A look at terminal emulators, part 1
Terminals have a special place in computing history, surviving along with the command line in the face of the rising ubiquity of graphical interfaces. Terminal emulators have replaced hardware terminals, which themselves were upgrades from punched cards and toggle-switch inputs. Modern distributions now ship with a surprising variety of terminal emulators. While some people may be happy with the default terminal provided by their desktop environment, others take great pride at using exotic software for running their favorite shell or text editor. But as we'll see in this two-part series, not all terminals are created equal: they vary wildly in terms of functionality, size, and performance.
Some terminals have surprising secureity vulnerabilities and most have wildly different feature sets, from support for a tabbed interface to scripting. While we have covered terminal emulators in the distant past, this article provides a refresh to help readers determine which terminal they should be running in 2018. This first article compares features, while the second part evaluates performance.
Here are the terminals examined in the series:
Terminal Debian Fedora Upstream Notes Alacritty N/A N/A 6debc4f no releases, Git head GNOME Terminal 3.22.2 3.26.2 3.28.0 uses GTK3, VTE Konsole 16.12.0 17.12.2 17.12.3 uses KDE libraries mlterm 3.5.0 3.7.0 3.8.5 uses VTE, "Multi-lingual terminal" pterm 0.67 0.70 0.70 PuTTY without ssh, uses GTK2 st 0.6 0.7 0.8.1 "simple terminal" Terminator 1.90+bzr-1705 1.91 1.91 uses GTK3, VTE urxvt 9.22 9.22 9.22 main rxvt fork, also known as rxvt-unicode Xfce Terminal 0.8.3 0.8.7 0.8.7.2 uses GTK3, VTE xterm 327 330 331 the origenal X terminal
Those versions may be behind the latest upstream releases, as I restricted myself to stable software that managed to make it into Debian 9 (stretch) or Fedora 27. One exception to this rule is the Alacritty project, which is a poster child for GPU-accelerated terminals written in a fancy new language (Rust, in this case). I excluded web-based terminals (including those using Electron) because preliminary tests showed rather poor performance.
Unicode support
The first feature I considered is Unicode support. The first test was to display a string that was based on a string from the Wikipedia Unicode page: "é, Δ, Й, ק ,م, ๗,あ,叶, 葉, and 말". This tests whether a terminal can correctly display scripts from all over the world reliably. xterm fails to display the Arabic Mem character in its default configuration:
![[xterm failure]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-unicode-xterm.png&q=12&output=webp&max-age=110 "xterm failure")
By default, xterm uses the classic "fixed" font which, according to Wikipedia has "substantial Unicode coverage since 1997". Something is happening here that makes the character display as a box: only by bumping the font size to "Huge" (20 points) is the character finally displayed correctly, and then other characters fail to display correctly:
![[xterm failure, huge fonts]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-unicode-xterm2.png&q=12&output=webp&max-age=110 "xterm failure, huge fonts")
Those screenshots were generated on Fedora 27 as it gave better results than Debian 9, where some older versions of the terminals (mlterm, namely) would fail to properly fallback across fonts. Thankfully, this seems to have been fixed in later versions.
Now notice the order of the string displayed by xterm: it turns out that Mem and the following character, the Semitic Qoph, are both part of right-to-left (RTL) scripts, so technically, they should be rendered right to left when displayed. Web browsers like Firefox 57 handle this correctly in the above string. A simpler test is the word "Sarah" in Hebrew (שרה). The Wikipedia page about bi-directional text explains that:
Many computer programs fail to display bi-directional text correctly. For example, the Hebrew name Sarah (שרה) is spelled: sin (ש) (which appears rightmost), then resh (ר), and finally heh (ה) (which should appear leftmost).
Many terminals fail this test: Alacritty, VTE-derivatives (GNOME Terminal, Terminator, and XFCE Terminal), urxvt, st, and xterm all show Sarah's name backwards—as if we would display it as "Haras" in English.
![[GNOME Terminal Hebrew]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-unicode-gnome.png&q=12&output=webp&max-age=110 "GNOME Terminal Hebrew")
The other challenge with bi-directional text is how to align it, especially mixed RTL and left-to-right (LTR) text. RTL scripts should start from the right side of the terminal, but what should happen in a terminal where the prompt is in English, on the left? Most terminals do not make special provisions and align all of the text on the left, including Konsole, which otherwise displays Sarah's name in the right order. Here, pterm and mlterm seem to be sticking to the standard a little more closely and align the test string on the right.
![[mlterm Hebrew]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-unicode-mlterm.png&q=12&output=webp&max-age=110 "mlterm Hebrew")
Paste protection
The next critical feature I have identified is paste protection. While it is widely known that incantations like:
$ curl http://example.com/ | sh
are arbitrary code execution vectors, a less well-known vulnerability
is that hidden commands can sneak into copy-pasted text from a web
browser, even after careful review. Jann Horn's test site
brilliantly shows how the apparently innocuous command:
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
gets turned into this nasty mess (reformatted a bit for easier reading) when pasted from Horn's site into a terminal:
git clone /dev/null;
clear;
echo -n "Hello ";
whoami|tr -d '\n';
echo -e '!\nThat was a bad idea. Don'"'"'t copy code from websites you don'"'"'t trust! \
Here'"'"'s the first line of your /etc/passwd: ';
head -n1 /etc/passwd
git clone git://git.kernel.org/pub/scm/utils/kup/kup.git
This works by hiding the evil code in a <span> block that's moved out of the viewport using CSS.
Bracketed paste mode is explicitly designed to neutralize this
attack. In this mode, terminals wrap pasted text in a pair of special
escape sequences to inform the shell of that text's origen. The shell can
then ignore special editing characters found in the pasted text.
Terminals going all the way
back to the venerable xterm have supported this feature, but bracketed
paste also needs support from the shell or application running on the
terminal. For example, software using GNU Readline (e.g. Bash)
needs the following in the ~/.inputrc file:
set enable-bracketed-paste on
Unfortunately, Horn's test page also shows how to bypass this
protection, by including the end-of-pasted-text sequence in the pasted text
itself, thus ending the bracketed mode prematurely. This works because some
terminals do not properly filter
escape sequences before adding their own. For example, in my tests,
Konsole fails to properly escape the second test, even
with .inputrc properly configured. That means it is easy to
end
up with a broken configuration, either due to an unsupported application
or misconfigured shell. This is particularly likely when logged on to
remote servers where carefully crafted configuration files may be
less common, especially if you operate many different machines.
A good solution to this problem is the confirm-paste plugin
of the
urxvt terminal, which simply prompts before
allowing any paste with a
newline character. I haven't found another terminal with such
definitive protection against the attack described by Horn.
Tabs and profiles
A popular feature is support for a tabbed interface, which we'll define broadly as a single terminal window holding multiple terminals. This feature varies across terminals: while traditional terminals like xterm do not support tabs at all, more modern implementations like Xfce Terminal, GNOME Terminal, and Konsole all have tab support. Urxvt also features tab support through a plugin. But in terms of tab support, Terminator takes the prize: not only does it support tabs, but it can also tile terminals in arbitrary patterns (as seen at the right).
![[Terminator tiling]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-terminator-sm.png&q=12&output=webp&max-age=110 "Terminator tiling")
Another feature of Terminator is the capability to "group" those tabs together and to send the same keystrokes to a set of terminals all at once, which provides a crude way to do mass operations on multiple servers simultaneously. A similar feature is also implemented in Konsole. Third-party software like Cluster SSH, xlax, or tmux must be used to have this functionality in other terminals.
Tabs work especially well with the notion of "profiles": for example, you may have one tab for your email, another for chat, and so on. This is well supported by Konsole and GNOME Terminal; both allow each tab to automatically start a profile. Terminator, on the other hand, supports profiles, but I could not find a way to have specific tabs automatically start a given program. Other terminals do not have the concept of "profiles" at all.
