They're just examples of things you could pipe curl into, but no not really. If the download fails you end up with an incomplete file in your tmpfs anyway, and have to retry. Another use I have is curl | mysql to restore a database backup.
If the server supports resuming, I guess that can be better than the pipe, but that still needs temporary disk space, and downloads rarely fail. You can't corrupt downloads over HTTPS either as the encryption layer would notice it and kill the connection, so it's safe to assume if it downloaded in full, it's correct.
With downloads being IO bound these days, it's nice to not have to read it all back and write the extracted files to disk afterwards. Only writes the final files once.
That's far from the weirdest thing I've done with pipes though, I've installed Windows 11 on a friend's PC across the ocean with a curl | zstd | pv | dd, and it worked. We tried like 5 different USBs and different ISOs and I gave up, I just installed it in a VM and shipped the image.
--silent is useful when you don't want the progress bar or you're piping curl into something else. I like to do curl | tar -zxv to download and decompress at the same time, I've even tar -zc | curl to upload a backup taking no disk space to do so.
The problem however is it's really silent: if it fails, it exits with a non-zero code and that's it. Great when you don't want debug info to interfere, annoying when you need to debug it.
So you can opt-in to print some errors when in silent mode, but otherwise be silent.
Federation means, multiple servers talking to one another and exchanging information.
You're on lemdro.id, I'm on my own server, yet we can talk. I can shut down my server, and you will still see my comments from lemdro.id.
This ensures you don't have to be on a single website along with everyone else: you're always free to leave lemdro.id if you wish and go to say, lemmy.world or sh.itjust.works or whatever other instance you feel like.
I bet they'll eventually get caught using coffee shop cameras and conversations for AI training, say it's for training a security product or something.
It really depends, most people end up specializing into specific things they work on as software has generally become too big for single developers. We have people that only do frontend stuff so things look nice on the website, some only deal with the database and making sure we return results as efficiently as possible.
I started off doing the typical full stack but I've since branched off into DevOps so now I'm responsible for a few hundred servers across the globe that I keep updated and running smoothly.
Sometimes I work on new tools, sometimes I spend days tracking down weird problems, sometimes I'm rushing hotfixes because something is repeatedly crashing in production.
It's worth noting that because you can click through UIs these days doesn't mean that scales as you go. You can go spin up your app in a container in the cloud mostly through UI, but soon enough the defaults aren't enough. I manage several hundreds of instances across a few clouds, I'll well, well past clicking next next next finish. It's just an easy and visual way to ease you into things, especially for beginners, as all the options available to you are there to see along with little help tooltips explaining what a setting does.
It also depends on what you do: if you work at a startup, clicking through Cloudflare's dashboard is more than enough. When you have thousands of customers, you're not managing the tens of thousands of settings you have to configure, you automate.
Code can describe things (HTML, CSS, HCL), code can configure things (YAML, JSON, Ansible), code can program things (PHP, JavaScript, Python, Ruby, etc), code can query things (SQL), programming as a whole is very wide.
It's meant to protect the software, not the hardware. Of course you can still put a hardware keylogger on it.
You're also only considering the use case of the owner and user being the same person. In a business context, the user and the owner are two different persons. It can be used to ensure the company's MDM and security software aren't tampered with, for example if you try to exfiltrate company data. In that situation, even if you have a keylogger, it doesn't help you much, it still won't allow you root access on the machine, because the user of the machine doesn't have root access either.
Same with servers: you don't even care if the hardware is keylogged, nobody's ever using the local console anyway. But it'll tell you if a tech at the datacentre opened the case, and they can't backdoor the OS during a planned hardware maintenance.
Same with kiosk machines: you can deface the hardware all you want, the machine's still not gonna let you order a free sandwich. If you buy one off eBay you can bypass secure boot and wipe it and use it, but it won't let you sneak a USB on it while nobody's watching and attack the network or anything like that.
But yes, for most consumers it's a bit less useful and often exploited in anti-consumer ways.
Swap Israel for Russia, and suddenly that would be something completely reasonable nobody talks about. But it's Israel, so of course they're gonna play the racism/religion card.
It's mostly for use cases where you can lose physical access to the computer like overnight at the office, at a hotel while travelling, in a shared server room, etc. It's extra assurance that the computer runs the software you expect it to run and nothing else without at least being somewhat noisy about it.
This can in turn be used to use the TPM to get a disk encryption key, so you can do full disk encryption but still boot to a normal login screen without entering a password. It will only hand out the key with the correct signed boot chain.
If you have a desktop PC at home that nobody untrusted touches, then yeah there isn't that much value to it for you.
If we deleted everything written by insufficiently pure developers, we wouldn't have a Linux desktop. Especially if we count the ones that were smart enough to not bring up anything political in public.
Not a fan of DHH, but then you delete Rails then there's no GitHub, GitLab, Mastodon, and many many other things given how popular Rails is, and that's just that one guy.
If you include all the sketchy stuff that happens in the supply chain mining the minerals, processing, assembly all the way up to the final computer product, you just can't morally justify supporting any manufacturer either.
This really doesn't do anything useful other than feeling good to not support one of those guys. If anything it just adds extra political drama that feeds into a much bigger worldwide division problem.
Denver also have a pretty big problem with drivers running yellow/reds. I lived there for a year and lost track of how many truck crashed in front of my house within months. At the end I was always waiting for a second or two on greens because the risk of some impatient maniac missing the yellow and trying to get through anyway on the red, and you'll even get honked at if you don't.
Driving there is a very frustrating experience that's almost designed to maximize road rage incidents.
They said it would require network access and that they would have a handful of popular apps preloaded to avoid too much disruption so those can be installed offline. In practice that probably means Google apps, Meta apps and other big corp apps.
They also have you register package names with them, not just a certificate.
I was hoping it would be a certificate situation but we're kind of past Google using the least intrusive and privacy preserving options.
Apps from outside the Play Store? No, because previously your phone had no reason to ask Google anything. You could always not sign in to Google and disable Play Protect and use F-Droid and Obtainium.
But now, it needs to check developer signatures to know if it's a verified developer, and it obviously can't cache all of them as the size would be insane.
And that in turn implies that your phone needs to reach out to Google and be like yo, is this app banned?
That query gives them at minimum the IP of the user, the package name, and the time at which it happened.
And thus they can effectively track anyone using say, privacy apps, making it that much riskier to use them in places where they're not allowed.
Max-P @ Max_P @lemmy.max-p.me Posts 10Comments 2,043Joined 2 yr. ago
They're just examples of things you could pipe curl into, but no not really. If the download fails you end up with an incomplete file in your tmpfs anyway, and have to retry. Another use I have is
curl | mysqlto restore a database backup.If the server supports resuming, I guess that can be better than the pipe, but that still needs temporary disk space, and downloads rarely fail. You can't corrupt downloads over HTTPS either as the encryption layer would notice it and kill the connection, so it's safe to assume if it downloaded in full, it's correct.
With downloads being IO bound these days, it's nice to not have to read it all back and write the extracted files to disk afterwards. Only writes the final files once.
That's far from the weirdest thing I've done with pipes though, I've installed Windows 11 on a friend's PC across the ocean with a
curl | zstd | pv | dd, and it worked. We tried like 5 different USBs and different ISOs and I gave up, I just installed it in a VM and shipped the image.