On 2018-03-07 11:44, Craig Sanders via luv-main wrote:
BTW, it's not always a good idea to follow install instructions from developers. Many of them are focused exclusively on their pride and joy and don't give a damn about the operating system it runs on....and many see the OS as an obstacle to be worked around.
Oh, so you mean that best practice for production installs *isn't* to run curl-pipe-sudo-bash that pulls something from the head of a random github repo and then runs npm to splatter it across your filesystem? ;)
On Wed, Mar 07, 2018 at 12:05:17PM +1100, Paul Dwerryhouse wrote:
On 2018-03-07 11:44, Craig Sanders via luv-main wrote:
BTW, it's not always a good idea to follow install instructions from developers. Many of them are focused exclusively on their pride and joy and don't give a damn about the operating system it runs on....and many see the OS as an obstacle to be worked around.
Oh, so you mean that best practice for production installs *isn't* to run curl-pipe-sudo-bash that pulls something from the head of a random github repo and then runs npm to splatter it across your filesystem? ;)
Whatever gave you that impression :) it's always perfectly safe to run arbitrary shell code downloaded with curl as root. Just pipe it straight in with sudo. That's so clever. After all, it's recommended by the **developers**. They know what they're doing. and their shell code is guaranteed to be bug-free even if their expertise is in javascript or ruby and they've never written a sh script before in their entire life. sh isn't even a real programming language so it can't be that hard to get right. craig ps: yes, this **IS** one of my pet peeves. IMO every dev who ever suggests `curl | sudo sh` (or similar) as an install method deserves to be tasered every single time time someone follows their advice. It's criminally negligent. ditto for devs who say things like "screw the system, install my super-special program direct from my repo because distro maintainers waste time integrating software into the system and testing that it doesn't break anything, rather than immediately jumping onto the latest version as soon as I release it". They whinge a lot about package management and packaging tools, and then implement a half-arsed version of their own package management "system" like `pip` or `gem` or `npm` without bothering to avoid - or even research - any of the issues that distro developers solved years ago in tools like dpkg and rpm. "I know what users crave, it's my brawndo-installer, 'curl|sudo sh' - It's got electrolytes!" -- craig sanders <cas@taz.net.au>
On Wed, Mar 07, 2018 at 06:09:59PM +1100, Craig Sanders wrote:
"I know what users crave, it's my brawndo-installer, 'curl|sudo sh' - It's got electrolytes!"
http://blog.taz.net.au/2018/03/07/brawndo-installer/ craig -- craig sanders <cas@taz.net.au>
Hello Craig, On 3/7/18, Craig Sanders via luv-main <luv-main@luv.asn.au> wrote:
On Wed, Mar 07, 2018 at 06:09:59PM +1100, Craig Sanders wrote:
"I know what users crave, it's my brawndo-installer, 'curl|sudo sh' - It's got electrolytes!"
I know and relate to your pet peeve. Red Hat have done a lot, but I shifted to Debian because of the package management, particularly handling dependencies. They all have a lot of similarities, but the detail differences can be a trap at times.
craig
Regards, Mark Trickett
On Wed, Mar 07, 2018 at 08:22:45PM +1100, Mark Trickett wrote:
I know and relate to your pet peeve. Red Hat have done a lot, but I shifted to Debian because of the package management, particularly handling dependencies. They all have a lot of similarities, but the detail differences can be a trap at times.
redhat isn't the problem. I obviously prefer debian, but rpm is a good package management tool too. the problem is idiot devs who think that package management is a problem or, worse, are hostile to the idea of package management...or even to the idea that their glorious software might need to co-exist on a system with other programs without fucking them up. craig -- craig sanders <cas@taz.net.au>
On 07/03/18 18:09, Craig Sanders via luv-main wrote:
ps: yes, this **IS** one of my pet peeves. IMO every dev who ever suggests `curl | sudo sh` (or similar) as an install method deserves to be tasered every single time time someone follows their advice. It's criminally negligent.
Yup, me too. It gets worse, many of the build systems seem to go out of their way to make it difficult to package things; attempting to package anything that needs Maven or Gradle to build it is bordering on futile because of their irritating habit of downloading libraries while building. Couple that with in-house developers who are actively hostile to having their software packaged as debs or rpms: one place I worked had one argue that we shouldn't package our software as rpms because we might, one day, switch all our servers to a different Linux distribution. Never mind that the hodge-podge deployment system was a buggy piece of crap and, if we'd switched to rpms, replacing it would have been three lines of puppet: package { "software_name": ensure => installed }
They whinge a lot about package management and packaging tools, and then implement a half-arsed version of their own package management "system" like `pip` or `gem` or `npm` without bothering to avoid - or even research - any of the issues that distro developers solved years ago in tools like dpkg and rpm.
Fscking gem files: sometime, in the last fifteen years, I unpacked a gem (I think it was selenium-related), intending to figure out how to make a deb of it, and I found a full win32 binary of Firefox inside it. WTF. Paul
On Wed, Mar 07, 2018 at 11:48:05PM +1100, Paul Dwerryhouse wrote:
Yup, me too. It gets worse, many of the build systems seem to go out of their way to make it difficult to package things; attempting to package anything that needs Maven or Gradle to build it is bordering on futile because of their irritating habit of downloading libraries while building.
yep. and every time there's a new npm-related disaster, i keep expecting that maybe web devs will realise that npm is a fundamentally flawed model for software distribution. nope. that is not the world we live in.
Never mind that the hodge-podge deployment system was a buggy piece of crap and, if we'd switched to rpms, replacing it would have been three lines of puppet:
package { "software_name": ensure => installed }
but that would just put annoying obstacles in their way when they need to deploy direct to production.
Fscking gem files: sometime, in the last fifteen years, I unpacked a gem (I think it was selenium-related), intending to figure out how to make a deb of it, and I found a full win32 binary of Firefox inside it. WTF.
what, no chrome? craig -- craig sanders <cas@taz.net.au>
participants (3)
-
Craig Sanders -
Mark Trickett -
Paul Dwerryhouse