Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
Sapozhnik
Jan 2, 2005

Nap Ghost
There should be OS vendors and ISVs.

OS vendors produce a stable core for applications to operate on. This is 2017, we have a pretty good idea of what this should look like and what services it should and should not provide by now.
OS vendors should not gratuitously break their poo poo and they should be responsible for fixing security vulnerabilities without dragging in other unwanted changes in this core for several years.

ISVs produce products that end users actually give a poo poo about to accomplish tasks they actually give a poo poo about.
In exchange for a well-defined platform that ISVs can reasonably target, those ISVs should be the sole responsible party for making that software work.

What we should not have is organizations like Debian, which are OS vendors that act as pointless ISV middlemen that gratuitously gently caress with ISV software purely for the entertainment value of the activity. Which means users get horribly outdated software, and the responsibility for making that software work rests with no particular person so of course it works like total poo poo.

Note however that the following article makes a compelling case to counter mine:

http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html

Adbot
ADBOT LOVES YOU

cinci zoo sniper
Mar 15, 2013




this all is well but someone should post that xkcd about competing standards

jony neuemonic
Nov 13, 2009

cinci zoo sniper posted:

this all is well but someone should post that goatkcd about competing standards

Notorious b.s.d.
Jan 25, 2003

by Reene

Suspicious Dish posted:

A lot of them want to ship products though. That's why every Linux app under the sun has a PPA and the developers always ask you to use that instead of the official packages, because the official packages are unreliable and they have no clue what's in them.

ppas in particular, and launchpad in general, are the worst thing ever to happen to the linux desktop

Notorious b.s.d.
Jan 25, 2003

by Reene

Sapozhnik posted:

There should be OS vendors and ISVs.

OS vendors produce a stable core for applications to operate on. This is 2017, we have a pretty good idea of what this should look like and what services it should and should not provide by now.
OS vendors should not gratuitously break their poo poo and they should be responsible for fixing security vulnerabilities without dragging in other unwanted changes in this core for several years.

ISVs produce products that end users actually give a poo poo about to accomplish tasks they actually give a poo poo about.
In exchange for a well-defined platform that ISVs can reasonably target, those ISVs should be the sole responsible party for making that software work.

What we should not have is organizations like Debian, which are OS vendors that act as pointless ISV middlemen that gratuitously gently caress with ISV software purely for the entertainment value of the activity. Which means users get horribly outdated software, and the responsibility for making that software work rests with no particular person so of course it works like total poo poo.

Note however that the following article makes a compelling case to counter mine:

http://kmkeen.com/maintainers-matter/2016-06-15-11-51-16-472.html

OS vendors and ISVs already exist:
  • there is one vendor who matters in north america -- red hat.
    (the #2 position is oracle, who ships a perfect 1:1 red hat clone)

  • there are a wide variety of ISVs who target red hat.

  • there's no third item on this list, it's really that loving simple guys

this already works fine. it has worked fine for decades. nothing is broken in this model.

if you are targeting a bullshit distribution, you will experience pain and suffering. adding new middlemen with their own bullshit is only going to make things worse.

technological solutions to social problems are never as simple as a new package format. ever.

Sapozhnik
Jan 2, 2005

Nap Ghost
you live in a world of enterprise server software though. flatpak does not and will not target that world.

Notorious b.s.d.
Jan 25, 2003

by Reene

Sapozhnik posted:

you live in a world of enterprise server software though. flatpak does not and will not target that world.

enterprise yes, server no.

tons of software on my desktop comes from ISVs who apply the same model.

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

Notorious b.s.d. posted:

ppas in particular, and launchpad in general, are the worst thing ever to happen to the linux desktop

There are a lot of technological downsides to PPAs -- Launchpad is a buggy, broken unmaintained piece of poo poo that doesn't do what it says on the tin. The build system is an undocumented piece of poo poo that blows up when you sneeze on it. The APT package manager clearly isn't designed for the "throw many repositories at it" model with insane amounts of conflicts (surprise, surprise, Debian tooling isn't built for composing from multiple vendors).

But the end user experience when it works as designed -- ISVs get to ship their software directly to users without Debian middlemen, and users know they are getting the latest application -- is surprisingly effective, and I don't know why you don't want a more solidified, codified, cross-distribution form of that.

