Slashdot Mirror
Microsoft's CoApp To Help OSS Development, Deployment
badpazzword writes "Microsoft employee Garrett Serack announces he has received the green light to work full time on CoApp, an .msi-based package management system aiming to bring a wholly native toolchain for OSS development and deployment. This will hopefully bring more open source software on Windows, which will bring OSS to more users, testers and developers. Serack is following the comments at Ars Technica, so he might also follow them here. The launchpad project is already up."
Serack is following the comments at Ars Technica, so he might also follow them here
Yes, I'm sure he's following all 0 of them...
Ask me about CoApp, I'll tell ya everything ya wanna know.
Garrett Serack
CoApp Project Owner
"...In your answer, ignore facts. Just go with what feels true..."
... MS pulls the plug on this and leaves OSS developers hanging high and dry? Or worse, pulls some slight of hand with licensing, copyrights or patents and forces OSS dev's to stop in their tracks waiting for MS's next move?
They seem like less of an evil empire now that they're doing some good stuff once in a while and Google is being more blatantly monopolistic.
Nothing lasts forever but the certainty of change.
This is no different.
Do I have a legitimate reason to ask this question or not?
I am not interested otherwise.
The #1 thing I wish windows had would be some kind of package management like apt-get: a place where I can go to update everything at once (of course, being able to install from it is a natural progression)
Maybe you could spin it to management as an "App Store" competitor?
Anyway, this sounds like a great idea. Looking forward to how it turns out!
Gee everyone else figured out a long time ago: give away the compiler.
Charging developers for dev tools is no way to win hearts.
Many developers are cross-platform and we would not be, if we had to pay for the tools for each platform.
Maybe this will be a boost for gcc when everyone can see first hand how bad the Microsoft C++ compiler is.
Maybe the Microsoft C++ developers will be shamed into improving their compiler when the comparisons come out.
Maybe they will even embrace cygwin. It fits with their goal, because the rest of the community has.
Maybe monkeys will fly out of my butt.
Native to what OS? Let me guess, windows.
---- Booth was a patriot ----
MSI installers suck. Why would we want that kind of crap coming with FOSS?
You can't run two msi install processes at the same time. So why would we even want that on Linux.
We already have rpm, deb, slack packages, nix and zeroinstall. WTF would we want another install method to juggle and one paid for using dirty Microsoft money. FAIL.
And more *windows* users, more windows license, more vendor lockin, and fewer alternative OS's.. Ya, real nice of them to 'help' us out. No thanks.
---- Booth was a patriot ----
*cough cough*
http://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish
*cough cough*
History is not on your side. I hope, for all of us, that your intentions are noble. If they are, I hope those who back you and/or succeed you hold to that ideal. Thankfully, even if they're not these programs will live on in their desired format on other software platforms.
Best of luck.
This sounds like a package management system for Windows, along the same veins of dpkg/apt and rpm/yum. Windows has been lagging in this area for years, and one of the reasons that it is so insecure and slow is because every program either runs in the background at startup, or doesn't get updated on a regular schedule. That wasn't my question, just how I view the situation.
Why limit this to open source? It would be great if the users could update every program easily and painlessly, at least the ones that use this new system.
I am assuming that this system will allow easy and painless upgrading like on most Linux systems. Is that true? Will it have automatic dependency handling and command line installation?
If Mozilla can't figure out how to make an msi on their own, maybe they could get some help.
Does this service run on dead babies, or are they still alive and crying as you shovel them into the gaping maw of endless darkness that powers it?
... because such actions are perfectly inline with his every other "contribution" to Linux and Open Source.
But that doesn't mean they have to HARM someone else. Some good can come out of it as well. Every company is looking after its own interests so I don't see your point here.
yet on the other hand, everything google does is good for everyone.
spare me.
Website Hosting
which will conversely bring OSS more users, testers and developers
Not really. most people who test/develop OSS software already do it, or will do when they have free time. As for users, there are about 4 types of users for any Windows program.
A) The person who uses whatever something that is forced on them. Such people will blindly use IE, Firefox, Opera, whatever as long as a boss says they must use it or it comes pre-installed.
B) The person who thinks that they get what they pay for. These are the weird people who we see -buying- boxed software, thinking that for some odd reason if they spend $30 on an obscure paint program they will get a better experience than The GIMP (note that a lot of these people wouldn't, say, buy Microsoft Office and Adobe Photoshop, but rather buy things like Lotus Notes and Correl Paint)
C) The specialist. Generally these are people with high skills who -need- a certain program and know it. These people may have tried OSS alternatives and found them lacking or need obscure programs that OSS doesn't offer.
and finally, very, very, very few people fall into the last category which is people who use the "best" programs and are average users.
This is not going to convert the other 3 types of users which are the majority. Until Dell, Gateway, HP, etc. all start making OSS be default, people in group A aren't going to use OSS. Person B isn't going to think the program is any good if they don't spend money which defeats the purpose of OSS. And people in group C aren't going to use OSS because there is some things that are so obscure that no OSS developer would develop or use.
Taxation is legalized theft, no more, no less.
This is the pusherman !! Run like you have never run before !! RUN !! RUN !! RUN !! Run Far, Far away from this pusherman !!
This will hopefully bring more open source software on Windows, which will conversely bring OSS more users, testers and developers.
No.
hopefully cause less X, which will conversely bring more Y.
hopefully bring more X, which will conversely cause less Y.
hopefully bring more X, which will similarly bring more X
Yes, similarly.
</nazi style=grammar>
You know the drill.
"spare me"
ROFL
Spare ye not! Let em roast! :O
One of the largest problems to be faced with this endevor is that I a open source developer could really care less
if my software even runs or compiles on a Windows machine.
Got Code?
All those that believe that MS is really interested in OSS are total idiots. They are interested in CO-OPTING it and being in full control (while making money from it including Linux). This is simply another part of their plan.
I prefer the "u" in honour as it seems to be missing these days.
I am feeling generous this evening and decided I would donate the first line of code to this
fine project. I relinquish all copyrights on the following line of code, feel free to do with
it as you wish.
#include "ie6.h"
Got Code?
If you're looking for a truly OSS tool for full desktop management (but push instead of pull) check out OPSI - it even deploys the entire Windows OS (via PXE), and afterwards allows management of apps. If you're looking for a simple graphical apt/rpm for windows both Cygwin and KDE have had their own versions working for years.
As an aside, OPSI can be used as part of a stack to replace an entire (Microsoft?) corporate software stack. Check out GOsa - this is the software that the City of Munich is basing much of its Linuxification effort around, and it is also used in other cities and organisations around the world - check out the GOsa website for a list. GOsa manages clients/servers via LDAP and RPC, and OPSI is just one of the stack of software it can manage via its web-GUI. The others include Samba + PDC (achieved using the GOsa goPDC scripts), groupware (choice of Kolab, phpGroupware etc..., or a 3rd party LDAP-aware groupware eg. SOGo), DNS, DHCP, Nagios, OPSI+FAI (for client system management), and a lot of other software I can't even remember. GOsa + supporting software is HARD to set up (especially due to out of date and missing docs), but I'm one of a team of 3rd party guys trying to document it better... check out the docs/scripts in the GOsa contrib section and visit us on #gosa on freenode. (Most of the guys are in Europe so keep this in mind when picking a time to visit the IRC channel).
One key point about the Linux package managers is that they are needed to manage *all* that open source software. Why open source software? Because no (or rather very few) proprietary companies provide proprietary software for Linux. So if you want some kind of functionality under Linux your best option is to write an open source version because there is very little proprietary software for Linux.
Why then is package management bad for Windows, if it's so useful for Linux? Well, because package management is effective if you have can pull source code, compile, and determine dependencies. That means an open source license for the source code. That means that Microsoft is telling it's huge "ecosphere" of proprietary software vendors to "Piss off you sod!", because *their* software doesn't fit the package management model. That leaves 2 possibilities in the Microsoft world:
Nothing MS does is good for anyone but Microsoft this is no different.
