It’s a markup language. In the simplest explanation, a programming language describes a process (what does the thing do) while a markup language describes a structure (how is the thing supposed to be displayed). There’s more to it than that, but someone else can get into deeper if they want, it’s beyond me lol
a markup language describes a structure (how is the thing supposed to be displayed)
A markup language does not define how something is to be displayed, that’s what a styling language is for (usually CSS). A markup language semantically defines what certain parts of the created document are.
“\ “ and [tab] and * are your friends. I’ve been using spaces in Unix filesystems since the early 90s with no issues. Also, using terminal fonts that•put•a•faint•dot•in•each•space•character helps.
This is fine for the most basic of use cases but once you start looping through file names or what have you, you have to start writing robust correct bash and nobody does that
Yeah but at least with periods in the title tab complete will just complete the file name all the way while with a filename with spaces I have to escape the damn space with “\ ” like you said. Why do more work when I don’t have to?
I work on a Web app and we recently decided that we’re just not gonna support double quotes in free text fields because oh holy balls what a thing it is to try to deal with those in a way that doesn’t open you up to multiple encoding vulnerabilities.
The issue is the filter that we’re using to avoid multiple encoding attacks de-escapes everything via multiple rounds, then tries to pass it to the next layer of filtering with the de-escaped request body as a json string. Your absolutely right that this is a silly way of doing it, but sometimes we have to live with decisions that were made before we were onboarded to a project. In this particular case, I pushed to improve the filters but all our PO heard was “spend development time weakening security” and at the end of the day they decide what to do and we do it.
This method is a band-aid patch when your downstream code is all messed up and you can’t fix it. Instead of treating the input string correctly, it just removes anything that might possibly trigger some vulnerability in wrong code.
It’s a way bigger pain in the ass than people think it is. I remember having to parse output from a tool for work that had tons of output in tabular format, mixed with normal sentence like strings. JSON, YAML, or XML outputs weren’t available so I had to do a nasty mess of grep, awk, cut, and head/tail, to get what I wanted. My first attempt was literally counting the characters so I could cut out exactly what I needed, but as we all know, hardcoding values is a recipe for headaches later on.
Here’s a horror story from literally yesterday. We have been fighting a system for a client for weeks and it has been a nightmare. Our clients just told us that they outsourced some of their work to an Indian outfit but that outfit is unfamiliar with Linux and doesn’t know how to edit text files so they have been downloading the files to their Windows machines, editing them in Windows, then uploading the contaminated text files back into Linux. None of them, not our client nor the outfit they hired, understood why this was a problem. We have no idea what files are affected and we won’t know until they fail because they obviously did not keep track of what they touched.
I will never forgive excel for automatically converting all of my dates to some weird ass format, or stripping single quotes randomly, or something other BS that they do for no reason
My absolute favourite is stripping leading zeroes from any text that looks like a number, then displaying it in scientific notation. But we get Copilot, so it balances out, right?
Does windows add an extra character at the end that gets converted to new line on linux? Because the other day I were copying a script and after pasting it an extra line was added after every single line, even the empty lines.
It’s quite strange, I’ve been downloading torrents for more years than I can count, and I upload them from time to time, and I’ve always had the worry myself of how to name torrents: with dots? underscores? dashes? (although with spaces is definitely not an option).
I’ve even asked the questions on several forums and upload sites, read tutorials on these same sites etc and every time I’ve asked the answer has been: THERE IS NO STANDARD, even on the tutorials, I’ve never seen anything mentioned such a thing.
All this to say that I’m making a meme, and after so many years, this is the first time I’ve heard of a Warez scene, and several times in the same comments!, curious, isn’t it? I wish I’d heard about it before.
The problem is really that space is an argument separator, so to safely handle filenames with spaces you need to handle them special, either by escaping them, quoting the entire thing. This means that the filename with spaces can’t be just copy pasted wherever you want, you have handle them special. It adds complications that are resolved by just using a separator that isnt used for other things, like underscore, or dash. Dot I also don’t like as much as it’s used as a separator for extensions, but that’s a far easier problem to handle by just ignoring all but the last dot, leaving only one really bad edge case (a file that does not have an extension, that uses dot separator in its filename having the filesystem imply a wrong extension.
