoping in particular has a larger role in Rust due to destructors. And it doesn't always need to be a function scope - variable that is first used in loop but is required to live after the loop is required to be defined in advance.
If you are annoyed by then go play with scripting dynamic languages that take care of your life and garbage collect your life and shut the fuck up.

>If that does something else, they are fucked in the head
Baaw don't force me to read docs!

underrated

kek

Attached: 1470274588890.jpg (400x438, 49K)

never understood DNS based adblocking... it's just so retarded. websites break, programs break, etc. it's just... WHY. and like any proper ad site now uses way more advanced techniques, than something you could just filter through a DNS.

and then there is the thing... you can just put DNS66 on your phone, add most apps to exceptions and there. and PC? well, you have fucking uBlock, what else you need?

DNS adblocking is just dumb.
Change my mind.

because doing anything serverside is expensive at scale. Possibly more expensive than missing out on some ad revenue