A Gentle Rant About Software Development and Installers

Nerval's Lobster writes "This is the story of the comparison that just wasn't meant to be. It's a story of everything that can go wrong in the customer end of the software world, and some thoughts on what needs to be done, especially in an area known as Installers. I'm a software engineer with 25 years of experience, and for years I've wanted to point out some of the shortcomings of my own industry to help make it better for everyone involved—not only for the end-users, but also for the IT people who have to support the products; the salespeople who have to sell and later, possibly, apologize for the software; for the executives whose hands are tied because they don't have the technical knowledge to roll up their sleeves and help fix problems in the code; and for the programmers themselves who might get stuck with what some consider the absolute worst position for a programmer: maintenance of crappy code written by programmers who have long since left the organization."

Put everything in the cloud!

Problem solved. I will come by later to pick up my consulting fee.

Re:Put everything in the cloud!

I tried. However my computers fell back to the ground and then were irreparably broken. A second experiment included some balloons. Unfortunately while the computers now indeed remained in the cloud for some time, it turned out that they didn't like the humidity up there.

I only can advice you to keep your computers firmly on the ground.

Re:Put everything in the cloud!

[fyngyrz]

I don't mean to rain on your parade, but that seems a bit precipitate.

You know, there was a time when "vaporware" was a bad thing.

Re:Put everything in the cloud!

It's advise. Probably just a typo but I've seen this same spelling mistake several times in that last few weeks and it's starting to make me wonder.

Re:Put everything in the cloud!

[styrotech]

I don't mean to rain on your parade, but that seems a bit precipitate.

You know, there was a time when "vaporware" was a bad thing.

Could you condense that for me?

Re:Put everything in the cloud!

[lgw]

Put everything in the cloud!
Problem solved. I will come by later to pick up my consulting fee.

Close, IMO. Put everything in a virtual machine image. For complex "enterprise" software, anyhow, you might as well have one (or several!) VMs for the product install. Just start up the VMs, give them static IPs where needed, and install done.

That's the "cloud" model, and there's no reason not to use it locally. With modern thin hypervisors you're not going to notice a performance difference and why ever worry about how two complex softwre installs might interact on the same OS install? Don't even go there. If the apps aren't heavily loaded, you can still run both on the same physical server.

And if it's a complex, multi-server install, you can use cloud management software if you really need to deploy and undeploy matched sets of VMs, pretty easily from a GUI or API (I've used VMware's vCloud Whatsit for this, I assume all the competitors have similar products).

Re:Put everything in the cloud!

If you put everything in the cloud and then condense it, it will become rain.

Re:Put everything in the cloud!

[PlusFiveTroll]

Ah, you're the reason they keep adding more cores to processors.

Why write software correctly when we burn power and increase our security footprint like crazy.

Re:Put everything in the cloud!

[lgw]

This is clearly "computer myths of the 90s" month here on /.. How much CPU does your OS use when idle? If we're talking heavyweight enterprise software in the fist place, the marging cost of wrapping up on its own VM is trivial. Even for fairly lightweight software packages, unless it's some pig of an OS there's little extra cost for the isolation.

And security-wise? If your OS has a flaw, then you're screwed no matter how many or how few instances of it you have. More likely it's the application that has the security flaw, so not mixing applications in the same VM will at least contain the damage.

Re:Put everything in the cloud!

[lennier]

How much CPU does your OS use when idle?

Obviously not enough! Quick, pin some huge, non-hideable, self-updating "push channel" stock ticker and channel widgets to the desktop! Add some animated GIFs, embed them in HTML blink tags and make them refresh every half-second! Stick it into a screensaver and that's what I call an Active Desktop!

You kids today and your metroes and your surfaces. We had ninety more windows in my day.

Re:Put everything in the cloud!

I don't mean to rain on your parade, but that seems a bit precipitate.

You know, there was a time when "vaporware" was a bad thing.

Could you condense that for me?

Sure but the vapourous gases will turn to water form and we have no buckets. Are you sure you want to continue (Y)?

Re:Put everything in the cloud!

This is the strategy I took when deploying various servers in my research and development organization. Virtualization offers the advantages of reduced physical hardware while taking advantage of ease of service restoration and lower operating costs. The cloud-model was first used with mainframe computers although it was not called the cloud back in the day. I prefer managing the VMs via command-line which facilitates scripted automation of all life-cycle aspects. An additional benefit is remote administration can be completed whether on a high-speed fibre optic connection or a slow dial-up POTS/PSTN connection @ 110 baud or even via wireless carrier network.

