Users are blameless, I find the fault with the developers.

Asking users to pipe curl to bash because it’s easier for the developer is just the developer being lazy, IMO.

Developers wouldn’t get a free pass for taking lazy, insecure shortcuts in programming, I don’t know why they should get a free pass on this.

The post is specifically about how you can serve a totally different script than the one you inspect. If you use curl to fetch the script via terminal, the webserver can send a different script to a browser based on the UserAgent.

And whether or not you think someone would be mad to do it, it’s still a widespread practice. The article mentions that piping curl straight to bash is already standard procedure for Proxmox helper scripts. But don’t take anyone’s word for it, check it out:

https://community-scripts.github.io/ProxmoxVE/

It’s also the recommended method for PiHole:

https://docs.pi-hole.net/main/basic-install/

It took me getting arrested over some bullshit to get me out, then it was just time and therapy.

I can’t recommend a good therapist enough. Mine has helped me untangle lots of things, and I’m still getting better 5 years after the split.