Error Messages and Error Checking, NOT! 33 Do I need to waste another 30 minutes retrieving the file from Europe? Of course, this is Unix. It’s amazing. I’m sure this misfeature has bitten many people. There are so many simple ways of avoiding this lossage: error reporting, file version numbers, double checking that the user means to over- write an existing file, etc. It’s like they have to work hard to create this sort of lossage. This bug strikes particularly hard those system administrators who use tar to back up their systems. More than one sysadmin has put “tar xf …” into the backup script instead of “tar cf …” It’s an honest mistake. The tapes spin. Little does the sysadmin suspect that tar is trying to read the specified files from the tape, instead of writing them to the tape. Indeed, everything seems to be going as planned until somebody actually needs to restore a file. Then comes the surprise: the backups aren’t backups at all. As a result of little or no error checking, a wide supply of “programmer’s tools” give power users a wide array of choices for losing important infor- mation. Date: Sun, 4 Oct 1992 00:21:49 PDT From: Pavel Curtis pavel@parc.xerox.com To: UNIX-HATERS Subject: So many bastards to choose from… I have this program, call it foo, that runs continuously on my machine, providing a network service and checkpointing its (mas- sive) internal state every 24 hours. I cd to the directory containing the running version of this program and, since this isn’t the development directory for the program, I’m curious as to exactly what version of the code is running. The code is maintained using RCS, so, naturally, I attempt to type: % ident foo to see what versions of what source files are included in the execut- able. [Never mind that RCS is obviously the wrong thing or that the way “ident” works is unbelievably barbaric I have bigger fish to fry…]

34 Welcome, New User! Of course, though, on this occasion I mistyped as my fingers go on autopilot and prefer the word ‘indent’ to the non-word ‘ident:’ % indent foo Now, it turns out that “indent” is the name of UNIX’s brain-damaged idea of a prettyprinter for C. Did the bastard who wrote this abortion consider checking to make sure that its input was a C file (like, oh my god, checking for whether or not the name ended in “.c”)? I think you know the answer. Further, Said Bastard decided that if you give only one argument to indent then you must mean for the source code to be prettyprinted in place, overwriting the old contents of the file. But not to worry, SB knew you might be worried about the damage this might do, so SB made sure to save a copy of your old contents in foo.BAK. Did SB simply rename foo to foo.BAK? Of course not, far better to copy all of the bits out of foo into foo.BAK, then truncate the file foo, than to write out the new, prettyprinted file.10 Bastard. You may be understanding the point of this little story by now… Now, when a Unix program is running and paging out of its execut- able file, it gets really annoyed at you if you mess about with all its little bits. In particular, it tends to crash, hard and without hope of recovery. I lost 20 hours of my program’s state changes. Naturally, the team of bastards who designed (cough) Unix weren’t interested in such complexities as a versioned file system, which also would have saved my bacon. And those bastards also couldn’t imagine locking any file you're currently paging out of, right? So many bastards to choose from why not kill ’em all? Pavel Imagine if there was an exterior paint that emitted chlorine gas as it dried. No problem using it outside, according to the directions, but use it to paint your bedroom and you might wind up dead. How long do you think such a paint would last on the market? Certainly not 20 years. 10Doubtlessly, the programmer who wrote indent chose this behavior because he wanted the output file to have the same name, he already had it open, and there was originally no rename system call.