User: Password:
|
|
Subscribe / Log in / New account

ISVs providing Linux downloads

ISVs providing Linux downloads

Posted Sep 11, 2012 17:11 UTC (Tue) by khim (subscriber, #9252)
In reply to: ISVs providing Linux downloads by mlinksva
Parent article: Meeks: Linux on the (consumer) Desktop

Is what Mozilla has done really hard? Or wrong?

It's hard and wrong. I've already argued about this. It's hard because you don't have an SDK (LSB is a joke as I've explained) and it's "wrong" because distributors hate such self-contained packages with passion (they have strict requirements which make no sense for ISVs because they make life of ISV difficult, but distributions continue to push these rules because they make life ofdistribution-maintainers easier).

This is encouraging: finally after ten years people are starting to discuss real problems and stop repeating "all the software you'll ever need must be packages in the repo" mantra, we'll see how long it'll take to actually address these problems.


(Log in to post comments)

ISVs providing Linux downloads

Posted Sep 11, 2012 21:43 UTC (Tue) by drag (subscriber, #31333) [Link]

Amen.

In a ideal world if you want to use Firefox you get it from Mozilla. If you want to use Chrome you get it from Google. If you want to use Gnome you get it from Gnome project, and if you want to use KDE you get it from KDE project.

Ideally that is the way it should work.

Software distributions should just distribute software.

They should not tell users how to use software or what software to use. Users should be able to use any type of software of any versions they want in any manner they want... Ideally.

Developers should be able to do whatever they want that works best for them. Distros should provide help and documentation and describe best practices. They should not be dictators on what is acceptable and they should not make it harder for developers to reach users even if they disagree with how the users and developers want to interact.

In a ideal world the best Linux distribution is one that you use, but you never heard of. It's just a place were you get your installers and a place your updates download from. You shouldn't have to care because they make things so transparent and easy for you to get the applications you need and run them in the manner you want that you never have a reason to care.

All this stuff is pure utopia and isn't going to happen, but the closer we can get to this ideal the better off we are.

ISVs providing Linux downloads

Posted Sep 11, 2012 22:45 UTC (Tue) by rich0 (guest, #55509) [Link]

I would never use such a distro.

I want ALL my applications to get timely security updates, and not just whatever their respective upstream projects care to support.

I want my applications built the way I want them built, and not the way the upstream projects want to build them. It is easier to find a distro that suits my fashion than to have to make this choice over and over every single time I need to find some piece of software.

I want to get automatic software updates, but I don't want to have 385 separate daemons and scripts each trying to keep some small part of my system up to date.

I think that distros add a great deal of value.

ISVs providing Linux downloads

Posted Sep 11, 2012 23:54 UTC (Tue) by khim (subscriber, #9252) [Link]

I want ALL my applications to get timely security updates, and not just whatever their respective upstream projects care to support.

That's fine, you can have it. In fact there are dozens of distributions which cater to the people like you. The problem? 97-98% of users (Ok, let's be generous: 95% of users) don't give a damn—but they want to play new game the day it released and they want to install new "CoolApp" right after they read a review on a newssite.

The fact that Linux desktop caters to the people like you is great: I'm pretty sure that's why the Linux desktop market share is stable (if minuscule): such people have no viable alternative. But maybe, just maybe, it'll be good to offer something to the rest of the pack?

ISVs providing Linux downloads

Posted Sep 12, 2012 1:48 UTC (Wed) by cyanit (guest, #86671) [Link]

You can have both.

Just make sure that if a new library breaks the ABI, it can be installed side-by-side with the old one and that the old one remains available forever on all newer distributions.

ISVs providing Linux downloads

Posted Sep 12, 2012 4:59 UTC (Wed) by viro (subscriber, #7872) [Link]

... along with all its bugs, that is? Guys, all software sucks. Always had, always will. Including the libraries. The rate of discovery falls as the damn thing gets less and less test exposure, but so does the rate of fixing them. Efficiency of attacker on systematic hunt for bugs does *not* diminish, though. Moreover, the less exposure does the library get, the less incentive one has to do clean fixes as opposed to minimal ones, so the codebase slides deeper and deeper into bitrot. Making further fixes more and more painful and more likely to introduce new bugs.