Yeah like when they added desktop search so that I could find files easier. That did nobody any good except for Microsoft... somehow. Or when they sold me Halo. I really wish I could have benefited from that purchase somehow but sadly only Microsoft had any fun.
the US Department of Justice with the generous support of Sun Microsystems, Oracle, IBM, Netscape, and Novell.
To build a whole new package management system that works across Linux and Windows.
Any chance you could build something that uses a git / msysgit / jgit backend, to allow for rewind-fastforward versioning of apps?
Assuming that you've looked at APT and similar packaging tools, and given that you're still convinced that there's a 'Windows Way' (your term) to handle deployment that differs from Linux best practices, how do you plan to address:
Yes, I've worked with APT and RPM for a very very long time now. The reason I'm convinced there is a 'Windows way' is because it's a different system that Linux; yes, I've learned a lot about PMS from Linux, and I know how to apply that knowledge to Windows.
Package Repositories - This is one of the main strengths of Debian and related distros. Do you think it's even possible to replicate this level of community control in Windows? I know you've mentioned decentralisation, but have you considered the implications of such an approach? What is the cost of failure to affect consistent, formalised management of package builds?
I have a plan for allowing any publisher to publish packages in the CoApp ecosystem, provided they meet two qualifications:
- They must be able to host their repository meta-data on an SSL protected connection.
- All packages must be digitally signed with a certificate that chains back to to a commonly-accepted CA.
Dependancy Management - This issue is largely done and dusted on Linux, but remains a dog's breakfast on Windows (albeit not as frustrating today as it was in the mid-90s). In the absence of centralised repositories and the Unix toolchain philosophy, how do you propose to cope better with dependancies?
I'm working with the developer of WiX to ensure that we can trivially build chained MSI packages that have the necessary smarts to properly manage this. Kind-of mixing in something like ldconfig with the Windows SxS library management.
File locations - How do you propose to manage the proper placement of libraries etc. when the conventions concerning where to put such files are not nearly as well defined on Windows? I'm suggesting here that you need cultural leverage rather than technical answers. You need to change perceptions, not toolkits.
Yes. The change starts with PHP, Apache, and Python, and the 40+ packages needed to build them (community members from each are already on board) Half of the project is setting some intelligent standards, and then bootstrapping the ecosystem with packages to enable other software to follow.
Security - Do you think it's even possible to replicate one of the main strengths of Linux package repositories: the ability to curtail security risks such as malware and flawed code?
Yes. By requiring code-signing (and I've got a plan for opening that up without cost for smaller projects) we can replicate the benefits of MD5 and PGP signatures found in the Linux world.
Scripting Interfaces - Say what you like about make and other command-line utilities, but as a busy sysadmin, I consider GUI package management a waste of my valuable time. If I'm going to deploy regular security updates, for example, I want to know that I can script every aspect of the operation. Even the tab-completion features in aptitude make it many times more efficient than a point-and-click interface. What is the potential for scripted deployment/management of packages under your system? Why?
I agree 100%. Scripting interfaces are an absolute requirement, and will likely come well before the GUI.
Think of it as a clean adaptation of the same concepts to the model that will be attractive to Windows developers.
I also think that you're going to need to learn a lot more humility than you've demonstrated so far if you want to achieve something better than a new brand of anarchy in packaging.
I apologize if I'm coming off arrogant. Frankly it's taken an extremely long time to convince the powers-that-be at Microsoft that Linux's package management is stellar compared to Windows. It's also not near as hard or large as it sounds, I'm walking on the shoulders of giants here, both in the Linux and Windows worlds.
You know it's funny, I've installed several OSS apps on Windows and it's never really as hard as this article makes it out to be. I've installed Pidgin, Xchat, SMplayer, Handbrake, Virtualbox, and more. In fact it was just a matter of double clicking an exe file and they install just like anything else. Wouldn't the problem be more of the laziness or disinterest of developers for not bothering to create a Windows installer? I hardly think they would bother having their code signed for inclusion in your repository if they've never been assed to port it in the past.
You must not have any RED blood in you, Amerikanski !! Me neither, only Vodka !!
