installing arbitrary software off the internet by piping curl output to bash is a terrible idea. At the very least, I would have expected them to sign this script... considering this software has unlimited access to your internal network, and the ability to influence ALL network traffic into/out of your internal network.
What people do to install software 98% of the time is download a proprietary windows binary and executing it - occasionally also with elevated privileges.
Piping to bash is dangerous but it’s not more dangerous than software installation in general. I think this point is some times lost on e.g people who run software from vetted repositories like apt or often make their open source apps from source. Computer programs to most people means double clicking an exe.
> What people do to install software 98% of the time is download a proprietary windows binary and executing it
Not people who avoid Windows. Every respectable Linux distro has package signing by default these days. And none support a default install process of piping arbitrary scripts from the internet to a shell.
There's no reason the pi-hole folks, who made a thing that runs on Linux, to ignore the security implications and recommend something dangerous for a device with a lot of potential power.
None. None at all that anyone's noticed in our home, and I imagine the speed associated with the fewer server requests and their payload offsets any negligible performance degradation that would have been there.
> Install by running one command:
> curl -sSL https://install.pi-hole.net | bash
installing arbitrary software off the internet by piping curl output to bash is a terrible idea. At the very least, I would have expected them to sign this script... considering this software has unlimited access to your internal network, and the ability to influence ALL network traffic into/out of your internal network.