Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

more...

Why don’t unix commands have any vowels in the name? cp and mv are obviously devoweled standins for copy and move. But they’re less intuitive for new users. The user wants to copy a file. Why shouldn’t the name of the command be exactly the operation the user wants to perform?

What exactly does the user want to do? Instead of copying files, maybe I want to link two files. What does that mean? In unix, we have hard links and symbolic links. If I replace the “original” file, do I want the link to refer to the original file or the replacement? Or maybe what I mean by link two files is to combine two object files into an executable. Do we call that loading instead? ln is the name of a command, but link is the name of a concept. And sometimes the concept evolves over time. The linker is called ld because it used to be the loader. (I think.)

grep is a remarkably useful tool, but with a most unintuitive name. Why not call it find like Windows does? I want to find some text, I run find. So obvious. But some users may want to find files in the filesystem, not strings in a file. What command do they run? Probably locate.

There may be a great deal of historical accident in the names of commands (what if the inventors of awk had different initials?), but that doesn’t mean we can’t recognize the value of unique and precise identifiers.

The key to understanding how modern browsers work is to observe them in action. For this, we can use ktrace. I’ve posted a few ktrace snippets before, but here’s some new ones to aid in our understanding. Even if we don’t learn anything, deciphering ktrace and kdump output is a pretty useful skill. I use ktrace to verify software I write does what I think I expect. Using ktrace on other people’s software is like a never ending set of practice exercises.

more...

An amazing show. Sat down to watch one episode of Humans and watched the entire season in one six hour sitting.

more...

Yes, actually harmful.

The file utility can be useful. Don’t know what program to open a file with? Run file and it will tell you. Of course, sometimes file will be wrong and misidentify the file type. This may be inconvenient, but at least as a user you still have the option of trying to run another program.

Except when you don’t. What happens when file (or its programmatic buddy, libmagic) is not a hint, but a gatekeeper? What happens when some application determines its behavior based on the output of file?

What happens is you can’t print on Tuesday.

Or you can’t print particular documents that contain inappropriate phrases.

Or you can’t launch a browser and consequently prevent Firefox from providing ASLR enabled builds.

Something tells me these won’t be the last three bugs.

A program that helps users is useful. A program that restricts users is harmful. Run file on your computer all you want, but don’t use file to limit what I can do.

For the past few months, my iPhone has had a peculiar bug. Apple services didn’t work in my house. I could listen Amazon music, but not Apple music. I could update my Facebook status, but not the Facebook app itself. I could read Apple’s website and learn about security updates in the latest version of iOS, but not download them.

more...

Ripped straight from the headlines, thrilling tales of things gone wrong because nobody asked for things to go right.

You may not write assembly, but you probably use libraries from people who do. Did they remember to insert the right magic flag?

ImageMagick can and will do lots of things you neither expect nor desire. Unless, of course, you configure it otherwise.

When using node.js and socket.io, don’t forget the default is unverified sockets.

By default, Telegram uses a sophisticated identity verification system known as text the user.

If you really don’t want logging, say nop nop nop three times.

Remember, it’s all there in the manual if you just take the time to read it. Tune in next week to learn what other documentation you should have read!

Personal thoughts. To each their own.

more...

A few grumpy remarks about the amazing tale of Slack bot tokens on GitHub. Auth tokens used for business accounts get committed into Jurassic Park quote bots saved on GitHub, allowing random passersby to eavesdrop on your paradigm shifting startup’s latest pivot? That didn’t happen back in my day! Of course, since then multiple changes have combined to change the world. A perfect storm of convergence and disruption.

more...

What is a name, really?

more...