Petreley On Simplifying Software Installation for Linux

markcappel writes "RAM, bandwidth, and disk space are cheap while system administrator time is expensive. That's the basis for Nicholas Petreley's 3,250-word outline for making Linux software installation painless and cross-distro." The summary paragraph gives some hint as to why this isn't likely to happen anytime soon.

Word

"That's the basis for Nicholas Petreley's 3,250-word outline for making Linux software installation painless and cross-distro."

Was it necessary to include the word count? It's hard enough to get slashdotters to read a small article and post intelligently, this cant help...

Re:Word

The article is surprisingly dense for such a word count -- yet is easy to read.

Petreley is undoubtedly getting the grip of this "writing thing"... ;-)

Seriously, though, however smart and logical are his conclusions, one thing bothers me: the installation should be simplified but "right", too.

I mean, there are other objectives besides being easy.

Last week I tried to install Red Hat 8.0 on a Pentium 75Mhz with 32MB RAM (testing an old machine as X-terminals). It didn't work.
The installation froze at the first package -- glibc (it was a network installation) -- probably due to lack of memory (as evidenced by free et al.).

Why? It was a textmode installation. I know from past experience that older versions of Red Hat would install ok (I used to have smaller computers).

My suspect is that Red Hat has become too easy -- and bloated. Mind you, I opted for Red Hat instead of Slack or Debian because of my recent experiences, in which RH showed to recognize hardware better than others.

I hope Petreley's proposed simplification, when implemented, takes size into consideration. The way it is (using static libs, for instance), it seems the other way.

The article as a whole, though, present neat ideas and it's one of the best I've recently read.

Autopackage comes to mind

[Simon+(S2)]

Autopackage comes to mind.

from the site:
* Build packages that will install on many different distros
* Packages can be interactive
* Multiple front ends: best is automatically chosen so GUI users get a graphical front end, and command line users get a text based interface
* Multiple language support (both in tools and for your own packages)
* Automatically verifies and resolves dependancies no matter how the software was installed. This means you don't have to use autopackage for all your software, or even any of it, for packages to succesfully install.

Static linking problems

[digitalhermit]

Static linking might be useful as a workaround for the more esoteric distros, but it has its problems. For one, if you statically link your application then anytime there's a security fix or change to the linked library you'll need to recompile the application, not just upgrade the library. This would probably cost more in administration time than upgrading a single library since multiple applications may be dependent on the one library.

Re:Static linking problems

[Ed+Avis]

Static linking is a seriously bad idea. Part of the job of a packager is to arrange the app so it doesn't include its own copies of packages but uses the standard ones available on the system (and states these dependencies explicitly, so the installer can resolve them automatically).

Take zlib as an example of a library that is commonly used. When a security hole was found in zlib a few months ago, dynamically linked packages can be fixed by replacing the zlib library. This is as it should be. But those that for some reason disdained to use the standard installed libz.so and insisted on static linking needed to be rebuilt and reinstalled.

(OK I have mostly just restated what the parent post said, so mod him up and not me.)

Quite apart from the stupidity of having ten different copies of the same library loaded into memory rather than sharing it between processes (and RAM may be cheap, but not cheap enough that you want to do this... consider also the CPU cache).

A similar problem applies to an app which includes copies of libraries in its own package. This is a bit like static linking in that it too means more work to update a library and higher disk/RAM usage.

Finally there is a philosophical issue. What right has FooEdit got to say that it needs libfred exactly version 1.823.281a3, and not only that exact version but the exact binary image included in the package? The app should be written to a published interface of the library and then work with whatever version is installed. If the interface provided by libfred changes, the new version should be installed with a different soname, that is libfred.so.2 rather than libfred.so.1. It's true that some libraries make backwards-incompatible changes without updating the sonames, but the answer then is to fix those libraries.

Re:Static linking problems

[dwillyson]

Nice try!
but 1$ -> 45 Indian Ruppes

So you wouldn't be able to hire 1000 Indian programmers with that exchange rate.

Also your racist comments show how little you know about Indian programmers some of who are big names in the American Computer Industry.

Also almost every Indian programmer is well versed with English language and most of them can understand/write better english than you, so you won't have to hire a crappy american undergrad to do the translation work.

Gentoo

[Tyler+Eaves]

emerge

Doesn't get any simpler than that. Come back in a minute to 12 hours (Depending on the package), and *poof* new software. Ditto BSD ports.