I’m with the person you’re replying to, what’s an example? I haven’t had a problem working with filenames with spaces in at least ten years on windows, Linux or Mac…
It’s also really good practice to account for weird characters in programs and shell scripts you write because then you don’t have injection vulnerabilities or unicode problems.
Seriously, what’s an example of spaces in filenames causing a problem?
Will error for example. It works fine for filenames without space, but if the filename has space in it, it will be interpreted wrong. But if your testing batch doesn’t have spaces in the filename, you won’t see the issue until it’s used on a file that does. Note ‘cat’ is a placeholder, any function/script that can be used on a file here will have the same issue.
Something similar to that caught me last week while I was unzipping multiple mods in bulk for a game.
The point I guess I was getting at was that even having “come up” with Slackware and a whole os that’s just 69 half baked scripts in a trenchcoat I adopted a more universal mindset and specific skill set when using scripts over ten years ago and find it hard to justify expecting sanitary inputs nowadays when it is harder and harder with Unicode and is a serious security threat to treat variables as passable strings.
I wasn’t trying to suggest that there isn’t a way to make a space in a filename cause an error, but that I can’t think of an example where allowing a space to affect things was a good or right way to do something.
In the specific example of the op, no spaces is a scene rule from the days of ftp and irc/usenet. The idea behind having only a subset of the ascii character set was to allow those services to work with the files and commands around them. There’s no reason to treat my own scripts and programs as if they’ll never encounter the galaxy of other characters that are flying around now and to be honest, theres no reason not to work in sane handling of non ascii characters in filenames even for code I only expect to touch scene stuff.
It used to be an unavoidable mistake when we dug up buried utilities. Now that there’s a number to call first it’s only the fault of the knucklehead with the shovel.
Please don’t read this as some kind of an argument. I think we basically agree and I’m not trying to get one over on you.
To be fair, I didn’t really focus on the biggest annoyance I’ve had with spaces in the file name: going between terminals and the GUI, most filenames you can copy and paste with wild abandon, but filenames with spaces always require special care, sometimes stripping the auto completed escaped space from file names from the terminal, or quoting or escaping the space when taking one from the GUI.
That can be a struggle. There used to be a context menu option in maybe xterm or the kde terminal emulator that would copy the wd and maybe even the highlighted file but I might be gpt hallucinating that last one.
After fucking up bad copying from the internet into a terminal about fifteen years ago I have tried to review and understand what’s happening when copying from or to the terminal even in part. It would be bad for me if there weren’t the possibility of (at best) having shit not work when I use middle click with abandon.
I been thinking a lot about designing technology to discourage people from using it. For example it’s a serious mistake when wearable displays are made to look like wayfarers. The danger of people accepting them socially to the point of being manipulated into a state of flow, dissociating from their reality through a combination of sight and sound augmented reality, is too high. Good design of wearable displays should prioritize function over form 100% and make the user look like an insane freak that no one wants to be around, forcing people to remove them in order to maintain social interactions.
I think copying to and from the terminal is like that. When going between an interface which is a very high level mediator of interaction with the machine and one that’s a very low level mediator, we should be alert, on guard and proofreading everything twice. It’s good that we have to check ourselves before we wreck ourselves copying and pasting into the terminal.
That’s a problem with the shell though, not the filesystem. It doesn’t matter which files filesystem you’re using; most interactive shells use spaces as token separators and therefore spaces in filenames need to be enclosed in quotes or escaped.
Everytime smb. says “you can Google it” I think about googling it and expect some weird niche article from some esoteric sites. But then I think, why didn’t you Google it and posted an link? Why should I try to find a trustworthy source for your claim?
You’re willingly confirming something you rate as sensitive, trying to bring more credibility to it by being an extra shout and referencing a virtually unverifiable needle in a haystack ‘authority’ as Google, but find the sensitivity a reason for not sharing your information.
files.catbox.moe
Active