Re:Put everything in the cloud!

[lgw]

We had ninety more windows in my day.

Awesome!

Re:Put everything in the cloud!

Put everything in a virtual machine image.

Having just come from reading the "story of everything that can go wrong in the customer end of the software world" as linked to in the article, I can tell you that the second part of the first part of that article starts with
"Oracle provides a pre-built Linux image with all of the necessary business-intelligence tools already installed, running inside Oracle VirtualBox. 'What could be easier?' were my famous last words."
and you can imagine where it goes from there.

Okay.

Why not package enterprise-grade software into InstallShield or RPM/DEB packages like every other piece of end-user software?

Re:Okay.

[Giant+Electronic+Bra]

Because most Enterprise software (and I manage a product line which is definitely in this category) isn't something so simple that you can install it with RPM or Installshield (or whatever the heck MS calls it now). There are multiple interacting services, very specific dependencies for things that are often not packaged at all for the target platform and usually cannot be distributed, etc. Complex databases, usually on other machines, have to be set up, XML files edited, etc to even create a basic working environment for our software. Now, MOST things might not be quite this complicated, but I suspect most software that you have to install largely by hand has many of these kinds of issues. Most of this stuff has to integrate fairly deeply with the client's IT infrastructure and setting up the basic applications is only a small part of it.

In our case we have some installers for some specific tools, but the main product? No, it wouldn't materially assist in setup and would just be yet another task to maintain when some tarballs/zips, thorough instructions, and heavy tech support works fine. You're already typically paying from 10's to 100's of K up front and 1000's a month to even run real Enterprise class software anyway. Surprisingly installer tech that was designed around simple desktop apps is just not that helpful. Our installer is a guy that shows up at you office, lol.

Re:Okay.

[sribe]

Bullshit. There's not one thing in your list that cannot be handled with an installer. You just don't care to automate the process, and are making up excuses to justify that after the fact.

Re:Okay.

[vlm]

Our installer is a guy that shows up at you office, lol.

That combined with your username is the real LOL.

Re:Okay.

[GoatCheez]

I agree. By thinking about installation when creating complex enterprise software, you end up making better quality software. When you're forced to handle the inter-dependencies of complex systems in an installation process, you end up having a better handle on how everything interacts. This has been my experience at least.

Re:Okay.

[Tanktalus]

Because RPM/DEB makes assumptions. And some of those assumptions are simply invalid for some use cases.

Ever want to install more than one copy of Apache? Maybe you want your database installed somewhere other than default because that's where your GPFS shared disks are mounted? Ok, the latter is possible with RPM, though sometimes a bit more difficult. The former was also possible, but far more painful.

Complex post-requirements? Sure, RPM handles pre-reqs okay, though not circular ones. Post-reqs? When we were switching away from RPM in 2001/2002, no.

Cross platform? No. Want to get your apps installing on Linux, AIX (ok, AIX has RPM now, but it's severely outdated), Sun, HP, and anything else that comes up? Sure, they have their own installers. With their own unique quirks and issues.

In the end, we used tarballs with a Java/C++ front-end. Far simpler. And, for enterprise software, one of the better installers. Though maybe I'm a bit biased there :-)

Re:Okay.

[hawkinspeter]

Why would you want to install more than one copy of Apache? I could understand wanting to run multiple instances if you can't configure the virtual servers correctly, but I don't understand multiple copies.

If you wanted to test different versions, you'd be better off using multiple virtual machines - that way you don't have trouble with one version of Apache requiring different libraries than another one.

Re:Okay.

Mine too, but it never works that way.

The last thing that gets thought about is dependencies - this is also one of the reasons Android software acquires permissions but rarely relinquishes them. We only know how to grow software, once it starts working the "Job is done, go home".

Re:Okay.

[Electricity+Likes+Me]

Virtual machines have a performance hit, require permissions, and don't reflect native hardware. Fine for Apache, but what about something like a file manager, or anything which requires OpenGL currently?

Admittedly there's progress on this front - LXC in the Linux kernel goes some of the way to fixing this problem, though what we really need is a distribution that's LXC aware so it's easy to use.

Re:Okay.

You can make an installer that can predict & solve DLL version conflicts without breaking the other applications that depend on them?

Re:Okay.

[sgbett]

I assume he meant virtual *hosts*, which is fair enough, though vhosts arent necessarily the answer to everything.

If you had two physical interfaces to a machine then its not a stretch to suggest you might want to glom an instance of httpd onto each.

Re:Okay.

