how to make package managers cry
play

How to make package managers cry (or) How to piss off package - PowerPoint PPT Presentation

Nov 20, 2022 •466 likes •796 views

How to make package managers cry (or) How to piss off package managers (pick one) Kenneth Hoste kenneth.hoste@ugent.be GitHub: @boegel Twitter: @kehoste FOSDEM 2018 Package Management devroom Feb 3rd 2018, Brussels

  1. How to make package managers cry (or) How to piss off package managers (pick one) Kenneth Hoste 
 kenneth.hoste@ugent.be GitHub: @boegel Twitter: @kehoste FOSDEM 2018 Package Management devroom Feb 3rd 2018, Brussels (Belgium) 1

  2. Context • "package managers" (people) in the broad sense • anyone who needs to "install" software every now and then • slight focus on scientific software • some personal bias as lead developer of • framework to install (scientific) software on HPC systems • http://easybuilders.github.io/easybuild • disclaimer: most of what I'm showing are not my ideas... 2

  3. Goals • present techniques to make software difficult to install • mention excuses to get away with using them yourself • how to score bonus points by taking things to the extreme • examples of projects that have done a (really) good job 3

  4. WARNING This talk is meant to have a clear sarcastic tone. 
 Please do NOT take it too seriously. It is meant to be an eye-opener regarding 
 "bad" practices in software installation procedures. Please do NOT interpret the given 'advice' as genuine. I do NOT want to insult particular people or projects. 4

  5. Common aspects of mentioned techniques • create confusion • surprise people (but not in a good way) • annoy people • trigger frustration • aim for wasting (human) time 5

  6. Reasons to employ these techniques • try to get less people to use your software • they may find bugs, which you will need to fix • they may ask questions, or submit feature requests... • avoid getting contributions • requires reviewing & testing • you will need to maintain the features they contribute! • if they can't install your software, they will give up quickly • also, motivate more people to use tools like 6

  7. I. Creative software versioning & releasing • don't use semantic versioning (don't see https://semver.org) • make minor changes to releases, without bumping version • don't do bugfix releases • tell people to check GitHub repository for updates • create a webpage with instructions on how to fix known bugs • total lack of proper releases/versions • just a master branch in a GitHub repo, no tags/versions • let people come up with their own versioning scheme! • remove old versions, do not keep an archive of previous releases 7

  8. I. Creative software versioning & releasing • excuses you can use: • "It was just a really tiny change, no need for a new version" • "Versions are not as important as they used to be." • "You should always use the latest available 'version'." • "Old versions had bugs, so they shouldn't be used anymore." • bonus points: • have very strict version requirements for dependencies • clearly motivate your (lack of) versioning policy 8

  9. OpenFOAM: no more (proper) bugfix releases (taken from https://openfoam.org/news/v5-0-patch) 9

  10. WRF: instructions to fix known problems (taken from http://www2.mmm.ucar.edu/wrf/users/wrfv3.7/known-prob-3.7.1.html) 10

  11. Bioconductor 'releases', no old versions http://bioconductor.org • creative interpretation of 'releases' • bundle of R packages with a particular release version (e.g. 3.6) • versions included in latest release get bumped... • ... without bumping the overall version of the bundle • individual packages are not (always) archived • version bump in latest release implies *removing* old version • "nobody should use it anymore, it had bugs" 11

  12. II. Don't provide release notes/changelog • leave people guessing what has changed • at the very least make release notes very vague • "minor enhancements & bug fixes" • excuses you can use: • "See commit history on GitHub for more details." • bonus points: • mention release notes are "coming soon" 
 (and then never provide them) 12

  13. III. Vendoring dependencies • ship copies of required dependencies with your software • excuses you can use: • "Makes installation easier." • "We know best how dependencies should be installed." • bonus points • postpone updating included dependencies as long as possible • make some minor adjustments (and don't contribute back) • only include some dependencies 13

  14. IV. Automagic installation of dependencies • download & install dependencies during installation process • excuses you can use: • "Makes installation easier." • "It's not unfair to assume that internet is reachable." • bonus points • don't properly document dependencies • make it difficult to provide dependencies via another way • only do this for some dependencies • change your mind at some point to surprise people 14

  15. V. More dependencies is better • more dependencies implies more stuff to be installed • try to favour dependencies that are hard to install themselves • excuses you can use: • "I don't want to re-invent the wheel." • bonus points: • mix different programming languages • make your software a common dependency, and rule the world 15

