David A. Wheeler's Blog

Thu, 22 Apr 2010

Filenames and Pathnames in Shell - Doing it Correctly

Traditionally, Unix/Linux/POSIX filenames and pathnames can be almost any sequence of bytes. Unfortunately, most developers and users of Bourne shells (including bash, dash, ash, and ksh) don’t handle filenames and pathnames correctly. Even good textbooks on shell programming get filename and pathname processing completely wrong. Thus, many shell scripts are buggy, leading to surprising failures. In fact, mis-handling of filenames is a significant source of security vulnerabilities.

So I’ve created a short essay on how to correctly process filenames in Bourne shells as used in Unix, Linux, and various POSIX systems. It presumes that you already know how to write Bourne shell scripts.

The essay is: Filenames and Pathnames in Shell: How to do it correctly. Please, take a look!

Frankly, it would be better if filenames weren’t so permissive. In particular, filenames with control characters, leading dash (“-”), and non-UTF-8 encoding cause a lot of grief. To see more about that, please see my essay Fixing Unix/Linux/POSIX Filenames. If filenames weren’t so permissive, correct programs would be much easier to write.

So, Filenames and Pathnames in Shell: How to do it correctly explains how to handle filenames properly in shell programs, given the current situation. Please take a look; I hope you find it useful.

path: /oss | Current Weblog | permanent link to this entry

Fri, 02 Apr 2010

The new face of journalism: PJ, Groklaw, and SCO

The jury in the District Court of Utah trial between SCO Group and Novell has issued a verdict, and SCO lost big. SCO had been threatening and trying to extract money from many innocent people and organizations, including the developers and users of Linux, IBM, Red Hat, and Novell. But the jury found that the copyrights for Unix did not go from Novell to SCO, so many of SCO’s claims against these innocent people have collapsed. It’ll take many years for the rest of the cases to wind down, but their other cases were even less probable.

Perhaps the happiest part of this sorry tale is the rise of Groklaw, established and run by PJ. Carla Schroder’s “Groklaw: How One Person Can Do Big Deeds. Thanks PJ.” and Brian Proffitt’s “SCO, Novell: Grokking Where Credit is Due” wisely point out the important role that Groklaw has played in this saga.

It’s hard to know if Groklaw changed the outcome of this case, but Groklaw clearly changed what people knew about the case. Traditional journalists completely failed the public in the SCO cases. Even though this had the potential to seriously harm the most important development in information technology (IT) — the rise of open source software — almost no IT journalists looked into it. The few that did tended to spend little time looking at (or for) evidence. If journalists are simply reorganizing press releases, there’s really no need for journalism, is there?

Groklaw was vastly different. Groklaw is more than a website or blog, it is a community of people who gathered evidence, analyzed it, and helped other people get the true picture. Traditional journalists may bemoan the loss of local newspapers, but why should people pay for rehashed press releases when the blogs are a more accurate and broader source of information? In short, if you wanted full and accurate public information related to SCO, Groklaw had it; traditional sources didn’t.

While Groklaw is a community, PJ was and is a key part of it. She had the idea of setting up Groklaw, and made it work. In short, she established an environment, and made it possible for the rest of the world to see what was going on.

So hats off to Groklaw, and to PJ in particular. Journalism will never be the same again.

path: /oss | Current Weblog | permanent link to this entry