“In a well-designed system, simple things should be simple, and the “obvious easy” way to do simple common tasks should be the correct way. I call this goal “no sharp edges” — to use an analogy, if you’re designing a wrench, don’t put razor blades on the handles. Typical Unix/Linux filesystems fail this test — they do have sharp edges.”
The next time someone extols the virtues of the Linux CLI, point them to this article. Linux’s overly permissive file naming means that control characters are allowed in file names. Worse, this can be used as an exploit by simply sending someone a file with the right control characters in the file name. Since there’s no way to know beforehand what character encoding the file name users, you’re boned.
“The list doesn’t include “hidden” files (filenames beginning with “.”), but often that’s what you want anyway, so that’s not unreasonable. The problem with this approach is that although this usually works, filenames could begin with “-” (e.g., “-n”). So if there’s a file named “-n”, and you’re using GNU cat, all of a sudden your output will be numbered! Oops; that means on every command we have to disable option processing. The “obvious” way to do this is to litter command invocations with “—” before the filename(s). But it turns out this doesn’t really work, because not all commands support “—” (ugh!). For example, the widely-used “echo” command is not required to support “—”. What’s worse, echo does support at least one dash option, so we need to escape leading-dash values somehow. POSIX recommends that you use printf(1) instead of echo(1), but some old systems do not include printf(1). In my opinion, a much better solution is to prefix globs like this with “./”. In other words, you should do this instead:”
cat ./* > ../collection # CORRECT
“Prefixing relative globs with “./” always solves the “leading dash” problem, but it sure isn’t obvious. In fact, many shell books and guides completely omit this information, or don’t explain it until far later in the book (which many people never read). Even people who know this will occasionally forget to do it. After all, people tend to do things the “easy way” that seems to work, resulting in millions of programs that have subtle bugs (which sometimes lead to exploits).”
“Oh, and don’t display filenames. Filenames could contain control characters that control the terminal (and X-windows), causing nasty side-effects on display. Displaying filenames can even cause a security vulnerability — and who expects printing a filename to be a vulnerability?!? In addition, you have no way of knowing for certain what the filename’s character encoding is, so if you got a filename from someone else who uses non-ASCII characters, you’re likely to end up with garbage mojibake.”
Comments
Also, Linux fans always say that it’s better to have a case-sensitive FS.
This makes no sense. They only say that because their beloved Linux does it because it inherited it from UNIX.
This makes no sense because absolutely every human being will answer “yes” to the question “Is 'file’ the same word as 'File’?”.
The second reason it makes no sens is that FS case-sensitiveness has never and will never be useful. There’s not a single use case showing usefulness for it. But there are billions of occurrences of it annoying people, every kind of people. Those saying otherwise are just fanboys lying to preserve this harmful inheritance from a badly designed, 40 years old OS.
Case sensitive filenames have been a massive pain in the ass for me.
But, but, I can have so many more files with the same name!
Like Index.php, iNdex.php, inDex.php, indEx.php, indeX.php, index.Php, and so on! C’mon, who doesn’t find that extremely useful and purposeful?
Only paid M$ shills, that’s who!
I like the Unix Hater’s Hnadbook’s idea of recursively catting to a file called -i in every directory. This, of course, gets round the inconvenient consequences of rm *.
I await Adam’s gnarly (I mis-spelt that as “granly” the first time round) bash shell script to perform this wonder of security.
And the printing control characters out to the display thing … a wonderful feature of termcap, or is it terminfo.
Sadly not much discussed these days, since we generally get by with the bog-standard vt102 that is the PC terminal, but, in it’s day, termcap was a thing of beauty.
Much like the elephant man.
Oh, and Angus Sibley: Two kinds of Freedom.
More profound than Lessig and Stallman put together.
You can turn on case insensitivity in Linux if it bothers you so much.
Can I turn on “it just works, like Windows Vista SP2?”
That’s something that bothers, not just me, but absolutely everybody else I know.
Vista? HAHAHAHAHAHA
What else are you going to bring up? Windoze ME?!
Windows ME introduced driver rollback, so if a driver was installed that caused issues, it would be rolled back (System Restore).
Yeah, what a pile of crap.
Did you ever use Windows ME? I did, I use it for a couple of years before I had XP, and it worked.
No it didn’t.
Most freetards have never used Vista past SP1 and do not understand caching to memory.