BTW, in case if it's non-obvious - I agree that userland approach to API stability is atrociously bad. And API design tends to be just as promiscuous and lousy.

It's just that your "solution" really isn't. Neither is bundling libraries with ISV code using those, for the same reasons.

ISVs providing Linux downloads

Posted Sep 12, 2012 5:02 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

Yup. And that's why all major OSes move towards various sandboxing technologies.

ISVs providing Linux downloads

Posted Sep 12, 2012 5:39 UTC (Wed) by khim (subscriber, #9252) [Link]

Efficiency of attacker on systematic hunt for bugs does *not* diminish, though.

It goes down, too. If library just sits out there and nobody uses it then it's useless for attacker anyway. If library is actually needed by some software then user will find and install it (unless s/he'll abandon Linux, that is) and thus it'll be available for the attacker anyway. And if library is not present in the latest version of the distribution but is transplanted from older version then it'll be more buggy, not less.

It's just that your "solution" really isn't.

It's the only alternative which works. We may lament that it's bad for one reason or another (and it is!) but as long as it's the only game in town…

Neither is bundling libraries with ISV code using those, for the same reasons.

Again: if you don't provide stable ABI in your system then ISVs will bundle libraries with their offers. Acrobat brings openssl and libcurl, Firefox brings SQLite and NSS. And games bring practically everything including bundled version of SDL and libvorbis, sometimes even libjpeg and libpng.

If you think that this approach magically makes your system more secure than the one which supplies obsolete libraries in it's core then you are sorely mistaken.

As I've said: few percents of users may be satisfied with selection of goods offered in their repo. Fine, but maybe it's time to create something for the rest of us?

ISVs providing Linux downloads

Posted Sep 11, 2012 23:07 UTC (Tue) by khim (subscriber, #9252) [Link]

The big problem here is the fact that existing software in Linux is not designed to be base for a stable system. Kernel and some basic libraries (GLibC, Xlib and some other libraries) are designed to offer such an interface, but everything above it... it's a mess.

Developers hate the fact that distributors make it hard to distribute software, but when they act as upstream… they break ABI left and right. And you can not have your cake and eat it too: either ABI breakage is tolerated, expected and distributions constantly paper it or developers of the software must keep it stable and upgradeable.

And it's even worse than just libraries! Most languages in Linux world are developed with complete disregard to compatibility! C works fine (using versioned symbols), C++ has namespaces (but note that this is quite new invention: 2006 year, to be exact), but other languages... ugh. Python breaks everything in each release and Perl does the same. You literally can not offer any sort of compatibility if you use them - and yet they are considered to be part of the core (and distribution maintainers are start spewing bad words if package brings it's own version of python).

To have a sane system you need core system developers at least as disciplined as GNU C++ developers—who accidentally broke compatibility between C++98 and C++11 in GCC 4.7 and fixed the problem in GCC 4.7.2 even if that made GCC less compatible with a C++ standard! Looks like they will break the ABI with GCC 4.8 - but hey, previous ABI was with us for a six years! And the plan is to still make it possible to use libraries with old ABI and a new ABI in the same process.

So yes, we have sane foundation, but everything on top of it… I'm not sure what to do with that. As I've said just a few days ago It is hard. It's also necessary.

ISVs providing Linux downloads

Posted Sep 14, 2012 16:37 UTC (Fri) by sciurus (subscriber, #58832) [Link]

ISVs providing Linux downloads

Posted Sep 14, 2012 16:55 UTC (Fri) by khim (subscriber, #9252) [Link]

Perl is in the same ballpark as PHP, Python, Ruby, TCL, PHP and other popular Linux scripting languages: totally incompatible between versions at the C ABI level. You can not even link two modules together in a single program if they use different versions of Perl!

The only sane way to use it is to never use it as a glue code and bundle one specific version of the interpreter with your application (this is how OpenOffice uses python on Windows, BTW). Now, what distribution developers think about this idea? Yeah, I've hear the howls, they are loud and clear.