Notorious b.s.d.
Jan 25, 2003

by Reene

Suspicious Dish posted:

But the end user experience when it works as designed -- ISVs get to ship their software directly to users without Debian middlemen, and users know they are getting the latest application -- is surprisingly effective, and I don't know why you don't want a more solidified, codified, cross-distribution form of that.

because "when it works as designed" is "never"

why on earth would i want a solidified, codified, cross-distribution form of something that is already totally broken as it stands?

oh boy now instead of a bunch of random un-trusted packages from strangers who patch poo poo at random, i can have entire trees of vendored libraries from strangers who patch poo poo at random, and they can depend on each other.

no thanks

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe

Truga posted:

so package your rpms+debs for all the distros, it's super simple in 2017 and repackaging on any changes automatic, and you don't even need your own build servers: https://build.opensuse.org/

ppa is good too, though it only does ubuntu packages iirc.

OBS doesn't really work for anything but RPM. At Endless we used a version of OBS hacked up to support Debian better and it was a goddamned pain. Really, these systems are the worst of both worlds: developers have to go through the bureaucracy of managing .spec files and Debian changelogs, but then N times for every system, and then deploy them to OBS and track down bizarre errors that spawn because of the minute differences between the hacked up OBS environment and the "official" dev tooling, with no way to reproduce any of it locally since OBS combines the build server and the build system in one giant heap of confusing Perl.

If you want the end-to-all of Linux wankery, try maintaining a .spec file or Debian package. These formats date from an era of tarball releases before git or even autotools became relatively standard, asking people to maintain separate changelogs.

Just as an example of how annoying they are, they even have the bizarre property of having special code to make sure that the day of the week is correct when you type in "Wed March 15" instead of, you know, fixing it automatically for the user. (One of my hacks I had in my local rpm fork at Red Hat was a patch to rpmbuild to tell you what the day of the week should be in the error message rather than just "it's wrong" and making the user go to a calendar to find what it should be)

The only explanation I can think of for this is that it's a way to keep a mass set of volunteers occupied making countless busywork changes in the goal of feeling like they are helping Linux take over the world. It's a goddamned cult.

spankmeister
Jun 15, 2008






what are your thoughts on fpm

to me it seems like kind of a shotgun packaging method

Sapozhnik
Jan 2, 2005

Nap Ghost
yeah i've been looking at rpm tooling and it's complete poo poo. the tools for generating .rpm files are inextricably linked to red hat's internal processes and the existence of a fire wall between the software developer and the maintaner

"packaging development snapshots from git into rpms is easy! simply make a manual checkout by hand and upload it at a canonical url somewhere, then put that url in your spec file alongside a non-machine-readable comment saying what revision this was checked out from!"

did you just tell me to go gently caress myself?

Suspicious Dish
Sep 24, 2011

2020 is the year of linux on the desktop, bro
Fun Shoe
I love the idea because it makes Linux weenies extremely mad. Unfortunately, it really only works for interpreted poo poo like Ruby or Python or JavaScript -- a place where distribution package managers really don't make much sense as a software delivery mechanism at all.

Sapozhnik
Jan 2, 2005

Nap Ghost
like red hat is deeply disturbed by the very concept of an in-tree rpm spec file and they do not under any circumstances want you to be able to do this

and it's not even anything simple like Debian, where you have an AR containing a control archive and a data archive, or like an Arch package which is literally just a tarball with a few dotfiles in it, it's a CPIO with some sort of lovely proprietary header so you can't easily go :fuckoff: and build them from scratch using a shell script or whatever.

Notorious b.s.d.
Jan 25, 2003

by Reene

spankmeister posted:

what are your thoughts on fpm

to me it seems like kind of a shotgun packaging method

fpm only works well in the most trivial cases, where it only would have taken five minutes to poo poo out an rpm spec in the first place.

for specifically things that use `make install`, I find checkinstall to be a lot like fpm but not as broken

Notorious b.s.d.
Jan 25, 2003

by Reene

Suspicious Dish posted:

I love the idea because it makes Linux weenies extremely mad. Unfortunately, it really only works for interpreted poo poo like Ruby or Python or JavaScript -- a place where distribution package managers really don't make much sense as a software delivery mechanism at all.

yeah this is the only time fpm actually works. and you don't really need fpm for this, because it takes approximately no time to just ... write the spec

worse, sometimes ruby gems and python libs have badly-behaved install scripts that gently caress up fpm, and you end up writing the specfile anyway :smith:

jre
Sep 2, 2011

To the cloud ?



Debian is amazingly useful for determining competence. Anyone still using it after the openssl debacle can safely be ignored

jre
Sep 2, 2011

To the cloud ?



