Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
What Anime CLI? (github.com/irevenko)
138 points by irevenko on Jan 20, 2021 | hide | past | favorite | 59 comments


The message

>NOTE: MAKE SURE THAT YOUR LINKS ENDS WITH .IMAGE_FORMAT AND DOESN'T HAVE ANY & CHARS AFTER BECAUSE THIS SYMBOL IS RESERVED BY GOLANG

Makes me a bit uncomfortable with it. Shouldn't input sanitization be one of the first things to consider when doing user-facing applications?


The file names are ingested as a string so there is no way they’re being interpreted by the Go runtime (and in fact, Go being a AOT compiles language rather than a dynamic one means it wouldn’t be possible for file names to conflict like described in the readme).

This suggests to me that the author is misunderstanding why ‘&’ causes POSIX shells to do weird things.

I think what’s happening is the author tried a web URI that had an ampersand in, Bash then background the process and the author panicked thinking the Go runtime was parsing the ampersand rather than his or her $SHELL.


> I think what’s happening is the author tried a web URI that had an ampersand in, Bash then background the process and the author panicked thinking the Go runtime was parsing the ampersand rather than his or her $SHELL.

Yes, this is exactly what happened.

The author says this is one of their first Go projects, which explains their misunderstanding. They still have a lot to learn, not only about Go but Bash as well.

That being said, I am happy to see new programmers learn new things, especially in one of my favourite programming languages.


I remember a couple of years ago, one project also took file paths as a parameter and supported multiple parameters. In the readme the author stated that they hadn't yet written support for wildcards (globing) so each file needed to be included manually. There were surprised and pleased when I raised an "issue" pointing out that actually they get globing for free with their $SHELL.

That experience really made me appreciate just how varied developers experiences were with the command line and also appreciative that people are still writing tools and happy to share them with the community even when they're not 40+ year old UNIX grey beards. It's good to see fresh folk adopt TUIs.


And we as a community in software should appreciate and celebrate when friendly and helpful support is provided to newcomers. Thank you!


yes.


No, I think the author doesn't understand how to urlencode parameters as the image URL is passed to the API like so:

curl -s https://trace.moe/api/search?url=https://foobar/baz.jpg

And in the project the URL is simply appended:

https://github.com/irevenko/what-anime-cli/blob/main/cli/lin...

The API provides both GET and POST methods of passing the image file or URL and the author has somehow mangled them both into one as well :)

https://soruly.github.io/trace.moe/#/


Good catch and that's definitely true as well but there's no way the author could have passed an ampersand into a Go string (ie as a parameter in said tool) without understanding the need to escape it in the first place. The shell would have parsed the ampersand as a reserved token out before the URI encoding bug was exposed.

As first project though, it's a great learning exercise for the author. We all have to start somewhere.


So in other words, OP's gut "Makes me a bit uncomfortable" is an understatement.


It’s a mistake. It’s certainly meant to say reserved by Powershell. Of course it will also not do the desired thing in POSIX shells, but in Powershell, rather than cut a URL short but likely keep it valid + fork, it will error out since & is reserved in Powershell. In reality what it should be telling you to do is shell escape the ampersand.


I don't get this concern. What specifically are you worried about here, that a bad parameter will crash the program? The code is there in case you wanted to verify it's not doing anything nefarious.

This looks like just a cute script/program the author wanted to share with HN, I don't think it's a big deal if they didn't fully productionize the thing and just wanted it to be seen.


The worry is that something in a link will cause the program to behave in unpredictable manner. At best it would crash, but it could do much more damage if given the chance.

I don't know Golang, so I can't definitely confirm or deny any intricacies it may or may not have. Though as mentioned by others, it seems to essentially be a wrapper for a webpage


Just do not use powershell l o l


It's reserved by POSIX shells as well. So either way you'd have to escape the ampersand.


It sounds like a shell injection vulnerability [i have not actually checked though]. Attack scenario is somewhat realistic ("friend" sends you an image in a manner that preserves filenames, you run command on file)

Being blatently vulnerable is not the same thing as being not production ready.


Just do not use powershell l o l


Even if you sanitize inputs, you still have to sanitize outputs. And as the comments below show, the real problem here is that outputs weren't sanitized.

Creating URLs or command line arguments without proper escaping is going to fail in so many ways, even on data that isn't malicious.


Find the anime scene by image using your terminal This application is basically a wrapper around trace.moe


had to dig into the repo to come to the same conclusion. My first thought was, wow for your first go app you really implemented image recognition for all ever available anime? And soon realised it must just link to a web service which already does this or he has his own webservice somewhere with much more cpu power than a tiny cli app.


yes


I was going to say that I find it oddly specific to limit such a search technology on an image on so-called “anime” only, and now I will say that of this “trace.moe”.

I don't understand why so many websites and services do this; it's really silly.

On 4chan, various trolls love to make topics that test the definition to see if they are removed by being very technical with it.

I also tried trace.moe on The Wonderful Adventures of Nils, which is one of the most commercially successful “anime” of all time and it produced no results. So as the title suggests, perhaps it's one of those websites that says “anime”, where it actually simply means “moe art”.


Is it really silly though? The author of trace.moe has to label and store each anime episode somewhere, and use CPU power provided for free to search through these indexes. Adding regular TV series and movies to this dataset could really dirty what gets returned when the service is just about letting someone find out what anime some screenshot is from.

The FAQ says they've indexed most of post-2000 anime and very little of 80s and 90s anime. It mentions you can even use a similar drawing of the scene to get a match, due to the method they're using!


