
Shill: A Secure Shell Scripting Language - thinkmoore
http://shill-lang.org
======
tkinom
Personally, I am not a big fan of putting more acl/config/monitor requirements
to the shell. New features add complexity, possible bugs and hacking vectors.

Prefer just simply "git add /{etc,bin,sbin,lib} /usr/{bin,sbin,lib} ... && git
commit "

And daily cron jobs run a "git status" would give me some idea, trigger and
confident if someone have "hack into" the server.

------
anonfunction
Very relevant timing.

I've all but switched to zsh on my dev boxes but this looks to be a great
option for production environments.

~~~
kolev
Well, zsh isn't much better than Bash. Fish beats both, but the web-based
stuff annoys me. Given Windows has the super-powerful and elegant PowerShell,
I think a new shell language is definitely needed.

~~~
xiaq
Time for advertisements!

I've been doing this for some time:
[https://github.com/xiaq/elvish](https://github.com/xiaq/elvish)
([https://news.ycombinator.com/item?id=8090534](https://news.ycombinator.com/item?id=8090534))

~~~
kolev
Thanks for reminding me about your project, which I saw earlier here! I was
about to try it out and then forgot.

------
thinkmoore
Developer here, happy to answer any questions.

------
Gonzih
Developer in Racket, does not have S-expressions syntax? Why? Would love to
use some scripting lisp on my machine.

~~~
xiaq
Maybe some lisp hackers gradually find out that a lot of parenthesis is not
that fun for everyone. Not meant to enrage Lisp hackers, I actually find
parenthesis bearable.

There is also Pyret([http://www.pyret.org/](http://www.pyret.org/)) created by
some people on the PLT team (you can confirm this by looking at the owner of
their Github repo [https://github.com/brownplt/pyret-
lang](https://github.com/brownplt/pyret-lang)). But more surprisingly it's
implemented in JavaScript...

~~~
agumonkey
As usual, one just need a paredit equivalent to forget about parens forever. I
also remember an extension (maybe emacs, or a scheme SRFI) removing the top-
level parens (implicit rewriting rule).

    
    
        repl> defun id (x) x
    
        repl> defun fact (n)
                (if (< n 2)
                   1
                   (* n (recur (1- n))))
    

A little more pleasant for people used in curly braces I'd say.

~~~
xiaq
Codes are read much more often than written.

paredit makes editing parens easier, but reading them is still difficult for
the unskilled (rainbow parens help, but it's still far from painless). Compare
this to how autocompletion makes it easier to write a
VeryVeryVeryVeryVeryVeryVeryLongMethodName but doesn't make it any easier to
read.

~~~
agumonkey
I don't know, properly abstracted LISP code is 'supposed' to be tiny (you have
all you need to write nice DSL/API) so you don't have long winded things on
screen.

And I have a differing opinion about code meant to be read. This is a side
effect of syntaxful languages read statically in buffer editors. You want to
understand LISP ? you load the code, play with and evaluate sub expressions,
and sexps/paredit is of great help here.

------
IshKebab
I would have thought the best way to do secure shell scripting is to use a
non-shell language, e.g. Python or Go.

It seems most shell vulnerabilities (including shellshock) fundamentally come
from the awful and dangerous syntax.

~~~
thinkmoore
Fundamentally, it's not an issue of syntax. The problem is that the way
commodity systems are set up, the capabilities of a script or program come
from the environment in which it is run. There is no way that a user can
easily tell what a script will do, even if it isn't malicious or doesn't have
a code injection vulnerability.

------
Eleopteryx
Can't say I like the name; it evokes nothing but negative connotations.

~~~
vezzy-fnord
I just find it so amusing, personally. I like it. It fits in with the security
theme relatively well, too.

~~~
Eleopteryx
How does "shill" relate to security in any kind of fashion? Am I missing
something?

~~~
zalzane
in the same way that the name "john the ripper" relates to security

it's just a cute name

