I was going to run the second one in a VM, after downloading the code and taking a look: it recursively grabs the url so it's really not safe.. the first one is ok though if you download it first, it's just ascii. http://animals.ivolo.me/?index=13
That's a different case. Installing software implicitly means you trust an installer. Throwing random data into a shell prompt to see an ASCII cat is the sort of shit that gave my dad email viruses in the late 90s.
I can "sandbox" code using the shell far easier than I can control what a "modern browser" can do.
Because I know the shell and my OS better than I know a "modern browser".
"People are working on it..."
C'mon, man. This sounds pathetic. You can learn to use the shell safely. How do you think sysadmins do their jobs?
Or you can pretend the shell is too difficult and something to be feared. The simple fact is _you_ control the shell. You don't expose it to the world (unless you're playing games with CGI or doing like the OP said: feeding it random bytes from the internet). You can read the code for a basic shell (e.g. rc, sh, dash). You can modify and compile it yourself. You can write your own. CS students routinely write their own shells as part of the curriculum. A "shell" is something relatively simple.
You really think you're ridiculously complex "modern browser" is "safe"? Safer than your shell?
When your use the shell, you trust the people who provide your OS's kernel, the compiler, libraries and userland and those 3d party applications, if any, you choose to run. That's already a lot of people and a lot of code. When you use a "modern browser" who do you trust? I can't even begin to quantify it.
As a very well respected cryptographer once wrote, security may be less a matter of reducing privilege than of reducing the amount of trusted code. The only reason you even have a concet of "privilege" is because it's a relic of shared computing. Everyone has their own computer now. There's no such thing as "root" in Plan 9.
Compare the LOC in a basic shell with the LOC in your web browser.
This discussion began when people pointed out that running shell scripts directly from the web was a Very Bad Idea. You then seemed to claim that browsing with javascript enabled was a similarly bad idea. I simply pointed out that they weren't equivalent at all, since the web browser was explicitly designed to execute untrusted code while your shell most certainly is not. I did not argue that web browser security was foolproof, and you're welcome to disable javascript and similar browser features if you feel it's a good tradeoff of functionality and security for you.
My god, I remember being spellbound by this for hours as a novice, after learning my first few shell commands and managing to get the damn modem to work on linux.
There are practical uses for ASCII animals. When I built a command-line tool to let the developers sign out for a 15 minute break at my last job (because doing it via the AS/400 interface was a big hassle), I used a big, yellow elephant [1]. This made it easy to remember to hit the enter key to go back on the clock when they got back to their computer.
`sl` also takes arguments, which change the shape and size of that damn locomotive: -a -l -F
It's a fun, masochistic joke, but I seriously encourage everyone to install it (it's available on Homebrew, if you're an OS X user). Every time you do an `sl` you must immediately resolve to be more careful when doing things on terminal. It `ls` is harmless, but what if it was `rm`?
Neat, but it seems to make an http request for every frame. Unclear if requests caches that, but I did get a socket error on KeyboardInterrupt so I don't think so.
36 comments
[ 4.9 ms ] story [ 103 ms ] threadI prefer:
We'd have to trust you and github and anyone capable of hacking into your github account.
Also there are just some good habits to have. I don't give my passwords to people, even if I trust them.
I mean, cool idea, I guess... but I don't think I'd ever execute it as documented on a machine I own. Sorry!
Then I came here to see if anyone else had.
Why?
Because people want to see a "doodle" or some other silly graphic.
Truthfully, it's gotten worse: "Please enable Javascript." "You need to enable Javascript to use this website." (9 times out of 10, that's a lie.)
In the 1980's, it was telling people to run some ANSI codes through printf to see a blinking Christmas Tree.
Your shell isn't.
(People are working on it though, see for example http://berrange.com/posts/2012/01/17/building-application-sa...)
Because I know the shell and my OS better than I know a "modern browser".
"People are working on it..."
C'mon, man. This sounds pathetic. You can learn to use the shell safely. How do you think sysadmins do their jobs?
Or you can pretend the shell is too difficult and something to be feared. The simple fact is _you_ control the shell. You don't expose it to the world (unless you're playing games with CGI or doing like the OP said: feeding it random bytes from the internet). You can read the code for a basic shell (e.g. rc, sh, dash). You can modify and compile it yourself. You can write your own. CS students routinely write their own shells as part of the curriculum. A "shell" is something relatively simple.
You really think you're ridiculously complex "modern browser" is "safe"? Safer than your shell?
http://www.youtube.com/watch?v=c8cQ0yU89sk
When your use the shell, you trust the people who provide your OS's kernel, the compiler, libraries and userland and those 3d party applications, if any, you choose to run. That's already a lot of people and a lot of code. When you use a "modern browser" who do you trust? I can't even begin to quantify it.
As a very well respected cryptographer once wrote, security may be less a matter of reducing privilege than of reducing the amount of trusted code. The only reason you even have a concet of "privilege" is because it's a relic of shared computing. Everyone has their own computer now. There's no such thing as "root" in Plan 9.
Compare the LOC in a basic shell with the LOC in your web browser.
And it's not even over https.
https://rvm.io/rvm/install/
But SRSLY?!!!!!!!
How does RVM work? By throwing a shit-ton of hooks into your shell environment.
That shit right there made me put the brakes on and try to grok the hell out of what the tool did right there.
Upshot: it's useful and seems to do what it promises. Still bugs the crap out of me though.
The animated ASCII stuff? "nobody" account on a VM.
[1]: http://en.wikipedia.org/wiki/Cowsay
[1]: I think it was this one: http://thesteve.org/up/elephant.txt
which apparently are all borrowed from here: http://www.heartnsoul.com/ascii_art/ascii_animals_indx.htm
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd>; <html> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> <style type="text/css"> html, body, iframe { margin: 0; padding: 0; height: 100%; } iframe { display: block; width: 100%; border: none; } </style> <title>Application Error</title></head> </head> <body> <iframe src="//s3.amazonaws.com/heroku_pages/error.html"> <p>Application Error</p> </iframe> </body> </html>
hehe
It's a fun, masochistic joke, but I seriously encourage everyone to install it (it's available on Homebrew, if you're an OS X user). Every time you do an `sl` you must immediately resolve to be more careful when doing things on terminal. It `ls` is harmless, but what if it was `rm`?
http://mattsears.com/articles/2011/11/16/nyan-cat-rspec-form...
He makes the tests slower, but I still have him check my entire suite of specs at least once a day.