Yep. Linux just deleted itself and the data on the mounted drive 😂🤦. They should have put a safety mechanism so when you execute it it wont delete the whole os but will error out unless you provide --no-preserve-root
Still don't understand, I mean like I let the dog into the house, and boom, he just disappeared into this weird mushy pile. I guess I should've known better than to let him into the house for the first time, figures he'd find some way to kill himself with no past experience in a house before to guide him different.
@@orppranator5230 don't doubt physics and bad lucky, you will be amazed at how many crazy bad lucky some stuff can get, some people got hit for a whell in the most weird places you can think off, im pretty sure somehow pushing the wall or something or whatever the dog could by mistake trigger all this.
Garbage like this is why I've completely lost faith in Steam, they also released a "Brick Update" in February 27th this year, even to those NOT in the Beta Branch, and it made my Steam crash 4-8 times in the span of an hour, I couldn't do anything and people expressed the same things I did.
i mean that was specifically a misconfiguration on pop!_os and even then it literally said on the screen that it would likely break the system and literally has you type something like "Yes, break my system." before it lets you perform the action
Wow! I can't believe they'd script something like that with an rm -rf. It clearly rang alarm bells from the comment. How did this get through code review without someone shouting NOPE!
The desired behavior is to remove everything under $STEAMROOT without user intervention. 'rm -rf' is the correct choice. I struggle to see what solution you would choose instead. The problem here is that there was no sanity check on $STEAMROOT.
In the 90s, when Diablo had an extension called Hellfire, made by Sierra, the uninstaller of the extension was deleting everything in C:\Games\ instead of C:\Games\Sierra Online\. Too bad for those who installed in Program Files at the time.
That is such a 90's sierra move honestly. Wasn't enough to bust my balls with their point and click games, now they gotta wipe my games folder for daring to uninstall their bad diablo addon.
Imagine being Valve, one of the most well-known software companies that builds and maintains Steam, writing a launcher for Linux that invokes rm -rf with no safeguards. Invoking the command at all is seriously risky. Who in their right mind would look at that line of code and just say "Scary" and allow it to be part of the script?
Someone who doesn't know/care/get paid enough to fix/check it themselves. I think I could see myself being an intern and doing that, then going to a higher up and saying "hey, this is scary, you should probably find a better way to do this" and never following up on it.
The developer was an honest person and practiced the scripture they were taught. Saying as they committed, "Forgive me father for I have sinned." Then left us a hieroglyph. # Scary
@@jeuonly3474 True, for some reason I thought that was a separate incident with someone else. The external drive could have been part of the new setup as well. Or maybe Keyvin just took it like a champ.
Accidental bad code deletes external hard drive with your entire lifes photos, movies and films, and even photos digitized photos of your grandmother from 80 years ago... but... the person who made the code was broblably really happy about that paycheck, so y'know, whatever
@@jackspedicy2711people usually backup those files, and there’s plenty of data recovery software that works because computers just mark a file space as empty so the programs just search for the files
Dude you have seriously found your niche with this type of content, covering software failures in a funny and digestible way. Love watching your videos.
no i dont, because roots to me are the things that suck up nutrients from the ground for plants.. not everyone "knows whats up" when it comes to pc stuff
@@commander3494 I been using Linux for 17 years and exclusively nvidia. I never seen any problems that people constantly talked about with nvidia drivers. I am starting to think it's a myth or just some serious user error.
Deleting /usr is nothing compared to deleting the whole user data. At worst (if you don't use btrfs snapshots or a similar solution) it's just an hour to reinstall your system, and you're done.
@@ggsap yeah and also that was only when you ran the uninstall script. If you install bumblebee from your package manager then that uninstall script is not used. Uninstalling software from the package manager doesn't run any scripts, it just removes specifically the files that were installed (automatically, by the package manager)
It's outrageous that someone put a "Scary!" comment but never bothered to implement any safety measures. If you feel like doing the former, the latter should be out of the question.
Yeah definitely what the comment above said Probably was put there to get someone who either had permission or knew more to notice and fix it but never happened. Having it even be theoretically possible to rm -rf a users computer ever is negligent
It looks like a junior programmers way of writing "this is what I want, this should not pass review, but they can tell me how I should do it"... And it passes review... I have no problem with the code. It's the reviewers that didn't do their job.
"This is a spooky way of doing it, but it shouldn't trigger under normal conditions." - Famous last words of any software engineer. It's easy to backseat these kinds of things with the power of hindsight or as a solo developer on small projects, but in a turbulent development environment where tasks are juggled by many people, shortcuts and temporary solutions become extremely common.
Correctly referencing relative directories is one of the greatest struggles with shell scripts. It's why so often simple install scripts are still written Python or even C, just to have access to the OS tools to reliably tell you where you are.
Relative directories are neither correct nor reliable, they are relative. C and Python are more than capable tools and can just as easily be used to produce equivalent bugs.
@@KucheKlizmaThr unique part of Python is that if something doesn’t work it’ll usually throw an exception by default. Usually Python functions also have documentation noting any footguns as well, whereas I learn most Bash things off of StackOverlow with the footgun warning buried under 15 comments
Bash has global options (like the mentioned set -o pipefail, or set -e) that also make the interpreter fall on its back if an unhandled return code (not 0) appears somewhere. It's just people not knowing them...
@@max06de it’s not default, and there’s the problem. Many many people won’t change the defaults. If by default Bash scripts crashed when a command failed and the error wasn’t handled, I bet we wouldn’t see this type of error at all
@@max06de the problem is not if it is possible by a knowledgeable person, but what comes out if an unknowing person writes a bash script. (shell) scripting languages are meant to be convenient, with lots of shortcuts/magic syntax. This is making the risky thing easy, and the rigorous thing posible. a (more) regular programming language has more overhead, by basically not offering the easy but risky way. I've accidentally deleted files with bash because i didn't think about directories with a space in their name. Not because you can't handle those, but because i wrote a one-liner with lots of pipes and awk and xargs and didn't think it through. (worked fine until a dir had a space).
they used a "rm -rf" and didnt even make a check to see if the string afterwards was empty? broo i get that they tecnically DID do so to enter the restart steam function, but like, rm -rf is like a loaded gun, double precausions is a must
I've been joking around how rm -rf / is (pretty much) the equivalent of removing system 32 or whatever on Windows. Now knowing that this managed to be an actual thing on a legit piece of software is just as hilarious as scary
It is so much worse then just system32 lol. Rm -rf / (--no-preserve-root) Will delete everysingle file on the computer. Guess what counts as a file on the computer? /mnt, /media. /Mnt will be where D:/ and E:/ and every other ares. And /media/run will have all the usb keys. It will Delete every Files on every drive and disk and usb key, internal or external as long as they are mounted. That means, If you have 2 Ssds and 1 big HDD on your machine that you uses daily (they are mounted at boot), and some usb keys plugged. They are nuked too.
What gets me is someone wrote this code, looked at it, knew it would be a problem so they commented # Scary, did nothing to fix it, and will you look at that.... It ended up being a problem.
@@gavinrolls1054 But what would have stopped the programmer from doing it right in the first place? A check if the variable is not empty is not that hard to implement...
It's probably because some managers every step of the way would be like "we this and we need it now!" or "don't fix it it's not in the sprint! only work on tasks in the sprint!!1!one!" or "we don't have QA resource to test your minor change that could potential introduce new bugs" or "no-one has reported this as a bug so it's not a problem".