Re:Gentoo

[sirius_bbr]

I tried it (gentoo) some time ago. After two weeks of frustration I moved back to debian.

For me it was more like
1. emerge
2 come back in 8 hours and then:
a. see whole bunch of compilation errors,
b. dependencies were not sorted out correct, so nothing works
c. combination of above

I specially liked (still do) the optimization potential (where debian is stuck at i386), but it didn't work for me.

Re:Gentoo

[KPU]

Assuming redhat, freebsd, windows and mac osx installers installed and setup how you like, the interfaces are a lot simpler than gentoo or debian's.
I have installed windows, redhat, and gentoo. Yes, windows and redhat have much prettier interfaces. However, I have spent countless hours trying to install windows and redhat because the install tried to do something I didn't want it to do and crashed.
Windows 2000: the box has IDE and SCSI drives. I wanted windows on the SCSI drive as C. I had to take the IDE drive out to get it to let me. I don't even know where to start installing windows 2000 on a box without a CD-ROM drive.
RedHat: Anybody ever try installing RedHat onto a new box using ReiserFS and network install when the card is listed but the module won't load? I gave up and installed a CD-ROM drive.
Gentoo's install does take a long time but I never had these problems. When I was selecting where to install, I just used /dev/sda* instead. Machine doesn't have a CD-ROM drive or network isn't supported? I made a nfsroot kernel, mounted root from another one of my gentoo boxes, and did the install from there.
Slackware has a similar install procedure (all console) but it doesn't compile everything like gentoo.
So the point is, "Assuming redhat, freebsd, windows and mac osx installers installed and setup how you like" is a very big assumption.

Re:Gentoo

[Tony+Hoyle]

Firstly, when gentoo boots you have to wing it to work out how to get online to read the damned thing. Then it tells you to set your USE variables, with *no* documentation about what any of them do (not that it matters, half of the packages ignore them anyway). I also found several factual errors in it (for example stating that files are on the CD that aren't there).

emerge doesn't pick the latest versions of stuff either... you end up installing from source anyway. eg. I need the kerberos enabled ssh to work with my network. I had krb5 in my USE but it didn't build with kerberos. It also built an out of date version. I had to manually go in to the package directory and force it to build the latest version (which emerge insisted didn't exist).. which still didn't build with kerberos, so I gave up on it and ftp'd a prebuilt one from a debian machine.

Also the dependencies suck rocks. I wanted to build a minimal setup and get it working, so I decided to install links. Bad move. It pulled in svgalib (??), most of X and about a million fonts - for a *text mode* browser.

12 hours is also a bit optimistic - On a dual processor machine I had it building for 3 days.. and at the end half the stuff didn't work anyway. Luckily I can get a debian install on in 20 minutes with a following wind, so I got my machine back without much hassle.

Re:Gentoo

[antiMStroll]

Not what I remember. The install docs are on the CD. Alt-F2 to open a second console, then 'less README.TXT' or 'less README' to view the instructions. The last Gentoo install I did was 1.2, so this may have changed.

Correct, emerge doesn't automatically pick 'the latest stuff'. Which distro does? The true route to madness for any distro designer is to insure all the default installs are cutting edge. Forcing a higher version is simple, use 'emerge explicit-path-to-ebuild'. Typing 'emerge icewm' builds the default, tested and solid verion, 'emerge /usr/portage/x11-wm/icewm/icewm.x.x.x.ebuild' builds whichever one you chose. There are other methods as well. On the other hand, if an exploit is found a new ebuild for the package is up almost immediately.

Regarding svga lib, Gentoo has a large number of default build parameters in /etc/make.profile/make.defaults, one of them being svga support. Links with svga support is awesome, and what I'm using to post right now (links -g). To remove it, add -svga to your USE variables in /etc/make.conf . I always do 'emerge --pretend packagename' before an emerge to see what will be installed.

Lastly, something doesn't jibe between your claim of aiming for a minimal install and a 3 day compile. My 192 meg P2-366 notebook took an evening. KDE and OpenOffice (the latter if compiled from source, instant-install binary versions are also available) are reputed to take days on slower machines.

While the Gentoo install and USE variable configs are complicated and well beyond the capabilities of new users, post-installation upkeep is a dream. It's a hard-core distro more suited to geeks and business environments. Sounds to me as if you simply didn't know enough going in.

