1. Cool, I've never heard of Octaspire Dern, it looks interesting
2. I remember years ago implementing an IRC client in C++ by spending hours studying the RFCs. It was fun. Though it ends up being way more lines of code but had a GUI and and the peer to peer extensions.
3. Did that video just download a binary from HTTP not check the hash of the file and just compile and run it !?!? I do wish the internet would stop encouraging running arbitrary code on your machine without at least checking the signature especially over HTTP that can be MITM'd do easily. Not as bad as piping curl directly to the shell though.
Edit: looking at the websites it even has a file you can download with the checksums in it (although over HTTP still) but if it's there it should be used.
* Latest release of Octaspire Dern can be downloaded through secure HTTPS connection from here:
https://octaspire.github.io/dern/release.tar.bz2
SHA-512 checksum for the latest release can be downloaded from:
https://octaspire.github.io/dern/checksums
SHA-512 checksums of all past releases can also be found from: https://octaspire.github.io/dern/
What I have done in my other asciicasts is this (for example in Dern introduction/tutorial
at https://asciinema.org/a/123972):
curl -O octaspire.com/dern/release.tar.bz2
tar jxf release.tar.bz2
cd release/*
curl -O https://octaspire.github.io/dern/checksums
sha512sum -c checksums
This is what I have recommended in the manual
http://www.octaspire.com/dern/Programming_in_Octaspire_Dern.html
Both the release and checksums could be downloaded from https://octaspire.github.io/dern/ but
I though that by downloading them from two different servers (octaspire.com and octaspire.github.io)
would have the added safety factor that attacker would have to get access to both distinct servers to
be able to modify both the release and the checksums. And the checksums are available only through HTTPS,
even if the release is available through HTTP and HTTPS.
But I too recommend to always check the checksums. I should not have cut corners while making this video.
Or at least I should have downloaded the file through HTTPS when not checking the files.
1. Cool, I've never heard of Octaspire Dern, it looks interesting
2. I remember years ago implementing an IRC client in C++ by spending hours studying the RFCs. It was fun. Though it ends up being way more lines of code but had a GUI and and the peer to peer extensions.
3. Did that video just download a binary from HTTP not check the hash of the file and just compile and run it !?!? I do wish the internet would stop encouraging running arbitrary code on your machine without at least checking the signature especially over HTTP that can be MITM'd do easily. Not as bad as piping curl directly to the shell though.
Edit: looking at the websites it even has a file you can download with the checksums in it (although over HTTP still) but if it's there it should be used.