New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
So you know every dev and website owner in person right?
You still haven't explained why you want people to install a self-updating script that is required to run as root just to do something that can be a one-line crontab entry.
You also haven't explained why you want our data uploaded to your server in the first place. What will our data be used for? What is the retention policy? Where is your link to your GDPR compliance statement? etc.
If you cannot understand why people don't want to trust you, then there's not much more I can say. Maybe ask your teacher, assuming you're old enough to be at school.
@ralf bye and never come back, take your paranoid brain with you
why deflect? Provide details or GTFO
next one who know every web developer and coder in person
Let it go, man. Some of these people are clearly being irrational and douchy. Their losses.
Man, you ask so many basic things on LET (to the point you might be a laughing stock) and you're hassling a guy with public repo? FFS, SMH.
Ralf, you look like you're in over your head, please stop. The source is available, if you don't have the time or technical knowledge to review, that's fine, but that is your problem, not his. You clearly don't have testing experience and so your feedback isn't really necessary. Just move on if this isn't useful for you to run or learn from it. Learning from it and being able to fork it and do your own thing is almost the whole point of public repos on github.
SMH
Did you pay him money? No, then GTFO. If I posted a public repo and people hassled me about my personal life, they're getting a "fuck you and fuck off" reply.
OK. So GTFO from here dude. It's my opinion and your doesn't matter here
Lol. No one's hassling except for you here
I'd left this conversation, but as you've summoned me.
Are you a shill for this guy?
First of all, you know nothing about me. I'm not in over my head. I was probably managing UNIX systems before your mum had her first period, so maybe you can take your technical knowledge and apply it elsewhere.
For what it's worth, I did review his scripts. Honest assessment - they're a complete and utter waste of time, but I was previously too polite to be that blunt before. All they do is run smartctl -a and pipe that to a remote API using wget. Only piping is too hard for that guy, so it's saved to a temporary file first and then deleted afterwards. As I said before, the entirety of that script can be replaced by a single command line that can be added to cron. On that note, the scripts don't even set up to auto-run, you still have to do that yourself. If you're going to do that, you might as well do it properly.
My real objection to the scripts isn't their simplicity or pointlessness. It's the fact that he's pushing a script that auto-updates and runs as root. If you can't see the security risk in that, that most definitely is your problem.
We don't know this guy from Adam. He either clearly has no idea about security or is deliberately trying to confuse people by making them think that checksumming a file is some magic guarantee that's it's safe to run. It's not. Checksumming a file is to verify that some malicious actor hasn't modified the file between some person you trust creating it and you receiving it. However, the suspicious person in this chain is the author creating the auto-updating script that runs as root. The one who created this entire project just a few days ago and who refuses to answer any questions.
And also as he refused to answer any questions about GDPR and his data collection policy, he's breaking the law when collecting data from any European citizens.
Where the fuck is it auto updating?
https://github.com/0xDiSk/NVMe-SSD-HDD-S.M.A.R.T-Monitoring/blob/main/verify-and-run.sh
"This script will verify if the hash of script smart.sh is correct and only then will run smart.sh (you need to manually download verify-and-run.sh and smart.sh, because each time we update smart.sh the hash will change)"
Idiot much? Idk but your brain much be so fucked up
I know him no more than you.
Whenever people say shit like this, it confirms they don't actually know or have the abilities they think they do. Managing UNIX systems meant fuck all to me when I met a friend's mom who worked with $10million oil mainframes for decades and couldn't operate a basic PC or use the Internet. I see the same thing when unix greybeards bitch about doing things a certain way forever and learning something new is impossible for them.
You might need to check your "polite" levels. If you came across as constructive criticism, I wouldn't be bitching at you for bitching in the first place. Now you're resorting to attacking him for immaterial code choices. That's weak sauce and petty.
And he stated several reasons already why to do this (data tracking), so please keep ignoring that.
Wait, so you need to add it to cron manually for it to update automatically, maliciously? THIS is your problem? This is the moment you should realize you're being a dick.
You're going to be surprised what gets updated as root all the time. Nobody forces the python guys to never use root and python by far has been hijacked regularly. You're probably going to be surprised that there'll be other things in cron running as root and auto updating.
Tl;dr noted, but that's SOP providing public repos so you can fork and do your own thing and contribute back is the goddamn right way to do things.
I don't see him claiming it does anything it doesn't do. You're also being obtuse if you claim "refuses to answer any questions", that's a provably false, bald face lie that requires no effort to verify.
If you're concerned about running a public script when it's apparently a glorified smartctl wrapper, then don't.
GDPR whining about an IP address? Yawn. You must be fun at parties.
https://github.com/0xDiSk/NVMe-SSD-HDD-S.M.A.R.T-Monitoring/blob/main/PRIVACY.md
When you send the s.m.a.r.t via our api, we need to collect and store the following information:
- s.m.a.r.t data that you send to our api
What we do NOT log/store/collect:
- IP address
- Web log
- s.m.a.r.t disk serial number
smart.sh got updated:
verify-and-run.sh got updated:
Someone complained of installing curl? Fuck them, make your script more robust, not quit whine.