The file names are ingested as a string so there is no way they’re being interpreted by the Go runtime (and in fact, Go being a AOT compiles language rather than a dynamic one means it wouldn’t be possible for file names to conflict like described in the readme).
This suggests to me that the author is misunderstanding why ‘&’ causes POSIX shells to do weird things.
I think what’s happening is the author tried a web URI that had an ampersand in, Bash then background the process and the author panicked thinking the Go runtime was parsing the ampersand rather than his or her $SHELL.
> I think what’s happening is the author tried a web URI that had an ampersand in, Bash then background the process and the author panicked thinking the Go runtime was parsing the ampersand rather than his or her $SHELL.
Yes, this is exactly what happened.
The author says this is one of their first Go projects, which explains their misunderstanding. They still have a lot to learn, not only about Go but Bash as well.
That being said, I am happy to see new programmers learn new things, especially in one of my favourite programming languages.
I remember a couple of years ago, one project also took file paths as a parameter and supported multiple parameters. In the readme the author stated that they hadn't yet written support for wildcards (globing) so each file needed to be included manually. There were surprised and pleased when I raised an "issue" pointing out that actually they get globing for free with their $SHELL.
That experience really made me appreciate just how varied developers experiences were with the command line and also appreciative that people are still writing tools and happy to share them with the community even when they're not 40+ year old UNIX grey beards. It's good to see fresh folk adopt TUIs.
Good catch and that's definitely true as well but there's no way the author could have passed an ampersand into a Go string (ie as a parameter in said tool) without understanding the need to escape it in the first place. The shell would have parsed the ampersand as a reserved token out before the URI encoding bug was exposed.
As first project though, it's a great learning exercise for the author. We all have to start somewhere.
It’s a mistake. It’s certainly meant to say reserved by Powershell. Of course it will also not do the desired thing in POSIX shells, but in Powershell, rather than cut a URL short but likely keep it valid + fork, it will error out since & is reserved in Powershell. In reality what it should be telling you to do is shell escape the ampersand.
I don't get this concern. What specifically are you worried about here, that a bad parameter will crash the program? The code is there in case you wanted to verify it's not doing anything nefarious.
This looks like just a cute script/program the author wanted to share with HN, I don't think it's a big deal if they didn't fully productionize the thing and just wanted it to be seen.
The worry is that something in a link will cause the program to behave in unpredictable manner. At best it would crash, but it could do much more damage if given the chance.
I don't know Golang, so I can't definitely confirm or deny any intricacies it may or may not have. Though as mentioned by others, it seems to essentially be a wrapper for a webpage
It sounds like a shell injection vulnerability [i have not actually checked though]. Attack scenario is somewhat realistic ("friend" sends you an image in a manner that preserves filenames, you run command on file)
Being blatently vulnerable is not the same thing as being not production ready.
Even if you sanitize inputs, you still have to sanitize outputs. And as the comments below show, the real problem here is that outputs weren't sanitized.
Creating URLs or command line arguments without proper escaping is going to fail in so many ways, even on data that isn't malicious.
had to dig into the repo to come to the same conclusion. My first thought was, wow for your first go app you really implemented image recognition for all ever available anime?
And soon realised it must just link to a web service which already does this or he has his own webservice somewhere with much more cpu power than a tiny cli app.
I was going to say that I find it oddly specific to limit such a search technology on an image on so-called “anime” only, and now I will say that of this “trace.moe”.
I don't understand why so many websites and services do this; it's really silly.
On 4chan, various trolls love to make topics that test the definition to see if they are removed by being very technical with it.
I also tried trace.moe on The Wonderful Adventures of Nils, which is one of the most commercially successful “anime” of all time and it produced no results. So as the title suggests, perhaps it's one of those websites that says “anime”, where it actually simply means “moe art”.
Is it really silly though? The author of trace.moe has to label and store each anime episode somewhere, and use CPU power provided for free to search through these indexes. Adding regular TV series and movies to this dataset could really dirty what gets returned when the service is just about letting someone find out what anime some screenshot is from.
The FAQ says they've indexed most of post-2000 anime and very little of 80s and 90s anime. It mentions you can even use a similar drawing of the scene to get a match, due to the method they're using!
