Hacker News new | ask | show | jobs
by JoshTriplett 3432 days ago
Better yet, don't offer a CLI as the primary interface; provide a reasonable library to use instead.
3 comments
zimbatm 3432 days ago
A CLI is usable by any language that can fork/exec and read/write IO. A library is more likely to be usable by only one language.
link
JoshTriplett 3432 days ago
A C library, or a library with a C interface, is usable by any language with an FFI.
link
3pt14159 3432 days ago
That's true in theory, but in practice most Ruby developers don't know how to use C or the FFI well enough to build a library out of a C or C++ library.

It's reasonable to shell out sometimes. It's what Github did when they were first starting. It's what 500px did when they were first starting. Trying to do everything the right way early on is just going to slow you down.

link
deong 3432 days ago
I think with security-related software in particular, the proper answer there is "tough". If you can't figure out how to call a C function, you should probably just not write critical software.
link
wildmusings 3431 days ago
One of the important lessons that the profession has yet to fully internalize is that there is very little software that is NOT security-related.
link
Kalium 3431 days ago
It's very, very difficult to get product managers to internalize that there are real security restrictions on how they can enable users to make things pretty.

Almost everything is security-related. Almost nobody is willing to work with this.

link
zeveb 3431 days ago
OTOH, a C library will almost certainly be unsafe and insecure, while POSIX pipes can be secure.
link
JoshTriplett 3431 days ago
Exactly what I had in mind when I said "or a library with a C interface".

(Someday, I hope we have a better cross-language ABI than C.)

link
raverbashing 3432 days ago
Thinking a bit about this problem, I'm a bit torn

In one side, a CLI offers a "better" way of using the product (as with a library it's easier to misuse something)

On another, issues like this

(But I guess in this specific case the issue is that encfs is not doing a minimal validity check of the password being provided)

It would be good if CLIs would/could be more consistent, but in the Unix/Gnu options world, probably it won't

link
JoshTriplett 3432 days ago
> In one side, a CLI offers a "better" way of using the product (as with a library it's easier to misuse something)

A CLI provides a better interactive interface, but a terrible programmatic interface.

link
raverbashing 3432 days ago
Yes, it is awful in the programmatic sense, I don't want to assemble command lines by hand or parse error messages

It is nice in the conceptual sense, because it usually fits the common use cases

link
notheguyouthink 3432 days ago
Though, that only works for the language that you use. Other languages may opt to use the CLI as the API
link