@@futuza Usually not to this extent because each drive is its own root directory by default. So you might accidentally wipe the C: drive, but unless you went out of your way to mess with mount points, any other drives, network shares, etc. would be unaffected.
Huh... I tried completely switching to Linux a few years ago. And when installing and running Steam, this actually happened to me. But only _after_ I installed Steam. I was so furious that I stopped using Ubuntu as my daily driver. I checked my drive and most of the files were gone. 5 years later and I maybe know what was the cause. Thanks for digging yourself into the topic, been very enlightening. ;)
This is just the right amount of horror mixed in with some hilarious scripting gotcha's. Please make this series a regular, I don't care where you get your issues/blog posts/articles, I need this in my life ❤
Accidentally deleted the Ubuntu drive on my dual boot laptop from Windows (shouldn't be able to do that in the first place, thank you Microsuck). That made me mad. Luckily, it was a new installation. Steam deleting the entire contents of my hard drive would make me furious and bloodthirsty. I was all set to try gaming on Linux this year but now I am having second thoughts, especially since I am going to be using my Linux machine to take a cybersec course and will likely have projects and stuff on it. Not that I don't back up important files but I don't need to have to reinstall everything randomly some time when I need to do work.
@@Lurch-Botjust make sure to not give steam any permissions outside of the directory it's supposed to be in, treat it like malware and you should be safe
@@Lurch-Bot This isn't really a bug that can only happen on Linux, since this was just deleting the wrong folder, which has happened on windows before (for example the Minecraft Dungeons uninstaller used to delete the parent folder instead of where its installed, so if you had it installed in C:\Program Files\Minecraft Dungeons it would delete C:\Program Files). Nowadays this is actually less likely to happen since in order to rm -rf / you need to also add --no-preserve-root
this is horrifying. Like wtf. The "only one person has gotten this issue in a few years so we can safely mark it resolved" reads like a horror movie where someone sacrifices lives for selfish reasons. What about the dozens of people who never made a comment/issue (r didn't know where to) and just took the loss, or went AFK when it happened and didn't realize it was steam that did it? This is frankly disturbing and steam should really do better.
i have been using GNU/Linux and steam for 12 years but this didn't happen to me and i didn't previously know about it. when 3:07 appeared on my screen i immediately felt sick. everything that happens after that is watching a train wreck in slow motion. that code isn't just "scary" , it's a live land mine that something will always set off eventually
@@tacokoneko I've been using Linux for 25-ish years now, and it's never happened to me either, but I also read every shell script I run because sometimes people are dinguses when it comes to using the shell, even my fellow programmers. I don't expect your average user to do that, though, and I very much expect these issues in the future as Linux becomes more popular.
The problem with shell scripts is not that they cannot be safe, it's also not that they will cause issues. It is however very easy to make these type of errors. Far more so than in other languages.
There is something called unofficial bash strict mode(internet search is your friend) which I extensively use and encourage anyone writing bash scripts to use as-well.
My helpdesk system (that I mentioned in a comment last video) has an archiving system. Any ticket that was closed more than 30 days ago is archived in a different Sharepoint location and deleted from the main list. Because your channel makes me careful with my code, I implemented a check that the ticket existed in the archive before deleting it from the main ticket list. Due to race conditions caused by operating in the cloud, this didnt consistently work; the check might fail because the archive will not show the new item for up to 30 seconds. So instead I set up an email notification when tickets are added to the archive, and also when deleted from the main ticket list, and I check them manually that both operations worked. This actually helped me find an instance where somebody deleted a ticket from the main list, so this was probably the correct course of action, lol. My point is: If the employee who wrote the Steam shell script watched your videos, they probably would have diligently tried to avoid this bug, just like I did in my helpdesk software!
Man, I'm so glad you made this channel/make this content. I had an idea like this ages ago, a channel that went over software bugs/issues in business but am neither creative nor smart enough to put stuff like that together. Funny that you're channel pops up and is basically exactly what I was looking for, thanks for that.
I had this idea today for a global fleet of airships that rise above clouds and ride jet streams across the world. They use wind and sun energy to produce and store hydrogen fuel, and then transport it to major hubs for further distribution. But I prob can't pull it off so I'll just leave the idea here in this comment.
Experts: This is fool proof Bored people locked in a closed space: Are you sure about that? Example: One military before ww2 issued a rifle which had a barrel that had the same size as the bayonet base. Days later almost all rifles were connected barrel to bayonet, resulting in engineers complaining and demanding the rifle be withdrawn. If the plans doesn't survive encounter with the enemy, then fool proof tools doesn't survive the encounter with a person in closed space.
I like potential in this series. Especially how you go over seemingly simple things like the Linux filesystem for the people who are new or curious, keep that in there.
You often can recover rm -rf data, though it is more likely to work on harddrives than on ssds. The first thing to do in such a case is to clone the entire disc using dd rescue. Then one can use proprietary tools to recover the deleted files. Though a good first start may be testdisk and photorec which are totally free.
@@kuroenekodemonYou can boot another OS from a USB stick, and from there you use tools like photorec to recover files from the disk you deleted files from. The files are usually still there after deleting, because deleting doesn't overwrite them, it just removes the filesystem dictionary entry. But by looking at the bit patterns (e.g. typical for png, mp4, etc), often it is still possible to find these files, even if there isn't a dictionary entry anymore.
I love these videos. people always say that code looks dull on video but I never understood that. code can have as much expression as any written work. just that you need to know how to frame it the right way. thanks for the vids Kevin!
And that is why before you recursively delete things in a script, you check for an expected value present at that location! (A file named "this_is_the_steam_folder.txt" for example.) I always try to implement such sanity checks, just to be sure i don't rm-rf my home folder with all my precious files. (that i don't have a backup of! 😅)
So I think bash is good for simple things, but unfortunately doing anything other than running a few core utils gets complicated quick, and the edge cases in it makes you want to use a “proper” language. But unfortunately these scripts usually start out simple, but then organically gain more and more functionality until stuff like this happens. So I avoid writing bash scripts unless I know I won’t have to support the script long term. If I will, I use a different language
Yeah, bash is good for simple use cases. Its okay for doing a task that's the size of a small unit: delete a specific file here, read some logs there, read a text file, etc. Deleting multiple files in a directory definitely sounds like one of those small units of work but it's actually a lot of work once it becomes recursive and can quickly get out of hand because of the edge cases which is something a simple one-liner command doesn't make obvious once you attach a two letter option to the end of it until after you ran it. Writing a simple Python script could've helped, or Ansible if there's a lot of separate but thorough steps to be taken and abstracted to work across numerous operating systems.
This has been my favourite RUclips channel for some time now. The thought of writing a bug that may end up on one of these videos keeps me writing good code everyday.
Modern versions of the rm command now require a --no-preserve-root switch in order to allow you to use the command on / to prevent exactly this type of issue. Edit: Actually I think using a wildcard in /* bypasses this restriction which is why it didn't get caught! Valve doesn't know how to write Linux software? OK then I'll just go play with my Steam Deck now.
@@bunny-cu9niThat's exactly what it does... problem is, the path was "/*", therefore the root directory was not a removal target, "only" everything inside it was... 😂
@@Mitch-xo1rd Not all Linux distributions come with bash by default... also, I've arguably not tested hundreds, but Ubuntu was the only one which made me include --no-preserve-root (I obviously used it for mature purposes 😂).