No, Perl is very much part of the problem, not part of the solution. It (like bazillion other things in Linux) is created with the assumption that you can “recompile the world”.

ISVs providing Linux downloads

Posted Sep 14, 2012 19:21 UTC (Fri) by jackb (guest, #41909) [Link]

It (like bazillion other things in Linux) is created with the assumption that you can “recompile the world”.
What's so hard about "emerge -e world"?

ISVs providing Linux downloads

Posted Sep 15, 2012 16:40 UTC (Sat) by anselm (subscriber, #2796) [Link]

Perl is in the same ballpark as PHP, Python, Ruby, TCL, PHP and other popular Linux scripting languages: totally incompatible between versions at the C ABI level.

For Tcl that hasn't been true since version 8.1, which was released in 1999.

ISVs providing Linux downloads

Posted Sep 15, 2012 17:31 UTC (Sat) by khim (subscriber, #9252) [Link]

I think you have missed one small yet vital letter. I'll highlight: totally incompatible between versions at the C A⇒B⇐I level. ABI, not API. Here we go:
$ objdump -T /usr/lib/libtcl8.[45].so.0 | grep 'g DF' | cut -b 62- | sort | uniq -d | head _fini
_init
Tcl_Access
Tcl_AddErrorInfo
Tcl_AddInterpResolvers
TclAddLiteralObj
Tcl_AddObjErrorInfo
Tcl_AlertNotifier
Tcl_Alloc
TclAllocateFreeObjects
$ objdump -T /usr/lib/libtcl8.[45].so.0 | grep 'g DF' | cut -b 62- | sort | uniq -d | wc -l 639

You can not easily use TCL in any library or plugin because of that. If one plugin will use TCL 8.4 and another plugin will use TCL 8.5 you'll have Russian Roulette: it may work for sime time, but nobody can predict when (and if!) it'll kill you.

Note that even Microsoft is guilty: .NET framework 1.x is totally incompatible with .NET framework 2.x. Thankfully they quickly dropped this insane idea and .NET frameworks 3.x were built on top of the CLR 2. .NET frameworks 4.x use different (and incompatible!) runtimes, but you can use in-process side-by-side hosting to run multiple versions of the CLR in a single process.

Sure, you can do with TCL using some tricks with dlopen and some recompileable shims (nVidia does this even with Linux kernel ABI which is infamous for it's instability!), but… this is not something TCL authors propose and support. They push for the same tried and found wanting "recompile the world" approach.

ISVs providing Linux downloads

Posted Sep 15, 2012 17:52 UTC (Sat) by anselm (subscriber, #2796) [Link]

I suggest you read up on »Tcl stubs«, which is a feature that was introduced in Tcl 8.1 especially to make Tcl extensions in C usable with different (notably future) versions of Tcl.

I used to do a lot of C-level programming with Tcl and this proved to be a very valuable feature because you didn't have to recompile your extensions whenever a new Tcl version came out. So no, you don't need to »recompile the world«, and indeed that is not something the Tcl authors recommend – they recommend using stubs instead so your extensions will be compatible with future Tcl versions without recompilation. In other words, you're wrong.

ISVs providing Linux downloads

Posted Sep 15, 2012 18:39 UTC (Sat) by khim (subscriber, #9252) [Link]

Thanks you for the pointer. I take my words back.

Yes, Tcl stubs is about what's needed for the stable ABI. So we have at least one scripting language whose authors are serious about compatibility.

Now we need to convince developers of extensions to use this mechanism, but this is indeed a good start.

Too bad the Tcl itself is not all that popular. And there is also the unfortunate fact that distributions often don't use Tcl stubs but link with one single version of Tcl directly - but yes, in this particular case authors of the language did their part.

ISVs providing Linux downloads

Posted Sep 16, 2012 13:31 UTC (Sun) by anselm (subscriber, #2796) [Link]

Tcl/Tk – once you get used to it – is much better than its reputation would suggest (Sun would have been able to make a difference when John Ousterhout was at Sunlabs but by that time they had another language to hype).