> Is it really silly though? The author of trace.moe has to label and store each anime episode somewhere, and use CPU power provided for free to search through these indexes. Adding regular TV series and movies to this dataset could really dirty what gets returned when the service is just about letting someone find out what anime some screenshot is from.
I simply quæstion the sanity of delimiting the search to animated works from a single country, and as I pointed out since it can't find something from Nils, it isn't really about that.
> The FAQ says they've indexed most of post-2000 anime and very little of 80s and 90s anime. It mentions you can even use a similar drawing of the scene to get a match, due to the method they're using!
It also couldn't find anything from The Spirits Within and Advent Children, so it's really not about “animation from Japan” but about specific art styles, it seems.
If only the reality weren't that most sources using that ridiculous term are highly inconsistent about the meaning and use it with two different meanings in the same paragraph.
If “moe art” be what one means, then simply use that word; — there is already a perfectly good word for it.
The truth is there’s no single concrete word exist for the category. Some suggest “moe art”, some say “anime”, some say “hentai”, etc. but each is interpreted differently and not inclusive nor popular.
Cool! A few of my friends have dragged me back into watching anime, so anime related side projects are fresh on my mind. This seems like a great use case for a discord bot too.
My big want is a fluff eliminator API. Like a service where people can define timestamps of where the actual good stuff is on a per-episode basis. Then a wrapper service that displays just the slimmed down episode portions chained together. But I don't know if the YouTube API or others even support stuff like that.
I suspect you could make some progress on a "fluff eliminator" by leveraging the existing "sakuga" database[1]. "Sakuga", in this context, meaning the well animated parts.
After all, there's a fairly strong correlation between high-importance scenes and overall framecount, which makes sense when you consider that frames are the main currency animation studios work with.
I don't think this approach would work. It's quite common to have long-ish dialogue scenes with lower-grade animation, and save the high-quality work on scenes with interesting things to look at happening on the screen.
As an example, the final conversation between Okabe and FB in Steins;Gate is really not good animation, but it is crucial to the plot, and the dialogue and voice acting still make it a very impactful scene.
An extreme example: There's a critical scene towards the end of Neon Genesis Evangelion where a single frame is on screen for about a minute with no dialog. (Not the elevator scene.)
You are, of course, correct. It's not exactly a bulletproof heuristic. At best, you'd probably only be able to identify likely filler episodes, as opposed to filler scenes.
A truly sophisticated approach capable of identifying filler scenes would probably involve machine learning using data that's not (to my knowledge) actually available to the public, like engagement/watchtime statistics.
> My big want is a fluff eliminator API. Like a service where people can define timestamps of where the actual good stuff is on a per-episode basis.
I'm trying to build something similiar[0] to this by indexing (and plotting) the anime score (given by MAL, something like IMDB for anime) on a daily basis. So in theory you could look at the graph and when you see a spike in score/user/favorites the episode may be good, or bad, or anything.
That's the idea. I was busy getting the indexer stable, so it's not really finished and I haven't spent much time on design. E.g. the airing dates aren't plotted yet etc. The current work is at https://anistats.com.
I'm surprised how bad trace.moe is, I supplied a screen cap from "Toward the Terra" and it completely failed at finding anything similar even, same for "Future Boy Conan."
I used to think that about Shazam. I had no reasonable idea about how it worked, so much so it really felt like magic (there's a quote to be put here, which I can't find the author here. HN help me).
My 2c of an advice: uncover the magic, learn the innerworkings of such methods. It is a much stronger and more powerful feeling than the "wow" effect you're having right now.
If you're posting your own pet projects, rules[1] state you are supposed to use the "Show HN" moniker. This is mostly a matter of consistent tagging and algorithmic binning, IIUC.
>NOTE: MAKE SURE THAT YOUR LINKS ENDS WITH .IMAGE_FORMAT AND DOESN'T HAVE ANY & CHARS AFTER BECAUSE THIS SYMBOL IS RESERVED BY GOLANG
Makes me a bit uncomfortable with it. Shouldn't input sanitization be one of the first things to consider when doing user-facing applications?