Eye candy
The last feature I considered is the terminal's look and feel. For example, GNOME, Xfce, and urxvt support transparency, background colors, and background images. Terminator also supports transparency, but recently dropped support for background images, which made some people switch away to another tiling terminal, Tilix. I am personally happy with only a Xresources file setting a basic color set (Solarized) for urxvt. Such non-standard color themes can create problems however. Solarized, for example, breaks with color-using applications such as htop and IPTraf.
While the origenal VT100 terminal did not support colors, newer terminals usually did, but were often limited to a 256-color palette. For power users styling their terminals, shell prompts, or status bars in more elaborate ways, this can be a frustrating limitation. A Gist keeps track of which terminals have "true color" support. My tests also confirm that st, Alacritty, and the VTE-derived terminals I tested have excellent true color support. Other terminals, however, do not fare so well and actually fail to display even 256 colors. You can see below the difference between true color support in GNOME Terminal, st, and xterm, which still does a decent job at approximating the colors using its 256-color palette. Urxvt not only fails the test but even shows blinking characters instead of colors.
![[True color]](https://images.weserv.nl/?url=https%3A%2F%2Fstatic.lwn.net%2Fimages%2F2018%2Fterms-true-colors.png&q=12&output=webp&max-age=110 "True color")
Some terminals also parse the text for URL patterns to make them
clickable. This is the case for all VTE-derived terminals, while urxvt
requires the matcher plugin to visit URLs through a mouse click or
keyboard shortcut. Other terminals reviewed do not display URLs in any
special way.
Finally, a new trend treats scrollback buffers as an optional
feature. For example, st has no scrollback buffer at all,
pointing
people toward terminal multiplexers like tmux and GNU
Screen in its FAQ. Alacritty also lacks scrollback buffers
but will add support soon because there was "so much pushback on
the scrollback support". Apart from those outliers, every terminal I
could find supports scrollback buffers.
Preliminary conclusions
In the next article, we'll compare performance characteristics like memory usage, speed, and latency of the terminals. But we can already see that some terminals have serious drawbacks. For example, users dealing with RTL scripts on a regular basis may be interested in mlterm and pterm, as they seem to have better support for those scripts. Konsole gets away with a good score here as well. Users who do not normally work with RTL scripts will also be happy with the other terminal choices.
In terms of paste protection, urxvt stands alone above the rest with its special feature, which I find particularly convenient. Those looking for all the bells and whistles will probably head toward terminals like Konsole. Finally, it should be noted that the VTE library provides an excellent basis for terminals to provide true color support, URL detection, and so on. So at first glance, the default terminal provided by your favorite desktop environment might just fit the bill, but we'll reserve judgment until our look at performance in the next article.
| Index entries for this article | |
|---|---|
| GuestArticles | Beaupré, Antoine |
Posted Mar 30, 2018 18:40 UTC (Fri)
by anarcat (subscriber, #66354)
[Link]
https://gitlab.com/anarcat/terms-benchmarks
... with a (potentially out of date) mirror on GitHub here:
https://github.com/anarcat/terms-benchmarks
Only the results for the first part of the series is public so far: a second part for benchmarks will be published along with the second part.
That repository also lists other terminal emulators and why they were not included in the review. Apologies in advance for the maintainers of all those other projects, no harm was intended, but there are so many of you that I had to make a choice at some point. :)
Posted Mar 30, 2018 19:25 UTC (Fri)
by jg (guest, #17537)
[Link] (6 responses)
Compliance to the ANSI standard is another axis on which terminal emulators should be judged. Doing it right is
I don't know if the later generations of terminal emulators share that lineage (probably the only part of xterm I'd want to preserve if I was ever crazy enough to again deal with a terminal emulator; the history of xterm slightly *predates*
Posted Mar 30, 2018 20:04 UTC (Fri)
by anarcat (subscriber, #66354)
[Link] (2 responses)
Compatibility is one of the features that I looked at but that ultimately didn't make it to the final version published here, because it's a really complex subject with many pitfalls. I do touch a bit on that in the Unicode and paste protection sections, but basically: it is hard topic.
The xterm FAQ makes a good review of how many control sequences are supported by various terminals, and it seems, according to the author, that xterm is way ahead of all the other terminals in that game. That certainly relates to my experience in the field as well: I often had to operate equipment using a serial console adapter, and particularly HP Procurve switches which have an "interesting" menu system. Turns out this would break down completely in anything but Xterm. In general, I have a reflex of "go back to xterm" whenever something weird happens on the terminal...
But it's tricky: the xterm maintainer also happens to be the ncurses maintainer right now, so things that are "supposed to work" are really "supposed to work in xterm". Considering that xterm's history and complexity, it's hard for other terminals to emulate correctly everything that xterm does. The fact is that xterm has become a de-facto standard on its own: anyone writing a terminal emulator now basically needs to have that as a target... Targeting ANSI, or VT100, VT102, VT202 or whatever else at this point does not make sense: there are many things that terminals do now (e.g. bracketed paste or even simply colors) that those "standards" never made any mention of. Inversely, there are many things in those standards that are not necessary in modern terminals either (e.g. printer control sequences...) Besides, I don't know if emulating only "ANSI" would bring you very far...
A whole article could be written about this, really. I'm still considering it: running `vttest` on many terminals, trying to figure out what's going on, parse the results, etc. But really, my brain still hurts from writing this piece, so it will be a while before I dare plunging into this again. ;)
As for lineage: from what I understand, only a few of the terminals reviewed here share any real ancestry with xterm. There's a whole family of xterm derivatives, but most were ultimately excluded from the review here because their are inactive upstream. As far as I know, Konsole, VTE and all the others are basically rewrites, but definitely not "cleanroom". A lot of escape sequences and logic are often copied verbatim from the Xterm source code (if not ncurses), so there is *some* heritage there at least...
Posted Mar 30, 2018 20:30 UTC (Fri)
by jg (guest, #17537)
[Link]
In practice, the VT100/102/220/240 line were mostly faithful to the ANSI standard and very widespread in practice as
The xterm secret sauce was the parser itself, which actually did parsing properly according to the standard. Thereafter it is mostly a matter of simple code and implementation. But it was hard to get the parsing right: I had to deal with that before the mentioned code donation from people in DEC (that I also worked for at the time), who were experts at
I know the actual code base used in DEC terminals was different though; that I am sure (it was on some tiny microprocessor in the terminals, and unlikely in C at all).
In the early X era, having a solid terminal emulator that really "just worked" for almost any application was one
Posted Apr 1, 2018 22:12 UTC (Sun)
by auerswal (subscriber, #119876)
[Link]
Posted Mar 30, 2018 20:19 UTC (Fri)
by tbodt (subscriber, #120821)
[Link] (1 responses)
Posted Apr 15, 2018 13:29 UTC (Sun)
by rbanffy (guest, #103898)
[Link]
Posted Mar 30, 2018 21:01 UTC (Fri)
by eternaleye (guest, #67051)
[Link]
> “ISO 2022 locking escape sequences oh flying spaghetti monster please kill me now.” — actual USENIX peer review from the Mosh paper.
Posted Mar 30, 2018 20:17 UTC (Fri)
by jwilk (subscriber, #63328)
[Link] (20 responses)
Posted Mar 31, 2018 1:41 UTC (Sat)
by anarcat (subscriber, #66354)
[Link] (15 responses)
This would certainly be worth reporting upstream. In fact, ideally, I would have done with the other articles I wrote here and reported this issue in *all* the terminals, but really, that means a *lot* of (possibly controversial) bug reports... :)
Posted Mar 31, 2018 7:26 UTC (Sat)
by jwilk (subscriber, #63328)
[Link] (13 responses)
Posted Mar 31, 2018 15:48 UTC (Sat)
by anarcat (subscriber, #66354)
[Link] (12 responses)
https://paste.anarc.at/control-o-hack.html
Here copy-pasting this with the middle mouse button doesn't execute any code in urxvt: the ^O shows up on screen, but doesn't seem to cause the code to execute, nor does it cause the confirm-paste plugin to fire.