Fallback

Place user applications in their own directories

This single rule alone would eliminate most of the problems. It enables fallback to manual package management, it resolves library conflicts, it avoids stale files after uninstallation and it prevents damaging the system which can be caused by overwriting files during installation and subsequently removing files during uninstallation.

General bad attitude towards anything easy

[Microlith]

The first obstacle to overcome is the bad attitude many linux users have that if something is easy to install, or easy to use, it is therefore bad.

As I see it, many would like to keep the learning curve very, very steep and high to maintain their exclusivity and "leetness" if you will.

For instance, the post above mine displays the ignorant attitude that "easy to install" by definition equals "unstable software" and has only a jab at MS to cite as a reference.

That's truly sad (though that may just be a symptom of being a slashdot reader.)

As I see it, not everyone finds: ./configure
make
make install

to be intuitive, much less easy, never mind what happens if you get compiler errors, or your build environment isn't the one the package wants *cough*mplayer*cough*, or if you even have said development environment.

Nor does it mean the software is any more stable. Could be just as shitty. _That_ is a matter of the developer of the program, not the install process.

No, please

[Yag]

Thats the reason windows servers are more vulnerable to attacks, because they give you the idea that its easy to mantain them... Its the same thing saying that you dont need any pilot on an airplane (and that you can put there anyone) if you make a good autopilot engine... We need more knowledge in system administration, not more automatisms.

Re:No, please

[evilviper]

I can't agree with that. There are lots of programs that could add one or two features, and simply no longer require so much human work... XF86 comes to mind immediately.

But, I have to say this article was so far off the mark that it's funny. `Let's take all the ideas from Windows of what an installation package should be, and apply them to Unix.' No, I think not.

RANT:
I dare say the biggest problem is that everyone is going the wrong direction. RPM is the standard, yet it sucks. Binary packages sepearate the `devel' portions into another package, making the system fail miserably if you ever need no compile software. It has piss-poor depend management. Instead of checking if a library is installed, it checks if another RPM has been installed. If it has been installed, it assumes the library is there. If it isn't installed, it assumes the library isn't there... Crazy! To have an RPM depend on a library I've compiled, I have to install the RPM of the library, then compile and install my own over the top of the RPM's files. RPM is like the government system of package management. You have to do everything their way, or it won't let you do anything at all.

I liked Slackware's simplistic packages more than anything else. At least there I could just install the package, and it wouldn't give me shit about dependencies. If I didn't install the dependencies, I got an error message, but it wouldn't refuse to install or try to install something for me automatically. I can take care of the dependencies any way I want. RPMs are supposed to save you time, but instead, because of it's dependency management, it used up far more of my time trying to deal with it's quirks, than it could have *possibly* saved me.

Another thing I find annoying is that there is only one version available. You can only get a package compiled without support for XYZ... Well that's fine if I don't have XYZ, but what if I do? I like the ports system, although it does some things automatically that I don't like (I would rather it asked me), it doesn't step on your toes much at all, it gives you all the customizability you could want (and only if you want it), and it's much simpler and faster than untaring and configure/make-ing everything.

Matrix Reloaded spoiler in parent

[jeroenvw]

WARNING: Stupid Matrix reloaded spoiler in parent, in the middle of the 4th paragraph

OpenStep / OS X frameworks

[pldms]

Did some of the suggestions remind anyone of the OpenStep frameworks idea?

Frameworks (very roughly) are self contained libraries containing different versions, headers, and documentation. Java jar libraries are somewhat similar.

The problem is that using frameworks requires major changes to the tool chain - autoconf et al, cc, ld etc.

Apple shipped zlib as a framework in OS X 10.0 (IIRC) but getting unix apps to use it was very difficult. Apple now only seem to use frameworks for things above the unix layer.

I suspect there are lessons to be learned from this. As another poster said, evolution rather than revolution is more likely to succeed.

emerge maybe easy.

But installing gentoo is still hard.

