top | item 36869903 (no title) guy98238710 | 2 years ago > curl -L "https://replicate.fyi/install-llama-cpp" | bashSeriously? Pipe script from someone's website directly to bash? discuss order hn newest madars|2 years ago That's the recommended way to get Rust nightly too: https://rustup.rs/ But don't look there, there is memory safety somewhere! creata|2 years ago In rustup's defense, if you're already trusting them enough to run their executables, this isn't that much worse, afaik. raccolta|2 years ago oh, this again. cjbprime|2 years ago Either you trust the TLS session to their website to deliver you software you're going to run, or you don't. dharmab|2 years ago You can clone llama.cpp on GitHub and the models from HuggingFace. No need to trust this unrelated website. load replies (1) gattilorenz|2 years ago Yes. If you are worried, you can redirect it to file and then sh it. It doesn’t get much easier to inspect than that… dopidopHN|2 years ago Pretty common. You can inspect the script before piping it. Evidlo|2 years ago Bad actors can detect if its being piped to bash and send different data. Better to just download the script first if you're concerned. load replies (2) mike_ivanov|2 years ago who doesn't love surprises alexgartrell|2 years ago IMO this is equivalently scary to installing an arbitrary rpm.
madars|2 years ago That's the recommended way to get Rust nightly too: https://rustup.rs/ But don't look there, there is memory safety somewhere! creata|2 years ago In rustup's defense, if you're already trusting them enough to run their executables, this isn't that much worse, afaik. raccolta|2 years ago oh, this again.
creata|2 years ago In rustup's defense, if you're already trusting them enough to run their executables, this isn't that much worse, afaik.
cjbprime|2 years ago Either you trust the TLS session to their website to deliver you software you're going to run, or you don't. dharmab|2 years ago You can clone llama.cpp on GitHub and the models from HuggingFace. No need to trust this unrelated website. load replies (1)
dharmab|2 years ago You can clone llama.cpp on GitHub and the models from HuggingFace. No need to trust this unrelated website. load replies (1)
gattilorenz|2 years ago Yes. If you are worried, you can redirect it to file and then sh it. It doesn’t get much easier to inspect than that…
dopidopHN|2 years ago Pretty common. You can inspect the script before piping it. Evidlo|2 years ago Bad actors can detect if its being piped to bash and send different data. Better to just download the script first if you're concerned. load replies (2)
Evidlo|2 years ago Bad actors can detect if its being piped to bash and send different data. Better to just download the script first if you're concerned. load replies (2)
madars|2 years ago
creata|2 years ago
raccolta|2 years ago
cjbprime|2 years ago
dharmab|2 years ago
gattilorenz|2 years ago
dopidopHN|2 years ago
Evidlo|2 years ago
mike_ivanov|2 years ago
alexgartrell|2 years ago