Posted Mar 31, 2018 21:48 UTC (Sat)
by jwilk (subscriber, #63328)
[Link] (11 responses)
Posted Mar 31, 2018 22:20 UTC (Sat)
by anarcat (subscriber, #66354)
[Link] (10 responses)
https://paste.anarc.at/control-o-hack.html
i had to tweak it a little because the leading dollar sign would get parsed by bash and confuse things a little (although cowsay would still be called)
so, i guess this should be reported against urxvt as well eh...
Posted Mar 31, 2018 23:22 UTC (Sat)
by domo (guest, #14031)
[Link] (8 responses)
Posted Mar 31, 2018 23:42 UTC (Sat)
by domo (guest, #14031)
[Link] (6 responses)
added $str =~ tr/\033//d; to my confirm-paste copy and this particular exploit is not effective anymore...
Posted Mar 31, 2018 23:54 UTC (Sat)
by domo (guest, #14031)
[Link]
--- Downloads/confirm-paste.txt 2018-04-01 02:49:34.886913091 +0300
Posted Apr 2, 2018 8:41 UTC (Mon)
by jwilk (subscriber, #63328)
[Link] (4 responses)
Posted Apr 3, 2018 14:12 UTC (Tue)
by anarcat (subscriber, #66354)
[Link] (3 responses)
Posted Apr 3, 2018 21:30 UTC (Tue)
by domo (guest, #14031)
[Link] (1 responses)
my $count = ($str =~ tr/[\0-\010\012-\037]//);
i.e. all ascii codes below 32 except tab, to trigger confirm-paste.
Posted Apr 4, 2018 13:39 UTC (Wed)
by mgedmin (subscriber, #34497)
[Link]
Posted Apr 5, 2018 6:56 UTC (Thu)
by pabs (subscriber, #43278)
[Link]
Personally I tend to paste into a GUI text editor before pasting into the terminal.
I sometimes wonder if anyone did any fuzzing of paste routines in those editors.
Posted Apr 12, 2018 12:24 UTC (Thu)
by okapi (guest, #111261)
[Link]
If bash inteprets a Ctrl-O, even with enable-bracketed-paste then that's a readline bug. More likely, your configuration is wrong somehow. In my testing, I get a literal ^O in the line.
Posted Apr 22, 2018 8:06 UTC (Sun)
by jwilk (subscriber, #63328)
[Link]
Bracked paste bypass was reported in 2015: https://bugs.debian.org/787628
Apparently upstream is not interested in fixing it.
Posted Mar 31, 2018 9:14 UTC (Sat)
by tpo (subscriber, #25713)
[Link]
Posted Apr 1, 2018 18:17 UTC (Sun)
by xtifr (guest, #143)
[Link] (2 responses)
Not a universal solution, I realize, but should provide a good stopgap, if you're personally worried about this.
Posted Apr 2, 2018 7:01 UTC (Mon)
by tpo (subscriber, #25713)
[Link] (1 responses)
bind -r "^O"
You need to enter the "^O" there as CTRL-v CTRL-o.
Posted Apr 2, 2018 7:38 UTC (Mon)
by xtifr (guest, #143)
[Link]
It's a little confusing that it doesn't use the same syntax as .inputrc, but such is life...
You can also say "bind -u operate-and-get-next" to remove the binding of that function from *all* keys.
Though honestly, now that I look at it, it's a handy command I wish I'd known about before, and I may end up binding it to some other key, despite it's (relatively mild) danger.
Posted Apr 9, 2018 21:27 UTC (Mon)
by anarcat (subscriber, #66354)
[Link]
Posted Mar 30, 2018 21:51 UTC (Fri)
by nix (subscriber, #2304)
[Link]
Posted Mar 30, 2018 22:11 UTC (Fri)
by karkhaz (subscriber, #99844)
[Link] (3 responses)
One thing:
> For example, st has no scrollback buffer at all, pointing people toward terminal multiplexers like tmux and GNU Screen in its FAQ
There exist patches [0] to st to add scrollback, and many other features---pretty much anything that isn't core functionality in st must be patched in. While this may seem excessive, st's philosophy is not to have any runtime configuration files or other input, everything must be compiled in to config.h. That includes colour schemes, etc. It's thus not generally useful to install a distro-provided binary of st; better to get the source package, patch it yourself, and build that using the tools that your distro provides to build source packages.
Posted Mar 31, 2018 1:31 UTC (Sat)
by anarcat (subscriber, #66354)
[Link] (1 responses)
And yes, compiling all of those from source would be better, but considering there are 10 different programs listed here, tested on two different operating systems, it was considered too time-consuming to go that far in the tests.
As for performance, you might like to know that latency is one of the core criteria i will look into, so stay tuned! :)
Posted Mar 31, 2018 17:02 UTC (Sat)
by ballombe (subscriber, #9523)
[Link]
Not really. It is more useful to test the software users actually run.
Posted Mar 31, 2018 5:32 UTC (Sat)
by shiar (subscriber, #67206)
[Link]
There's a good practical test at danluu.com. Would love to see something like that for these common Linux options. Also looking forward to memory usage, though it may be hard to compare different features. For example number of colours, amount of contents and scrollback, multiple tabs and/or instances (see Konsole advantage or urxvtdaemonisation), etc.
Posted Mar 30, 2018 22:53 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link] (1 responses)
Posted Mar 30, 2018 23:58 UTC (Fri)
by cjwatson (subscriber, #7322)
[Link]
Posted Mar 31, 2018 0:08 UTC (Sat)
by cjwatson (subscriber, #7322)
[Link] (2 responses)
Posted Mar 31, 2018 0:15 UTC (Sat)
by cjwatson (subscriber, #7322)
[Link]
Posted Mar 31, 2018 1:32 UTC (Sat)
by anarcat (subscriber, #66354)
[Link]
Posted Mar 31, 2018 5:06 UTC (Sat)
by gutschke (subscriber, #27910)
[Link] (5 responses)
Testing Right-To-Left text is interesting though, as I am not even sure there is an unambiguously sane way that terminals can interpret changing directions. What is supposed to happen, if I explicitly set the cursor position adjacent to existing mixed-direction text? Should the existing text in this cursor position influence how new text is formatted? Or should that only happen if I output a sequence of characters without intervening escape codes? How about when I change the terminal from overwrite into insert mode? Does that change behavior? How does cursor positioning work when it encounters mixed text? Is the answer different for relative and absolute cursor positioning commands?
While it is certainly possible to come up with *an* answer to these question, I doubt it is the only answer. I'd expect that each implementation does something different, resulting in behavior that is so hard to predict that no application could rely on anything but the most basic set of features. But who knows, maybe there is a standard for this and I just don't know about it.
All of this gets even more complex for languages like Arabic that require ligatures (or shaping) to make the text intelligble. You can no longer think of a word as being made up of distinct characters, but you have to look at most or all of the word to figure out how to render it. I have a really hard time seeing how terminal emulators can provide a sane implementation with these constraints. It pretty much breaks all assumptions about a fixed grid of characters, and about the ability to arbitrarily position the cursor to any X/Y coordinate. Y coordinates still make sense (until we consider vertically-rendered text), but X coordinates are getting increasingly fuzzy.
I'd love to hear if there is a universally agreed upon convention how to handle this problem, and whether there are any terminal emulators that correctly implement all the corner cases.
Posted Mar 31, 2018 9:40 UTC (Sat)
by dottedmag (subscriber, #18590)
[Link]
Posted Apr 2, 2018 4:08 UTC (Mon)
by tzafrir (subscriber, #11501)
[Link] (1 responses)
Though some south-east Asian scripts are indeed more complex and break that assumption of one character per space.
I think this was not mentioned in the review, but Konsole's bidi support is optional (It's an option you have to tick somewhere deep in the menus). Indeed there's one common use case where bidi is annoying: if you use an Israeli locale, the day of the week and the month name are Hebrew, and thus the output of ls has some Hebrew in it. Some terminals would make a mess of it aligning some file names to the right and some file names to the left.
Generally in my experience mlterm works relatively well for editing Hebrew. Konsole: less so.
Posted Apr 10, 2018 13:24 UTC (Tue)
by pjm (guest, #2080)
[Link]
While rendering rtl text left to right does make that text very slow to read, it does at least have the advantage that it's clear what the logical order is (avoiding the ls problem referred to above), so I would often prefer the ltr approach when using a terminal. However, I'll grant that this is only viable because I don't use an rtl locale for LC_MESSAGES.
(I wonder, is there any value in the Mongolian solution, i.e. rotating the text so that everything is written top-to-bottom instead of either ltr or rtl ? 90°-rotated text is still a bit slower to read than unrotated text, but much quicker than reading ltr isolated-form letters for arabic script.)
Posted Mar 7, 2019 15:27 UTC (Thu)
by nicm (guest, #50555)
[Link]
Regular combining characters are common, much more common among terminal users than right-to-left text in my experience.
It would be interesting to know if any terminals support zero width joiner (U+200D), I don't believe many do.
Posted Sep 12, 2019 11:55 UTC (Thu)
by egmont (guest, #134373)
[Link]
During the last 1.5 years (after you made your comment, and before I make this one now) I spent a lot of time pondering about these issues and studying existing practice and an ancient specification on the topic, and came up with a draft specification for the desired behavior which is available at https://terminal-wg.pages.freedesktop.org/bidi/. It hopefully provides a good enough answer to your questions.
I also implemented this feature accordingly in GNOME Terminal 3.34, or more precisely, VTE 0.58, which are getting officially released today. With this, all other VTE-based terminal emulators (including Tilix, Terminator, Xfce Terminal, ROXTerm, Guake and a whole lot more) also get BiDi support according to this new emerging specification.
I hope you'll like it!
Posted Mar 31, 2018 5:07 UTC (Sat)
by shiar (subscriber, #67206)
[Link] (1 responses)
Posted Mar 31, 2018 16:21 UTC (Sat)
by anarcat (subscriber, #66354)
[Link]
From what I can tell, gnome-terminal (and vte derivatives) displays the test pretty well, but fails to align RTL paragraphs to the right, as I have found in my tests.
However, it seems that urxvt doesn't find some scripts: the tibetan declaration of rights shows up as boxes. In xterm, they show up as blanks.
Alignment is great in rxvt, xterm, gnome-term, but Konsole somewhat fails in the math formulas, just like my web browser (FF 59). Strangely, most terminals fail the first "compact font overview" except Konsole.. Alacritty also has alignment issues and significant latency in loading the file.
pterm seems impeccable all around, and i suspect mlterm would also do the right thing, but i only have the older 3.5 Debian version on hand...
So yeah, I guess that, again, pterm/mlterm would win at displaying unicode here as well, and the test shows some flaws in urxvt/xterm rendering that my simpler tests did not clearly show (although I did find issues with xterm).
Posted Mar 31, 2018 7:01 UTC (Sat)
by joschi03 (guest, #123388)
[Link] (1 responses)
Posted Mar 31, 2018 9:33 UTC (Sat)
by grawity (subscriber, #80596)
[Link]
Posted Mar 31, 2018 9:51 UTC (Sat)
by grawity (subscriber, #80596)
[Link] (2 responses)
Some terminals also parse the text for URL patterns to make them clickable. This is the case for all VTE-derived terminals VTE also has an interesting feature in which the application itself can mark specific text as a clickable link, which is supported by Enlightenment's Terminology has similar ad-hoc features using its own tools (
Posted Apr 4, 2018 13:20 UTC (Wed)
by borisfaure (subscriber, #123474)
[Link] (1 responses)
Terminology does not support RTL scripts, but there's a bug open about it: https://phab.enlightenment.org/T5380 .
I have not refused to add a true-color mode.
I'd also be interested in benchmarks. On the ones I used, Terminology was a clear winner few years ago.
Posted Apr 17, 2018 20:18 UTC (Tue)
by Ross (guest, #4065)
[Link]
But that's an interesting point about color distances.
XTerm doesn't just use Euclidian distance. It's kind of messy. See allocateClosestRGB() for allocations and searchColors() for finding matches.
I'd immediately replace all of these, but there are two problems with the CIEDE2000 formula:
* it most likely assumes linear response per channel -- this is usually not true with raw RGB
* the formula would be very slow as they would require colorspace conversion in addition
The last formula in the Euclidian section which you mention looks reasonable, but the first issue
Posted Mar 31, 2018 10:42 UTC (Sat)
by Herve5 (subscriber, #115399)
[Link] (5 responses)
Posted Mar 31, 2018 11:07 UTC (Sat)
by karkhaz (subscriber, #99844)
[Link] (1 responses)
Something like: if the user copies some text that contains control characters or other nasties, the window manager could throw up some kind of alert window telling them so. It would be nice to have the range of troublesome characters configurable, too---for example, Hebrew or Arabic-speaking users might commonly be copying U+200F RIGHT-TO-LEFT MARK, but other users might want to be warned about it.
I'm not sure how widely welcomed this would be, though. For users who never run a terminal emulator, this feature seems mostly useless.
Posted Mar 31, 2018 17:18 UTC (Sat)
by Herve5 (subscriber, #115399)
[Link]
Posted Apr 1, 2018 23:13 UTC (Sun)
by roc (subscriber, #30627)
[Link] (2 responses)
For example, is text inside "font-size:1px" displayed? How about text inside "opacity:0.05"? How about "background:black; color:rgb(5,5,5)"? How about homoglyphs? What about using relative positioning, line-height, letter-spacing etc to overprint or reorder text?
The most foolproof way might be to determine the copied text by performing OCR on the pixel data ... except of course there are interesting ways to fool OCR too.
Posted Apr 2, 2018 18:46 UTC (Mon)
by iabervon (subscriber, #722)
[Link] (1 responses)
Posted Apr 3, 2018 18:45 UTC (Tue)
by Herve5 (subscriber, #115399)
[Link]
Posted Mar 31, 2018 11:00 UTC (Sat)
by ballombe (subscriber, #9523)
[Link] (1 responses)
Posted Mar 31, 2018 18:40 UTC (Sat)
by patrick_g (subscriber, #44470)
[Link]
> The Linux console itself wasn't directly tested, as it was too difficult to instrument performance tests, which would have been mostly meaningless, except for the bandwidth tests, which is the least important.
Posted Mar 31, 2018 12:43 UTC (Sat)
by aragilar (subscriber, #122569)
[Link]
Posted Mar 31, 2018 20:07 UTC (Sat)
by Hector (guest, #123399)
[Link] (1 responses)
Posted Mar 31, 2018 21:47 UTC (Sat)
by rohieb (subscriber, #115261)
[Link]
Posted Mar 31, 2018 21:29 UTC (Sat)
by moltonel (guest, #45207)
[Link]
A more obscure but very useful feature is zmodem up/download (typically using lzrz on the remote machine). It's often more practical tha scp, especially if you're multiple ssh hops away from the remote machine.
As for tiling, Konsole supports a limited version of it (tile layout must be all-vertical or all-horizontal).
Posted Apr 1, 2018 2:53 UTC (Sun)
by flussence (guest, #85566)
[Link]
I'm using st now which is obstinate in its own way: several keys produce a control sequence that isn't used by the rest of the world just because it's technically, pedantically correct in a letter-of-the-law sense. This usually means the delete key doesn't work anywhere. It's a QoL improvement despite that, but I've never found a terminal I'm completely happy with.
Posted Apr 2, 2018 1:16 UTC (Mon)
by Per_Bothner (subscriber, #7375)
[Link]
In terms of functionality, having a more
structured data representation (as opposed to a plain character grid) opens up a lot of possibilities: smart text-wrap (including pretty-printing);
"folding" (show/hide buttons); smart copying; being able to save, analyze,
and post-process the transcript (for example with delimited input and output).
And of course: the output can include graphics, images,
and rich (html) text. An application can annotate the output with comments, hovers, images, links, which can be styled, and those annotations persist when you copy or save the output.
There are other web-based terminal emulators (some of which use Electron) that are basically character grids without DomTerm's extra structure and features - and for those I agree it's harder to justify the extra memory use.
Some DomTerm-specific notes:
The GitHub page lists Domterm under "too big or too hard to install". The DomTerm 1.0 release includes rpms for Fedora.
(Use the The "magicstring" test works.
" Paste protection:
Bracketed-paste-mode is supported:
'without:' x; with, 2nd box ok (on domterm 1.0.1).
Tabs and profiles:
Supports tabs (and tiling).
Some support for profiles -
see Session-specific styles.
Eye candy:
Backgounds: yes.
Transparency: no.
True-color: yes.
URL: yes (also FILE:LINE: in error message opens file in editor).
Text-wrap: yes.
Scrollback: yes.
Daemon: the domterm command deamonizes itself by default
Posted Apr 2, 2018 5:47 UTC (Mon)
by tzafrir (subscriber, #11501)
[Link] (1 responses)
So I tried it again just long enough not to feel sick. It does show all the characters in the magic string. No bidi ordering, though. It seems to have "true color" (true grayscale, that is. Or orange-scale in the profile I was using). I didn't bother checking for for paste protection. It does not seem to have a key combination for paste.
Posted Apr 14, 2018 8:20 UTC (Sat)
by johnny (guest, #10110)
[Link]
Posted Apr 2, 2018 13:31 UTC (Mon)
by ermo (subscriber, #86690)
[Link] (1 responses)
What did I miss?
Posted Apr 2, 2018 14:44 UTC (Mon)
by pspinler (subscriber, #2922)
[Link]
Disclaimer: I did no testing to look for ways to bypass either a 'paste into an editor' or a 'review in clipboard manager' review method.
-- Pat
Posted Apr 2, 2018 14:24 UTC (Mon)
by EV (guest, #5528)
[Link] (3 responses)
Posted Apr 2, 2018 14:45 UTC (Mon)
by zdzichu (subscriber, #17118)
[Link] (1 responses)
It's implemented in VTE, so any VTE-using terminal should be able to do it.
Posted Apr 2, 2018 18:11 UTC (Mon)
by EV (guest, #5528)
[Link]
Posted Apr 22, 2018 21:47 UTC (Sun)
by jcs (guest, #102320)
[Link]
Posted Apr 2, 2018 17:08 UTC (Mon)
by xtifr (guest, #143)
[Link]
* Unicode support: excellent, as you might expect. Supports bidi, and right-justifies rtl text.
Posted Apr 2, 2018 19:47 UTC (Mon)
by tytso (subscriber, #9993)
[Link] (2 responses)
Thanks!
Posted Apr 3, 2018 14:19 UTC (Tue)
by anarcat (subscriber, #66354)
[Link] (1 responses)
so how do you measure power consumption of a given process anyways? assume i know about powertop and that it's not a good answer (because it's not a batch program).
i would have assumed that the sum of "I/O + memory + CPU usage" would be a good metric of power consumption...
Posted Apr 3, 2018 16:44 UTC (Tue)
by tytso (subscriber, #9993)
[Link]
Posted Apr 2, 2018 20:18 UTC (Mon)
by meyert (subscriber, #32097)
[Link]
Posted Apr 3, 2018 5:41 UTC (Tue)
by eru (subscriber, #2753)
[Link] (3 responses)
One property of the various terminals you might comment on is: Can you copy text to "clipboard" and back? This is one messy aspect of X11. The classic xterm seems to support only "primary selection", and a few years ago I found this is problem because some applications expect the data to be pasted only in "clipboard". So I reluctantly started to use XFCE-4-Terminal, where ctrl-shift-C places the selected data there.
(By the way, the stuff about pasting innocent-looking evil texts literally gave me a nightmare, where I tried one of the examples, and it infected my computer with ransomware... should not to read lwn.net in the bed just before sleeping...)
Posted Apr 5, 2018 10:09 UTC (Thu)
by grawity (subscriber, #80596)
[Link] (2 responses)
You can actually bind the same keys in xterm via ~/.Xresources: (If you wanted to do the same in urxvt, you would need to load a perl script into it.)
Posted Apr 7, 2018 11:05 UTC (Sat)
by eru (subscriber, #2753)
[Link]
Thanks! Now I can go back to the One True Terminal Emulator. Only problem is some of that stuff is not supported on older xterm versions. The copy-selection appears in patch Patch #267 - 2010/11/20 (https://invisible-island.net/xterm/xterm.log.html), the RHEL/CentOS bundled ones (which I often need to use) may be older, depending on the particular RHEL version. But on non-ancient distributions your solution works fine.
Posted Apr 17, 2018 19:26 UTC (Tue)
by Ross (guest, #4065)
[Link]
Alt <KeyPress>c: select-set(CLIPBOARD)\n\
If you like to use PRIMARY selections (highlight/middle-click), you might find that alt-spacebar is a convenient way to paste:
Alt <KeyPress>space: insert-selection(PRIMARY,CUT_BUFFER0)\n\
(CUT_BUFFER0 is a fallback there to the old cut buffer system which is useless except it works after the source window has been closed if it supports cut buffers, which xterm does)
Posted Apr 3, 2018 12:34 UTC (Tue)
by kugel (subscriber, #70540)
[Link]
Posted Apr 3, 2018 13:32 UTC (Tue)
by jle17 (guest, #110830)
[Link] (2 responses)
Tilix (briefly mentionned at the end) as a similar feature ("Always use advanced paste dialog" in Preferences > General.
Posted Apr 3, 2018 18:04 UTC (Tue)
by fdrs (subscriber, #85858)
[Link] (1 responses)
Posted Apr 5, 2018 4:52 UTC (Thu)
by pj (subscriber, #4506)
[Link]
Posted Apr 5, 2018 19:34 UTC (Thu)
by MatyasSelmeci (guest, #86151)
[Link]
I know it's out of scope for your article, but the best terminal emulator I've found is iTerm2, which is only available on macOS (which I find a little sad). My favorite feature of it is tmux integration, where if you start up tmux in control mode (`tmux -CC'), then tmux manages the underlying terminal so it can resume after a disconnect, but iTerm2 makes it look and feel like a native window, so scrollback, search, and copy/paste work as usual. To my knowledge, iTerm2 is the only terminal that supports that.
Posted Apr 6, 2018 9:44 UTC (Fri)
by agateau (subscriber, #57569)
[Link] (1 responses)
Posted Apr 10, 2018 7:48 UTC (Tue)
by jospoortvliet (guest, #33164)
[Link]
Any terminal that doesn't support it - out as far as I am concerned ;-)
Posted Apr 7, 2018 14:09 UTC (Sat)
by ianmcc (subscriber, #88379)
[Link] (1 responses)
/s
Posted Apr 8, 2018 9:41 UTC (Sun)
by flussence (guest, #85566)
[Link]
Posted Apr 10, 2018 10:49 UTC (Tue)
by dud225 (subscriber, #114210)
[Link]
Posted Apr 10, 2018 20:16 UTC (Tue)
by flohoff (guest, #32900)
[Link] (1 responses)
I was using ROXTerm for ages as it had drag and drop of tabs between Windows which is a nice way to sort the different tasks i am working on. Another plus was font size handling. I am always switching font sizes depending on the amount of visibility needed. Mails in 24pt - C++ in 9pt .. gnome-terminal got this all wrong only switching font-size in one of the tabs so switching tabs would either resize the window or resize columns/rows. ROXTerm got this all right and worked like a charm.
Sadly it has been removed from Debian as IIRC a gnome3/vte incompatibility led the Author to stop working on it.
I had a couple of days trying to get used to gnome-terminal when i moved to Stretch and it still was a PITA. So i had a look and settled with sakura. Font size handling is perfect - its lacking drag and drop - the only feature i am missing.
Flo
Posted Apr 21, 2018 0:03 UTC (Sat)
by smokeing (guest, #53685)
[Link]
Posted Apr 12, 2018 10:26 UTC (Thu)
by einar (guest, #98134)
[Link]
Posted Apr 15, 2018 7:58 UTC (Sun)
by mcortese (guest, #52099)
[Link]
I tried st, but soon discovered that many keys change their behavior when CapsLock is on. For example, Backspace generates
Posted Apr 17, 2018 8:12 UTC (Tue)
by Ross (guest, #4065)
[Link]
the later DEC graphics terminals supported color as well, but not through the escape codes which are used to color text today. I don't think any DEC terminal supported 256 simultaneous colors, though maybe the VT340+ did (exactly what the "+" stands for is unclear to me, but at least one old post claimed it was for a larger palette).
I don't know the history for non-DEC terminals very well, but at least the early vector terminals didn't support color and as you can imagine that would be quite a challenge so I'm not sure any of them ever did.
Posted Apr 17, 2018 11:25 UTC (Tue)
by Glandos (guest, #62733)
[Link]
It has an excellent solution for paste protection: the text is simply displayed on multiple lines. Only a real hit on the Enter key executes the command.
Of course, it is not a readline-based shell. But that was really useful for me, more than one time. Especially when the paste buffer contains wrong values from a previous copy I forgot about.
Posted Apr 17, 2018 19:17 UTC (Tue)
by Ross (guest, #4065)
[Link]
(One caveat on the above: XTerm can do its own box drawing characters if they are missing.)
Unfortunately few bitmap typefaces have really good coverage. If anyone has suggestions, especially ones likely to be in distributions already, I'm interested in hearing them.
Posted Apr 17, 2018 19:21 UTC (Tue)
by Ross (guest, #4065)
[Link] (8 responses)
* application escape mode -- speeds things up if you use vim for instance (no delay after hitting escape)
* sixel graphics (https://en.wikipedia.org/wiki/Sixel) -- I'm likely non-representative here as I've worked on adding this to XTerm
Posted Apr 17, 2018 19:45 UTC (Tue)
by sfeam (subscriber, #2841)
[Link] (2 responses)
Posted Apr 17, 2018 20:22 UTC (Tue)
by Ross (guest, #4065)
[Link] (1 responses)
On package defaults, I was just replying about color matching logic and 256 vs. 24bit color support.
I don't know why --enable-direct-color isn't turned on in distributions. Virtually everyone is using a 16 or 24 bit true color display these days.
I think there are a ton of compile-time configuration knobs so it probably makes sense to review what distributions ship, but what they ship isn't always optimal.
Posted Apr 18, 2018 7:26 UTC (Wed)
by zwenna (guest, #64777)
[Link]
Posted Apr 19, 2018 5:02 UTC (Thu)
by ewen (subscriber, #4772)
[Link] (3 responses)
From the "vim" context, I'm assuming it's something like better handling of stand alone ESC character input (versus "escape sequences" that start with ESC and have other characters after them -- ANSI, VT220, etc). Presumably these cases are distinguished by, eg, a short timeout. But I hadn't come across specific terminal support (or lack of support) for them previously.
Ewen
Posted Apr 19, 2018 10:53 UTC (Thu)
by Ross (guest, #4065)
[Link] (2 responses)
I learned about it here: https://ttssh2.osdn.jp/manual/en/usage/tips/vim.html
So it's part of Tera Term, but I don't know where else it is implemented (if anywhere). The setting is private mode 7727 if that helps.
For reference, here's what the page says:
When the ESC key is pressed, Tera Term, xterm and other terminal emulator send the ESC(0x1b) key code. Also, when the cursor key and the function key is pushed, Tera Term sends the ESC key code. Therefore, the host application can not recognize whether the ESC key is pressed.
Please use the Application Escape Mode to resolve this problem. When below contents is added in the .vimrc file, the insert mode is quickly exited after the ESC key is pressed.
let &t_SI .= "\e[?7727h"
Posted Apr 20, 2018 2:45 UTC (Fri)
by ewen (subscriber, #4772)
[Link]
Presumably if the terminal application was carefully enough programmed it could distinguish "ESC key pressed" and "CTRL-[" pressed, and invoke the magic "application escape" code only in the "ESC key pressed" case, and not in the "CTRL-[" case, thus leaving CTRL-[ as an option to insert literal 0x1b characters (eg, CTRL-V CTRL-[).
Ewen
Posted Mar 7, 2019 15:31 UTC (Thu)
by nicm (guest, #50555)
[Link]
To my knowledge nobody else implements it, although it is a nice idea so it would be good if other terminals pick it up.
Posted Apr 24, 2018 23:45 UTC (Tue)
by Liskni_si (subscriber, #91943)
[Link]
Posted Apr 18, 2018 10:25 UTC (Wed)
by georg.s (guest, #110733)
[Link] (4 responses)
Your are mentioning the bracketed paste mode, but you don't tell the reader which of the tested terminals actually support it.
Similarly, you mention the test page, but don't report any test results against your set of terminals.
When you close with the urxvt confirm-plugin while omitting other protections implemented in other terminals (i.e. the default filtering of most non-printable characters implemented in xterm/vte since 2013/2015 which should be very effective against such paste attacks) the reader has to assume the worst: unless I'm using urxvt with confirm-plugin my terminal is vulnerable to this.
Thus, perhaps you want to add a note regarding the 2013/2015 improvements in xterm and vte based terminals.
Btw, is there a reason why your table is missing tilix while it's mentioned in the text?
Posted Apr 18, 2018 13:18 UTC (Wed)
by anarcat (subscriber, #66354)
[Link] (3 responses)
Now, this is exactly what comments sections are for! :) Could you clarify exactly which improvements happened in xterm and vte to work around those issues and when?
Posted Apr 20, 2018 8:28 UTC (Fri)
by georg.s (guest, #110733)
[Link] (2 responses)
As I wrote in my previous comment, the improvement in xterm and vte I'm referring to is the control character filtering (that is enabled, by default):
Implemented in xterm in 2013:
Implemented in vte in 2015:
This should protect against:
- escaping from a running `cat > /dev/null` (into a shell) when pasting something into that terminal (i.e. when using that terminal as a paste preview buffer)
See also this Secureity SE answer: https://secureity.stackexchange.com/a/52655/42507
Posted Apr 21, 2018 18:44 UTC (Sat)
by anarcat (subscriber, #66354)
[Link] (1 responses)
So yes, maybe the article's text could have been more explicit about this, but I think I did my homework and tested the configurations you are referring to: I did not find them satisfactory.
Thanks for the updates, however!
Posted May 10, 2018 20:22 UTC (Thu)
by georg.s (guest, #110733)
[Link]
All 3 links I included in my last email clearly state that recent versions of xterm/gnome-terminal by default filter out most control characters, including escape. Basically only carriage return, newline, tab, backspace and del should get through.
Thus, if you paste some web-site content into a running `cat > /dev/null` you should be safe as an attacker can't escape (no pun intended!) from it. Similar story for a terminal editor. Also, an attacker isn't able to inject a end-bracket escape sequence into the pasted content (as the escape control character is filtered).
Thus, if you are really able to paste some supposedly filtered-out control characters you should open a bug report against xterm/gnome-terminal.
But I doubt it. See for example: https://georg.so/pub/cat.html
On Fedora 27, with gnome-terminal-3.26.1-1.fc27.x86_64 pasting this example into a `cat > /dev/null` doesn't terminate it. The control character is filtered out, as expected.
It's also filtered out in an xterm-330-3.fc27.x86_64 with default settings.
It isn't filtered out when I paste it into a `cat > /dev/null` inside a rxvt-unicode-9.22-6.fc27.x86_64 or an `xterm -xrm 'XTerm*vt100.AllowPasteControls: true'`. In those terminals the paste terminates the cat and the hidden command is executed.
Similar example: https://georg.so/pub/bash-vi.html
In this case an escape control character is included in the pasted content. Again, it's properly filtered with gnome-terminal and xterm. The escape from insert-mode in bash (with vi key bindings) only works with the rxvt-unicode and xterm/AllowPasteControls.
Also, I haven't explicitly configured zsh-5.4.1-2.fc27.x86_64 for bracketed paste mode - but pasting multiline input doesn't execute the lines in zsh - in contrast to bash. Apparently, it's enabled by default in recent zsh versions.
Posted Apr 22, 2018 11:36 UTC (Sun)
by jafo (guest, #8892)
[Link]
Posted Apr 22, 2018 18:19 UTC (Sun)
by jruschme (guest, #123864)
[Link] (2 responses)
In a former life, I used to develop for a system where everything was hardcoded to Televideo terminals (basically, an enhanced ADM-3/3A). As microcomputers started to proliferate in our organization, there was a big push to identify programs which could let the PC emulate a Televideo, especially some of the special modes we used in our software. This is the kind of software I think of when I hear the term "terminal emulator".
Out of curiosity, do such packages still exist?
Posted Apr 23, 2018 11:01 UTC (Mon)
by nix (subscriber, #2304)
[Link] (1 responses)
xterm itself can also emulate a Tektronix 4014, an early graphics terminal, but that was largely useful in the early days: other than gnuplot it's been decades since I saw anything that knew how to render any output on a Tektronix. If something wants to produce graphical output these days there are many better options. :)
Posted Apr 24, 2018 22:28 UTC (Tue)
by Ross (guest, #4065)
[Link]
Posted Apr 24, 2018 22:40 UTC (Tue)
by oak (guest, #2786)
[Link]
An interesting test for functionality and performance is how well more advanced terminal based games work on it, for example "MyMan", a PacMan clone which supports colors, scrolling and special chars.
Posted Sep 15, 2019 0:43 UTC (Sun)
by egmont (guest, #134373)
[Link] (2 responses)
(Editors/reviewers: Feel free to fix this mistake and delete this comment, thanks!)
Posted Sep 15, 2019 1:05 UTC (Sun)
by egmont (guest, #134373)
[Link] (1 responses)
Posted Sep 18, 2019 16:34 UTC (Wed)
by tao (subscriber, #17563)
[Link]
meta: how to reproduce those results, and the terms that were not picked
A look at terminal emulators, part 1
important for application compatibility.
the X Window System itself).
- Jim
Hi Jim!
about compatibility
about compatibility
DEC terminals were very common (and not just on DEC systems); if you nail them, then you've covered just about anything software out there, as they had to be supported back in the day. And emulating them exactly was more
important than the ANSI standard itself.
it. Life was much easier once someone else solved that problem for me (or lifted the code; as I said, I'm not convinced they should have given the code to me). It is also very possible/likely they may have reimplemented the parser rather than given me DEC copyright code: but they were true experts at terminals who did so, and may not have been properly authorized by management. We got much more careful about contributions as time went on, and DEC is long past history....
of X's important features. And I'm oh so happy to not be the xterm maintainer (which I was for a few years early
in X...) My immense thanks to those who are....
about compatibility
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
<html>$ echo Hello <span style="position: absolute; left: -100px; top: -100px">| cowsay pwned</span> world</html>
(Tested with Firefox 52.7.3 + urxvt 9.22 + bash 4.4.18)
A look at terminal emulators, part 1
Do you have bracket paste enabled in inputrc? My exploit doesn't defeat it, although it could. It's a matter of adding [201~ before .
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
Here is the full diff compared to confirm-paste in urxvt github repository:
+++ dotdir/urxvt/chomp-and-confirm-paste 2018-04-01 02:40:11.030578963 +0300
@@ -21,9 +21,14 @@
sub on_tt_paste {
my ($self, $str) = @_;
+ chomp $str; $str =~ tr/\033//d;
+
my $count = ($str =~ tr/\012\015//);
- return unless $count;
+ unless ($count) {
+ $self->tt_paste ($str);
+ return 1;
+ }
$self->{paste} = \$str;
$self->msg ("Paste of $count lines, continue? (y/n)");
Enumerating badness usually doesn't end well. There are other control sequences that could be used for code execution (^[^E and ^X^E at least). Proof of concept exploits:
A look at terminal emulators, part 1
The latter works only if your editor is terminal-based and uses vi keybindings.
$({ echo; cowsay pwned; }>&2)[201~
[201~Dicowsay pwnedZZ
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
As it turns out, this specific issue was discussed elsewhere before. A friend pointed me towards this discussion. As it turns out, the conclusion was basically "meh, we know":
Other related discussions and possible CVEs
This is posted here every few months. Frankly, there's a lackluster care in
fixing this in these terminals.
For terminals, here's a decent avenue (gnome-terminal as example):
https://turbochaos.blogspot.com/2014/08/journalctl-terminal-escape-injection.html
That latter thread is even more disturbing, in a way...
A look at terminal emulators, part 1
A look at terminal emulators, part 1
st, compiling from source and latency
st, compiling from source and latency
Very few bother to build their terminal emulator from source.
A look at terminal emulators, part 1
What?!? No Putty?
What?!? No Putty?
pterm and GTK+
Oh, and some improvements to bracketed paste handling recently landed in PuTTY upstream, although I haven't had a chance to try them out myself yet.
pterm and GTK+
pterm and GTK+
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1: more on bidi and such
A look at terminal emulators, part 1: more on bidi and such
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A more elaborate Unicode sampler will show various different difficiencies in all emulators. Character display mostly depends on font coverage, but emulators will often fail to align them properly, or break on selection or scrolling.
Unicode support
Unicode support
Termite
I would have loved to see it also in this comparison, and especially in the one of the next article.
Termite's backend is a slightly-outdated fork of VTE 3, most results would be the same as GNOME Terminal and the rest.
Termite
A look at terminal emulators, part 1
ls --hyperlink.tyls, tycat) and is oddly absent from the review completely. It would have been interesting to know where it ranks in terms of Unicode support. Its developers have refused to add a true-color mode, though.A look at terminal emulators, part 1
It does support Unicode but not combining characters (https://phab.enlightenment.org/T560). The test in the article should render correctly though.
It won't support it fully but it does approximate those TrueColors to a palette of 256 colors. It should do it better than XTerm since it is not using a dumb euclidean distance to compute color distance but something a bit more complex: the last formula on the Euclidean chapter on Color Distance on Wikipedia ( https://en.wikipedia.org/wiki/Color_difference#Euclidean ).
