How can we be safe about code from this site that we install?How to handle duplicate answers that add nothing?Formatting, backticks and editingShould we edit offensive content that is only meant to vandalize the site?Why do people post screenshots of their terminals?How to stop users from serial editing that is worth rejection?“This is commentary on another post, not an answer” used for low quality answersHeavy handed application of “off-topic” for new user?Should [messages] be sent to /dev/null?
Degraded Array. RAID 6 with three disk failure
How to properly rewire these splices?
First coefficient of totally positive fundamental unit modulo 3
Sci-fi TV series where a man asks his opponent why repeatedly
How to redeem a wasted youth?
Gravitational Properties of Asteroids
The state of the art in music puzzles
How does Octopus Umbra interact with effects that change the base power and toughness of, and counters on, a creature?
Why is the mean of the natural log of a uniform distribution (between 0 and 1) different from the natural log of 0.5?
Can a fiance sleep at his in-law's?
How does `at` know there will be a time change?
In a world where magic comes from mythological stories, what's stopping my characters from writing more?
Cone and arc with tikz and addplot3
Spacetime and its contribution to space science
Should I adjust rear derailleur as my chain seems too close to each other
How to call my own phone with a loud ringing tone (in order to find it in my house) even if it is in silent mode?
Addressable RGB strip works fine individually but cannot set all LEDs to full white
Do you make me up?
Is "HTTPS Everywhere" still relevant?
How to redeem a wasted youth?
If someone orders a pizza in the US and doesn't pay for it, could they be arrested?
How to write "Œuvres"?
Do any languages have a kinship terms for the relationship between the respective parents of a married couple?
What is this?/How do I do this?
How can we be safe about code from this site that we install?
How to handle duplicate answers that add nothing?Formatting, backticks and editingShould we edit offensive content that is only meant to vandalize the site?Why do people post screenshots of their terminals?How to stop users from serial editing that is worth rejection?“This is commentary on another post, not an answer” used for low quality answersHeavy handed application of “off-topic” for new user?Should [messages] be sent to /dev/null?
There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?
discussion security
migrated from askubuntu.com Jun 14 at 21:44
This question came from our site for Ubuntu users and developers.
add a comment
|
There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?
discussion security
migrated from askubuntu.com Jun 14 at 21:44
This question came from our site for Ubuntu users and developers.
3
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
3
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
3
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20
add a comment
|
There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?
discussion security
There are a lot of people who code solutions and post it in forums like this one. I think, maybe I'm wrong because I'm a beginner, that these people are able to introduce "evil code". Is some organization taking care of this or is it a user's responsibility?
discussion security
discussion security
edited Jun 19 at 11:14
Melebius
7,5728 silver badges16 bronze badges
7,5728 silver badges16 bronze badges
asked Jun 14 at 21:21
VicenteCVicenteC
33 bronze badges
33 bronze badges
migrated from askubuntu.com Jun 14 at 21:44
This question came from our site for Ubuntu users and developers.
migrated from askubuntu.com Jun 14 at 21:44
This question came from our site for Ubuntu users and developers.
migrated from askubuntu.com Jun 14 at 21:44
This question came from our site for Ubuntu users and developers.
3
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
3
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
3
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20
add a comment
|
3
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
3
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
3
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20
3
3
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
3
3
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
3
3
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20
add a comment
|
3 Answers
3
active
oldest
votes
Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.
In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
add a comment
|
ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:
Why did the command ":() :;:" make my system lag so badly I had to reboot?
More because guntbert doubts me :-)
Terminal command to remove unknown file
What does rm -rf do?
`rm -rf ` and `rm -r` have the same results
I have yet to see an answer where we did not have a warning
I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X
I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
add a comment
|
Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.
How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.
That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.
As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
add a comment
|
3 Answers
3
active
oldest
votes
3 Answers
3
active
oldest
votes
active
oldest
votes
active
oldest
votes
Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.
In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
add a comment
|
Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.
In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
add a comment
|
Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.
