24

I am new to Linux and Ubuntu. When I don't know how to do something with this OS I search on the web and Ask Ubuntu and always find the answer.

But sometimes it's not a great answer nor complete tutorial. I follow the instructions anyway, but I don't know what all the commands mean.

So my question is:

  • When I follow a tutorial, am I 100% safe?
  • If not, then how can I tell I am in danger?
Zanna
  • 70,465
Dimas Ari
  • 397
  • 2
  • 10
  • 5
    Nope. sudo dd if=/dev/urandom of=/dev/sda bs=1024k enjoy reinstalling – Joshua Jul 16 '15 at 22:48
  • 5
    No, NO, NONONO! You don't just follow some random instructions, you learn what the instructions do and apply them to solve your problem. – Braiam Jul 17 '15 at 02:02
  • 1
    I'd say blogs are the second to best option. Best option would be asking questions here and unix.stackexchange.com . Especially answers from higher rep users , like over 1000 rep. The high rep users typically know what they're talking about. – Sergiy Kolodyazhnyy Jul 17 '15 at 04:59
  • 8
    Don't trust any tutorial that prefixes every command with sudo. – Simon Richter Jul 17 '15 at 06:42
  • 14
    "If I follow instruction from blog/web, is that always safe?" . . . What? Why would you ever think that? – geometrian Jul 17 '15 at 07:03
  • 3
    We can't truthfully give a "Yes" answer without first analyzing every web/blog that you will ever take instruction from so we can see if they're safe. Please list all of them so we can check them out (particularly the ones you will find in the future). – user2338816 Jul 17 '15 at 07:57
  • 2
    Sometimes even well-meaning advice may be unsafe in some subtle ways. For example I could imagine an answer to "how do I install XYZ server?" that suggests easy solution that leaves your computer open to some serious vulnerabilities. Perhaps some other user will catch that and comment, but maybe not, computer security is hard. – dtldarek Jul 17 '15 at 07:57
  • 1
    Linux Mint doesn't boot after creating a swap partition – gronostaj Jul 17 '15 at 13:53
  • 1
    @imallett President Lincoln told me that you can trust everything you read on the internet. If only he had followed his own advice, then that nasty incident at Ford's Theater would have never happened. – emory Jul 17 '15 at 15:55
  • You can't spend more than one second validating whether doing something is a good idea? You're pretty impatient. – Matti Virkkunen Jul 17 '15 at 16:11
  • @SimonRichter actually, I would be more scared of things that do stuff that is not that obvious (like installing malaware on your home directory). – Braiam Jul 17 '15 at 16:34
  • I don't think this is too broad. It's quite simply answered: you're not 100% safe, you can't tell if a command is safe without knowing what it does, and commands that decode and run parts of themselves are extra likely to be malicious. I would post an answer about this but A.B. already did so beautifully. We have far broader and less clear questions in the same vein, like Remove a terminal command (which I think should be closed) and block certain dangerous commands? (which is fine). – Eliah Kagan Sep 26 '17 at 00:51

4 Answers4

46

TL;DR No, you are not 100% safe. Or with other words, think twice. ;)

Don't execute code snippets without understanding the basics. Use man to learn more about a command or a program. Use Google or an other search portal if you don't understand. And if you still doubt, simply do not execute the code.

Do you trust me? Then run:

man man

Ok, not dangerous, you see the man-page of man

But what about the code below, do you trust me?

$(perl -MMIME::Base64 -0777ne 'print decode_base64($_)' <<< "ZWNobyAnQk9PSCEnCg==")

Not? Good idea. Let's breakdown the code:

  • perl

    The Perl language interpreter

  • -MMIME::Base64

    Encoding and decoding of base64 strings

  • -0777ne

    -0777 - Changes the line separator to undef, letting us to slurp the file, feeding all the lines to Perl in one go.

    -e - (execute) flag is what allows us to specify the Perl code we want to run right on the command line.

    -n - Feed the input to Perl line by line.

  • 'print decode_base64($_)' - Decodes a string, the string is saved in $_.

  • "ZWNobyAnQk9PSCEnCg==" - And this? What is this?

Let's start a test.

We know, it's something like base64 and it looks encoded. Therefore decode the string with:

base64 --decode <<< "ZWNobyAnQk9PSCEnCg=="

And the output is … ok, not really dangerous:

echo 'BOOH!'

Now, we can do the same with perl

perl -MMIME::Base64 -0777ne 'print decode_base64($_)' <<< "ZWNobyAnQk9PSCEnCg=="

And the output is, what a surprise:

echo 'BOOH!'

But was it dangerous? This is dangerous:

$(…)

This construct executes the output of the commands in the round brackets.

Let's try it, do you trust me?

$(perl -MMIME::Base64 -0777ne 'print decode_base64($_)' <<< "ZWNobyAnQk9PSCEnCg==")

'BOOH!'

And what's about

c3VkbyBraWxsYWxsIG5hdXRpbHVzCg==

Try it out … Do you trust me?

A.B.
  • 90,397
5

My general assumption on this would be yes, because the guys here at askUbuntu usually know their way around.

However, in general I always like to understand what I'm doing, so if you get an answer with a command / syntax you're not familiar with- just ask for a wider explanation. I'm sure that the person that helped in first place wouldn't mind on sharing his further knowledge..

Good luck and you've made the right choice with Linux- miles better than the competitors!! :-)

Moshe Vayner
  • 207
  • i cant apply ur suggestion to ask for a wider explanation for every task i do so i think this is good advice but not the right answer thaanks! yeah feel comfort with ubuntu~ – Dimas Ari Jul 16 '15 at 19:21
  • Cheers my friend! :-) – Moshe Vayner Jul 16 '15 at 20:50
  • +1 for 'if you get an answer with a command / syntax you're not familiar with- just ask for a wider explanation.' – sudodus Sep 26 '17 at 06:06
  • Ohhh and actually I just realized there's one other thing I forgot to mention regarding the wider explanation - don't forget that there's a man page and a help section for pretty much every linux command, that is either man <command> or <command> --help / command -h. – Moshe Vayner Sep 27 '17 at 13:15
3

Some blogs are definitely a lot better than others. And yes, it's hard for beginners to tell the difference.

Number one, make sure the instructions are for your version of ubuntu. Non lts releases only last for 9 months or so. Blog posts last a lot longer. And what worked for older releases often don't on newer ones.

Also, don't do it if they don't explain how to undo the changes if it doesn't work and you don't know how.

Many blogs tell you to install from a 3rd party ppa, even when the app is in the ubuntu repos. None of that stuff is beta tested for your kernel release. I don't have any ppa's in my software sources and won't unless it's really necessary.

user138156
  • 175
  • i think make sure they explain how to undo the changes is a good idea – Dimas Ari Jul 16 '15 at 19:18
  • 1
    Certain place like Webup8 are really useful others not so. PPAs in some ways are better than installing just a package, for more info on how much you can trust em there is this: http://askubuntu.com/questions/35629/are-ppas-safe-to-add-to-my-system-and-what-are-some-red-flags-to-watch-out-fo – Wilf Jul 16 '15 at 19:31
1

Try looking at multiple blogs which address a certain issue. There may be details that one blog addresses but another does not. I would also suggest you keep a log of the changes you make in case you need to revert them in the future. And if something comes to worse, you can always reset Ubuntu to its default configuration.

WAS
  • 191