  16. left-pad success story • https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos • > 250 JavaScript modules removed from NPM • including some very popular ones like 'left-pad' • a tiny (trivial) module to 'indent' strings • lots of stuff depended on left-pad, including Node.js • removing of left-pad from NPM broke half the Internet! 16

  17. QIIME dependency hell • bioinformatics software (https://qiime2.org) • requires Python, Perl, R, Haskell, OCaml, ... • released as VM, containers (don't do this, let people install) 17

  18. WARNING This talk is meant to have a clear sarcastic tone. 
 Please do NOT take it too seriously. It is meant to be an eye-opener regarding 
 "bad" practices in software installation procedures. Please do NOT interpret the given 'advice' as genuine. I do NOT want to insult particular people or projects. 18

  19. VI. Hardcoding FTW! • hardcode as much as possible: • names of commands, in particular compilers (gcc, g++) • compiler options, (no) optimisation flags (pro tip: default for GCC is -O0!), ... • locations of libraries, header files, even commands! • versions of dependencies • excuses you can use: • "We expect a standard environment." • "We can't support all possible environments out there." 19

  20. VII. Choose your tools wisely (or don't choose) • prefer using tools that people are not familiar with (yet) • switch to something else when a tool becomes 'mainstream' • use popular tools that nobody likes • use tools with 'special' behaviour • resetting or taking control of the environment • hard to debug/fix when something goes 'wrong' • or use your own scripts rather than an existing tool • or at least create wrappers around tools people know 20

  21. VII. Choose your tools wisely (or don't choose) • excuses you can use: • "These modern tools are a lot better." • "We can't keep living in the past, we need to move forward." • "I prefer to use my own scripts." • bonus points • don't use the tools as they're intended to be used • require an ancient or very recent version for some reason • name your own scripts after existing tools ('./configure') 21

  22. • http://scons.org • "a next-generation build tool" • "improved, cross-platform substitute for classic Make utility" • resets environment in which commands are executed • $PATH is reset to /usr/local/bin:/bin:/usr/bin • can't find commands installed in a non-standard location • (can be controlled via $ENV construction variable, don't tell anyone) 22

  23. • https://bazel.build • uses hardcoded locations for compilers, etc. • /usr/bin/{ar,cpp,gcc,ld}, /usr/lib/gcc, /usr/include, ... • takes control over environment (like SCons does) • confusing command line options: '-copt', '-config=opt' and '-c opt' are three different things! • weird syntax: bazel build --config=opt //tensorflow/tools/pip_package:build_pip_package 23

  24. • popular configuration & build tool, but nobody really likes it • OK if all goes well, but if stuff goes wrong you're in trouble • hard to figure out what's really wrong • convincing CMake to behave is even more challenging • excuses: • You don't really need one, everybody uses it already! 24

  25. VIII. Partial installation procedure • no configuration mechanism (just hardcoding) • no test suite • no support for installing build artefacts somewhere else • excuses • "Not really needed, it's pretty trivial." • bonus points: • provide a test suite, but include broken tests! • hide build artefacts in multiple (deep) subdirectories 25

  26. IX. Interactive scripts • ask questions, only accept specific answers (numbers, words) • try to make it hard to automate • provide a fallback "silent" mechanism for your own sanity (but don't document it!) • excuses you can use: • "Interactive scripts are more intuitive." • bonus points: • numbered list of possible answers, change it over releases 26

  27. • https://www.tensorflow.org • Python library for machine learning/deep learning • originally developed by Google Brain team • most forked GitHub project in 2017 (5th in #contributors) • very popular in scientific research thanks to deep learning hype • great performance on GPU \o/ 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Tmux & Other Tools Jake Zimmerman October 22, 2016 Package Managers Package managers make

Tmux & Other Tools Jake Zimmerman October 22, 2016 Package Managers Package managers make

Tmux & Other Tools Jake Zimmerman October 22, 2016 Package Managers Package managers make installing software easy Package managers let us install software from the command line. are usually specific to an operating system.