In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.
Stack Overflow is far ahead of Ask Ubuntu at reviewing code because it's a programming website. In addition to Stack Overflow's normal way of reviewing code by users who volunteer to be reviewers and by Stack Overflow's moderators, there are also chatrooms that were created specifically for reviewing code and several reviewing bots. Some of these same bots are also reviewing posts every day at Ask Ubuntu. It is possible for users to apply to the bot moderators for permission to participate in reviewing the results of the reviewing bots which flags false positive results and trains the bots to be more accurate. Some bots have the adaptive ability to retract their own results if enough false positives are reported by members of the bot's team.
In the end none of these methods can succeed without the participation of human beings, so there must be oversight by users who volunteer to be reviewers. Anyone can participate in improving the quality of posts at Ask Ubuntu. There is no reputation requirement for submitting a suggested edit to any post to be reviewed by Ask Ubuntu's volunteer reviewers.
edited Jun 14 at 22:33
answered Jun 14 at 22:25
karelkarel
69.4k8 silver badges26 bronze badges
69.4k8 silver badges26 bronze badges
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
add a comment
|
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
1
1
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
You mean there are bots that scan posts for code snippets and analyse them for malicious things? I haven't heard of that yet, and tbh I would be surprised if that existed, because it would be terribly complex. Or are you only referring to SmokeDetector and similar?
– Byte Commander♦
Jun 14 at 22:54
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
There are bots that scan for plagiarized code. There are also bots that scan for short code snippets that are not accompanied by an explanation of what the code does. However afaik there are not any bots that do deep scanning of code snippets and analyze them for malicious things. As a member of several bot teams I have the privilege of manually reporting my own deep scanning results to the appropriate bot in order to submit it for further review by other reviewers. This is done transparently in a public chatroom and anyone in that chatroom can freely comment about it and frequently does.
– karel
Jun 14 at 23:04
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
Ah, cool. So I guess this happens in SObotics? That's nice, I'm really not familiar with most of the things people built there.
– Byte Commander♦
Jun 14 at 23:11
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SOBotics and SO Close Vote Reviewers have helped me lot.
– karel
Jun 15 at 3:15
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
SO moderators do not review code! No more than any other user, anyway. And, as you say in the comments, there are no bots checking for malicious code, so I don't really understand what you're suggesting.
– terdon♦
Jun 16 at 13:27
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
I review low quality posts at Stack Overflow and I always check back on my work to see if the other reviewers at Stack Overflow agree with me. I frequently see that posts that I recommended deletion of were deleted by a Stack Overflow moderator. This is one example of what I meant by Stack Overflow moderators review code. If it's no good they delete the answer. Not just one moderator, several SO moderators do this every day.
– karel
Jun 16 at 13:42
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
Why don't I explain this more thoroughly in the answer? Because it's not about Ubuntu, therefore off topic. I'm trying to stay on topic in the answer section. If the game runs into extra innings, I can be as off topic as I want to in a topical chatroom without flooding the answer section.
– karel
Jun 16 at 14:41
add a comment
|
ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:
Why did the command ":() :;:" make my system lag so badly I had to reboot?
More because guntbert doubts me :-)
Terminal command to remove unknown file
What does rm -rf do?
`rm -rf ` and `rm -r` have the same results
I have yet to see an answer where we did not have a warning
I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X
I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
add a comment
|
ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:
Why did the command ":() :;:" make my system lag so badly I had to reboot?
More because guntbert doubts me :-)
Terminal command to remove unknown file
What does rm -rf do?
`rm -rf ` and `rm -r` have the same results
I have yet to see an answer where we did not have a warning
I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X
I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
add a comment
|
ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:
Why did the command ":() :;:" make my system lag so badly I had to reboot?
More because guntbert doubts me :-)
Terminal command to remove unknown file
What does rm -rf do?
`rm -rf ` and `rm -r` have the same results
I have yet to see an answer where we did not have a warning
I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X
I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.