> Is it really silly though? The author of trace.moe has to label and store each anime episode somewhere, and use CPU power provided for free to search through these indexes. Adding regular TV series and movies to this dataset could really dirty what gets returned when the service is just about letting someone find out what anime some screenshot is from.

I simply quæstion the sanity of delimiting the search to animated works from a single country, and as I pointed out since it can't find something from Nils, it isn't really about that.

> The FAQ says they've indexed most of post-2000 anime and very little of 80s and 90s anime. It mentions you can even use a similar drawing of the scene to get a match, due to the method they're using!

It also couldn't find anything from The Spirits Within and Advent Children, so it's really not about “animation from Japan” but about specific art styles, it seems.


>so it's really not about “animation from Japan” but about specific art styles, it seems.

Yes, the one colloquially known as anime.


If only the reality weren't that most sources using that ridiculous term are highly inconsistent about the meaning and use it with two different meanings in the same paragraph.

If “moe art” be what one means, then simply use that word; — there is already a perfectly good word for it.


A phrase that essentially nobody else uses to mean what you want it to mean is hardly a perfectly good word for a concept.

Feel free to popularize it on its merits first, then we can talk.


The truth is there’s no single concrete word exist for the category. Some suggest “moe art”, some say “anime”, some say “hentai”, etc. but each is interpreted differently and not inclusive nor popular.


It's more like a production methodology than an art style. Art styles don't scale.


Cool! A few of my friends have dragged me back into watching anime, so anime related side projects are fresh on my mind. This seems like a great use case for a discord bot too.

My big want is a fluff eliminator API. Like a service where people can define timestamps of where the actual good stuff is on a per-episode basis. Then a wrapper service that displays just the slimmed down episode portions chained together. But I don't know if the YouTube API or others even support stuff like that.


I suspect you could make some progress on a "fluff eliminator" by leveraging the existing "sakuga" database[1]. "Sakuga", in this context, meaning the well animated parts.

After all, there's a fairly strong correlation between high-importance scenes and overall framecount, which makes sense when you consider that frames are the main currency animation studios work with.

[1]: https://www.sakugabooru.com/post


I don't think this approach would work. It's quite common to have long-ish dialogue scenes with lower-grade animation, and save the high-quality work on scenes with interesting things to look at happening on the screen.

As an example, the final conversation between Okabe and FB in Steins;Gate is really not good animation, but it is crucial to the plot, and the dialogue and voice acting still make it a very impactful scene.


An extreme example: There's a critical scene towards the end of Neon Genesis Evangelion where a single frame is on screen for about a minute with no dialog. (Not the elevator scene.)


You are, of course, correct. It's not exactly a bulletproof heuristic. At best, you'd probably only be able to identify likely filler episodes, as opposed to filler scenes.

A truly sophisticated approach capable of identifying filler scenes would probably involve machine learning using data that's not (to my knowledge) actually available to the public, like engagement/watchtime statistics.


Also, things like transformation sequences might have high quality because they will get reused many times.


> My big want is a fluff eliminator API. Like a service where people can define timestamps of where the actual good stuff is on a per-episode basis.

I'm trying to build something similiar[0] to this by indexing (and plotting) the anime score (given by MAL, something like IMDB for anime) on a daily basis. So in theory you could look at the graph and when you see a spike in score/user/favorites the episode may be good, or bad, or anything.

That's the idea. I was busy getting the indexer stable, so it's not really finished and I haven't spent much time on design. E.g. the airing dates aren't plotted yet etc. The current work is at https://anistats.com.

An example for a overhyped show would be https://www.anistats.com/anime/41353/the-god-of-high-school. And a steady climbing, probably better-than-thought movie would be this: https://www.anistats.com/anime/38088/digimon-adventure-last-...

[0] https://anistats.com


There is a telegram bot that trim a particular anime secene from a specific moment. See more: https://github.com/soruly/trace.moe-media


The impressive part here is the trace.moe service, which powers the whole thing.

https://github.com/soruly/trace.moe


Is there an analogous service for identifying music (mp3/wav) files ? Or any other media formats/genres ?


Search for alternatives to Shazam (proprietary)



Is there an API?


I'm surprised how bad trace.moe is, I supplied a screen cap from "Toward the Terra" and it completely failed at finding anything similar even, same for "Future Boy Conan."


Yes! One of the most relevant and useful projects!


sarcasm


Message to Mods: Add "Show HN" to the title as it is dev's post.


This is insane tech


I used to think that about Shazam. I had no reasonable idea about how it worked, so much so it really felt like magic (there's a quote to be put here, which I can't find the author here. HN help me).

My 2c of an advice: uncover the magic, learn the innerworkings of such methods. It is a much stronger and more powerful feeling than the "wow" effect you're having right now.


> so much so it really felt like magic (there's a quote to be put here, which I can't find the author here. HN help me).

"Any sufficiently advanced technology is indistinguishable from magic."

Arthur C. Clarke

:)


ha ha, thanks, I knew the HN crew couldn't disappoint on this :)


This presentation briefly describes how it works https://go-talks.appspot.com/github.com/soruly/slides/2018-0...


I'm surprised that trace.moe only needs 430 GB of data to work as well as it does.


By default, it only requires the colorLayout database to work (which is just 133GB). You can see my presentation here: https://github.com/soruly/slides/blob/master/2020-12-trace.m...


I think it will gradually increase as time went on.


yo nice reaction!


amazing!! this is what i; looking for thank you.


Please change title to "Show HN:"


why


If you're posting your own pet projects, rules[1] state you are supposed to use the "Show HN" moniker. This is mostly a matter of consistent tagging and algorithmic binning, IIUC.

[1]: https://news.ycombinator.com/showhn.html


my bad




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: