Because apparently nothing can stop a bad idea

Installation Instructions

Just run the following command from your shell:

$ wget -q -O - | sudo bash

Why This is a Bad Idea

Let's look at that command in detail. It's downloading something via HTTP (which is unencrypted and provides no guarantee of authenticity) and then executes whatever was downloaded in a root shell. Here's a non-exhaustive list of potential problems:

How Can This Be Fixed

If you presently recommend any variant of the above command for installation or bootstrapping your software, stop doing that immediately. Instead, try one of these alternatives:

If you are a user of some software which recommends any variant of the above command, please point the author of said software to this page.


Tim Serong (@tserong) is responsible for this public service announcement. Special thanks are due to the denizens of on for reviewing this.


No responsibility is accepted for the effects of evil transparent proxies, DNS cache poisioning, or any other form of malicious attack on any of your systems that may result from running the command listed under "Installation Instructions".