Insert cd.
login in from the command line
net-setup ethx
cfdisk
mkrieserfs
wget ftp.gentoo-mirror.net/pub/gentoo/stage1.tar
tar xzjdocmnaf stage1.tar
mkdir /mnt/gentoo/
chroot /mnt/gentoo
scripts/bootstrap.sh
(10 hours later)
emerge ufed
edit use flags
emerge system
emerge gentoo-sources
configure kernel, having do lspci and googling obscure serial numbers to find out what modules to compile
install kernel
muck around with it's non standard bootloader
install cron and sysloggers
umount
reboot
spend two days sorting out the kernel panics
wait all week for kde to emerge.
processor dies of over work
huge nasty electricty bill arrives after running emerge for over a week 24/7

in other words, no

Executive summary:

[I+Am+The+Owl]

Use Debian and apt-get. No, seriously, could it be much easier?

How about this

[Fluffy+the+Cat]

The complaints are, almost entirely, about libraries. But there's already a robust mechanism for determining that a library dependency is satisfied - the SONAME defines its binary compatibility. So if stuff is breaking, it's because library authors are changing binary compatibility without changing the SONAME. How about we just get library authors to stop breaking stuff?

No no no!

[FooBarWidget]

First of all, RAM and disk space are NOT cheap. I spent 60 euros for 256 MB RAM, that's is not cheap (it's more than 120 Dutch guilders for goodness's sake!). A 60 GB harddisk still costs more than 200 euros. Again: not cheap. Until I can buy 256 MB RAM for 10 euros or less, and 60 GB harddisks for less than 90 euros, I call them everything but cheap.

What's even less cheap is bandwidth. Not everybody has broadband. Heck, many people can't get broadband. I have many friends who are still using 56k. It's just wrong to alienate them under the philosophy "bandwidth is cheap".
And just look at how expensive broadband is (at least here): 1 mbit downstream and 128 kbit upstream (cable), for 52 euros per month (more than 110 Dutch guilders!), that's just insane. And I even have a data limit.

There is no excuse for wasting resources. Resources are NOT cheap dispite what everbody claims.

It is not just the ease but the language...

[terraformer]

It is not just the ease of installation but also the language used during that installation that is foreign to many users. Having a nice point and click interface on linux installs is a major leap forward but these still reference things like firewalls, kernels, services, protocols etc. Most people, when faced with new terms become disoriented and their frustration level rises. These setup routines have to ask users what they are looking to accomplish with their brand spanking new linux install.

• Would you like to serve web pages? (Yes or No where the answer installs and configures Apache)
• Would you like to share files with other users in your home/office/school? (Yes or No where the answer installs and configures Samba)

Etc...

Apple has it right

[wowbagger]

From what I am given to understand of the way the Mac OS 10.* handles such things, Apple got it more closely to right.

As I see it, the following things need to happen to really make application installation be very clean under any Unix like operating system:

1. All apps install in their own directory under /usr/[vender name]/[app name] - the reason for including the vender name is so that when two venders release different apps with the same name (Phoenix comes to mind) you can still dis-ambiguate it. Also allow apps to install into ~/apps/[vender name]/[app name] to allow for non-root installation.
2. Under an app's directory, create the following subdirs:
   • [arch]/bin - any binaries that are OS/CPU dependent.
   • bin - shell scripts to correctly pick the right [arch]/bin file.
   • man - man pages for the app
   • html - help files in HTML, suitable for browsing
   • [arch]/lib - any shared libraries specific to the app.
   • system - desktop icons and description files, perferably in a WM-agnostic format, MIME type files, magic files (for the file command, and a description of each program in the app, giving the type(s) of application for each binary (e.g. Application/Mapping; Application/Route Planning).
   
   
3. Shells and WMs are extended to search under /usr/*/*/bin for programs, /usr/*/*/man for man pages, etc.
4. Programs shall look for ~/.{vender]/[appname] for their per-user storage area, and will create this as needed.
5. The system must provide an API for asking if a given library/application/whatever is installed.
6. The system must provide an API for installing a missing component - this API should be able to *somehow* locate an appropriate package. The requesting app will provide a list of acceptable items (e.g. need libfoo.so.0.1.6,libfoo.so.0.1,libfoo.so.0)
7. This is the biggest item, so I'm really going to stress it:
   

   PACKAGE CREATORS MUST BE HELD ACCOUNTABLE FOR BEING OVERLY ANAL-RETENTIVE ABOUT WHAT PACKAGES THEY REQUIRE

   
   Too damn many times I've tried to install FOO, only to be told by the packaging system "FOO needs BAR". But FOO doesn't *need* BAR, it just works "better" if BAR is present (e.g. the XFree packages from RedHat requiring kernel-drm to install, but working just fine (minus accelerated OpenGL) without it).

