- cross-posted to:
- programming@programming.dev
- cross-posted to:
- programming@programming.dev
New favorite tool 😍
You must log in or register to comment.
I checked the docs, and I’m a bit confused with one thing. They show that you can capture the stdout of a command into a variabe, but they never show stderr being captured. How would that work?
Like this: ‘’’ $mv file.txt dest.txt$ failed { echo “It seems that the file.txt does not exist” } ‘’’
Knowing if a command failed and capturing stderr (which contains stuff like error messages) are not the same thing.
Basically another shell scripting language. But unlike most other languages like Csh or Fish, it can compile back to Bash. At the moment I am bit conflicted, but the thing it can compile back to Bash is what is very interesting. I’ll keep an eye on this. But it makes the produced Bash code a bit less readable than a handwritten one, if that is the end goal.
curl -s "https://raw.githubusercontent.com/Ph0enixKM/AmberNative/master/setup/install.sh" | $(echo /bin/bash)I wish this nonsense of piping a shell script from the internet directly into Bash would stop. It’s a bad idea, because of security concerns. This install.sh script eval and will even run curl itself to download amber and install it from this url
url="https://github.com/Ph0enixKM/${__0_name}/releases/download/${__2_tag}/amber_${os}_${arch}"… echo “Please make sure that root user can access /opt directory.”;And all of this while requiring root access.
I am not a fan of this kind of distribution and installation. Why not provide a normal manual installation process and link to the projects releases page: https://github.com/Ph0enixKM/Amber/releases BTW its a Rust application. So one could build it with Cargo, for those who have it installed.
I wish this nonsense of piping a shell script from the internet directly into Bash would stop. It’s a bad idea, because of security concerns.
I would encourage you to actually think about whether or not this is really true, rather than just parroting what other people say.
See if you can think of an exploit I perform if you pipe my install script to bash, but I can’t do it you download a tarball of my program and run it.
while requiring root access
Again, think of an exploit I can do it you give me root, but I can’t do if you run my program without root.
(Though I agree in this case it is stupid that it has to be installed in
/opt; it should definitely install to your home dir like most modern languages - Go, Rust, etc.)I would encourage you to actually think about whether or not this is really true, rather than just parroting what other people say.
I would encourage you to read up on the issue before thinking they haven’t.
See if you can think of an exploit I perform if you pipe my install script to bash, but I can’t do it you download a tarball of my program and run it.
Here is the most sophisticated exploit: Detecting the use of “curl | bash” server side.
It is also terrible conditioning to pipe stuff to bash because it’s the equivalent of “just execute this
.exe, bro”. Sure, right now it’s github, but there are other curl|bash installs that happen on other websites.Additionally a tar allows one to install a program later with no network access to allow reproducible builds. curl|bash is not repoducible.
But…“just execute this
.exe, bro” is generally the alternative to pipe-to-Bash. Have you personally compiled the majority of software running on your devices?
Why not compile it to sh though.
There is no sh shell. /bin/sh is just a symlink to bash or dash or zsh etc.
But yes, the question is valid why it compiles specifically to bash and not something posix-compliant
There is no sh shell.
lol
Yes, there was the bourne sh on Unix but I don’t see how that’s relevant here. We’re talking about operating systems in use. Please explain the downvotes
It’s relevant because there are still platforms that don’t have actual Bash (e.g. containers using Busybox).
shis not just a symlink: when invoked using the symlink, the target binary must run in POSIX compliant mode. So it’s effectively a sub-dialect.Amber compiles to a language, not to a binary. So “why doesn’t it compile to
sh” is a perfectly reasonable question, and refers to the POSIX shell dialect, not to the/bin/shsymlink itself.
As someone who has done way too much shell scripting, the example on their website just looks bad if i’m being honest.
I wrote a simple test script that compares the example output from this script to how i would write the same if statement but with pure bash.
here’s the script:
#!/bin/bash age=3 [ "$(printf "%s < 18\n" "$age" | bc -l | sed '/\./ s/\.\{0,1\} 0\{1,\}$//')" != 0 ] && echo hi # (( "$age" < 18 )) && echo hiComment out the line you dont want to test then run
hyperfine ./scriptI found that using the amber version takes ~2ms per run while my version takes 800microseconds, meaning the amber version is about twice as slow.
The reason the amber version is so slow is because: a) it uses 4 subshells, (3 for the pipes, and 1 for the $() syntax) b) it uses external programs (bc, sed) as opposed to using builtins (such as the (( )), [[ ]], or [ ] builtins)
I decided to download amber and try out some programs myself.
I wrote this simple amber program
let x = [1, 2, 3, 4] echo x[0]it compiled to:
__AMBER_ARRAY_0=(1 2 3 4); __0_x=("${__AMBER_ARRAY_0[@]}"); echo "${__0_x[0]}"and i actually facepalmed because instead of directly accessing the first item, it first creates a new array then accesses the first item in that array, maybe there’s a reason for this, but i don’t know what that reason would be.
I decided to modify this script a little into:
__AMBER_ARRAY_0=($(seq 1 1000)); __0_x=("${__AMBER_ARRAY_0[@]}"); echo "${__0_x[0]}"so now we have 1000 items in our array, I bench marked this, and a version where it doesn’t create a new array. not creating a new array is 600ms faster (1.7ms for the amber version, 1.1ms for my version).
I wrote another simple amber program that sums the items in a list
let items = [1, 2, 3, 10] let x = 0 loop i in items { x += i } echo xwhich compiles to
__AMBER_ARRAY_0=(1 2 3 10); __0_items=("${__AMBER_ARRAY_0[@]}"); __1_x=0; for i in "${__0_items[@]}" do __1_x=$(echo ${__1_x} '+' ${i} | bc -l | sed '/\./ s/\.\{0,1\}0\{1,\}$//') done; echo ${__1_x}This compiled version takes about 5.7ms to run, so i wrote my version
arr=(1 2 3 10) x=0 for i in "${arr[@]}"; do x=$((x+${arr[i]})) done printf "%s\n" "$x"This version takes about 900 microseconds to run, making the amber version about 5.7x slower.
Amber does support 1 thing that bash doesn’t though (which is probably the cause for making all these slow versions of stuff), it supports float arithmetic, which is pretty cool. However if I’m being honest I rarely use float arithmetic in bash, and when i do i just call out to bc which is good enough. (and which is what amber does, but also for integers)
I dont get the point of this language, in my opinion there are only a couple of reasons that bash should be chosen for something a) if you’re just gonna hack some short script together quickly. or b) something that uses lots of external programs, such as a build or install script.
for the latter case, amber might be useful, but it will make your install/build script hard to read and slower.
Lastly, I don’t think amber will make anything easier until they have a standard library of functions.
The power of bash comes from the fact that it’s easy to pipe text from one text manipulation tool to another, the difficulty comes from learning how each of those individual tools works, and how to chain them together effectively. Until amber has a good standard library, with good data/text manipulation tools, amber doesn’t solve that.
