Please enhance foolproofing in the wipe-linux.sh script

[rxhfcy]

Today, once again, I witnessed this tragedy happening in the wild (not the first time i've seen this!):

• someone on the Internet recommended running asahi-installer / tools / wipe-linux.sh (https://alx.sh/wipe-linux)
• someone else promptly ignored every warning and lost absolutely everything on their computer, including their macOS installation(!)
• -> an extremely surprised and angry user who "should have known better" :(
  (people who ignore scary warnings probably don't have backups either!)

Suggestion:

When running wipe-linux.sh, after showing the warnings, force the user to correctly type in a sufficiently scary phrase in an input field, before allowing them to continue (to hopefully make them understand that they really are playing with fire).

Something like:

• "Yes, I understand that running this script can destroy my macOS installation and make my computer unbootable!"
  ...or even:
• "Yes, I want to potentially permanently destroy all of my data (including my current macOS installation) and make my computer unbootable. No, I won't blame anyone else but myself if any of that happens."

Additionally, please use the color RED extensively
(bashisms might be bad, but so is destroying other people's data: echo -e "\e[31mRed Text\e[0m")

Also, in the other warning messages, further spell out the danger (be as specific as possible):

• wipe-linux.sh might destroy your macOS installation too (it's not just your Linux partitions that are in danger)
• wipe-linux.sh might make your computer unbootable

Here's an example from CXPatcher, it's not pretty but it works (screenshot):

Further attempt to convince you that something must be done to protect newbies from themselves:

It's impossible to know precisely how much suffering and monetary loss the script has already caused in the world, but the amount is certainly non-zero. Frankly I think it's irresponsible to publicly host such a dangerous script on the Internet, at least in its current form. The adage “anything that can go wrong will go wrong” applies here. Even if there's only a 1% chance of a catastrophe, that still means that out of every 1000 times wipe-linux.sh is used, there will be 10 incredibly unhappy customers.

Yes, the script already shows lots of SCARY WARNINGS and forces the user to press enter twice and all, but IMHO that's not nearly enough. Unfortunately, the reality is that users don't read, especially if they are in a hurry, agitated or distracted. This applies doubly to any text displayed on a computer screen. Also, many people will incorrectly assume that only their Linux partitions (not macOS) are at risk of exploding.

[marcan]

If this is about that Reddit guy, I don't think he broke his install using wipe-linux. He was already trying to manually delete his macOS partition (which was failing by pure luck) before even being told to use that script in his original post. Given his abusive replies to other users (again before the wipe-linux thing) he's either an outright troll or has some serious personal issues we can't help with, and he's been banned as a result. I do not consider that incident an issue with wipe-linux, and I'm not actually aware of any significant number of users who have damaged their machines using it in a demonstrable way.

I certainly have never heard of it damaging macOS. It only deletes 2.5GB stub partitions and non-APFS partitions named "asahi" "efi" or "linux", which cannot possibly touch macOS installs or system partitions, none of which can ever meet those conditions.

That said, wipe-linux is dangerous (in select few situations) and I'm really tired of people linking to that script, so I've removed the shortlink altogether.

[rxhfcy]

Thanks, but I think lots of clueless people will still find and use the script, and many innocent hard drives around the world will be destroyed because of it (because users don't read text on screens).

Please at least consider adding these mitigations:

1. Spell out that the script can affect macOS "partitions" too and/or make the whole computer unbootable
2. Use the color RED so that running the script feels dangerous for people who don't read (or aren't fluent in English!)
3. Add an empty line after the first warning so that it stands out more. The idea of this suggestion is to make the output look less like a wall of text (people tend to ignore walls of text)

echo "THIS SCRIPT IS DANGEROUS!"
(empty line here)

[marcan]

I'm not aware of any cases of it affecting macOS partitions (under any reasonable situation). If that ever happens, that would be a very interesting bug. The script is dangerous because it indiscriminately erases partitions that "look" like Linux (which could erase non-macOS partitions intended for other purposes, etc.), not because it can make macOS unbootable. As I said, all the system and macOS partitions should never meet the conditions for the script to erase them.

We can't stop people from using dumb scripts. If I delete it from this repo someone will just rehost it elsewhere.

[rxhfcy]

@marcan OK, I thought about this more and I think some people only think their macOS is now gone because after restarting, nothing loads when starting up the computer (because the default boot disk was the Linux volume which was just deleted successfully).

(I know this is warned against in the documentation, but users don't read documentation)

Consider this scenario:

• Random person with no prior Asahi Linux specific knowledge decides to try Asahi on a whim because it sounds cool
• The installer changes the default startup disk to Linux without any warning, and doesn't even teach the user how to get back to macOS (!)
• Even though at one point during the installation, the user has to hold down the power button, they don't realize what that actually means, or that the action can be performed at any startup to select the startup disk
• The user tests Asahi Linux for a while, gets bored and reboots to go back to macOS
• After rebooting, the user is very surprised that Linux loads and macOS is "gone"
• The user wants to remove Asahi Linux, somehow finds wipe-linux.sh and uses it "successfully"
• Now that the Linux volume(s) are gone, the computer doesn't boot at all and the user panics ("my computer is dead and everything is lost")

Suggestions:

• after the first time pressing enter in wipe-linux.sh, add a warning that if the startup disk isn't changed back to macOS, the computer will not boot, or better yet try to change the startup disk automatically if asahi-bless is installed (or even offer to install asahi-bless)
• ...and also remind the user that you can always go back to macOS by shutting down and then holding down the power button until "Loading startup options..." appears and then selecting the macOS volume (probably "Macintosh HD")

Thanks for considering these, and thanks for all your hard work!