Were venders to do this, then a program install could be handled by a simple shell script - untar to /tmp, run script to install needed pre-reqs, move files to final location.

The system could provide a means to access the HTML (a simple, stupid server bound to a local port, maybe?) so that you could browse all installed apps' help files online.

As a final fanciness, you could have an automatic process to symlink apps into a /usr/apps/[application class] directory, so that if you wanted to find all word processing apps you could
ls /usr/apps/WordProcessors
and see them.

Instances don't really matter for static linking

[Skapare]

Nicholas Petreley writes:

The following numbers are hypothetical and do not represent the true tradeoff, but they should serve well enough to make the point. If libthingy is 5K, and your application launches a maximum of 10 instances, all of which are statically linked with libthingy, you would only save about 45K by linking to libthingy dynamically. In normal environments, that is hardly worth the risk of having your application break because some other build or package overwrites the shared version of libthingy.

Linking libthingy statically into application foo does not preclude the sharing. Each of the instances of application foo will still share all the code of that executable. So if libthingy takes up 5K, and you launch 10 instances, that does not mean the other 9 will take up separate memory. Even statically linked, as long as the executable is in a shared linking format like ELF, which generally will be the case, each process VM will be mapped from the same file. So we're still looking at around 5K of real memory occupancy for even 1000 instances of application foo. The exact details will depend on how many pages get hit by the run-time linker when it has to make some address relocations. With static linking there is less of that, anyway. Of course if libthingy has its own static buffers space it modified (bad programming practice in the best case, a disaster waiting to happen in multithreading) then the affected pages will be copied-on-write and no longer be shared (so don't do that when developing any library code).

Where a shared library gives an advantage is when there are many different applications all using the same library. So the "shared" part of "shared library" means sharing between completely different executable files. Sharing between multiple instances of the same executable file is already done by the virtual memory system (less any CoW).

The author's next point about sharing between other applications is where the size of libthingy becomes relevant. His point being that if libthingy is only 5K, you're only saving 45K by making it a shared (between different executables) library. So that's 45K more disk space used up and 45K more RAM used up when loading those 10 different applications in memory. The idea is the hassle savings trumps the disk and memory savings. The situation favors the author's position to use static linking for smaller less universal libraries even more than he realized (or at least wrote about).

For a desktop computer, you're going to see more applications, and fewer instances of each, loaded. So here, the issue really is sharing between applications. But the point remains valid regarding small specialty libraries that get used by only a few (such as 10) applications. However, on a server computer, there may well be hundreds of instances of the same application, and perhaps very few applications. It might be a mail server running 1000 instances of the SMTP daemon trying to sift through a spam attack. Even if the SMTP code is built statically, those 1000 instances still share unmodified memory mapped from the executable file.

This is the price to pay..

[DuSTman31]

One of the greatest strengths of the UNIX platform is its diversity..

Package installation is a simple prospect on the Windows platform for the simple reason that the platform has little diversity.

Windows supports a very limited set of processors.. So there's one factor that windows packaging doesn't have to worry about.

Windows doesn't generally provide seperately compiled binaries for slightly different processors ("Fat binaries" are used instead, wasting space).. So the packaging system doesn't have to worry about that. On linux, on the other hand, you can get separate packages for an athlon-tbird version and an original athlon version.

On an MS system, the installers contain all the libraries the package needs that have the potential to not be on the system already. This could make the packages rather large, but ensures the user doesn't have to deal with dependencies. Personally, I'd rather deal with dependencies myself than super-size every installer that relies on a shared object..

Furthermore, on windows there arn't several different distributions to worry about, so the installers don't have to deal with that either.

All of these point confer more flexibility to the unix system but have the inevitable consequence that package management can get to be rather a complex art. We could simplify package management a great deal, but it'd mean giving up the above advantages.

Not just a linux problem

[jd142]

This same problem occurs in the windows world as well, dll hell as it is often called. Here's how it works for windows. Say your program needs vbrun32.dll. You have a choice. You can put the dll in the same folder as the executable, in which case your program will find it and load the right dll. Or you can put it in the system or system32 dll in which case your program and others can find it and load it. However, if vbrun32.dll is already loaded into memory, your program will use that one. I remember we used to have problems with apps only working if loaded in the right order so the right dll would load.