Your stuff is so good! Love how you always spend some portion at a really low level, like explaining bash scripting minute details, but keep it high level too
After reading through the comments, it's become clear most people completely missed the point. The issue isn't in how the variable was set. The issue is that the script used rm at all. There are commands that move files to the user's trash bin. This is much safer because it can be easily undone and there are so many checks built in. Don't use rm. Instead use something like gio trash.
The problem is that the trash bin is a concept provided by the desktop environment so there isn't necessarily a universal way to manage or access it, or it might not exist at all in some configurations.
@@der4rdi What are you talking about? I already gave an example: gio trash It even works in KDE so it would probably work in all QT DEs. If it can use Steam, then it can use gio.
@@techmouse.what about those using wms like i3 that have no notion of a trashbin? or those running from a cmdline with just an x server? everything that’s not a shell posix coreutil should not be taken for granted
@@lxdixd Why would i3 prevent you from having a trash bin? You're probably not going to believe this, but I'm using i3 literally right now and I have a trash bin. Am I using i3 wrong? I just checked and _gio trash_ works in a TTY and SSH. Granted I didn't completely exit to the command line, but there's no reason it shouldn't work. You don't need to have any daemons running, so you can use it like any standalone command. If it's not installed on the system in question, then the standard approach should be used: Talk to the system admin. Sure _gio_ isn't a POSIX coreutil, but is Steam? You're saying you can use Steam and play games from a CLI running ONLY an x server? Do you see how ridiculous it sounds to dismiss _gio_ because it's not a coreutil, in the same environment you play games and run Steam in? Gio is not a coreutil so just keeping leaving rm in the hands of human error, right?
Unix engineers back in the day: Let's have a recursive rm -rf Also them: A single file tree that holds all the connected storage devices is a brilliant idea
This is a great real world example of why you need offsite backups. I'm paying $3.6 a month for 1TB of storage in Germany. If you have the cash to spare it's well worth doing, even if you think it's never going to happen. Another good tip is to try backing stuff up from it just to test the backups. You don't wanna realize you forgot to include something when you actually need to go get it from backup.
Reminds me of my previous job. Something happened and I lost the entire code I was working on for the last 2 weeks. Luckily we had daily backups of our machines. After contacting the IT guy we found out that the backup did not include the folder with our work.
@@mr.cauliflower3536 It is preferrable to use a home server or NAS, then you can use restic to backup files over SFTP, avoiding any and all issues where a rogue program deletes everything on your drives. Even a raspberry pi with a hard drive is a very good way to do local backups at home.
@NightmareRex6 I lost a lot of music and i still spend hours trying to find it again because of a fire. It's sad, man, like an old man that lost his wife. Accidentally lost an entire families photo collection when I was a stupid teenager trying to fix their computer. But that's their problem, not mine, I want my music back! Stuck my in my head with no track ID and I listen to mainly electronic music with no lyrics.
If you must use rm -rf you must also ensure that whatever function you are building cant return in such a way that it runs on root. Or on the whole user folder.
@@erikkonstas A drive attached to the local machine via USB (or iSCSI mountpoint, I don't care) is still effectively local. Hence, don't backup up your data to a different drive on the same machine. If rm -rf doesn't get it, ransomware is another contender for 'where did my backup go'.
I'm not sure what it is but hearing the Windows error prompt sound while looking at a Ubuntu GUI makes me chuckle every time. Can't wait for the next video in 9.9 years! Keep it up
Learned more new stuff about Linux and coding from watching this than from a dozen dedicated videos for Linux noobs. I recently learned how to load a Windows kernel from the GRUB command line, after I actually deleted the drive containing my Ubuntu installation (and boot menu) on my dual boot laptop. So instead, it boots to a Linux command line because it obviously can't find the missing bootloader. Reminded me of the good old days when I would boot into DOS and then manually start Win 9x from the command line. Except I didn't have to set a root or tell it which filesystem the drive used.
you can also add an alias to your .profile/.bashrc/.zshrc for rm making it so it moves files to your trashbin or wtv instead of deleting. this way even if your comp crashes you can still recover most your files by mounting ssd/hd directly to another computer
There's also rmtrash. The problem is of course that by default trash bin is pretty limited. Nevermind that it makes normal rm operations take so long, and the issues potentially caused by apps assuming rm IS rm.
@@weakspirit_ steam could maybe chroot? hypothetically if they did chroot to a mounted drive, if there was a problem and the media unmounted would the script break? or continue running in a non chrooted env? idk, you kinda have to assume steam can handle there stuff its a pretty popular program
And this is why I use Timeshift to take regular file system snapshots (a backup would also work if it isn’t mounted and writable, but it’d take longer to restore). If something like that ever happens, it’s a matter of minutes to roll back. Of course, they’re not a substitute for backups, as they don’t protect against hardware (HDD/SSD) failure.
2:05 I believe Windows also has symbolic links as well, though it wasn't very readily accessible until Windows 10 iirc since I think it was originally only enabled for kernel level applications Edit: As correctly pointed out, it's actually been a feature since Vista!
Nah symlinks are available from wayyy back in Windows, you can use them to modify Paradox games whilst keeping your mods on a separate drive as far back as 7 at least. Pretty sure I've used them in Vista
While this was certainly a bad bug that shouldn't have happened, I also have to ask why that user had his backup disk mounted. A backup disk should be mounted only for two occasions: when you're making a backup and when you are restoring from backup.
Perhaps he had backups of his Steam games from an older system on the drive, and was planning to restore them into the new installation of Steam once he got it configured and running?
A lot of people use their backup disk as their scratch disk too instead of having a proper scratch disk. To me sounds more like the user moved to a Linux setup with a new PC but didn't want to or didn't have space to copy his games over the "backup" drive.
I feel like the scary ran the code by mistake and put that there to remember not to make the same mistake again but couldn't figure out, or didn't have enough time to fix it
No joke this video taught me more about Linux than anything else I've come across. I'm a complete and utter novice with command lines, but this was incredibly digestible. Well done, thank you!
I am a programmer. You accidentally explained to me something about bash that i did not know and i did not know i didn't know. You deserve a very spwcial cookie
thanks for the vid, I've also learned some basics about linux file system along the way. Really informative, a great way to onboard anyone to IT basics
This is why Linux scares me. The root directory being named "/" instead of "C:" fucks up so many things. If you try to delete ./* (current directory) but forget to include that period, you end up wiping /* (everything on the drive). In windows, it will just say your path is invalid. Windows has a lot of problems, but this one thing has saved so many people. I've made a lot of windows scripts that do that exact thing - delete .\* (deletes all single files because someone else on the network might have a single file open which prevents the folder from being deleted)
I liked how you explained and Subbed Immediately. It tell me how much you have put a lot of effort into making one. Thank you for the video and would love , if the series continues.
The issue is that script writers are usually too lazy to check for command outputs. Setting the flag at the top of the script to exit on any failure is one good way to avoid problems. Another thing is to add logs, but yeah since it deleted the everything the log file may get deleted as well. Anyways, interesting bug and quite scary indeed.
@@alex_zetsu The command that should have returned the path to the steam root directory failed, so the variable $STEAMROOT was left as the default value, which is an empty string.
