Recent searches
Search options
Administered by:
Making it harder to do wrong
#curl is written in C. We try to write better C to reduce the risk of future vulnerabilities.
https://daniel.haxx.se/blog/2023/12/13/making-it-harder-to-do-wrong/
@kkarhan@mstdn.social@bagder same reason for #Linux I guess and same reason why I do all the #OS1337 code in #bash with only .config makefiles where needed:
Readable and thus easy to #audit code allows for #transparency, which is vital for #maintainability and #security...
After all, mistakes do happen and I'd rather have it easy find and fix than optimize every bit at the cost of unmaintainable code.
@hramrach @bagder if you think #bash is horrible (I assume you use #zsh and/or #fish - which then yes that is a valid argument) then please take a look at #ksh, #tcsh or the original #UNIX #sh and tell me that's readable.
Tangents aside: Bash, for better or worse, is the #standard for #Linux and since I want OS/1337 to be "self-reproducing" / "self-hosting" with as little dependencies as possible, I'm stuck with it.
@OS1337@infosec.exchange
#OS1337
@kkarhan @bagder @OS1337 I actually use bash because it's the standard. The QWERTY keyboard is also a standard, and I also use it.
There are objective metrics for keyboard fitness like the average travel for typing a word, average number of hand swaps, and QWERTY is worse than average random layout on all of these, intentionally, for historical reasons.
I know it sucks but when I go to a shop and want a keyboard the one I get is QWERTY. When I want a shell the one I get is bash.
With Bash I have to agree. Especially in case where I'm managing a fleet of servers together with a bunch of other people, I'm not going to change the default shell on every one of them and install my own .whateverrc file.
With the keyboard however I can disagree. Actually, the keyboard can have QWERTY written on the keycaps, but nothing stops you from configuring your system to use whatever layout you like. I for example wrote this post on a QWERTY keyboard using a Dvorak layout. The keycaps don't match with letters being written, but I don't care, because I'm not even looking at the keyboard.
@etam @hramrach Or to put it into different words:
Installing another shell is close to installing a compiler on production systems: A big no-no.
Tho in terms of keyboards and layouts that is nowadays fixable and I've seen #Neo2 and #Dvorak as well as #ANSI - #QWERTY, #ISO - #QWERTY, ISO - #AZERTY, ISO - #QWERTZ and German Macintosh [yes, that's a different layout predating ISO-QWERTZ!] in the same room on different systems...
fortunately, SSH doesn't care about my setup.
https://stranger.social/@hramrach/111574512619261472
@kkarhan
In the past I wrote Shell Scripts as small as possible. For example was a line break required for the Script to Work? If Not, remove it.
And then beeing proud of with how many lines of Code I achived the goal.
But now I'm more focused on readability. And it really enhanced my Code, also for others
@bagder
@Madic @bagder *nodds in agreement*
The cost-gain balance in terms of optimizing #shell code for size is completely trash, because maintainable and documented code (even if it's just comments) is more important longtern than saving a few bytes omnitting line breaks...
Expechally when #compression like #xz does a better job at making things smaller than any coder could within i.e. #bash alone...
Also I'm not writing #malware that has to obfuscate everything to make #CodeForensics harder...