As with Linux, if there's a bug in the library you have to update either one file or search through the computer and update all instances. But, as with linux, the update can mess up some programs, others might be poorly coded and not run with newer versions of the dll. I've seen this last problem in both windows and linux; it looks like the programmer did if version != 3.001 then fail instead of if version 3.001 then fail.

If everyone is forced to use the same library, you get these problems and benefits:

--1 easy point of update
--1 easy point of failure
--older software may not run with newer versions
--programmers may insist on a specific version number
--updates to the libraries can benefit all programs; if kde or windows gets a new file open dialog box, then all programs that link to the common library can have the newer look and feel by updating just one library.

On the other hand, if you let each program have its own, you get these problems and benefits:

--difficult to update libraries when bugs are found
--can run into problems if a different version of the library is already loaded into memory (does this happen with linux?)
--guarantee that libraries are compatible with your app
--compartmentalization; everything you need for an app is in it's directory. Want to uninstall? Just delete the directory. No need to worry that deleting the app will affect anything else.
--no weird dependencies. Why does app X need me to install app Y when they clearly aren't related at all. The answer is shared libraries. Which is why many people like Gentoo and building from source.

Microsoft has waffled back and forth on the issue. Under dos, everything just went into one directory and that was it. Windows brought in the system directory for shared dll's. Now the latest versions of windows are back to having each app and all of its dlls in one directory.

Personally, I think compartmentalization is the key, provided we get some intelligent updaters. If libthingy needs to be updated, the install procedure should do a search and find all instances of the library, back up existing versions and then update all of them. This wouldn't be that hard to do.

Not always a problem

[Simon]

Just want point out that problems with shared libraries aren't universal. Years ago AmigaOS had shared libraries that basically worked without significant administration problems, or a 'dll hell'.

Important features of the way AmigaOS libraries worked:

* All libraries were versioned, but not on the file system level. Each library contained a version number in it's header.

* Versions of the same library were always backwards compatible. This was Law. Software using an old version of a library must continue to work on future versions. This also meant that developers had to think out thier library API beforehand (because you would have to maintain that API). Libraries could be extended though with extra functions.

* Application programs had to 'open' libraries before using them. When opening a library an application would specify the minimum version that it required of the library. (If no matching or later version was found then the program would have to exit gracefully).

* There tended to be few (compared to Linux anyway) libraries. Libraries tended to be biggish. A few big libraries instead of many tiny libraries. This made them manageable.

* The backwards compatibility rule/law for libraries meant that software could bring it's own version of a library and update the existing version of that library, but *only* if it was a more up-to-date version.

As a previous poster pointed out, a lot of the problem would disappear if people (library writers) maintained compatible interfaces for the same library soname. I'm pretty sure that this is the way it was designed to work.

anyway, a FYI.

--
Simon

thesis + antithesis - ? synthesis ?

[corvi42]

Some very good points and ideas, but also IMHO some misguided assumptions and directions.

1) RAM & Disk space is not always cheap, or even readily available. There are many legacy systems where users would benefit from these advantages but the users are unable or unwilling to upgrade the system. What happens to old 486 and 586 systems where the motherboard doesn't support drives larger than X - there are work arounds, but the people who need easier install processes aren't going to tackle the complex system configuration issues to implement these. What happens when you can no longer obtain RAM in your community for your old machine, or it no longer has spare slots, etc. What happens if you have a second hand computer and simply don't have the available $$ to spend on upgrades, no matter how cheap they are. I don't like the idea of designing an easier-to-use system that excludes such people, no matter how small a portion of the market they may be. Hence redundant copies of libraries and staticly linked libraries are a very inelegant solution for these people.

2) We musn't impose requirements on application developers to use a given installer library, or code their apps to conform with particular standards that the installer requires - it is again unfeasible and undesireable in many circumstances. Developers have more than enough to worry about as it is without having to reimplement the way their app behaves to be installer friendly. The installer must exist at a level independant of the way the application has been coded, to a reasonable degree. I think that much of the problem that exists currently is that too much of the "packager" issues of making apps compatible to a hundred and one different unices has been getting dumped on developers and this both reduces their time for actual development and means that we have a hodge-podge of apps that are compatible to an unpredictable degree, because essentially developers don't want to be burdened with this.

