Zed is a modern open-source code editor, built from the ground up in Rust with a GPU-accelerated renderer.

  • bionicjoey@lemmy.ca
    link
    fedilink
    arrow-up
    149
    arrow-down
    2
    ·
    6 months ago

    Installer is piping curl into shell

    I thought we were past this as a society 😔

      • timestatic@feddit.org
        link
        fedilink
        arrow-up
        1
        ·
        5 months ago

        As long as they just use it for their community and don’t fucking lock documentation behind discord I don’t really care. But this trend has been so annoying. Due to this I’m in so many servers I have to quit a server just to join a new one

    • kazaika@lemmy.world
      link
      fedilink
      arrow-up
      22
      ·
      6 months ago

      I mean its already in the nix repos as well as homebrew which means its essentially taken care of

        • pukeko@lemm.ee
          link
          fedilink
          English
          arrow-up
          4
          ·
          6 months ago

          It appears to be a couple of versions behind … and have some issues with dynamically linked libraries that hinder LSPs. Neither of these is Zed’s fault. I’m sure the packaged version will be up to date momentarily (given the interest in Zed, sooner rather than later). Not sure how easy the LSP thing will be to fix, though there are some workarounds in the github issue.

          • priapus@sh.itjust.works
            link
            fedilink
            English
            arrow-up
            5
            ·
            6 months ago

            yeah the editor is being updated way too fast for nix to keep up. I’m sure it’ll be easier once it has its stable release. I see the have a nix flake in the repo, it would be great if they added a package to the outputs instead of just a devshell, nix users could easily build it from master or whichever tag they want.

            There are solutions in this issue to the LSP issue. The editor would need to be built in an fhs-env, or they will need to find a way to make it uses binaries installed with nix instead of the ones it downloads itself. VSCode had a similar issue, so there is a version of the package that let’s you install extensions through nix, and another that uses an fhs-env that allows extensions to work out of the box.

    • Telorand@reddthat.com
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      edit-2
      6 months ago

      That was my first thought as well, but I will say that uBlue distros had a signing issue preventing updates recently, due to an oversight with how they rotated their image signing keys, and the easiest (maybe only?) solution was to pipe a curl command to sh. Even though uBlue is trustworthy, they still recommended inspecting the script, which was only a few lines of code.

      In this case, though, I dunno why they don’t just package it as a flatpak or appimage or put it up on cargo.

      Edit: nvm, they have some package manager options.

      • skilltheamps@feddit.org
        link
        fedilink
        arrow-up
        6
        ·
        6 months ago

        Security wise it doesn’t matter, you run the code they wrote in any case. So either trust them or don’t. Where it matters is making a mess on your computer and possibly leaving cruft behind when uninstalling. But packages are in the works, Arch even has it since before linux support was announced officially.

    • WFH@lemm.ee
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      6 months ago

      A curl piped into a shell or some unofficial packages from various distros.

      At this point I don’t get why these projects are not Flatpak-first.

      • ParetoOptimalDev@lemmy.today
        link
        fedilink
        arrow-up
        4
        arrow-down
        5
        ·
        6 months ago

        Flatpak is worse for debugging, development, and reproducibility.

        Its good for user friendly sandboxing, portability, and convenience.

        • eveninghere@beehaw.org
          link
          fedilink
          arrow-up
          1
          ·
          6 months ago

          AFAIK it’s the copy cost for the memory. GPU makes sense only when the hardware allows this copy to go away. Generally, desktop PCs don’t have such specialized hardware.

          • Mia@lemmy.blahaj.zone
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            6 months ago

            I don’t see why you’d have to copy all that much. Depending on the rendering architecture, once all the glyphs are there you’d only need to send the relevant text data to be rendered. I don’t see that being much of a problem even when using SDFs. It’s an extremely small amount of data by today’s standards and it can be updated on demand, but even if it couldn’t it would still be extremely fast to send over every frame. If games do it, so can text editors. Real time text rendering on the GPU is a fairly common practice nowadays, unfortunately not in most GUI applications…

            • eveninghere@beehaw.org
              link
              fedilink
              arrow-up
              1
              ·
              6 months ago

              At this point I’m not expert enough to explain more details. You can check font renderers.

              Below is what’s in my mind but it’s just a guess.

              In typical PC architectures you have IO between the storage and the RAM, and then there’s the copying from the RAM to the VRAM, and editors maybe also want copying from the VRAM to RAM for decoration purposes etc.

              • Mia@lemmy.blahaj.zone
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                6 months ago

                I am familiar with the current PC and GPU architectures.

                IO is a non issue. Even a massive file can be trivially memory mapped and parsed without much hassle, and in the case of a text editor you’d have to deal with IO only when opening or saving said file, not during rendering.

                As for the rendering side, again, the amount of memory you’d have to transfer between RAM and VRAM would be minimal. The issue is latency, not speed, but that can be mitigated though asynchonous transfer operations, so if done properly stutters are unlikely.

                Rendering monospaced fonts (with decorators and control characters) at thousands of frames a second nowadays is computationally trivial, take a look at refterm for an example. I suspect non-monospaced fonts would require more effort, but it’s doable.

                As I said at the beginning, it’s not impossible, just a pain. But so is font rendering in general honestly :/

    • TunaCowboy@lemmy.world
      link
      fedilink
      arrow-up
      4
      arrow-down
      7
      ·
      6 months ago

      It is worrisome that all the smug elitists are too incompetent to just leave off the pipe and review from stdout, or redirect to a file for further analysis.

      Same people will turn around and full throat the aur screaming ‘btw’ to anyone who dares look in their direction.

      • skilltheamps@feddit.org
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        By that logic you have to review the Zed source code as well. Either you trust Zed devs or you don’t - decide! If you suspect their install script does something fishy, they could do it just as well as part of the editor. If you run their editor you execute their code, if you run the install script you execute their code - it’s the same thing.

        Aur is worse because there usually somebody else writes the PKGBUILD, and then you have to either decide whether to trust that person as well, or be confident enough for vetting their work yourself.

      • krolden@lemmy.ml
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        6 months ago

        Eh using aur is a bit different since most of# them pull the projects git repo directly anyway. Yeah the project might have vulns but thats on you to inspect before building it as well as the pkgbuild itself