ANY code that is going to be doing something you do not want will and must have a big fat warning. Most famous one:
Why did the command ":() :;:" make my system lag so badly I had to reboot?
More because guntbert doubts me :-)
Terminal command to remove unknown file
What does rm -rf do?
`rm -rf ` and `rm -r` have the same results
I have yet to see an answer where we did not have a warning
I personally will interpret any code I see in questions. I fix software problems for a living so I have this weird habit that I HAVE to understand code I see otherwise I keep having this itch. At work I am known for pointing out problems with code where it is not even clear to me I have pointed to a problem. Yes I know I am weird :-X
I know lots of others on AU that review code too. Besides that there are a 10, 20 people on AU I trust when they post code on AU and most elaborate answers tend to come from a select few.
edited Jun 15 at 19:45
answered Jun 15 at 9:44
RinzwindRinzwind
224k18 silver badges42 bronze badges
224k18 silver badges42 bronze badges
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
add a comment
|
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
1
1
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
You are very confident here - with ANY code - I suggest to s/ANY/Most/ .
– guntbert
Jun 15 at 16:10
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
I reworded it but it has to be "any" ;-)
– Rinzwind
Jun 15 at 16:20
1
1
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
Those examples are about "obviously" dangerous code - but there may still be cases where someone sticks something malicious between several lines of code/commands. Not every post is thoroughly reviewed. Mind you I don't talk about highly voted answers but according to Murphy's Law we will have malicious code on the site.
– guntbert
Jun 15 at 19:37
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
"Not every post is thoroughly reviewed." I believe that is not true. Code from new users will be reviewed. People that have shown they can code (like Jacob Vlijm) maybe not as thorough but that's why we trust them ;-)
– Rinzwind
Jun 15 at 19:47
add a comment
|
Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.
How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.
That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.
As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
add a comment
|
Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.
How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.
That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.
As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
add a comment
|
Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.
How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.
That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.
As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.
Excellent things have been said already, but let me add a few words from someone who posts those code snippets once in a while.
How can we be safe about code from this site that we install? You can't. Any piece of code could contain harmful - intentionally or not - elements. While that is also true for snippets on AU, you probably won't find a place with less risk than on AU or other SE sites. The reason is that not only snippets are in general relatively short and clear, but more importantly: anyone can (and will) look into the code, and anyone can comment on or flag a post. Any potential critic is visible directly on the post itself.
That is unlike some private websites where we can often see bad advice or inadvisable commands. If I am a crook and want to inject malicious code, the one environment I need to avoid is SE sites.
As said, using code you didn't write yourself is a risk. In short however: in general, I believe the code posted here, especially from answers that already live a bit longer or posted by people who are around a bit longer, is probably the least of your concerns.
edited Jun 20 at 6:56
karel
69.4k8 silver badges26 bronze badges
69.4k8 silver badges26 bronze badges
answered Jun 19 at 18:27
Jacob VlijmJacob Vlijm
69.4k1 gold badge26 silver badges68 bronze badges
69.4k1 gold badge26 silver badges68 bronze badges
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
add a comment
|
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
Also, code that's fine on MY system might break YOUR system, unintentionally.
– waltinator
Jul 4 at 13:11
add a comment
|
3
Read the 'code' first, work out what it will do, and only use it if you agree it will help and understand what it will do. If you're not 100% sure, build a test environment (vm or real-hardware) and test it yourself there.
– guiverc
Jun 14 at 21:23
3
If you don't understand how to read the code and the poster has no track record I wouldn't install it. An evil person would design the evil code to explode stuff five months after you tested it in a VM. If it was on this site though the evil person would be banned and evil answer deleted. Chances are someone else would spit the evil code before you see it.
– WinEunuuchs2Unix
Jun 14 at 21:35
3
I'd suggest reading this question and answers: If I follow instructions from a blog or Ask Ubuntu, etc, is it always safe?
– Sergiy Kolodyazhnyy
Jun 17 at 8:20