3) Diversity is the spice of life, and it is the spice of unix. The community of unices is robust because it has adapted systems which are generally stable and reliable across a vast array of hardware and software. We want to capitalize on this tradition and expand and enhance it, not force anyone to use a particular layout for their apps & installations. This being said, I find the idea of local copies of libraries in the application directory unappealing, because it forces one to have a local directory ( rather than using /usr/bin, /usr/lib, etc. ) Also the idea of having configuration files that resolve dependancies forces the application to use such configurations, which is also undesireable.

5) Aside from all these criticisms, there are many things I do agree with. Particularly that dependencies should be file specific, not package specific, that an integration of installer & linker is key to the organization of such a tool. I also agree that the installer should make use of auto-generated scripts wherever possible, and should provide detailed, useful messages to the end user that will help them to either resolve the conflicts in as friendly a way as possible, or to report the conflicts to their distribution. Also the installer should have advanced modes that allow for applications to be installed in accordance with a user or administrator prefered file system. That is one shouldn't be forced to install into /opt or into /usr/bin or /usr/local if you don't want it there.

Given all this, is there any possible way to solve all of this in one consistent system? I think so - but it may require something that many will immediately wretch over. A registry. That's write, I used the foul windoze word registry. I propose a per-file database for libraries & applications that would record where given versions of given libraries are installed, under what names, in what directories, of what versions, providing what

So you are you saying...

[iFlynn]

Linux is better than Windows because it's so complex and difficult to use?

It's funny how hypocritical the crowd here on /. can be. One day they are making out a bug in IE that crashes the browser to be a HUGE deal. Something that just about has to be purposely coded and would take 2 seconds out of your day to relaunch the window if you did run across a site with the code.

Two seconds was a huge amount of time in the average Linux user's day yesterday, but today, hours and hours spent installing software is but a small price to pay.

I know I am oversimplifying this, I'm doing it on purpose to make a point. When the slightest problem is found with Windows, Linux users will type for hours telling how damaging it is and how it is just another reason not to use Windows. However, when a HUGE flaw in the very foundation of Linux is brought into discussion, it is trivialized to the point that the common concensus is that there is no problem at all.

Blind loyalty does no good for anyone but a dictator. Windows isn't the perfect OS, X isn't the perfect OS, and niether is Linux the perfect OS. Each has advantages and disadvantages. However, if you only focus on the advantages and do nothing to improve the disadvantages, or even admit they exist, they will always exist.

I'm gonna be honest here, I couldn't care less how long it takes to install something in Linux. I'm not posting this in hopes that the Linux Community will come together and work on solving the biggest problems facing Linux. I don't use Linux, probably never will, but I have tried it a couple times in the past. To me, Linux isn't even close to an alternative to XP and X (both of which I use daily). I feel Linux has years of catching up to do before I would even consider using it for anything but a web server.

I'm posting this for two reasons. Primarily, because I would like to see Linux users on /. start focusing on their own hurdles instead of beating to death every little issue that pops up with Windows. Alternately I would like to see more than the handful of truly devoted Linux users admit, or even just realize, that Linux is far from perfect.

This might sound like flames to many slashdotters here, but that's only because I'm not slamming Windows as a creation of satan while singing the praises of Linux as a gift from the gods. If you really take the time to read what I've said with an open mind you will see I have said nothing defamatory about Linux, and in fact everything I have said would benefit Linux if people would take it to heart. Too many Linux users have become zealots and, at least here on /., those vocal zealots have become the voice of the Linux community.

As proof, I offer this entire thread into evidence. The complexity of installing apps on Linux is quite probably the very largest single problem holding Linux back as a mainstream OS. As a computer user that started on the Commodore 64 and used UNIX in college as a CS major, I can testify that the main reason I wiped the Linux partition mere hours after installing both of the times that I tried it was the complexity of installing even the most basic of apps. However, if you read through this entire thread you will see that the majority of replies deny this problem even exists.

static linking not a good idea, here's why

[dh003i]

I posted this elsewhere, but it is worth posting again. There are at least 6 reasons why shared libraries are still better than every app having it's own library:

1. Bandwidth. No-one wants to have to take 2-4x as long to download programs.
   
   
2. Hard-drive space. Even if we all had 40GB hard-drives, no-one wants to waste it reproducing the same information a hundred times. People buy hard-drives to store data, not twenty copies of the same library.
   