[war4peace]

Then make your own god-damn installer.
You can handle "interacting services" gracefully; you can check for dependencies and resolve them directly from within the installer, and as for "XML files edited", please, even I, as a total installer noob, can write code to parse a damn XML and put whatever values need to be in there.
I tell you why you don't bother building or configuring an installer: so that you can charge your customers money for the product installation too. And big money, that is, under the umbrella that "it's a complex thing".

Re:Okay.

[hawkinspeter]

I still don't see why you'd need multiple copies of the same software installed, even if they do use OpenGL. If you need them for testing variances between versions, then you're better off taking the performance hit of virtualising the machines.

Re:Okay.

That's right. The company is indeed paying hundreds of thousands or even millions of dollars to run your software. The least you can do is make a decent installer. If that installer is a guy that shows up at the office, fine, but then your "free trial" version is not going to be very effective unless the guy shows up for those users too.

I tolerate difficult installation processes for free software because it's usually free-as-in-beer, which means the developers probably have no budget for anything beyond developing (if that). That is not the case for Oracle and SAP.

Re:Okay.

If you wanted to test different versions, you'd be better off using multiple virtual machines - that way you don't have trouble with one version of Apache requiring different libraries than another one.

Why do with a virtual machine what can be done with separate users/directories? Some of us remember unix before package management and can actually manage multiple versions of the same software safely on the same server. Lazy and/or incompetent sysadmins I tell you...Virtual machines just add more usually unneeded complexity to a system.

Re:Okay.

[hawkinspeter]

I actually meant virtual machines. Virtual hosts won't allow you to use different versions of Apache (as far as I know), but will get round the need for multiple instances of Apache. You don't even need multiple instances of Apache for dealing with multiple network cards, let alone multiple installs of Apache.

Re:Okay.

[sribe]

I agree. By thinking about installation when creating complex enterprise software, you end up making better quality software. When you're forced to handle the inter-dependencies of complex systems in an installation process, you end up having a better handle on how everything interacts. This has been my experience at least.

Absolutely true. I didn't even bother going there in my response, because I figured it was pointless when someone was actually claiming "enterprizey software is simply too complex for installers". Sigh. As usual, the creators of the problems are blind to the problems...

Re:Okay.

[jythie]

What installer can set up databases on other machines?

Re:Okay.

[jythie]

I suspect the complexity is not in being able to parse and alter XML files, but what level of human knowledge is necessary for determining what values to put in them.

Re:Okay.

[sribe]

What installer can set up databases on other machines?

They can all run scripts. Just because there's not a checkbox labeled "set up our database on the other machine" doesn't mean it can't be done--at least if you're not a lazy bastard.

Or, the easier approach, an installer for each part on each machine. There's really not an excuse for not considering that.

Re:Okay.

[hawkinspeter]

Installing software in users' directories is all well and good for testing stuff out, but moving to production it can become problematic. What happens when that particular user leaves? Do you lock his account and thus stop the software running?

Also, how do you keep control of security patching? One machine with 15 different versions of tomcat installed in various directories is going to be difficult to manage, but 15 virtual machines, each with a different version of tomcat installed in the standard directories is much easier to manage. You also get the advantage of being able to upgrade the system without taking down 15 instances all at the same time.

Yes, virtual machines do add complexity, but they also bring new tools to the table which can mean less complexity overall.

Re:Okay.

[jythie]

I would assume that the database itself probably does have its own installer. I think the issue is that it needs to be configured, probably based off the clients need and their existing systems.

I think what the person was trying to get at is that installers make sense for individual tools and applications, but once you start getting into entire systems or stacks the idea of having an 'installer' increasingly becomes nonsensical since there is less and less generalizable behavior.

Re:Okay.

[Anarke_Incarnate]

On an enterprise software level... bring what you need in a local, self contained directory structure. There is absolutely no reason your reliance on foobar v1.20a-final means that Software X cannot have 1.21c-upgraded.

Link to your own directory first in your search path.

Where's my check?

Re:Okay.

your web sever needs openGL that is why your software sucks.

Re:Okay.

[gorzek]

Bingo! "My organization uses a bunch of home-grown ad hoc'd garbage that isn't versioned or managed by anyone sane or competent" isn't a problem with installers, it's a problem with having a deeply dysfunctional organization. There is no software that's gonna fix that problem, and it's not because packaging/distribution software is lacking in some functionality.

If you have to install it by hand, why? What are the steps? Why can't those steps be automated? Why can't those dependencies also be automated? What, you can't edit XML files, .ini files, or registry settings on the fly? Why not?