Something similar happened to a game on windows (and linux, but I think it only occurred on windows) called Realm of the Mad God where uninstalling the launcher would delete the entire directory it was installed to. It was even worse cause uninstalling would give the UAC prompt which is pretty common for program uninstallers, so yeah... lol
Thats the best part about programming. The # Scary comment before absolute doom. Everybody knows that the following line MIGHT fuck everything up. But we all think that with just enough sanity checks before, we are good to go! But then, one day, Murphy's Law steps in and the world burns!
This code is astonishingly stupidly written. Everything about it is stupid. Literally nothing is redeemable. Everything from the logic, the commands and thought process of the engineer are all stupid. How did Valve approve it?
Have you not once ever in your life made a production breaking mistake? Shit happens, humans are not omnipotent.. doesn't help that companies incentivize rushing through code with hard deadlines.
@@jmanpolo5611 Nope. No way whatsoever that I would miss this. I would have shored up the path calculation and validation to perfection, because I'd be doing rm -rf on user machines.
@@MyAmazingUsername I am not jus t talking about what you would or wouldn't miss. The point I am making is there are some things you obviously think about that others don't and that can also work in reverse, people think about seemingly obvious things you would also miss. The point I am making is people make silly mistakes all the time in this field and attacking someones intelligence for a mistake will inevitably come back to bite you when you find yourself in a similar situation. Was it the best decision? No. Could it have been avoided? Absolutely. Should we attack the engineer personally? No. If you work at a company and see a line of code that is a huge security flaw, you most definitely do not want to attack the writer themselves, instead you want to question it and get it resolved detached from the engineer. Otherwise everyone in the workplace will not enjoy working with you and then your job security is on the line if no one in the end is willing to vouch for you.
Especially considering that there was a "scary" comment right above that! Someone realized this was a risky command and did nothing to make sure the variable is valid before running it!
"# Scary" is my new fear.
same.
If you know it is bad enough for a code comment, why use it????
@@Mitch-xo1rd Diversity hiring.
They probably didn't have the authority to change it so they just commented it and hoped someone would notice and change it themselves. @@Mitch-xo1rd
@@grayman2749 the fuck
I love how the bug nuked the backup drive for good measure.
Yep. Linux just deleted itself and the data on the mounted drive 😂🤦. They should have put a safety mechanism so when you execute it it wont delete the whole os but will error out unless you provide --no-preserve-root
When rm -rf / deletes your backup, the backup strategy was very poor
@@TheMrMaxx It deleted /mnt (or /media)
@@309electronics5-no-preserve-root only works when the command is rm -rf /, not if its rm -rf /*.
Exactly. None of my TWO physically independent and far-apart backup devices are EVER mounted EXCEPT during the feckin backup.
This is the programming equivalent of leaving a loaded gun on the floor and wondering how your dog died
Still don't understand, I mean like I let the dog into the house, and boom, he just disappeared into this weird mushy pile. I guess I should've known better than to let him into the house for the first time, figures he'd find some way to kill himself with no past experience in a house before to guide him different.
Dog has no opposable thumbs, and doesn’t know how to turn the safety off
@@orppranator5230 no the dog can use it's teeth
@@flameofthephoenix8395
>are you sure you want to____ yourself (🐾/🐾)?
>🐾
@@orppranator5230 don't doubt physics and bad lucky, you will be amazed at how many crazy bad lucky some stuff can get, some people got hit for a whell in the most weird places you can think off, im pretty sure somehow pushing the wall or something or whatever the dog could by mistake trigger all this.
"Everything is impermanent and transient. Especially bits on a disk. No use crying over flipped bits." I want to be like keyvin
This data will be lost, like tears in the rain
From now on I will just assume my data will eventually be leaked and my files eventually deleted. Let us all be like keyvin. 😔
Potentially catastrophic bug that could potentially erase all of someone's data:
"Ooh! Scary!" *Does absolutely nothing about it*
Garbage like this is why I've completely lost faith in Steam, they also released a "Brick Update" in February 27th this year, even to those NOT in the Beta Branch, and it made my Steam crash 4-8 times in the span of an hour, I couldn't do anything and people expressed the same things I did.
Installing Steam on Linux just for it to delete everything sure sounds familiar
😂😂😂Linus lmao
i mean that was specifically a misconfiguration on pop!_os and even then it literally said on the screen that it would likely break the system and literally has you type something like "Yes, break my system." before it lets you perform the action
Ok@@beanietechie
@beanietechie its bad design, the error should have been red in the terminal
@@unixlonix if you have to type out a whole sentence to do a command that should be a good enough sign to pay attention to what you're doing
Wow! I can't believe they'd script something like that with an rm -rf. It clearly rang alarm bells from the comment. How did this get through code review without someone shouting NOPE!
The desired behavior is to remove everything under $STEAMROOT without user intervention. 'rm -rf' is the correct choice. I struggle to see what solution you would choose instead. The problem here is that there was no sanity check on $STEAMROOT.
Well, there was a "Scary!" comment so it was kinda ok-ish 🤣🤡
To me, this says there is no code review process at all. Lol.
There has to be a code review for something to get through code review
steam is dogshit
In the 90s, when Diablo had an extension called Hellfire, made by Sierra, the uninstaller of the extension was deleting everything in C:\Games\ instead of C:\Games\Sierra Online\. Too bad for those who installed in Program Files at the time.
That is such a 90's sierra move honestly. Wasn't enough to bust my balls with their point and click games, now they gotta wipe my games folder for daring to uninstall their bad diablo addon.
as someone who installed 120+ gigabytes of games in C:\Games im terrified
😂
This is why you never use uninstall scripts and just delete the entire folder directly.
@@uponeric36 there are often other folders you aren't aware of that you miss doing that.
Imagine being Valve, one of the most well-known software companies that builds and maintains Steam, writing a launcher for Linux that invokes rm -rf with no safeguards. Invoking the command at all is seriously risky. Who in their right mind would look at that line of code and just say "Scary" and allow it to be part of the script?
Someone who doesn't know/care/get paid enough to fix/check it themselves. I think I could see myself being an intern and doing that, then going to a higher up and saying "hey, this is scary, you should probably find a better way to do this" and never following up on it.
Some real Adeptus Mechanicus stuff
The developer was an honest person and practiced the scripture they were taught. Saying as they committed, "Forgive me father for I have sinned." Then left us a hieroglyph.
# Scary
Probably the 4 Linux programmers there /s
Someone on a deadline probably
I like the theory, because it explains why Keyvin was so calm and collected; he didn't have much to lose if he just built the PC.
he still said it wiped his whole external storage tho
@@jeuonly3474 True, for some reason I thought that was a separate incident with someone else. The external drive could have been part of the new setup as well. Or maybe Keyvin just took it like a champ.
No matter how, having your whole setup deleted is... scary
Accidental bad code deletes external hard drive with your entire lifes photos, movies and films, and even photos digitized photos of your grandmother from 80 years ago... but... the person who made the code was broblably really happy about that paycheck, so y'know, whatever
@@jackspedicy2711people usually backup those files, and there’s plenty of data recovery software that works because computers just mark a file space as empty so the programs just search for the files
Dude you have seriously found your niche with this type of content, covering software failures in a funny and digestible way. Love watching your videos.
exactly my thoughts. always a good day when he posts
And this was so desperately needed by many of us!
