[svlug] Evil Backquotes (was Re: how to copy a bunch of "." files?)

Tin Le tin at le.org
Tue May 16 09:42:51 PDT 2000


-----BEGIN PGP SIGNED MESSAGE-----


> > Ksh (Korn shell) came around 1986 (outside of Bell Lab that is) from David
> > Korn.

> Hmm, I thought I started using it before then.  Maybe not -- my first
> exposure might have been as late as '88.  (On an MS-DOS system running
> Mortice Kern's DOS toolkit; our *NIX boxes were still running Xenix at
> that point, which had only a seriously limited sh and an ugly csh.)

I am not sure of the exact date either.  I know ksh was in use inside the
lab for a while before ATT decided to add it to one of the SysIII releases.
All I remember is the excitement at the ability to use a "decent" command
line shell ;-).  It was very frustrating to use sh for interactive use after
getting used to csh.

Of course, it was available only on the newer releases and not for existing
version... unless one was willing to shell out a lot of money to ATT for
the source and port it yourself.

> > It went back a long way.  The way I was taught was that sh is for writing
> > scripts and csh is only for interactive use.

> That is a piece of "recieved wisdom" which I would like to do
> everything in my power to stamp out.  It was true back in the days I
> was running Xenix, but, in my opinion, since at least the introduction
> of ksh, there has been no justification whatsoever for the existence
> of csh, except force of habit.  Newbies should be told to avoid csh at
> all costs.  Then, with any luck, the last of the old hackers who still
> find themselves wed to it will die out before long... :-)

Sorry, you can try all you want, but you are not going to stamp this one
out.  Personally, I use bash for my interactive use and all my scripts are
tested in sh first.  I have not had to installed Linux for a while so don't
know what the default in the latest distros is, but I remember in early
ones, csh is the default shell when new accounts were created (on Slackware
and RH).

The "csh" that is shipping on Linux is really just a symlink to tcsh. And
tcsh is not that bad.  At least it is being maintained and bugfixed.

The only thing I can see wrong with it is when people write csh shell
scripts.  I had to untrained a number of my sysadmins on that bad habit.
One guy almost brought down our web servers because of his scripts.  I
turned him over to Perl and the problem was solved.

> I don't allow any form of csh to be installed on my workstations or on
> any production servers I'm in charge of.  Period.

> > You would have to go back pretty far to find a system still running
> > versions of sh that does not support the back tick.

> Not very far at all, at least not on HPuchhs systems.  Ksh introduced
> $(), and to the best of my knowledge, there are still systems today
> that have support for $() but *not* for backticks.  If that's changed,
> it's been in the last couple of years.

> Yup, and this is another reason I try to stick with $() instead of
> backticks.  Of course, the primary reason is that $() is more
> readable and more flexible (supports nesting).

But $() is not available in sh, which would make your scripts break on
systems that does not have ksh or bash.  I know there are still plenty of
people running these dinosaurs and it's not that much more work to provide
support for them, so I try to do so.

> I have never seen a bourne-shell compatible (or near-compatible like
> ksh) that supported backticks and didn't support $().  I have seen
> ones which support $() and not backticks.  (And ones which support
> neither, but those *are* basically obsolete enough to ignore at this
> stage.)

I guess because I am such a portability oriented person and because '$()'
was a feature that was not that much more useful (to me), I never tested
how widely $() is supported.

> Thus, the aesthetics of portability and elegance unite in proclaiming
> that $() is the One True Way, and that backticks are Evil.  :-)

Aw come on, there have to be better things to evangelize! ;-)  Such as
getting all the distros to be more security conscious.  There has been
a number of dumb gaffed releases recently.  Seem to be a lack of QA on
the vendors' part.

If Linux can have less security problems reported in the media, it would
be easier for me to sell it to my clients :-).

Tin Le
- ----
http://tin.le.org
Internet Security and Firewall Consulting
Tin Le - tin at le.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBOSF6iRiIIbPkDHhBAQHAJwP9E1rBF1v/CRMend4dvjccl/jdUHxJAh/q
oKfqEJY4Ugj+KAigFHYQJSXZlmlT/lF2SubVLGsPTNk2Yjxh4OFYY3WEN8oI6EfW
r1aRo3uC42Ex+mKfA0DdpW/4hFpqV8pdpSe9CyZdv5+MsgNa3oWeeG6PAMtBdDKf
Caz/pP04lvk=
=kXMq
-----END PGP SIGNATURE-----






More information about the svlug mailing list