Frankly I've never liked man pages. To me they always screamed "This is how documentation was done in the 90s." The examples are often very unclear or incomplete, and the explanations often assume prior knowledge without providing links in case such knowledge is absent.
Modern documentation has gotten way better, as seen in the Stripe docs and many others, and I wish the man pages could be updated accordingly.
Yes man pages are usually upside-down; the examples should be right at the start and then lead to a drill-down into options. 9/10 times I end-up having to search the web for a basic introductory example.
But even in big corps corps with ISO9000 accreditation there is seldom self- questioning as to whether documentation is useful rather than just ticking the box for process-completeness.
You're presuming man pages are primarily meant to serve as a reference. But I rarely need man-pages as a reference†.
Most of the time, if I'm looking up a man-page for something, it's because I've just installed a new package that sounded like it would solve a problem and then did a dpkg-query(1) to find out what binaries came with it—or used apropos(1) to find a relevant binary already installed—and now I want to know what the uses of a given binary are and whether those uses include solving my particular problem.
† Well, except for the utilities with absolutely horrible command-line UX-design, like tar(1) or ps(1) or rsync(1), where I just memorize the options I need for my usual case, and then have to look in the man page to do anything novel.
Let me rephrase: you assume that it makes sense for manpages to continue serving primarily as a reference—that this is the primary use-case people have for the standardized program documentation that ships with their distro packages.
Shipping a reference to a binary with that binary may have made sense before the internet. But nowadays, it's the opposite.
• Complex programs with many options have (sometimes dozens of) websites documenting them thoroughly. (Try searching with any search-engine for "wget mirroring", for example; the number and complexity of the results is overwhelming.)
• Meanwhile, for the simple "corner-case" programs, you really hope that they shipped with docs—because seemingly nobody else out there on the web cares to bother documenting them. With a lot of these little programs, the only web doc you can find are, in fact, online mirrors of their man-page.
For the popular-and-complex programs, man-pages are just redundant, because everyone will document what they did to achieve whatever. But for the simple-but-weird programs—the ones for which man-pages aren't just redundancies—if the man-page doesn't give usage, then nothing is going to give usage.
Now, I can understand why man-pages for these little utilities are the way they are. These programs are usually created by a single author, so time spent writing docs is time not spent fixing bugs or scratching their itch or whatever else. And an options reference certainly is the "minimal normalized form" of documentation: it lets others brute-force combinatoric-search the space of invocations until they find some combination that Works For Them™. Basically, you can (through a lot of trial and error) generate a cookbook from an options reference. So the author probably doesn't feel a strong need to add anything beyond an options reference, because the people who really need to solve the problem their binary solves are willing to go to that effort.
But if you're a distro downstream packager, and it's your job to make your distro easy for people to use, you should have every incentive to submit upstream patches to said author, with manpage additions of cookbook example usages resulting from your trial-and-error experimentation with their program.
Annoyingly, you, as a distro packager, probably don't have time to do that trial-and-error experimentation, especially if the utility serves a niche use-case that you don't even understand. That—and not the fact that "manpages should be a reference and nothing more"—is most of the reason manpages continue to be the way they are.
• The primary win for all of those utilities would be in separating their horribly-large arrays of top-level runtime switches into subcommands that each have a restricted, learnable set of runtime switches relevant only to that subcommand. (See: git, docker, lvm, ip, ufw).
• As well, for top-level switches that are really preferences—that is, switches that don't apply to a use-case, but rather to a user—read those from ~/.config/foo/foorc with defaults in /etc/foo/foorc. Don't expose them at all as runtime switches. If there are features that would be customized by different wrapper-client UIs, provide a --config-file=[file] switch that takes a config-file that sets those. And for special drivers, like Makefiles or CI setups, that have a matrix of different UI options they might want to ask for, you can provide FOO_OPTION env-vars. (See: curl, compiler toolchains, ffmpeg, apt). In ffmpeg's case, there are even config-file presets—basically little plug-ins of config options you can enable as a group. You can dump new files into the /etc/ffmpeg/presets or ~/.config/ffmpeg/presets to add them as presets.
