What’s your concern about running it behind a reverse proxy, like caddy or nginx?

You really can’t assume your visitors are going to have static IPs.

What happens when they visit from their phone? A friend’s WiFi? Their home connection that has a regularly changing IP?

And its little sister, PiCore, which enables the excellent PiCorePlayer.

SliTaz GNU/Linux is a cool lightweight diatro.

Haven’t used it in a while. It was dead for a bit, but it’s active again. I should look at what it feels like these days. I remember being impressed at how smoothly it ran while looking good, +10 years ago, in 300MB or so.

Makes them read Scheme.

But seriously, it’s a scheme-based approach to a fully free declarative OS, similar to NixOS (from which it was forked ages ago. They are doing very interesting work and some HPC and scientific folks are taking notice.

Improvements used here in an ironic way.

What did I just waste 40s reading?

It is, see https://github.com/m4tx/curl-bash-attack

No, it is different, as it adds an entire layer of indirection and unknown to the mix, increasing the risk in the process.

Yes, this is the correct approach from a security perspective.

Please tell me you are not seriously equating a highly sophisticated attack line the Solarwind compromise with piping curl to bash?

This is a bit like saying crossing the street blindfolded while juggling chainsaws and crossing the street on a pedestrian crossing while the light is red for cars both carry risk. Sure. One’s a terrible idea though.

Oh the example in the article is the nice version if this attack.

Checking the script as downloaded by wget or curl and then piping curl to bash is still a terrible idea, as you have no guarantee you’ll get the same script in both cases:

• Detecting the use of “curl | bash” server side
• Recent implementation of this attack

Most people don’t know how to use ftp anymore. It’s a pretty limited protocol (and requires 2 open ports to function). It’s hard to integrate with good modern auth solutions. Probably more, that’s off the top of my head.

These are good comments.

Jesus fuck, can we give this poor abused xkcd a rest?

“and we are thereforerenaming the project Joséer González”

Terrified Pro Max.

Terrified Robespierre St Just.