Accidents Will Happen 19 If Dennis and Ken had a Selectric instead of a Teletype, we’d probably be typing “copy” and “remove” instead of “cp” and “rm.”1 Proof again that technology limits our choices as often as it expands them. After more than two decades, what is the excuse for continuing this tradi- tion? The implacable force of history, AKA existing code and books. If a vendor replaced rm by, say, remove, then every book describing Unix would no longer apply to its system, and every shell script that calls rm would also no longer apply. Such a vendor might as well stop implement- ing the POSIX standard while it was at it. A century ago, fast typists were jamming their keyboards, so engineers designed the QWERTY keyboard to slow them down. Computer key- boards don’t jam, but we’re still living with QWERTY today. A century from now, the world will still be living with rm. Accidents Will Happen Users care deeply about their files and data. They use computers to gener- ate, analyze, and store important information. They trust the computer to safeguard their valuable belongings. Without this trust, the relationship becomes strained. Unix abuses our trust by steadfastly refusing to protect its clients from dangerous commands. In particular, there is rm, that most dangerous of commands, whose raison d’etre is deleting files. All Unix novices have “accidentally” and irretrievably deleted important files. Even experts and sysadmins “accidentally” delete files. The bill for lost time, lost effort, and file restoration probably runs in the millions of dollars annually. This should be a problem worth solving we don’t under- stand why the Unixcenti are in denial on this point. Does misery love com- pany that much? Files die and require reincarnation more often under Unix than under any other operating system. Here’s why: 1. The Unix file system lacks version numbers. 1Ken Thompson was once asked by a reporter what he would have changed about Unix if he had it all to do over again. His answer: “I would spell creat with an ‘e.’”
20 Welcome, New User! Automatic file versioning, which gives new versions of files new names or numbered extensions, would preserve previous versions of files. This would prevent new versions of files from overwriting old versions. Overwriting happens all the time in Unix. 2. Unix programmers have a criminally lax attitude toward error reporting and checking. Many programs don’t bother to see if all of the bytes in their output file can be written to disk. Some don’t even bother to see if their output file has been created. Nevertheless, these programs are sure to delete their input files when they are finished. 3. The Unix shell, not its clients, expands “*”. Having the shell expand “*” prevents the client program, such as rm, from doing a sanity check to prevent murder and mayhem. Even DOS verifies potentially dangerous commands such as “del *.*”. Under Unix, however, the file deletion program cannot determine whether the user typed: % rm * or: % rm file1 file2 file3 ... This situation could be alleviated somewhat if the original com- mand line was somehow saved and passed on to the invoked client command. Perhaps it could be stuffed into one of those handy envi- ronment variables. 4. File deletion is forever. Unix has no “undelete” command. With other, safer operating sys- tems, deleting a file marks the blocks used by that file as “available for use” and moves the directory entry for that file into a special directory of “deleted files.” If the disk fills up, the space taken by deleted files is reclaimed. Most operating systems use the two-step, delete-and-purge idea to return the disk blocks used by files to the operating system. This isn’t rocket science even the Macintosh, back in 1984, separated “throwing things into the trash” from “emptying the trash.” Tenex had it back in 1974.
Previous Page Next Page