Totally agree, it's so well done and interesting
fireship copycat
Was thinking the exact same thing. Really hype every time I see he uploads. Perfect balance of everything.
Whenever "root" is mentioned in a "bug" video, you know exactly what's up
yep
sure buddy
"root" = rm -rf
no i dont, because roots to me are the things that suck up nutrients from the ground for plants.. not everyone "knows whats up" when it comes to pc stuff
sure but you cant just erase things in real life so that analogy made no sense. and if tree roots get damaged they regrow them.@@gaelurquiz5755
There was an Nvidia driver bug that did the same thing once.
It was caused by them accidentally adding a space in the delete command.
Nvidia (linux) drivers and breaking things, name a better duo
@@commander3494 I been using Linux for 17 years and exclusively nvidia. I never seen any problems that people constantly talked about with nvidia drivers. I am starting to think it's a myth or just some serious user error.
No, it was a third party tool called Bumblebee which was like nvidia optimus
Deleting /usr is nothing compared to deleting the whole user data. At worst (if you don't use btrfs snapshots or a similar solution) it's just an hour to reinstall your system, and you're done.
@@ggsap yeah and also that was only when you ran the uninstall script. If you install bumblebee from your package manager then that uninstall script is not used. Uninstalling software from the package manager doesn't run any scripts, it just removes specifically the files that were installed (automatically, by the package manager)
I love that there was clearly a steam engineer who saw this coming and even left a comment but nothing was changed
It's outrageous that someone put a "Scary!" comment but never bothered to implement any safety measures. If you feel like doing the former, the latter should be out of the question.
It was probably meant to get someone's attention but then nobody bothered doing anything about it.
Yeah definitely what the comment above said
Probably was put there to get someone who either had permission or knew more to notice and fix it but never happened.
Having it even be theoretically possible to rm -rf a users computer ever is negligent
They assumed it was just something to do with Halloween
“Scary!” Good one, Valve!
very often, developers have the authority to leave comments but don't have the authority to make changes to the code other people wrote.
If you find yourself pushing a comment to production that says #scary! - Maybe you are doing it wrong.
It looks like a junior programmers way of writing "this is what I want, this should not pass review, but they can tell me how I should do it"... And it passes review... I have no problem with the code. It's the reviewers that didn't do their job.
@@agsystems8220
Or someone coded that in and someone else added # Scary as a note assuming it’d be altered later… (it wasn’t)
"This is a spooky way of doing it, but it shouldn't trigger under normal conditions."
- Famous last words of any software engineer.
It's easy to backseat these kinds of things with the power of hindsight or as a solo developer on small projects, but in a turbulent development environment where tasks are juggled by many people, shortcuts and temporary solutions become extremely common.
"TODO: FIX THIS!!! -2/5/68"
Look up "the rapidly dwindling sanity of valve programmers as expressed through code comments"
This isnt even their worst code spaghetti
Correctly referencing relative directories is one of the greatest struggles with shell scripts. It's why so often simple install scripts are still written Python or even C, just to have access to the OS tools to reliably tell you where you are.
Relative directories are neither correct nor reliable, they are relative. C and Python are more than capable tools and can just as easily be used to produce equivalent bugs.
@@KucheKlizmaThr unique part of Python is that if something doesn’t work it’ll usually throw an exception by default. Usually Python functions also have documentation noting any footguns as well, whereas I learn most Bash things off of StackOverlow with the footgun warning buried under 15 comments
Bash has global options (like the mentioned set -o pipefail, or set -e) that also make the interpreter fall on its back if an unhandled return code (not 0) appears somewhere. It's just people not knowing them...
@@max06de it’s not default, and there’s the problem. Many many people won’t change the defaults. If by default Bash scripts crashed when a command failed and the error wasn’t handled, I bet we wouldn’t see this type of error at all
@@max06de the problem is not if it is possible by a knowledgeable person, but what comes out if an unknowing person writes a bash script.
(shell) scripting languages are meant to be convenient, with lots of shortcuts/magic syntax. This is making the risky thing easy, and the rigorous thing posible.
a (more) regular programming language has more overhead, by basically not offering the easy but risky way.
I've accidentally deleted files with bash because i didn't think about directories with a space in their name. Not because you can't handle those, but because i wrote a one-liner with lots of pipes and awk and xargs and didn't think it through. (worked fine until a dir had a space).
they used a "rm -rf" and didnt even make a check to see if the string afterwards was empty? broo
i get that they tecnically DID do so to enter the restart steam function, but like, rm -rf is like a loaded gun, double precausions is a must
I've been joking around how rm -rf / is (pretty much) the equivalent of removing system 32 or whatever on Windows. Now knowing that this managed to be an actual thing on a legit piece of software is just as hilarious as scary
More like formatting C:
more like „del C:\*“
It is so much worse then just system32 lol.
Rm -rf / (--no-preserve-root)
Will delete everysingle file on the computer.
Guess what counts as a file on the computer?
/mnt, /media.
/Mnt will be where D:/ and E:/ and every other ares.
And /media/run will have all the usb keys.
It will Delete every Files on every drive and disk and usb key, internal or external as long as they are mounted.
That means, If you have 2 Ssds and 1 big HDD on your machine that you uses daily (they are mounted at boot), and some usb keys plugged. They are nuked too.
What gets me is someone wrote this code, looked at it, knew it would be a problem so they commented # Scary, did nothing to fix it, and will you look at that.... It ended up being a problem.
more like the code reviewers didn't fix it
@@gavinrolls1054 But what would have stopped the programmer from doing it right in the first place? A check if the variable is not empty is not that hard to implement...
It's probably because some managers every step of the way would be like "we this and we need it now!" or "don't fix it it's not in the sprint! only work on tasks in the sprint!!1!one!" or "we don't have QA resource to test your minor change that could potential introduce new bugs" or "no-one has reported this as a bug so it's not a problem".
Windows users will never understand having the freedom to wipe your filesystem with a typo
The Virgin Delete System32
The Chad rm -rf /
The Thad Commodore PET Killer Poke
I mean powershell can still do this...
cmd /c rd /s /q c:\
Can powershell uninstall edge without it being forcefully installed the second you dare to resume updates@@futuza
@@futuza Usually not to this extent because each drive is its own root directory by default. So you might accidentally wipe the C: drive, but unless you went out of your way to mess with mount points, any other drives, network shares, etc. would be unaffected.
Steam really just said “Go touch Grass”
I dont think you can `touch grass` it'll throw an error
@@sandwich5344 just tried, $ touch grass worked for me
@@sandwich5344actually `touch grass` creates an empty file called “grass”, no error whatsoever:)
@@sandwich5344 It will create an empty file called "grass" in the working directory.
@@sandwich5344shutup and take my `cat grass`
Huh... I tried completely switching to Linux a few years ago. And when installing and running Steam, this actually happened to me. But only _after_ I installed Steam. I was so furious that I stopped using Ubuntu as my daily driver. I checked my drive and most of the files were gone. 5 years later and I maybe know what was the cause.
Thanks for digging yourself into the topic, been very enlightening. ;)
This is just the right amount of horror mixed in with some hilarious scripting gotcha's. Please make this series a regular, I don't care where you get your issues/blog posts/articles, I need this in my life ❤
that one poor Ubuntu user a few years ago who came across this bug. God help them they got everything sorted. I'd be going mad in that situation.
