Never Ending Security

It starts all here

Config file hell

xkcd 963 nailed it once again. How much fun is it to have to open one of the zillion Unix config files on your Debian box and start tweaking until it finally works? The graph could just as well show “Time since I last opened wpa_supplicant.conf”, or “/etc/network/interfaces”, “fontconfig”, “httpd.conf”, or “crontab”.

Unix is famous for its configurability. Unfortunately it has never offered a single convenient base library to support configuration file parsing. Every little piece of software had to design its own format, generate its own syntax rules (which complexity mostly depend on the programmer’s talent for parser writing), and force you to learn yet another language that will take you hours to understand and minutes to forget. Examples:


Seems the syntax for crontab files is just a bit beyond what my brain can absorb. I have set millions of cron jobs in my life and still cannot write one without copy/paste from an existing file.


The associated man page does not just describe a set of options, it goes as far as defining a full-fledged language by providing a formal BNF grammar, as if end-users were yacc compilers. It even features significant whitespace. Yummy.


Before we had spam filters, procmail was the only wall between a sane inbox and a wave of unsollicited messages. But there was a heavy price to pay: learn how to write a bug-free procmailrc with no way to test it except to send yourself half a million fake e-mails until you got it right. I still have a couple of procmailrc templates somewhere just in case I ever have to get into this again. will probably earn the gold medal of the most obscure, un-debuggable, impossible to write and just frankly insane configuration file there ever was. It is now mentioned in the Geneva convention about the non-proliferation of mental-illness-inducing configuration formats. But let us not be too harsh. Without it we would not have had the case of the 500-mile email and a lot less horror stories to tell our children.

Hopefully things are getting better. Now that we have XML we can tear away the last shreds of hope of ever understanding how to configure a piece of software by editing a file. And if you are really vicious, you could go as far as creating an XML-like config file format that cannot be validated.

I once had a problem, then I discovered XML, and then I had two problems.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s