   
3. RAM.Loading two copies of the same library wastes RAM.
   
   
4. Load-time.Having to load all of the libraries will increase load-time compared to cases where some were already opened (by other apps) and you don't have to load them.
   
   
5. Consistency.Part of the benefit of having shared libraries is shared behavior. Destroyed if app X uses Qt 2.0 and app Y uses Qt 3.0.
   
   
6. The Big 3S: Security, Stability, and Speed.Who knwos what insecure, unstable, and poorly performing version of a library each app comes with. And who knows what crappy options it was compiled with. Resolving these issues at one central point can be counted out. You want to deal with any of these issues, you'd have to do it for every application's version of a library. That means doing it many times separately.

The solution to dependency-hell is to design better dependency management. Reverse-dependency management -- so as to remove useless libraries when no-longern needed and avoid bloat -- would also be good. Gentoo is doing pretty well in these categories.

On making install process' simple. I think that a graphical installation does not necessarily make things any easier. Anyone here played Descent 2? That installed by a good old-fashioned DOS-installation. And it was not particularly hard to install, even though it was not a GUI-install.

It is also not necessarily a good idea to abstract into oblivion the technical details behind an install. Part of the philosophy behind Gentoo, for example, is to take newbies and turn them into advanced users. I think that a clear well thought-out install guide is a useful thing. Gentoo's install guide is thorough and has virtually no noise. Compare that to the install-guides for Debian, which are affirmative nightmares, filled with irrelevant stuff. Furthermore, a helpful and friendly user-community is always a good way to help new users orient themselves. New users are going to ask questions on forums that advanced users find obvious. That should not be an invitation to say, "RTFM bitch" at the top of your lungs. All of us were newbies at one point, and just because we may have had to learn things the hard way doesn't mean that others should too.

DLL Hell On Windoze

[rossz]

My specialty is software installation. I've written dozens of installers on a multitude of platforms. On the windoze platform, DLL happens for two reasons:

1. No backwards compatibility. All too often, new versions are released that break older programs. Even Microsoft has done this with major DLLs.

2. Stupid installer writers. You're supposed to check the version number of a file before overwriting it. All too often the file is overwritten without regard to the version numbers.

So to overcome these two problems, the smart installer coder would put all the DLLs in a private directory of the application (not in system/system32).

Of course, Microsoft came up with a new system that broke this simple fix. Registered libraries. Instead of using a specified path to get a DLL, you would ask the system to load the DLL (using registry information). The path was no longer considered. One, and only one, version of the DLL was allowed on the system, and there was no feasible way to get around this limitation. Someone came up with a fix. It would have been a major pain to implement and would require cooperation amongst the DLL coders, which isn't about to happen since the lack of cooperation was one of the core problems in the first place.

For a commercial level installer, missing libraries was absolutely unacceptable. My personal rule was to ALWAYS include dependencies in the installer package. This meant the installer was bigger and more complicated, but it guaranteed the application could be successfully installed without the user having to run off to find a missing library. Or did it? No - Microsoft decided that some libraries could not be independently distributed. The only legal means of getting the library was through the official Microsoft installer. And no suprise here, half the time the only official installer for a library was the latest version of Internet Explorer.

Requiring an upgrade to IE is a major problem for large companies. They standardize on specific software and don't allow the users to change it. Requiring a site-wide upgrade of something like IE (or the MDAC package) was not to be taken lightly. Especially when it was dicovered that the required upgrade would break other applications (back to DLL hell).

FYI, when a major customer pays your mid-sized company a couple of million dollars a year in license fees, they can definately tell you they won't upgrade IE. It's our job to come up with a work around. Too bad a measly few million paid to Microsoft wasn't enough to get them to change their ridiculous library polices.

Compatibility slows progress?

[FullCircle]

My issue with Linux is that every time a new version of a library comes out, it breaks all prior apps. (usually)

The response is that compatibility slows progress by locking down the api. This is so short sighted that it is not even funny.

If programmers thought out how their libraries would be used it would be simple to add another call in a newer version. Instead they make short sighted decisions and ruin the use of a shared library.

IMHO any newer version of a library should work better than the previous version and be a 100% replacement.

This would fix a huge chunk of DLL hell and installer issues.