Life and Opinions

To my mind, one of the biggest mistakes that Microsoft made in Windows 95 was to put a space in the name of the main program installation directory: "C:\Program Files".  This caused untold grief to users as the default installation of lots of otherwise compatible Windows 3.1 programs would fail with messages such as "Can't find directory C:\Program".  And this seemed totally unnecessary: it was is if the marketing people at Microsoft were just showing off that Windows could now handle filenames with spaces in, but had forgotten that many of the programs that users might want to install couldn't handle them.  As a result of this, lots of programs defaulted to installing themselves in the top-level directory "C:\", and I learnt to avoid putting spaces in filenames (and directory names) altogether.  Even now, 15 years later, I will always name a file "some-name.txt" or "some_name.txt" rather than "some name.txt".

I had assumed that the designers of Unix and Linux would not have made such a silly mistake, but I have just come across Fixing Unix/Linux/POSIX Filenames: Control Characters (such as Newline), Leading Dashes, and Other Problems by David A. Wheeler (Via Avery Pennarum.), and the situation seems much worse.  These systems allow control characters such as newlines in filenames.  This is really appalling: you can't hope to build secure software on top of a system that subverts your expectations to such an extent.  As John DuBois said (quoted by Wheeler)  "Newlines in filenames are mainly something you would encounter in a malicious context..".  Anyone who develops software for Unix/Linux systems really should read through Wheeler's article.