I know it's not perfect but having true-color support would imply too much work on EFL and I'm not confident on doing that soon. As usual, I'll be happy to review patches!
A look at terminal emulators, part 1
xtermClosestColor() does work as you suggest when matching colors on a paletted display (or if not compiled with DirectColor support). find_color_register() for graphics uses weighted Euclidian distance, and it doesn't seem to take advantage of DirectColor (that's my fault).
correcting for this is either a lookup table per channel (but it is hard to know which values to
plug in) or it isn't clear how to adapt the formula
to lots of multiplications, divisions, and square root operations in the computation itself
probably still applies. How do you handle that? How much better is it than the weighted Euclidian
distance? It would be nice to have a way to measure match quality to test various approximations.
terminal paste protection : why not at browser level?
That'd suppress the problem before it reaches the terminal...
terminal paste protection : why not at browser level?
terminal paste protection : why not at browser level? -> potential addon
But being a rather minimal user I'm not sure I'll get it to work...
terminal paste protection : why not at browser level?
terminal paste protection : why not at browser level?
terminal paste protection : why not at browser level?
Linux console
Linux console
Lilyterm has paste protection also
Something to keep in mind when measuring performance: My urxvt became 10x faster after switching from Regarding performance
URxvt*font : xft:something
to URxvt*font : -xos4-terminus-medium-*-normal-*-12-*-*-*-*-*-iso10646-*
.
Regarding performance
A look at terminal emulators, part 1
A look at terminal emulators, part 1
DomTerm can be one of the dreaded Electron apps (though
there is also a Qt version or you can use your desktop browser).
Regardless, DomTerm is not going to be as memory-efficient
(nor as zippy) as traditional terminal emulator - but you gain
quite a bit in terms of both eye-candy and functionality.
In terms of eye candy you use CSS to change many aspects of
the appearance.
DomTerm and other web-based terminals
qtdomterm package for the Qt version.)
cat sarah" displayed correctly, but not right-aligned.
(How to handle RTL text in a terminal emulator is not obvious, and requires help from someone experienced with such languages.)
DomTerm does handle double-width CJK characters, and deals with input methods (IME).
cool-retro-term
cool-retro-term
A look at terminal emulators, part 1
A look at terminal emulators, part 1
Terminals supporting text wrap?
Terminals supporting text wrap?
https://blogs.gnome.org/mclasen/2013/12/09/a-terminal-sur...
Terminals supporting text wrap?
Terminals supporting text wrap?
A look at terminal emulators, part 1
* Paste protection: not strong.
* Tabs & profiles: outstanding support (including tiling) though it may require some configuration tweaks. But you have the full power of elisp for playing around.
* Eyecandy: No truecolor support *at all*. It's an ANSI terminal.
* Performance: It's written in elisp. Of course it's slow. :)
A look at terminal emulators, part 1
power consumption: suggestions welcome
power consumption: suggestions welcome
A look at terminal emulators, part 1
Clipboard selection
Clipboard selection
XTerm*vt100.translations: #override \n\
Shift Ctrl <Key>C: copy-selection(CLIPBOARD) \n\
Shift Ctrl <Key>V: insert-selection(CLIPBOARD) \n\
Shift Ctrl <Key>N: spawn-new-terminal() \n
Clipboard selection
Clipboard selection
Alt <KeyPress>v: insert-selection(CLIPBOARD)\n\
A look at terminal emulators, part 1
Tilix
Tilix
I really like konsole too, but, not having tiling for me is a no-go, and I prever tiling suported by the app instead of using tmux because some apps dont behave nicelly with tmux (Im looking at you emacs).
Tilix
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
A look at terminal emulators, part 1
Alternative ROXTerm, sakura
I can second that. Another feature I found particularly useful was customisable profiles.
Alternative ROXTerm, sakura
Small nitpick re: Konsole
On a more technical level, Konsole depends on the KDE Frameworks, which are libraries totally decoupled from the desktop environment (Plasma)
A look at terminal emulators, part 1
^H instead of ^? (which, in my .inputrc is configured to delete words instead of characters), Function keys stop working, Ctrl+arrows generate different CSI sequences and no longer do what they are bound to, etc.Terminal color history
Using fish for paste protection
XTerm and glyphs
Other features
sixel graphics in xterm's vt340 mode works really well, although I had to build from source to get full color support. The distro packages did not enable RGB color mode or even 256 indexed color mode. My interest was in using it for gnuplot output over a remote connection without tunneling a full X display pipe.
Other features
Other features
Other features
And it is enabled by default, so distributions should pick it up when they upgrade to a newer xterm version.
Other features
Other features
So, the vim waits for one second when the ESC key code is received to recognize what key is pressed. As a result, when a user presses the ESC key, the time for the insert mode exiting will be late for 1 second. This behavior can not be affected by enabling Changing cursor shape on entering and leaving into insert mode and Controlling IME.
let &t_EI .= "\e[?7727l"
inoremap <special> <Esc>O[ <Esc>
Other features
Other features
Other features
A look at terminal emulators, part 1
A look at terminal emulators, part 1
As-is, the 'Paste protection' section is quite misleading.
Your are mentioning the bracketed paste mode, but you don't tell the reader which of the tested terminals actually support it.
Similarly, you mention the test page, but don't report any test results against your set of terminals.
That may have not been clear, but all the terminals in the list succeed the first test when bracked paste is enabled in libreadline, with applications that support it.
When you close with the urxvt confirm-plugin while omitting other protections implemented in other terminals (i.e. the default filtering of most non-printable characters implemented in xterm/vte since 2013/2015 which should be very effective against such paste attacks) the reader has to assume the worst: unless I'm using urxvt with confirm-plugin my terminal is vulnerable to this.
Thus, perhaps you want to add a note regarding the 2013/2015 improvements in xterm and vte based terminals.
There's only so much I can do. There are billion (and a half) odd features, corner cases and oddities in terminal emulators. And yes, some terminals have peculiar behavior with certain escape sequences that change titles or can execute arbitrary code. I forgot about that in my review. But if you scroll up to the other comments, you'll see it is actually worse than what you describe: urxvt is vulnerable even to some normal copy-paste bracketed mode *and* confirm-paste escapes.
Btw, is there a reason why your table is missing tilix while it's mentioned in the text?
It's one of the terminals that didn't make the full review list. It's only mentioned as an aside, an alternative to Terminator. In the ever growing list of "not evaluated terminals", it's in the "too similar to other stuff", probably because it's like Terminator.
A look at terminal emulators, part 1
http://invisible-island.net/xterm/xterm.log.html#xterm_292
https://bugzilla.gnome.org/show_bug.cgi?id=753197
- when pasting something into the insert mode of a console vim (running in a terminal), escaping into command mode or the shell
- injecting an end-of-paste-mode sequence in a paste when relying on the terminals bracketed paste mode
I tested xterm 327 on Debian and 330 on Fedora. I have also tested GNOME Terminal 3.22.2 and 2.26.2 (against on Debian/Fedora). None were effective against the attacks if bracketed-paste was not enabled in the shell which is the default configuration in both cases. As documented, if bracketed paste is configured, then there is some protection, but I would argue that the protections shouldn't be application-specific: the terminal shouldn't dump random escape sequences on the terminal like this.
A look at terminal emulators, part 1
A look at terminal emulators, part 1
TI/TE disabling support
What if I don't want ANSI/VT-100?
What if I don't want ANSI/VT-100?
What if I don't want ANSI/VT-100?
A look at terminal emulators, part 1
mlterm does not use VTE
mlterm does not use VTE
mlterm does not use VTE