As it is, Tcl/Tk remains one of the better-kept secrets of the industry; lots of people use it as a work horse but it isn't as »hip« as some of the other languages in the same space – even though it is very well engineered and documented and has been quite innovative in lots of areas. For example, Tcl offered full Unicode support with the release of Tcl 8.1 in 1997, way before any of the other popular languages followed suit, and of course Tk revolutionised X11 GUIs in the early 1990s when everyone else's idea of GUI programming involved C and OSF/Motif. Tcl/Tk can do things like cross-platform single-file deployment that are very helpful and simply not available with most other similar languages. Too bad it doesn't get the attention it deserves.

ISVs providing Linux downloads

Posted Sep 12, 2012 9:44 UTC (Wed) by robert_s (subscriber, #42402) [Link]

"In a ideal world if you want to use Firefox you get it from Mozilla. If you want to use Chrome you get it from Google. If you want to use Gnome you get it from Gnome project, and if you want to use KDE you get it from KDE project."

Wow huge nonsense. You must love running around the web collecting things just to get a functional system.

If we're talking about an ideal world the user should just want - a web browser - and have - a web browser. And if we're talking about 90% of users, 90% of users don't care what web browser they use (nor should they, in all fairness to them, it's just a pity the most common default on computers across the world is such a bucket of crap). A distribution serves a purpose to give a sane face of a simple, usable machine - and if possible hide all the self-advertising, nonsense, and bizarre ideas of how a system should work that "Applications" typically have.

And especially so in a world where "Application" vendors are trying increasingly aggressive tactics to get their stuff on your machine one way or another.

ISVs providing Linux downloads

Posted Sep 12, 2012 14:34 UTC (Wed) by pboddie (guest, #50784) [Link]

At last, someone speaks up for the average user instead of the craze-chasing gadget surfers who can install anything they like (well, apart from a replacement for the locked down base system, that is) for the matter-of-weeks ownership honeymoon period of their new, mobile, "desktop-killing" device before they then seek to replace it with an even newer one "because it has better software".

Where Meeks is right (or is right in terms of emphasis, at least - I only skimmed the article) is that the revenue opportunities for selling reliable, durable, boring-but-works products are limited in this day and age. Everyone would rather sell you flimsy stuff, the same stuff over and over again, or stuff you don't need but can be persuaded to want.

But people actually do want stuff that does the job unless they want to show off. Sadly, the big money is to be made in people showing off.

ISVs providing Linux downloads

Posted Sep 12, 2012 9:55 UTC (Wed) by robert_s (subscriber, #42402) [Link]

"This is encouraging: finally after ten years people are starting to discuss real problems and stop repeating "all the software you'll ever need must be packages in the repo" mantra, we'll see how long it'll take to actually address these problems."

Sigh. As wise as this makes you sound, unfortunately you are King Cnut and the "Linux ecosystem" is the sea. In a storm.

ISVs providing Linux downloads

Posted Sep 12, 2012 10:19 UTC (Wed) by mpr22 (subscriber, #60784) [Link]

Your choice of legendary metaphor bemuses this Englishman who knows who Cnut was, what he is held by legend to have done before his courtiers, and the conflicting views on what - if he did it - his motive was.

ISVs providing Linux downloads

Posted Sep 12, 2012 19:22 UTC (Wed) by hummassa (subscriber, #307) [Link]

Your choice of vocabulary bemuses this Brazilianman that did not know what "to bemuse" mean. And a brief explanation about said King Cnut and whatnot would be useful to help all other fellow netizens from every corner of the Earth to understand what is this all about.

ISVs providing Linux downloads

Posted Sep 12, 2012 23:18 UTC (Wed) by Wol (guest, #4433) [Link]

King Knut (or Canute) had a bunch of courtiers who were rather too good in their flattery.

So I don't know the details exactly, but anyways, he went to the seaside, had his throne plonked on the beach, and he told the rising tide to go away.

The story is widely understood to be about a megalomaniac king who thought he could do anything.

The reality is the opposite - that he was teaching his courtiers a lesson that he WASN'T omnipotent, and that all their flattery was a load of hot air.

It's near the bottom of the wikipedia page on "King Canute".

Cheers,
Wol


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds