Re: OFT say you have our attention on M$

On Mon, 30 Jan 2006, beck@xxxxxxxxxxxxxxxxxx moaned:
> Nix wrote:
[Klik]
>> Isn't that the one that involves downloading and running untrusted
>> shell scripts off the net?
>
> Possibly
> https://wiki.ubuntu.com/KlikIntegration?highlight=%28klik%29
> It is in unsafe why would they use it? Its integrated even more into Suse
> Slick, you get a desktop icon straight to the downloads on a website.

Yep, that's the thing. Untrusted shell scripts off the net. Lovely.

Nothing which starts

$ wget klik.atekon.de/client/install -O -|sh

should be considers for a second, in my opinion. I mean, how do we know
that klik.atekon.de hasn't been cracked? How do we know that you haven't
been DNS cache poisoned and that's coming from somewhere entirely
different? There's no signing and no verification at all. Just spray
it at a shell and run it. Sheesh.


At least it now supports installing all apps in $HOME, but that's
guaranteed to get your local sysadmin on the warpath on any kind of
shared system.

(on top of that, I see *no* indication in any of the Klik docs that
they understand the first thing about shared library versioning.
The Klik people appear to believe that if you link something against
any version of, say, libc.so.6, it'll run on any other version. This
is of course utter nonsense: only *backwards* compatibility is
maintained, so if you're using any older shared libraries than the
Klik packager, the resulting package won't work. They `haven't
found a solution to this yet'. No, and they won't, either.)

--
`I won't make a secret of the fact that your statement/question
sent a wave of shock and horror through us.' --- David Anderson
.