• For switches that are exposed individually, but which are also aggregated into switch-group-setting switches, in most cases there's literally no use-case for setting the individual switches, only the switch-group-setting switch. Remove the individual switches. Just because the program could theoretically be configured to do X compatibility thing for old-arch Foo, but not Y other old compatibility thing for old-arch Foo (where any time you're talking to Foo you always need both), you don't have to expose both an X switch and a Y switch. Just expose a --foo-compat switch and be done with it. People trying to use your binary on other weird OSes shouldn't be doing so by combining tons of option-switches; they should sit down and port your program to that OS, by finding the place in your program where you've defined {arch -> shim flag set} mappings, adding a new mapping for their arch, and exposing it as a new external --bar-compat switch.
• Speaking of compat flags, try just making such behaviors always-on when you build targeting the relevant arch, rather than needing to specify them at runtime. The only real use-case for runtime compat switches is as an IPC/RPC client talking to a server that expects the weird behaviour. And even then, your client should first try to auto-detect the server's expectations, and you should only add the runtime switch if that auto-detection turns out to be unreliable. (Meanwhile, If you're the IPC/RPC server, the compat settings belong in the config file. See: Samba, NFS, Netatalk, ...)
• If your binary manipulates state (like, say, how git manipulates repos), and you change the way it does so in a backward-incompatible manner, you might be tempted to add a runtime switch to turn the old behaviour back on to allow collaboration with people using older versions. If your state-store is at all extensible, though, you should instead add a field for a schema-version and a flag for pinning the state-store to that schema-version, as well as a subcommand to pin/unpin a given state-store's schema-version. Now your binary will upgrade the schema of its state-store by default, but will respect "protected" state-stores and perform only backward-compatible operations on those. (Importantly, this guides the code architecture into failing by default instead of doing something backward-incompatible; whereas, with backcompat switches, you're always forcing a state-store schema-migration on people by default every time you add new code, unless/until you add a matching backcompat-switch.)
• quiet/verbose and interactive/batch are silly "mode switches" to have in modern programs, just like forking is a silly way to do daemons when you've got a modern init(8). Put interactively-useful information on stdout, and do interactive prompting, if-and-only-if isatty(STDIN); put information of all levels of usefulness on syslog with appropriate error-level tags attached. It's up to the thing running your program to provide a PTY or not, and to filter your output or not. Be friendly to expect(1).
These guidelines together should trim each subcommand to a reasonable "visible" option-set. Now just ensure that typing "man command subcommand" gets you a separate man-page written just for the subcommand, and add bash/zsh completion for each subcommand and for the subcommands list itself.
In practice --help output is mostly useless—it’s neither simple enough for a quick overview nor comprehensive enough to actually know what I can do. Tried “less --help” lately? It spits out ten pages of output!
Plus, every program does --help differently. Does it spit out short output or tons of output so that I need a pager? Does it fork and execute a pager itself, or do I have to run the program again and pipe it to less manually? And then it turns out some programs print --help output to stderr, not stdout, so the pager doesn’t display any output until I do “blahblah --help 2>&1 | less”.
A good manpage beats --help all hollow. It’s simultaneously more brief and more (usefully) verbose. The Synopsis section provides a quick overview of flags, if I just need a quick reminder to jog my memory. But if I want to know the details of a particular flag, I can just scroll down to it or search for it. Mandoc, the default manpage formatter in OpenBSD, even has semantic search built in. It uses more(1)'s built‐in tags functionality to take me straight to whatever flag I want. (You can get this functionality on Linux too by installing mandoc: http://mdocml.bsd.lv/)
Really, horrendous and arcane manpages are a trope that mostly exists in the Linux/GNU world. In BSDs, especially OpenBSD and FreeBSD, clear, simple documentation is a priority. No need for --help or “bropages” when the actual manpages are perfectly clear. For example, check out OpenBSD’s signify(1) manual (http://man.openbsd.org/signify.1), used for cryptographic signing and verification. Compare that to the monstrosity that is gpg(1)… (https://www.gnupg.org/documentation/manpage.en.html)
Yes! For some reason I still always type `man whatever` when I need to do something with a tool... even though I'm just presented with 50 pages of gibberish that I scroll through for a few pages then go to Stack Overflow.
The problem I usually find is that man pages give equal importance to every possible flag - making really hard to figure out which elements you most likely will need to do common tasks.
The quality of manpages can vary significantly, however many of them are excellent. The Git manpages stand out; most of the system manpages for OpenBSD are excellent as well.
One other nice thing is integration with an editor. I view manpages in emacs, and can yank the snippets directly into my other buffers for extra convenience.
