←back to thread

Java Hello World, LLVM Edition

(www.javaadvent.com)
200 points ingve | 10 comments | 07 Dec 25 11:51 UTC | HN request time: 0.324s | source | bottom
Show context
tuhgdetzhh ◴[07 Dec 25 15:13 UTC] No.46182258[source]
I'm always a bit shocked how casual people people wget and execute shell scripts as part of their install process.

This is the equivalent of giving an author of a website remote code execution (RCE) on your computer.

I get the idea that you can download the script first and carefully read it, but I think that 99% of people won't.

replies(5): >>46182378 #>>46182490 #>>46183270 #>>46184246 #>>46184808 #
1. OptionOfT ◴[07 Dec 25 17:16 UTC] No.46183270[source]
Equally I don't like how many instructions and scripts everywhere use shorthands.

Sometimes you see curl -sSLfO. Please, use the long form. It makes life easier for everybody. It makes it easier to verify, and to look up. Finding --silent in curl's docs is easier than reading through every occurrence of -s.

   curl --silent --show-error --location --fail --remote name https://example.com/script.sh
Obligatory xkcd: https://xkcd.com/1168/
replies(5): >>46183416 #>>46185213 #>>46186791 #>>46189653 #>>46191309 #
2. ndsipa_pomu ◴[07 Dec 25 17:34 UTC] No.46183416[source]
Absolutely agree.

The shorthands are for when typing it at a console and the long form versions should be used in scripts.

3. Terr_ ◴[07 Dec 25 21:13 UTC] No.46185213[source]
For a small flight of fancy, imagine if each program had a --for-docs argument, which causes it to simply spit out the canonical long-form version equivalent to whatever else it has been called with.
replies(1): >>46190337 #
4. scrame ◴[08 Dec 25 00:08 UTC] No.46186791[source]
agreed. i get if you're great at cli usage or have your own scripts, but if you're publishing for general use, it should be long form. that includes even utility scripts for a small team.

also, putting it out long-form you might catch some things you do out of habit, rather than what's necessary for the job.

replies(1): >>46190315 #
5. yjftsjthsd-h ◴[08 Dec 25 08:07 UTC] No.46189653[source]
> Finding --silent in curl's docs is easier than reading through every occurrence of -s.

Dumb trick: Search prefixed with 2 spaces.

  man curl
  /  -s
Yields exactly one hit on my machine. In the general case, you may have to try one and two spaces.
6. ndsipa_pomu ◴[08 Dec 25 09:40 UTC] No.46190315[source]
Another possible advantage is that I invariably have to check the man page to find the appropriate long-form option and sometimes spot an option that I didn't know about.
7. ndsipa_pomu ◴[08 Dec 25 09:44 UTC] No.46190337[source]
Or, a separate program that can convert from short to long form:

> for-docs "ls -lrth /mnt/data"

ls -l --reverse -t --human-readable -- /mnt/data

(I'd put in an option to put the options alphabetically too)

replies(1): >>46197395 #
8. lionkor ◴[08 Dec 25 12:06 UTC] No.46191309[source]
Aren't there tools for which the short flags are standardized (e.g. POSIX) but the long flags aren't?
9. Terr_ ◴[08 Dec 25 20:43 UTC] No.46197395{3}[source]
While I'd appreciate that facility too, it seems... even-more-fanciful, as one tool would need to somehow incorporate all the logic and quirks of all supported commands, including ones which could be very destructive if anything went wrong.

Kind of like positing a master `dry-run` command as opposed to different commands implementing `--dry-run` arguments.

replies(1): >>46202396 #
10. ndsipa_pomu ◴[09 Dec 25 07:55 UTC] No.46202396{4}[source]
I did muck around with using "sed" to process the "man" output to find a relevant long option in a one-liner, so it wouldn't be too difficult to implement.

I did something like this:

  _command="sed" _option="n"
  man -- "${_command}" | sed --quiet --expression  "s/^       -${_option}.*, //p"
Then I realised that a bit of logic is needed (or more complicated regexp) to deal with some exceptions and moved onto something else.