Huh, so why did Mafia$oft release a buggy OS to the public that required multiple service packs? Don’t they unit test? Rofl.
Yep, it was buggy and unfinished when it was released, but it isn’t now. Windows 7 is great. Linux companies like Canonical release buggy and unfinished software year after year.
But whatever works for you, man.
So Mafia$oft will no longer release patches for Windoze 7? It’s perfect and bug free right?
Service Pack 1 for Windows 7 didn’t do much of anything… It’s what’s called a 'roll-up’
Roll up of what? Patches?
Quit trying to dance around the bush. Is Windoze 7 bug free? Will there be no more patches or security updates? It’s “released software”, so they’d be totally incompetent if they didn’t release it bug free. Right?
Usually Service Packs are nothing… When someone installs SP1 it means all updates and what not released prior to SP1 have all been installed…
When did anyone claim that Windows was bug free?
_sw pretty much came very close to it just I don’t know, 15 minutes ago?
He said “Windows 7 is great” not that “Windows 7 is great and bug free.”
http://tmrepository.com/trademarks/yesbutlookatwindows/
This is TMR – reference a TM, for Pete’s sake, people!
“What else are you going to bring up? Windoze ME?!”
It’s probably just me, but I always thought Windows ME isn’t as terrible as people say. It might be much worse than NT-based Windows (Windowses?), but if you compare it to its ancestors, it’s completely acceptable.
In fact, I kept Windows ME installed on a computer that was regularly used from 2001 until 2006! It ran quite fast (on hardware that caused Windows XP to run like a slug), it rarely crashed, and it ran all the programs that ran on Windows 98.
The only complaints I had were related to the behavior of Ctrl-Alt-Del (which were also present in Windows 98 anyway). The task manager didn’t show all processes, and you got a non-fatal blue screen if you pressed Ctrl-Alt-Del twice in a row (it’s non-fatal because you could press Esc to close it..).
The only reason I took that system down was a motherboard failure that caused lockups and blue screens after about 20 minutes of booting (and not just in Windows ME). I still miss that machine.
Wow, I remember reading about this kind of sh*t in the Unix Haters Book. So this problem exists since what … 40 years? And was dully copied in Linux. Way to be innovative. But yeah, fixing such design problems isnt as fun as say wobbling windows or fighting with Gnome/KDE about the name of the respective control panel.
LOL, Adam still doesn’t understand what unit tests are for. They’re not integration tests, kiddo, they’re UNIT TESTS. That means they test atomic “units” of code like functions and methods. For example, testing that a crypt() function works properly by running tests on it BEFORE pushing a build out.
Most of the issues ANY desktop OS (Windows, Linux, OSX) are integration issues that aren’t, or can’t, be unit tested.
“LOL, Adam still doesn’t understand what unit tests are for.”
Since when has Adam King managed to understand anything?
After all, he is supposed to be some straight-A, 6-figure hot-shot laughing at us “Winbred” from whatever corporate senior position that he is supposed to be holding, right?
I wonder what particular business that purported firm is specialized in, though. Pyramid schemes? Make-money-fast plans? Money Laundering? Oh, wait… That would actually require Adam to have good mathematical skills. Never mind.
“Most of the issues ANY desktop OS (Windows, Linux, OSX) are integration issues that aren’t, or can’t, be unit tested.”
But they can be integration tested. Got anything else clever to add?
LOL, as usual Adam missed the point of what unit test are. My guess: He thought they are for testing actual nukes before using them to destroy freedom.
Hint: He read the word “atomic”
Oh, another case case is bumblebee which wasn’t tested at all!!
Adam if you want to destroy winbreads. Here’s the recipe:
1) Send pings of death, (you remember those, don’t you?) to 127.0.0.1
2) ???
3) FREEDOM!!!
“Send pings of death”
When I saw that, I thought it said “pigeons of death”.
Now that’s what you should use to destroy Winbread!
Hahaha @ the braindamanged Masterloki trying to argue with me.
How many times did your caretaker changed your drool bib in the time it take to write that pathetic comment?
Adam: “Hahaha @ the braindamanged Masterloki trying to argue with me.”
Hahaha Indeed.
Here’s another pearl of wisdom for your best brain damaged friend.
Smart people debate
Common people argue
Assh*les insults each other with hate.
The good thing is that I’m doing this out of fun. ;) *whispering: is called trolling, sonny”.
You must be signed in to leave comments.