Also gently caress rpmbuild and spec files with a rusty pineapple

Notorious b.s.d.
Jan 25, 2003

by Reene

jre posted:

Also gently caress rpmbuild and spec files with a rusty pineapple

carry on then
Jul 10, 2010

by VideoGames

(and can't post for 10 years!)

jre posted:

Debian is amazingly useful for determining competence. Anyone still using it after the openssl debacle can safely be ignored

rip my rpi

what should i replace raspbian with

sb hermit
Dec 13, 2016





carry on then posted:

rip my rpi

what should i replace raspbian with

pidora?

OldAlias
Nov 2, 2013

carry on then posted:

rip my rpi

what should i replace raspbian with

netbsd :firstpost:

eschaton
Mar 7, 2007

Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?

carry on then posted:

what should i replace raspbian with

RISCOS of course

alternately Haiku, if it boots yet

but you should only run one of those until Mezzano is booting natively on RPi3, then you should switch to it and enjoy the pure Lisp experience

carry on then
Jul 10, 2010

by VideoGames

(and can't post for 10 years!)

lmao im running znc, nginx, and websphere on it, pidora it is

cinci zoo sniper
Mar 15, 2013




pidora is a really bad to tell your russian friends about though

spankmeister
Jun 15, 2008






pizdora

Sapozhnik
Jan 2, 2005

Nap Ghost
still not as good as the critical update notification tool

cinci zoo sniper
Mar 15, 2013





well... pidar is f****t in english, and a/o in similar contexts pronounce the same

Soricidus
Oct 21, 2010
freedom-hating statist shill

cinci zoo sniper posted:

well... pidar is f****t in english, and a/o in similar contexts pronounce the same

faucet? ferret? format?

spankmeister
Jun 15, 2008






Soricidus posted:

faucet? ferret? format?

pidar de fermat

carry on then
Jul 10, 2010

by VideoGames

(and can't post for 10 years!)

spankmeister posted:

pidar de fermat

f****t's last theorem

fritz
Jul 26, 2003


piazadorra

hobbesmaster
Jan 28, 2008

carry on then posted:

rip my rpi

what should i replace raspbian with

it's an embedded system. you should fork an old version of yocto, add a mess of bitbake config files and never update it

eschaton
Mar 7, 2007

Don't you just hate when you wind up in a store with people who are in a socioeconomic class that is pretty obviously about two levels lower than your own?
also be sure to run whatever interfaces with GPIO as root so you can have the joy of risking a physical root exploit

hobbesmaster
Jan 28, 2008

with how sophisticated the tools for glitch attacks are now if someone has physical access to your embedded thing they can get root

sb hermit
Dec 13, 2016





Isn't the rpi 2 susceptible to xenon flashes? No need to access the pins to crash it.

Also, if you put selinux on your pi (and put in the right types and attributes and yada yada) you can run the pin reading code as root and it'll be just as secure as running it as a normal user!

once you write all that up, please do the needful and open source it on github so that it'll be useful to precisely the 2 or 3 geeks that find it, up until the point they have to redo the whole thing because it doesn't fit into how their application components interact and they're tired of all the permission denied errors

sb hermit
Dec 13, 2016





nothing beats just taking the sdcard from the rpi and pulling out all of the secrets stored in cleartext

carry on then
Jul 10, 2010

by VideoGames

(and can't post for 10 years!)

el dorito posted:

nothing beats just taking the sdcard from the rpi and pulling out all of the secrets stored in cleartext

oh no, not my posts

hifi
Jul 25, 2012

i had to laugh at this https://soylentnews.org/meta/article.pl?sid=17/04/20/1055218

Two months ago, I polled the community for advice on the underlying operating system that should power SoylentNews (SN). After reading comments, and some recent experiences in my personal and professional life, we are migrating to Gentoo as the operating system of choice.

second place was freebsd

Adbot
ADBOT LOVES YOU

Cocoa Crispies
Jul 20, 2001

Vehicular Manslaughter!

Pillbug

hifi posted:

i had to laugh at this https://soylentnews.org/meta/article.pl?sid=17/04/20/1055218

Two months ago, I polled the community for advice on the underlying operating system that should power SoylentNews (SN). After reading comments, and some recent experiences in my personal and professional life, we are migrating to Gentoo as the operating system of choice.

second place was freebsd

holy poo poo

I was gonna say ofc some manbaby formula chugging tech bros would run their own os when they should just run their bullshit on blogger or tumblr but then I clicked the link that went to a full 1997 style slashdot powered site lmao

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply