Readit News logoReadit News

Dead Comment

Deleted Comment

Dead Comment

Dead Comment

Dead Comment

hello_computer commented on The curious case of shell commands, or how "this bug is required by POSIX" (2021)   notes.volution.ro/v1/2021... · Posted by u/wonger_
chubot · 6 months ago
YSH addresses the "string safety" problem:

What is YSH? https://oils.pub/ysh.html

I am writing a quoting module now, but the key point is that it's a powerful enough language to do so. It is more like Python or JS; you don't have to resort to sed to parse and quote strings.

I posted the quote-argv solution above -- in YSH it will likely be:

    var argv = :| ls 'arg with space' |   # like bash argv=()
    ssh example.com $[quote.sh(argv)]
But you can write such a function NOW if you like

---

quote.sh follows the (subtle) idiom of replacing a single quote ' with

    '\''
which means it works on systems with remote POSIX sh, not just YSH !

e.g. "isn't" in POSIX shell is quoted as

    'isn'\''t'
which is these three word parts:

    'isn' \' 't'
YSH also has:

- JSON, which can correctly round trip every Unicode string, without writing your own parsing functions

- JSON8, an optional extension that can round trip every byte string you get from the Unix kernel

https://oils.pub/release/latest/doc/j8-notation.html

hello_computer · 6 months ago
I like it. Hope it gets some traction.
hello_computer commented on The curious case of shell commands, or how "this bug is required by POSIX" (2021)   notes.volution.ro/v1/2021... · Posted by u/wonger_
hello_computer · 6 months ago
There are so many neo-shells that go crazy with colors, autocompletions, & SQL-like features while the most basic problems (like handling of newlines/spaces/international chars) are mostly swept under the rug with -null/-print0, which is more hack than solution. I think Tom Duff's rc shell was an excellent start in that direction, which sadly went nowhere.
hello_computer commented on The curious case of shell commands, or how "this bug is required by POSIX" (2021)   notes.volution.ro/v1/2021... · Posted by u/wonger_
o11c · 6 months ago
This is woefully misguided. Half the time passing it to the shell is explicitly a feature, e.g. `popen("gzip > foo.gz")`. If you have user input you should always sanitize it regardless of API.

But `ssh` does deserve all the shame. It's a pity the real problems are hard to find in an article full of nonsense.

Note also that if you're using a deficient shell that supports neither `printf %q` nor `${var@Q}` it's still easy to do quoting in `sed`. GNU `./configure` scripts do this internally, including special-casing to only quote the right side of `--arg=value`.

hello_computer · 6 months ago
> article full of nonsense

Pls elaborate. Seems like a decent list of shell gotchas to me.

Deleted Comment

hello_computer commented on What methylene blue can (and can’t) do for the brain   neurofrontiers.blog/what-... · Posted by u/wiry
p1dda · 6 months ago
To improve your health never start with adding a chemical! Instead remove chemicals and toxins first and foremost.
hello_computer · 6 months ago
This is true. I've had so many problems where the pills and creams were time and money down the drain, and the solution was to cut something out of my diet or lifestyle. Less is more.
h

u/hello_computer

KarmaCake day215May 2, 2023View Original