The quality of the medium is not determined by the quality of its content. GNU manpages especially are incredibly low quality (they have info(1) for extensive documentation), but not all man pages are GNU manpages. If you use man with shell job control (Ctrl-z, fg, bg), you can easily read multiple man pages simultaneously.
What is your better solution ? Instead of being derogatory about a technology which works how about creating your ideal and seeing if the Internet likes it ?
It's a good ideal but it also helps to recognize the problem. Not everyone that recognizes the problem is apt or interested in offering a solution. Also I don't believe parent comment was intended to be derogatory
Indeed. When you do user testing and they tell you a certain component of your application is confusing or hard-to-use, do you castigate them for being derogatory and tell them to fix it?
I understand what you're saying but I think it goes without saying that we've started paying more attention to quality of user experience for software in the past twenty years.
If you genuinely disagree and believe the 90s were as ripe with quality tooling and documentation as 2016, well, that's a bit strange, but you're certainly entitled to your opinion.
I don't know. I really like the moments where Alan Kay appears out of nowhere, tells where your idea squanders the potential of computers, points to 60's-80's prior art that did it better anyway, and disappears in a puff of smoke.
The last thing our discipline needs is us thinking we got it all and it just needs polishing.
"For instance it doesn't have everything you need to validate certificates..."
Yet it has all the CA crap thrown in, via the overloaded openssl binary. As "examples". And according to the documentation, not even "correct" illustrations of how libssl should be used.
Encryption and authentication are two separate problems.
Just because you figured out a way to encrypt a message does not mean you have also figured out how to a way to send it to only the correct recipient... over an insecure network. (Insecure not only in the sense of "plaintext" but in the sense you are not in control of much of anything - routing, PKI infrastructure, etc.)
It seems to me that one would want to solve the authentication problem first, and then move on to encryption.
This comment shows that for proponents of using SSL on the public web, it's been the other way around. Authentication was never sorted out.
When it comes to authentication, all due respect to the OpenSSL authors, SSH has provided a better attempt at a solution than any implementation of PKI using SSL/TLS.
And one more thing, how many ciphers does a user really need? As we've heard time and again, many of them are not even "safe" to use. Some of the alternative SSL libraries have wisely removed them. But I guess OpenSSL is append only?
OpenSSL is pretty bad. After reading about some of the stuff that lead the the libressl fork, I wouldn't trust it with my lunch money. Sure, the algorithms are good, but as far as the code's concerned, Heartbleed was the tip of the iceberg.
There's a saying, "don't roll your own crypto," and it's good advice.
In the case of openssl, you might be better off rolling your own. At least the vulnerabilities you end up with are different than the ones that the rest of the world has.
The experts writting it for themselves part seemed inaccurate given what I read in LibreSSL commits. It was one atrocity after another. Still love Ted Unganst's observation about them making surd endianess of CPU doesnt change while protocol is running. Just cant remember how often that check was performed.
i interpreted this as: this was written by security experts (cryptographers), not expert programmers. this means the algorithms are generally ok, but the implementation is wacky (and issue prone).
It was also written by cryptographers who for years asked for support, and got barely enough to keep the server running let alone live off it. Meanwhile the world and his wife joined in with feature requests and complaints about things they didn't like, but mostly without offering to help.
So it doesn't surprise me that unit testing, documentation, code review etc. weren't a top priority for spending more unpaid hours on - people literally got what they paid for.
I'll partly agree with that. Mostly even. I draw the line at expecting a security-critical library intending widespread adoption at least follow secure coding guidelines if nothing else. It really doesnt take much effort vs what was already done. Tiny fraction of it.
That plus the larger trend of developers ignoring basic, good practices is why I critique the project a bit. Plus, LibreSSL team illustrated my point nicely by doing 10x what I expected in a very short time with no pay.
I got a few thousand dollars of that money as a security bug bounty.
OpenSSL fixed the problem quickly, but one year on still haven't accepted the regression test for the issue. It would be amusing if it wasn't so horrifying.
If you think OpenSSL is bad, try MIRACL (only documentation I could find is a word file that's basically a list of function signatures). And OpenSSL at least generally builds fine on a vanilla Ubuntu machine.
In contrast, libsodium deserves praise for writing documentation like they want people to actually use their library.
Modern documentation has gotten way better, as seen in the Stripe docs and many others, and I wish the man pages could be updated accordingly.