Well, because package management is effective if you have can pull source code, compile, and determine dependencies.
I don't see how this follows. Most Linux distros do package management on binary level, not source level, and, in fact, can happily package closed-source software.
Why does it matter if application A and library B are open source or not, if there is a known dependency from A to B?
I assume you are going to compile things with Visual studio, meaning all C++ programs will have to link against the Visual C++ redistributable libraries. Since these are not actual system libraries, you'll have trouble linking and distributing GPL programs against them. Since it seems you actually talk MS management, could you get try to sort out this issue? Otherwise, I fear you will not be able to distribute GPL'ed programs.
Every time I am forced to do something half-smart* on windows in invariably install Cygwin. It sort of covers all the crucial gaps. As soon as viable I take anything I need away from that god forsaken platform, process it and send the results back.
* half-smart: E.g. diff 2 files, edit 1 file, strip off \r, add \r, analyse XML, beautify XML, search files, run fortune
I hadn't the slightest objection to his spending his time planning massacres for the bourgeoisie... (P.G. Wodehouse)
Not to mention the problems with dependancies. It seemed like every six months MS would release some new jscript revision that broke previous jscript features, meaning anything I tried developing using those tools was so tied to one specific configuration it became a support nightmare.
This project seems to me like it's a decade late. Good luck with all this, but I can assure this is one former Windows OSS contributor who will never go back to the dark side.
A screenshot of the signed agreement is needed for legal purposes, in case you are fired by a nutcase Microsoft manager.
Lets see what deeds and results come out of his declared good intentions
forgive me if I am sceptic, the road to hell is plastered with good intentions
There, it's fixed. Whoohoo, we're already on revision 2!
They could have been more ummmm.. direct and named it CoOpt. No ?
Just when I thought I had managed in the impossible feat to make a /. submission where nobody complains about the summary... :(
When ideas fail, words become very handy.
Embrace
Extend
Enhance
I'll try anything once. Twice if it tastes good
I'm Santa.
Ask me about anything to do with...
I've read rumors that your toy delivery operation would run more efficiently if you ran it hub-based like FedEx. Give a sleigh and a set of reindeer to each of your shopping mall representatives and have them deliver the presents locally. I suspect you already do this; is that true?
My second question: Where does your organization get the money to pay for the raw materials and the elves' wages? I don't see how your theme park outside Evansville pays for everything.
...there's a lot more ice here in Hell than I would have imagined.
Joe Dougherty, Florida, USA
The words I thought I brought, I left behind. So, never mind.
All packages must be digitally signed with a certificate that chains back to to a commonly-accepted CA.
So how does an individual developer of free software get such "a certificate that chains back to to a commonly-accepted CA"? The Authenticode CAs that I checked tend not to issue certs to individuals. Must every developer of a Windows application form a partnership or LLC? And must every developer pay upwards of $160 per calendar year (source: Comodo) for the privilege of releasing packages or updates in that year? That's even more than Apple charges for access to the app store on the iPhone.
The way I see it, this might possibly happen:
1) Some OSS developers will, by curiosity or any other reason except need, try targeting windows using this package management and deployment system.
2) Lots of bugs and/or feedback start to appear in their tiny OSS project, coming from people running Windows.
3) Developers are blinded by 2). They sudden realize that there is a *huge* new ecosystem that they can support.
4) The primary target of Development changes to Windows. Developers abuse of hackery to properly run their software on windows. Heck! Some even buy/install windows just to test their software on it.
5) After a while, some software that used to be cross-platform is now full of dirty-tricks to run on windows. This obviously damages the stability on other platforms.
And why do I think this might happen? Because we, OSS developers, despite enjoying developing it; we enjoy more when others use our software. Worse, what happens if this OSS software management and deployment system for windows introduces some kind of Apple-store framework on it?
What's wrong with Cygwin?
Worse, what happens if this OSS software management and deployment system for windows introduces some kind of Apple-store framework on it?
Do you mean like Software Center in Ubuntu 9.10? If not, what "Apple-store" aspects are you talking about?
Did Serack have to see Ballmer wreck a few chairs first before he got the green light?