Indeed, printf is shorter. I use it in a similar fashion in my own script [1], which can be made to behave like hr() (haven't tried shells other than bash):
If you want to conform to ANSI, just use two dashes (--) or ASCII, the box drawing character, the source of the unicode variant. This is important because it remains the primary font in the core of any EGA and VGA-compatible graphics card (basically all graphics cards).
is just evil. That's a great way to own a machine. You can even read the code today, but run the command tomorrow when someone had replaced the code with a giant exploit. Not saying there is a better way to distribute something like this that is as easy to use, but damn, this is just asking for trouble.
Well, technically, I trust the Debian developers to do that for me. And I verified that they have approved of the software automatically, by checking their signatures on the Release file, which contains the hashes of the packages.
If I have the option to, yes. Or rather I take much less care to actually read the code when I am installing a package out of the Debian repo's. Otherwise, I at least try to review what the heck that I am installing, especially on my own machine.
Nope, "curl |bash" is worse, because (a) if there's any network problems when downloading it might split a command in half. like "rm -rf /tmp/$PID". What happens if the bytes after the first / are dropped? and (b) at lease you have the option of reviewing it when you download the script.
So does any package installation where you don't read the source. Piping curl into the shell is bad because the server can choose to serve malicious content to your curl that it didn't show in the browser.
> Piping curl into the shell is bad because the server can choose to serve malicious content to your curl that it didn't show in the browser.
And to head off objections, Piping curl into the shell does not leave any record on disk, unlike the "download .... ./execute" workflow in which it is trivial and natural to insert "and take a quick peek at it too".
Edit: And in the best case scenario, where the script delivered by curl is perfectly innocent, it is still a bad idea since you are left with no authoritative record of what was done. You could run curl again in the future, but that assumes that the same version is delivered, or that the file is still there at all.
Not quite true. Not all packages are created equal. For example anything from PyPI, npm, Ruby Gems, and Homebrew is suspect. On the other hand Debian/Ubuntu or Red Hat repo's are likely much more trustworthy since they have actual paid trusted maintainers who review the source code.
Not sure where you got that impression. In lots of cases, package maintainers are people who use the software and are volunteering their time to bundle it up with the necessary bits to put in a distro repo. The same is true of language-specific repos or homebrew.
Run the command, then look through the local copy to make sure it's safe. Once you have downloaded the code, there's no way that the project owner could change your copy.
Not sure if you replied to the wrong comment by accident, but the person you replied to is agreeing with you, while making a general statement about how they wish more people checked the code they're running between the download and run steps.
A benefit of this is you can also use it in your node programs (and clientside JS if you use something like browserify.)
And like any software you install that doesn't run in a sandbox, you should look at the source before running it or have some other reason for trusting it. (I briefly thought about how ironic it would be to have this program do something evil, but decided against it.)
I know that, I did not want to be evil writing that in the instructions but that's the best way to copy that file, also this is a file to be executable, so even if you use wget you are asking for trouble, downloading a file to your $PATH and making it executable, do you have any idea on how to improve the instructions?
When are these comments going to stop? Everyone lazy enough is going to keep suggesting "curl install" and everyone lazy enough is going to keep using it, and everyone that has something worth protecting and cares enough is either not going to use it or is going to audit it anyway, and comments like this aren't going to move anyone between those camps.
If you all think "curl install" is so evil then build something secure to replace it. It's got to be as easy from a "package maintainer" as well as a user's perspective, and you have to figure out some way to validate security. But until then, warning people that they should read code they execute is a waste of bandwidth.
This has me wondering, why haven't terminal windows evolved functionally to better support history, scrollback buffers jumping or markers, selection with a mouse, auto-complete hints, etc. Instead we're limited to hacks like this or the screenshot at http://unix.stackexchange.com/questions/3650/would-it-be-pos... ... and no, I don't think "use emacs" is an acceptable answer ;-)
Oh and instead of adding blank lines with "Enter", I often just type "clear" and hit return. Bingo, tons of whitespace now added.
I've often wondered if there is a terminal which supported the "jump to previous input" functionality described in the stackexchange question but I've never seen anything better than what is mentioned in the answers. I've heard Plan 9's Rio supported something like this but searching around, I can't see any mention of it.
I'm thinking we'll need a terminal window that interfaces with bash but has overlays in HTML and other controls for scrollback, etc. Maybe a fork of an existing terminal.
Or a colored prompt with a timestamp and hostname, great with a huge scrollback.
PS1='\[\033[1;32m\](\A) <\h> [$PWD \$ \[\033[m\]'
Edit: Using tmux with a 200,000 line scrollback, you can also search scrollback based on the hour in which you ran the command. A search for "(12:" would put you right in the ball park.
I like to use terminal colors so it's red, as well as allowing controlling width, but defaulting to terminal width.
$ cat ~/bin/br
#!/bin/sh
if [ "$1" == "" ] ; then
COLS=`tput cols`
elif [ "$1" == "--help" ] ; then
echo "$0: Prints a red line across the screen. or $0 <##> for a specific width."
echo "$0: br ; grep -ir foo * -- place a marker to see where results begin / end."
echo "$0: br 80 ; cat file -- use to check for overly long lines."
exit
else
COLS=$1
fi
LINE=""
for (( x=0 ; x<$COLS ; x++ )); do LINE="$LINE-" ; done
echo -e '\E[47;0m'"\033[1m$LINE\033[0m"
I'm interested why they use "seq"? [seq can take a single value too apparently, perhaps they did half width rulers with "seq 2 $(tputs cols)"?]
Why doesn't
!/bin/bash
j=$(tput cols); for i in {1..$j}; do echo -n "#";done
work, presumably there's some escape that needs doing?
The alternative:
!/bin/bash
for (( c=1 ; c<=$COLUMNS; c++ )); do echo -n "#";done
seems fine?
Also BASH has $COLUMNS builtin FWIW, though portability explains use of tput.
I like it, should be a standard command, including options to specify width as a proportion and to add whitespace lines. Code for this must be in almost every shell script.
Both of those would work in bash, but they're non-standard extensions. The seq construction would work in any POSIX shell, though the seq command itself is still non-standard I think.
Actually printf is a POSIX standard shell utility. Bash happens to implement it as a builtin, but there's also a conforming copy in GNU coreutils (and presumably busybox, but I didn't check). And the syntax above is standard Bourne shell, not specifically bash.
Actually of the constructs in that, the only non-portable one is the seq tool, which (I think) is unique to coreutils.
OSX 10.9 ships a 'seq'. This particular version was written in 2005 by the NetBSD project, and its provenance is NetBSD 3.0 -> FreeBSD 9.0 -> OSX.
Fwiw, it isn't a GNUism, though GNU's version was the first widely distributed one. A 'seq' appears in some old Research UNIX editions, and also in Plan9, but not in commercial AT&T Unix or in BSD. Instead 'jot' is the traditional BSD utility. Not sure if commercial AT&T Unix (and descendants) had anything similar.
Thanks! This is actually what I love doing, small utilities to help me and others which are not that fancy but get the work done and are compatible with my workflow.
It makes an entire blank line, which is sufficient if you have a lot of textual output. It also gets rid of the old stuff from the screen - if you're running a window manager, you can then scroll up if you need the old stuff.
