7 Mar
2018
7 Mar
'18
12:05 p.m.
On 2018-03-07 11:44, Craig Sanders via luv-main wrote:
BTW, it's not always a good idea to follow install
instructions from
developers. Many of them are focused exclusively on their pride and
joy and
don't give a damn about the operating system it runs on....and many see
the
OS as an obstacle to be worked around.
Oh, so you mean that best practice for production installs *isn't* to
run curl-pipe-sudo-bash that pulls something from the head of a random
github repo and then runs npm to splatter it across your filesystem? ;)
7 Mar
7 Mar
6:09 p.m.
New subject: Looking at RAID
On Wed, Mar 07, 2018 at 12:05:17PM +1100, Paul Dwerryhouse wrote:
On 2018-03-07 11:44, Craig Sanders via luv-main
wrote:
Whatever gave you that impression :)
it's always perfectly safe to run arbitrary shell code downloaded with curl as
root. Just pipe it straight in with sudo. That's so clever.
After all, it's recommended by the **developers**. They know what they're
doing.
and their shell code is guaranteed to be bug-free even if their expertise is
in javascript or ruby and they've never written a sh script before in their
entire life. sh isn't even a real programming language so it can't be that
hard to get right.
craig
ps: yes, this **IS** one of my pet peeves. IMO every dev who ever suggests
`curl | sudo sh` (or similar) as an install method deserves to be tasered
every single time time someone follows their advice. It's criminally negligent.
ditto for devs who say things like "screw the system, install my super-special
program direct from my repo because distro maintainers waste time integrating
software into the system and testing that it doesn't break anything, rather
than immediately jumping onto the latest version as soon as I release it".
They whinge a lot about package management and packaging tools, and then
implement a half-arsed version of their own package management "system" like
`pip` or `gem` or `npm` without bothering to avoid - or even research - any of
the issues that distro developers solved years ago in tools like dpkg and rpm.
"I know what users crave, it's my brawndo-installer, 'curl|sudo sh' -
It's got electrolytes!"
--
craig sanders <cas(a)taz.net.au>
BTW, it's not always a good idea to follow
install instructions from
developers. Many of them are focused exclusively on their pride and joy
and don't give a damn about the operating system it runs on....and many
see the OS as an obstacle to be worked around.
Oh, so you mean that best practice for production installs *isn't* to run
curl-pipe-sudo-bash that pulls something from the head of a random github
repo and then runs npm to splatter it across your filesystem? ;)
6:27 p.m.
New subject: brawndo-installer (was Re: Looking at RAID)
On Wed, Mar 07, 2018 at 06:09:59PM +1100, Craig Sanders wrote:
"I know what users crave, it's my
brawndo-installer, 'curl|sudo sh' - It's got electrolytes!"
http://blog.taz.net.au/2018/03/07/brawndo-installer/
craig
--
craig sanders <cas(a)taz.net.au>
8:22 p.m.
New subject: brawndo-installer (was Re: Looking at RAID)
Hello Craig,
On 3/7/18, Craig Sanders via luv-main <luv-main(a)luv.asn.au> wrote:
On Wed, Mar 07, 2018 at 06:09:59PM +1100, Craig
Sanders wrote:
I know and relate to your pet peeve. Red Hat have done a lot, but I
shifted to Debian because of the package management, particularly
handling dependencies. They all have a lot of similarities, but the
detail differences can be a trap at times.
"I know what users crave, it's my
brawndo-installer, 'curl|sudo sh' - It's
got electrolytes!"
http://blog.taz.net.au/2018/03/07/brawndo-installer/ craig
Regards,
Mark Trickett
8 Mar
8 Mar
2:19 p.m.
New subject: brawndo-installer (was Re: Looking at RAID)
On Wed, Mar 07, 2018 at 08:22:45PM +1100, Mark Trickett wrote:
I know and relate to your pet peeve. Red Hat have done a lot, but I
shifted to Debian because of the package management, particularly
handling dependencies. They all have a lot of similarities, but the
detail differences can be a trap at times.
redhat isn't the problem. I obviously prefer debian, but rpm is a good
package management tool too.
the problem is idiot devs who think that package management is a problem or,
worse, are hostile to the idea of package management...or even to the idea
that their glorious software might need to co-exist on a system with other
programs without fucking them up.
craig
--
craig sanders <cas(a)taz.net.au>
7 Mar
7 Mar
11:48 p.m.
New subject: Looking at RAID
On 07/03/18 18:09, Craig Sanders via luv-main wrote:
ps: yes, this **IS** one of my pet peeves. IMO every
dev who ever suggests
`curl | sudo sh` (or similar) as an install method deserves to be tasered
every single time time someone follows their advice. It's criminally negligent.
Yup, me too. It gets worse, many of the build systems seem to go out of
their way to make it difficult to package things; attempting to package
anything that needs Maven or Gradle to build it is bordering on futile
because of their irritating habit of downloading libraries while building.
Couple that with in-house developers who are actively hostile to having
their software packaged as debs or rpms: one place I worked had one
argue that we shouldn't package our software as rpms because we might,
one day, switch all our servers to a different Linux distribution. Never
mind that the hodge-podge deployment system was a buggy piece of crap
and, if we'd switched to rpms, replacing it would have been three lines
of puppet:
package { "software_name":
ensure => installed
}
They whinge a lot about package management and
packaging tools, and then
implement a half-arsed version of their own package management "system" like
`pip` or `gem` or `npm` without bothering to avoid - or even research - any of
the issues that distro developers solved years ago in tools like dpkg and rpm.
Fscking gem files: sometime, in the last fifteen years, I unpacked a gem
(I think it was selenium-related), intending to figure out how to make a
deb of it, and I found a full win32 binary of Firefox inside it. WTF.
Paul
8 Mar
8 Mar
2:31 p.m.
New subject: Looking at RAID
On Wed, Mar 07, 2018 at 11:48:05PM +1100, Paul Dwerryhouse wrote:
Yup, me too. It gets worse, many of the build systems
seem to go out of
their way to make it difficult to package things; attempting to package
anything that needs Maven or Gradle to build it is bordering on futile
because of their irritating habit of downloading libraries while building.
yep. and every time there's a new npm-related disaster, i keep expecting that
maybe web devs will realise that npm is a fundamentally flawed model for
software distribution.
nope. that is not the world we live in.
Never mind that the hodge-podge deployment system was
a buggy piece of crap
and, if we'd switched to rpms, replacing it would have been three lines of
puppet:
package { "software_name":
ensure => installed
}
but that would just put annoying obstacles in their way when they need to
deploy direct to production.
Fscking gem files: sometime, in the last fifteen
years, I unpacked a gem (I
think it was selenium-related), intending to figure out how to make a deb of
it, and I found a full win32 binary of Firefox inside it. WTF.
what, no chrome?
craig
--
craig sanders <cas(a)taz.net.au>
1848
days inactive
1849
days old
6 comments
3 participants
participants (3)
-
Craig Sanders -
Mark Trickett -
Paul Dwerryhouse