424 views • 17 slides
with GNU Guix for developers & power users Package managers are really useful. Package

with GNU Guix for developers & power users Package managers are really useful. Package

functional package management with GNU Guix for developers & power users Package managers are really useful. Package managers are really useful. But they can be so frustrating! Old software Version conflicts Suspenseful upgrades The

705 views • 19 slides
Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or

Package Managers CC-BY-SA 2016 Nate Levesque What is a Package Manager? A package manager or package management system is a collection of software tools that automates the process of installing, upgrading, configuring, and removing computer

924 views • 40 slides
to functional package management with GNU Guix Package managers are really useful. But they can

to functional package management with GNU Guix Package managers are really useful. But they can

a gentle intro to functional package management with GNU Guix Package managers are really useful. But they can be so frustrating! Package managers are really useful. But they can be so frustrating! Version conflicts Old software

280 views • 12 slides
Package Management & Cross-Distro Packages 1 / 24 Package Managers ( I tried my best on

Package Management & Cross-Distro Packages 1 / 24 Package Managers ( I tried my best on

Package Management & Cross-Distro Packages 1 / 24 Package Managers ( I tried my best on accuracy, but dont quote me) dpkg/apt (.deb) pacman (PKGBUILD) Debian Ubuntu Arch Manjaro (and more) yum/dnf/YaST/rpm (.rpm) (Okay I got lazy

357 views • 24 slides
SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What?

SELinux Policy Within Package Managers Why policy is special 1 SELinux? Policy? What? SELinux is a MAC system for Linux Enabled by default on Fedora, RHEL Available on Ubuntu, Gentoo, Debian, etc Policies are available for

579 views • 16 slides
Leveraging solver preferences to tame your package managers Roberto Di Cosmo (I+i+D), Pietro

Leveraging solver preferences to tame your package managers Roberto Di Cosmo (I+i+D), Pietro

Leveraging solver preferences to tame your package managers Roberto Di Cosmo (I+i+D), Pietro Abate (D), Stefano Zacchiroli (i+D), Fabrice Le Fessant (i+I), Louis Gesbert (O) and also J er ome Vouillon (i+D), Ralf Treinen (i+D) Universit

451 views • 29 slides
17 Package Management, for real this time CS 2043: Unix Tools and Scripting, Spring 2019 [1]

17 Package Management, for real this time CS 2043: Unix Tools and Scripting, Spring 2019 [1]

17 Package Management, for real this time CS 2043: Unix Tools and Scripting, Spring 2019 [1] Matthew Milano March 4, 2019 Cornell University 1 Table of Contents 1. Package Management 2. System Specific Package Managers 2 Package

233 views • 19 slides
WEEN W A K E U P I N S P I R E D Coaching, Consulting and Training Solutions to Make Managers

WEEN W A K E U P I N S P I R E D Coaching, Consulting and Training Solutions to Make Managers

WEEN W A K E U P I N S P I R E D Coaching, Consulting and Training Solutions to Make Managers Better Leaders WHO WE ARE Ween is based in Hanoi, Vietnam. We provide coaching, consulting and training solutions to boost managers ability to

365 views • 10 slides
Code review-review is the managers job @johnbarton Make time (nearly) every day to

Code review-review is the managers job @johnbarton Make time (nearly) every day to

Code review-review is the managers job @johnbarton Make time (nearly) every day to systematically review (nearly) all your teams pull requests Standard Disclaimers This is all post hoc rationalisation of me doing what I wanted

271 views • 23 slides
GUNGAHLIN COLLEGE Year 11 Parent Forum Wednesday 31 May CONNECT LEARN ACHIEVE How to

GUNGAHLIN COLLEGE Year 11 Parent Forum Wednesday 31 May CONNECT LEARN ACHIEVE How to

GUNGAHLIN COLLEGE Year 11 Parent Forum Wednesday 31 May CONNECT LEARN ACHIEVE How to make the most of your college package An A package can take you anywhere if you make it work for you. How do I make the most of my A package?