Accidentally deleted the Ubuntu drive on my dual boot laptop from Windows (shouldn't be able to do that in the first place, thank you Microsuck). That made me mad. Luckily, it was a new installation. Steam deleting the entire contents of my hard drive would make me furious and bloodthirsty. I was all set to try gaming on Linux this year but now I am having second thoughts, especially since I am going to be using my Linux machine to take a cybersec course and will likely have projects and stuff on it. Not that I don't back up important files but I don't need to have to reinstall everything randomly some time when I need to do work.
Just blackbox steam on a partition it cant escape from. Its not good for productivity for steam to be on a work system anyway. haha
@@Lurch-Botjust make sure to not give steam any permissions outside of the directory it's supposed to be in, treat it like malware and you should be safe
@@Lurch-Bot This isn't really a bug that can only happen on Linux, since this was just deleting the wrong folder, which has happened on windows before (for example the Minecraft Dungeons uninstaller used to delete the parent folder instead of where its installed, so if you had it installed in C:\Program Files\Minecraft Dungeons it would delete C:\Program Files). Nowadays this is actually less likely to happen since in order to rm -rf / you need to also add --no-preserve-root
i'm almost certain "that one poor user" was trolling. no info or proof, just trying to scare steam out of using batch.
this is horrifying. Like wtf. The "only one person has gotten this issue in a few years so we can safely mark it resolved" reads like a horror movie where someone sacrifices lives for selfish reasons. What about the dozens of people who never made a comment/issue (r didn't know where to) and just took the loss, or went AFK when it happened and didn't realize it was steam that did it? This is frankly disturbing and steam should really do better.
How do we even know if they aren't even lying?
They provided no evidence nor further info… so not much one can do
i have been using GNU/Linux and steam for 12 years but this didn't happen to me and i didn't previously know about it.
when 3:07 appeared on my screen i immediately felt sick. everything that happens after that is watching a train wreck in slow motion.
that code isn't just "scary" , it's a live land mine that something will always set off eventually
btw it was how steam did it, so they do better now
@@tacokoneko I've been using Linux for 25-ish years now, and it's never happened to me either, but I also read every shell script I run because sometimes people are dinguses when it comes to using the shell, even my fellow programmers. I don't expect your average user to do that, though, and I very much expect these issues in the future as Linux becomes more popular.
The problem with shell scripts is not that they cannot be safe, it's also not that they will cause issues. It is however very easy to make these type of errors.
Far more so than in other languages.
There is something called unofficial bash strict mode(internet search is your friend) which I extensively use and encourage anyone writing bash scripts to use as-well.
Looked it up, sure that helps make it a bit less risky as well as always using shellcheck, but shell scripts are still relatively unsafe.
I use MacOS (the older
wtf, if youtube disabled links, why did it detect ".zip" as a link 💀
- Where is your homework?
- Steam ate it
- Don't worry teacher, there was a "# Scary" comment so, it was my fault
@@ariel_chess oops i did that sowwy
My helpdesk system (that I mentioned in a comment last video) has an archiving system. Any ticket that was closed more than 30 days ago is archived in a different Sharepoint location and deleted from the main list.
Because your channel makes me careful with my code, I implemented a check that the ticket existed in the archive before deleting it from the main ticket list.
Due to race conditions caused by operating in the cloud, this didnt consistently work; the check might fail because the archive will not show the new item for up to 30 seconds. So instead I set up an email notification when tickets are added to the archive, and also when deleted from the main ticket list, and I check them manually that both operations worked.
This actually helped me find an instance where somebody deleted a ticket from the main list, so this was probably the correct course of action, lol.
My point is: If the employee who wrote the Steam shell script watched your videos, they probably would have diligently tried to avoid this bug, just like I did in my helpdesk software!
Man, I'm so glad you made this channel/make this content. I had an idea like this ages ago, a channel that went over software bugs/issues in business but am neither creative nor smart enough to put stuff like that together. Funny that you're channel pops up and is basically exactly what I was looking for, thanks for that.
I had this idea today for a global fleet of airships that rise above clouds and ride jet streams across the world. They use wind and sun energy to produce and store hydrogen fuel, and then transport it to major hubs for further distribution. But I prob can't pull it off so I'll just leave the idea here in this comment.
your*
"this is very far fetched but technically possible"
many situations in work atm
Experts: This is fool proof
Bored people locked in a closed space: Are you sure about that?
Example: One military before ww2 issued a rifle which had a barrel that had the same size as the bayonet base. Days later almost all rifles were connected barrel to bayonet, resulting in engineers complaining and demanding the rifle be withdrawn.
If the plans doesn't survive encounter with the enemy, then fool proof tools doesn't survive the encounter with a person in closed space.
I like potential in this series. Especially how you go over seemingly simple things like the Linux filesystem for the people who are new or curious, keep that in there.
You often can recover rm -rf data, though it is more likely to work on harddrives than on ssds. The first thing to do in such a case is to clone the entire disc using dd rescue. Then one can use proprietary tools to recover the deleted files. Though a good first start may be testdisk and photorec which are totally free.
True, but it depends on how long the system's been running like that, and how much you care.
So how to you recover it when you nuke root? Isn't the kernel completely destroyed after that?
@@kuroenekodemonYou can boot another OS from a USB stick, and from there you use tools like photorec to recover files from the disk you deleted files from. The files are usually still there after deleting, because deleting doesn't overwrite them, it just removes the filesystem dictionary entry. But by looking at the bit patterns (e.g. typical for png, mp4, etc), often it is still possible to find these files, even if there isn't a dictionary entry anymore.
Man loses all of his files and stays calm and collected.
He is a psychopath. "Scary!"
I love these videos. people always say that code looks dull on video but I never understood that. code can have as much expression as any written work. just that you need to know how to frame it the right way. thanks for the vids Kevin!
New fear unlocked
And that is why before you recursively delete things in a script, you check for an expected value present at that location!
(A file named "this_is_the_steam_folder.txt" for example.)
I always try to implement such sanity checks, just to be sure i don't rm-rf my home folder with all my precious files. (that i don't have a backup of! 😅)
Yeah I’m really paranoid about this, I’m constantly ls-ing and pwd-ing that it looks like I have short term memory
@@TARS.. you realize you can see the pwd in the shell prompt right?
Also I use zsh which asks me to confirm and usage of rm *
@@maxxiong oh no yeah I do, but ill still double check. Like I said I'm paranoid
"A very scary operation." has become a potent non sequitur in my life.
I like these series about a tiny piece of code that damaged a lot with a detailed explanation of what gone wrong. Keep going, subbed
So I think bash is good for simple things, but unfortunately doing anything other than running a few core utils gets complicated quick, and the edge cases in it makes you want to use a “proper” language. But unfortunately these scripts usually start out simple, but then organically gain more and more functionality until stuff like this happens. So I avoid writing bash scripts unless I know I won’t have to support the script long term. If I will, I use a different language
Yeah, bash is good for simple use cases. Its okay for doing a task that's the size of a small unit: delete a specific file here, read some logs there, read a text file, etc. Deleting multiple files in a directory definitely sounds like one of those small units of work but it's actually a lot of work once it becomes recursive and can quickly get out of hand because of the edge cases which is something a simple one-liner command doesn't make obvious once you attach a two letter option to the end of it until after you ran it.
Writing a simple Python script could've helped, or Ansible if there's a lot of separate but thorough steps to be taken and abstracted to work across numerous operating systems.
This has been my favourite RUclips channel for some time now. The thought of writing a bug that may end up on one of these videos keeps me writing good code everyday.
Modern versions of the rm command now require a --no-preserve-root switch in order to allow you to use the command on / to prevent exactly this type of issue.
Edit: Actually I think using a wildcard in /* bypasses this restriction which is why it didn't get caught!
Valve doesn't know how to write Linux software? OK then I'll just go play with my Steam Deck now.
That is not what no preserve root does
@@bunny-cu9niThat's exactly what it does... problem is, the path was "/*", therefore the root directory was not a removal target, "only" everything inside it was... 😂
I think I've only ever seen this on Ubuntu...
@@erikkonstasNo bash is universal on linux. This script could have gotten any distro, especially at that time.
@@Mitch-xo1rd Not all Linux distributions come with bash by default... also, I've arguably not tested hundreds, but Ubuntu was the only one which made me include --no-preserve-root (I obviously used it for mature purposes 😂).
Every time a video of yours pops up I feel the urge to binge-watch, only to realize I have already done so when the previous video released
Your stuff is so good! Love how you always spend some portion at a really low level, like explaining bash scripting minute details, but keep it high level too
After reading through the comments, it's become clear most people completely missed the point. The issue isn't in how the variable was set. The issue is that the script used rm at all.
There are commands that move files to the user's trash bin. This is much safer because it can be easily undone and there are so many checks built in.
Don't use rm. Instead use something like gio trash.
The problem is that the trash bin is a concept provided by the desktop environment so there isn't necessarily a universal way to manage or access it, or it might not exist at all in some configurations.
@@der4rdi What are you talking about? I already gave an example: gio trash
It even works in KDE so it would probably work in all QT DEs. If it can use Steam, then it can use gio.
@@techmouse.what about those using wms like i3 that have no notion of a trashbin? or those running from a cmdline with just an x server? everything that’s not a shell posix coreutil should not be taken for granted
@@lxdixd Why would i3 prevent you from having a trash bin? You're probably not going to believe this, but I'm using i3 literally right now and I have a trash bin. Am I using i3 wrong?
I just checked and _gio trash_ works in a TTY and SSH. Granted I didn't completely exit to the command line, but there's no reason it shouldn't work. You don't need to have any daemons running, so you can use it like any standalone command. If it's not installed on the system in question, then the standard approach should be used: Talk to the system admin.
Sure _gio_ isn't a POSIX coreutil, but is Steam? You're saying you can use Steam and play games from a CLI running ONLY an x server? Do you see how ridiculous it sounds to dismiss _gio_ because it's not a coreutil, in the same environment you play games and run Steam in?
Gio is not a coreutil so just keeping leaving rm in the hands of human error, right?
Devs please stop using rm -rf with variable paths
yes like that’s terrifying
It's that easy!
sudo rm -rf /
whoopsies, not what i meant to do
Hey bud, sometimes they just straight up hardcode it to delete a root directory.
However, always ensure that you remove the unnecessary french translations with "rm -fr /*"
Unix engineers back in the day: Let's have a recursive rm -rf
Also them: A single file tree that holds all the connected storage devices is a brilliant idea
I'm pretty sure rm -rf exists because every bus location is on one tree. You don't want old files floating around on a single RAID drive
Its also good to know that the rm command forces you to use the option --no-preserve-root in order to delete your hole file system
This is a great real world example of why you need offsite backups. I'm paying $3.6 a month for 1TB of storage in Germany. If you have the cash to spare it's well worth doing, even if you think it's never going to happen.
Another good tip is to try backing stuff up from it just to test the backups. You don't wanna realize you forgot to include something when you actually need to go get it from backup.
an untested backup is no backup
Reminds me of my previous job.
Something happened and I lost the entire code I was working on for the last 2 weeks.
Luckily we had daily backups of our machines.
After contacting the IT guy we found out that the backup did not include the folder with our work.
@@hubertnnndamn, that really sucks
You might just have two extra backup drives, which you switch every so often.This should be safe from getting rm rf
@@mr.cauliflower3536 It is preferrable to use a home server or NAS, then you can use restic to backup files over SFTP, avoiding any and all issues where a rogue program deletes everything on your drives.
Even a raspberry pi with a hard drive is a very good way to do local backups at home.
These are so damn well made, nice work dude!
Everything that could go wrong went wrong 😢
A moment of silence for the data destroyed by this event.
imagine whole games and mods that wont exist now becuase of it? and maby some youtubeseries as well.
@NightmareRex6 I lost a lot of music
and i still spend hours trying to find it again because of a fire. It's sad, man, like an old man that lost his wife.
Accidentally lost an entire families photo collection when I was a stupid teenager trying to fix their computer.
But that's their problem, not mine, I want my music back! Stuck my in my head with no track ID and I listen to mainly electronic music with no lyrics.
F
If you must use rm -rf you must also ensure that whatever function you are building cant return in such a way that it runs on root. Or on the whole user folder.
Keyvin being "so cool and collected" is the best part of this video
This is a perfect example of why you make backups and don't save them to the same machine you're backing up...
Or a mountpoint, it could have been a network file system but mounted somewhere rm will happily destroy everything it can find XD
@@isbestlizard This makes me think rm as it is just shouldn't exist.
If you watch the video, it says that the backup *drive* was also wiped out...
He backed it to another drive, the thing is the drive was mounted, likely on /media/, and since /media is inside of / it gets equally rekt
@@erikkonstas A drive attached to the local machine via USB (or iSCSI mountpoint, I don't care) is still effectively local.
Hence, don't backup up your data to a different drive on the same machine. If rm -rf doesn't get it, ransomware is another contender for 'where did my backup go'.
glad to see one of my favorite bugs covered!!!
"Oopsie whoopsie just ran rm -rf *" X3
rm -rf /*
I'm not sure what it is but hearing the Windows error prompt sound while looking at a Ubuntu GUI makes me chuckle every time. Can't wait for the next video in 9.9 years! Keep it up
Learned more new stuff about Linux and coding from watching this than from a dozen dedicated videos for Linux noobs.
I recently learned how to load a Windows kernel from the GRUB command line, after I actually deleted the drive containing my Ubuntu installation (and boot menu) on my dual boot laptop. So instead, it boots to a Linux command line because it obviously can't find the missing bootloader. Reminded me of the good old days when I would boot into DOS and then manually start Win 9x from the command line. Except I didn't have to set a root or tell it which filesystem the drive used.
Awesome content, learned a lot and hoping for more in less than 10 years
you can also add an alias to your .profile/.bashrc/.zshrc for rm making it so it moves files to your trashbin or wtv instead of deleting. this way even if your comp crashes you can still recover most your files by mounting ssd/hd directly to another computer
this wouldn't work for keyvin's problem but still a great idea for users living in the terminal
There's also rmtrash. The problem is of course that by default trash bin is pretty limited. Nevermind that it makes normal rm operations take so long, and the issues potentially caused by apps assuming rm IS rm.
@@weakspirit_ steam could maybe chroot? hypothetically if they did chroot to a mounted drive, if there was a problem and the media unmounted would the script break? or continue running in a non chrooted env? idk, you kinda have to assume steam can handle there stuff its a pretty popular program
Oh my god I cannot imagine the horror of losing that much data at once
This is one of my favorite channels, I love the topics and the presentation
Lemmino "firecracker" at 3:45 was timed perfectly.
And this is why I use Timeshift to take regular file system snapshots (a backup would also work if it isn’t mounted and writable, but it’d take longer to restore). If something like that ever happens, it’s a matter of minutes to roll back.
Of course, they’re not a substitute for backups, as they don’t protect against hardware (HDD/SSD) failure.
To be fair if an operating system allow a software to erase it just because of dab design, it means the operating system sucks big time.
Love the classic explosion sound effect.mp3 as always 💻💥
btw the music used in the video between 3:25 and 6:22 is named "LEMMiNO - Firecracker (BGM)", thank me later :D
Shell as programming language was a mistake
2:05 I believe Windows also has symbolic links as well, though it wasn't very readily accessible until Windows 10 iirc since I think it was originally only enabled for kernel level applications
Edit: As correctly pointed out, it's actually been a feature since Vista!
Nah symlinks are available from wayyy back in Windows, you can use them to modify Paradox games whilst keeping your mods on a separate drive as far back as 7 at least. Pretty sure I've used them in Vista
Symbolic links go back to Vista. Hardlinks and junctions go back to windows 2000.
didn't know this, cool!
@@albingrahn5576 "link shell extension" can help
@-x21- I probably mixed up the dates, thanks for the correction
While this was certainly a bad bug that shouldn't have happened, I also have to ask why that user had his backup disk mounted. A backup disk should be mounted only for two occasions: when you're making a backup and when you are restoring from backup.
Perhaps he had backups of his Steam games from an older system on the drive, and was planning to restore them into the new installation of Steam once he got it configured and running?
A lot of people use their backup disk as their scratch disk too instead of having a proper scratch disk. To me sounds more like the user moved to a Linux setup with a new PC but didn't want to or didn't have space to copy his games over the "backup" drive.
Also if you have some automatic backup system then your backup drive is typically connected all the time.
@@hubertnnn Yes, but usually you don't use it as a scratch drive or your server has drives which are used for that.
I feel like the scary ran the code by mistake and put that there to remember not to make the same mistake again but couldn't figure out, or didn't have enough time to fix it
No joke this video taught me more about Linux than anything else I've come across. I'm a complete and utter novice with command lines, but this was incredibly digestible. Well done, thank you!
How a steam bug deleted someone's entire pc
"sudo apt install steam"
bruh, I loved how they added a "Scary!" commentary in the thing, hahahaha
Ah yes. Writing a command any time you need to open anything at all.
Love the Lemmino vibe, this is such a great video! Amazing stuff, never seen anyone else do anything similar, keep it up!
I am a programmer. You accidentally explained to me something about bash that i did not know and i did not know i didn't know. You deserve a very spwcial cookie
Shell is a language that is surprisingly bad at paths considering its uses.
thanks for the vid, I've also learned some basics about linux file system along the way. Really informative, a great way to onboard anyone to IT basics
This is why Linux scares me. The root directory being named "/" instead of "C:" fucks up so many things. If you try to delete ./* (current directory) but forget to include that period, you end up wiping /* (everything on the drive). In windows, it will just say your path is invalid. Windows has a lot of problems, but this one thing has saved so many people. I've made a lot of windows scripts that do that exact thing - delete .\* (deletes all single files because someone else on the network might have a single file open which prevents the folder from being deleted)
Absolutely adoring the shaking variable/command substitutions!!
I’m excited for this series, especially if it includes the flame wars that pop time to time on github issues threads.
Can’t wait to see more of this series!
"# Scary!" 💀💀
Minor inconvenience
Minor programming mistake:
Tiny error
I liked how you explained and Subbed Immediately. It tell me how much you have put a lot of effort into making one. Thank you for the video and would love , if the series continues.
I remember when Linus tried to install Steam on pop!os and it deleted his desktop environment. That was funny.
No, way, I was just rewatching the giltab video :D
The issue is that script writers are usually too lazy to check for command outputs. Setting the flag at the top of the script to exit on any failure is one good way to avoid problems. Another thing is to add logs, but yeah since it deleted the everything the log file may get deleted as well.
Anyways, interesting bug and quite scary indeed.
I still don't get how the steamroot ended up empty string which caused the deletion
@@alex_zetsu The command that should have returned the path to the steam root directory failed, so the variable $STEAMROOT was left as the default value, which is an empty string.
Something similar happened to a game on windows (and linux, but I think it only occurred on windows) called Realm of the Mad God where uninstalling the launcher would delete the entire directory it was installed to. It was even worse cause uninstalling would give the UAC prompt which is pretty common for program uninstallers, so yeah... lol
really? i don't remember that. i do remember the deltarune uninstaller deleting it's parent folder tho
@@wabbajocky8235 It was fixed really fast but there were people who unfortunately had it happen on Reddit
You mean The Exalt Edition by DECA Games and yes, that was horrible I remember that a few years ago.
Phenomenal: "Everything is impermanent and transient. Especially bits on disk. No use crying over flipped bits"
THIS IS SUCH A GOOD VIDEO + subtitles??? This is awesome :O
Thats the best part about programming. The # Scary comment before absolute doom. Everybody knows that the following line MIGHT fuck everything up. But we all think that with just enough sanity checks before, we are good to go!
But then, one day, Murphy's Law steps in and the world burns!
Why in gods name would you ever use rm -rf in a script?
Like, you know the specific directory names, delete those specific directories one by one.
This code is astonishingly stupidly written. Everything about it is stupid. Literally nothing is redeemable. Everything from the logic, the commands and thought process of the engineer are all stupid. How did Valve approve it?
Have you not once ever in your life made a production breaking mistake? Shit happens, humans are not omnipotent.. doesn't help that companies incentivize rushing through code with hard deadlines.
@@jmanpolo5611 No, never anything like this. When it's time to rm -rf, you can be sure I check every piece of logic 15 times before I commit.
@@MyAmazingUsername You can still check a piece of logic 15 times and miss something...
@@jmanpolo5611 Nope. No way whatsoever that I would miss this. I would have shored up the path calculation and validation to perfection, because I'd be doing rm -rf on user machines.
@@MyAmazingUsername I am not jus t talking about what you would or wouldn't miss. The point I am making is there are some things you obviously think about that others don't and that can also work in reverse, people think about seemingly obvious things you would also miss. The point I am making is people make silly mistakes all the time in this field and attacking someones intelligence for a mistake will inevitably come back to bite you when you find yourself in a similar situation. Was it the best decision? No. Could it have been avoided? Absolutely. Should we attack the engineer personally? No.
If you work at a company and see a line of code that is a huge security flaw, you most definitely do not want to attack the writer themselves, instead you want to question it and get it resolved detached from the engineer. Otherwise everyone in the workplace will not enjoy working with you and then your job security is on the line if no one in the end is willing to vouch for you.
It’s so simple to throw an exception there for an empty string, especially if you have the foresight to add “# scary!” Thats inexcusable lol
I feel like this could have been prevented if shell scripting wasn’t fucking insane. Just totally obscure and subject to incomprehensible context
Great explaination. Surprising there wasn't a sanity check to ensure the path is not blank before removing everything. Well, now they know 🤣
Especially considering that there was a "scary" comment right above that! Someone realized this was a risky command and did nothing to make sure the variable is valid before running it!