255 views • 12 slides
Inspection Managers: Moira Black Joanne Ward 1 Our purpose and role Our purpose We make sure

Inspection Managers: Moira Black Joanne Ward 1 Our purpose and role Our purpose We make sure

CQC Update 4 November 2014 Inspection Managers: Moira Black Joanne Ward 1 Our purpose and role Our purpose We make sure health and social care services provide people with safe, effective, compassionate, high-quality care and we encourage

497 views • 10 slides
The leaflet . e x tras Package IN TE R AC TIVE MAP S W ITH L E AFL E T IN R Rich Majer u s

The leaflet . e x tras Package IN TE R AC TIVE MAP S W ITH L E AFL E T IN R Rich Majer u s

The leaflet . e x tras Package IN TE R AC TIVE MAP S W ITH L E AFL E T IN R Rich Majer u s Assistant Vice President , Colb y College The leaflet . e x tras Package We w ill foc u s on three e x tras : addSearchOSM() - make map searchable

410 views • 27 slides
Helping Managers Engage Their Employees Lori Gillespie Bernadette Fortenbaugh CMS Leadership

Helping Managers Engage Their Employees Lori Gillespie Bernadette Fortenbaugh CMS Leadership

Helping Managers Engage Their Employees Lori Gillespie Bernadette Fortenbaugh CMS Leadership Institute Faculty & OD Consultants How are your Managers doing on Engagement? Do they make time to talk with each of their employees about

635 views • 20 slides
How City Managers Can Make Your Life Better David Zook, Nibley City Manager Congratulations!

How City Managers Can Make Your Life Better David Zook, Nibley City Manager Congratulations!

How City Managers Can Make Your Life Better David Zook, Nibley City Manager Congratulations! Why did you run for office? Welcome to What do you hope to accomplish? Public Service How will you accomplish your goals? I have a

254 views • 12 slides
Parsing package docs: Part III: Using the ReadP package

Parsing package docs: Part III: Using the ReadP package

On to ReadP ReadP A small, but fairly complete parsing package (shipped with GHC) Parsing package docs: Part III: Using the ReadP package http://hackage.haskell.org/package/base-4.12.0.0/docs/ Text-ParserCombinators-ReadP.html

537 views • 7 slides
Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu

Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu

Computational Health at UNIPI Corrado Priami corrado.priami@unipi.it Alina Srbu alina.sirbu@unipi.it Health and computer science Mathematics Health Systems informatics biology Medicine Computer Physics Science Bioinformatics

112 views • 8 slides
The second wave: the success stories DARPA (American Defense Advanced Research Projects Agency)

The second wave: the success stories DARPA (American Defense Advanced Research Projects Agency)

The BioRobotics Institute Scuola Superiore SantAnna, Pisa Embodied Intelligence in Natural and Artificial Agents Robotics is coming of age Fabio Bonsignorio 1,2,3,4,5,6 RoboCom++ Embodied Intelligence in Natural and Artificial Agents WG Leader

491 views • 18 slides
TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems

TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems

Types of Numbers What is a number? Complex Russian Dolls Model Real Rational TDDE25 Integer F 2 Natural Chap 1: Data Storage Types of Numbers Number Systems Representation in Computers https://www.ida.liu.se/~TDDE25/index.en.shtml

370 views • 12 slides
Particle Filtering Sometimes |X| is too big to use exact inference |X| may be too big to

Particle Filtering Sometimes |X| is too big to use exact inference |X| may be too big to

Particle Filtering Sometimes |X| is too big to use exact inference |X| may be too big to even store B(X) E.g. X is continuous |X| 2 may be too big to do updates Solution: approximate inference Track samples of X, not

284 views • 27 slides
who am I? Lead researcher at Possible Security, Latvia Hacking and breaking things

who am I? Lead researcher at Possible Security, Latvia Hacking and breaking things

who am I? Lead researcher at Possible Security, Latvia Hacking and breaking things Network flow analysis Reverse engineering Social engineering Legal dimension https://kirils.org/ twitter / @KirilsSolovjovs who

1.09k views • 79 slides
H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O)

H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O)

H OW T O S A Y N O (W IT H OU T A C T U A LLY S A Y IN G N O) An overview of practical steps and phases in effectively growing an organisation's technical competency. Peter Brownell @greenman

417 views • 18 slides
The road to Hell is paved with best practices Image: Caution, a Creative Commons

The road to Hell is paved with best practices Image: Caution, a Creative Commons

The road to Hell is paved with best practices Image: Caution, a Creative Commons Attribution Non- Commercial Share-Alike (2.0) image from zippy'sphotostream Warning <RANT> Why Not all best practices seem to make us more

1.19k views • 71 slides
Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System

Mac OS X for Unix Geeks Hit The Ground Running Overview 1. System Architecture 2. System Administration 3. GUI Tricks 4. Command line tricks 5. Docs & Resources Architecture - 1 - Directory Layout / /Applications and

648 views • 38 slides

More recommend