Re:Okay.

[lister+king+of+smeg]

they may give you a performance hit but they also give you portability so say your windows server has a major hardware failure you can move it to another with completely different hardware without windows killing itself because it thinks you have pirated it. it also makes backups and if necessary regression to easier state easier because you can just take a snapshot of the vm. oh and if one copy crashes its os it won't take the other one down with it. lots of advantages to vm's really.

Re:Okay.

[aztracker1]

Okay.. but an installer that says, select the components to install... (oh crap, the RDBMS runs on Linux)... Oh noes, the Front end runs in Windows... Now you need to interface with AD... Creating installers for all these pieces for a system that only gets installed for a hundred or fewer instances or upgraded less than that a year is a waste of energy vs. using a fraction of that time to simple document well. The more pieces that are running on different servers/systems the more complex the install... Also, if you're using 3rd party software, be it Oracle, MS-SQL, or Postgres, automating the settings needed for said install are problematic.

The solution I am working on right now involves connecting to MS-SQL, RabbitMQ, and MongoDB. It's utilizing IIS, Node.js, as well as .Net ... you're suggesting I should go back and create installers for this system that is only running in one production environment, and a handful of stage/dev environments? Really? Even if it were installed a few dozen times a year, it wouldn't justify the cost of automating that process, vs. a checklist.

Re:Okay.

[sgbett]

Yeah you don't *need* multiple apache installs, neither do you need VM's... or even web server at all, or bacon.

Re:Okay.

[sribe]

I would assume that the database itself probably does have its own installer. I think the issue is that it needs to be configured, probably based off the clients need and their existing systems.

Sure, and installer builders allow you to insert an existing installer into the installer you're building.

I think what the person was trying to get at is that installers make sense for individual tools and applications, but once you start getting into entire systems or stacks the idea of having an 'installer' increasingly becomes nonsensical since there is less and less generalizable behavior.

He seemed to be justifying having large sections without an installer at all. Having more than one installer is not outrageous, though likely unnecessary. Having to fill in some info during install is not outrageous, though easy to overdo. But the whole language ("not packaged at all", "cannot be distributed", "XML files edited") of that original post seems to scream: LAZY BASTARD JUST DOES NOT WANT TO BE BOTHERED!

Re:Okay.

[aztracker1]

Well current versions of Windows will allow multiple versions of a given DLL to be installed, and use the correct one on a per-app basis. Linux allows setting a binary root for a given application build, that can include dependencies, but even then it's usually less of an issue, as more business applications are built in higher level languages using services that have defined network/local APIs.

Re:Okay.

[hawkinspeter]

Okay, but when would you *want* multiple apache installs? Surely you can accomplish almost everything by using either vhosts or by running the same apache binary multiple times with different settings?

Re:Okay.

[aztracker1]

Creating an installer for a complex system... a couple man-years of labor from your highest paid employees for a system that only gets installed a dozen times a year.. vs. a checklist... Yeah, you'll be making millions with your strategy.

Re:Okay.

[Anarke_Incarnate]

Users are not people. Users are users. Not to mention, it is easy to change ownership of directories and give them to a new user. That's the beauty of UNIX.

Now, that being said, when is user apache22 going to leave the company?

Re:Okay.

Even if it can be automated with an installer, it doesn't make sense to write an installer that will only ever be used a small number of times. Enterprise installs are all effectively custom builds, and I very much doubt you would want to engineer an installer that takes into account all possible configurations. Whether it is possible or not is irrelevant - it's not a sane or practical thing to do.

The cost / benefit of automation really only makes sense if the automated procedure is going to be run enough times that the combined cost of multiple manual installs exceeds the cost of developing the installer. The small number of deployments coupled with very custom / complex installation procedures means that this trade-off is very different for enterprise software vs. packaged desktop apps.

Re:Okay.

[sribe]

Okay.. but an installer that says, select the components to install... (oh crap, the RDBMS runs on Linux)... Oh noes, the Front end runs in Windows... Now you need to interface with AD... Creating installers for all these pieces for a system that only gets installed for a hundred or fewer instances or upgraded less than that a year is a waste of energy vs. using a fraction of that time to simple document well. The more pieces that are running on different servers/systems the more complex the install... Also, if you're using 3rd party software, be it Oracle, MS-SQL, or Postgres, automating the settings needed for said install are problematic.

The solution I am working on right now involves connecting to MS-SQL, RabbitMQ, and MongoDB. It's utilizing IIS, Node.js, as well as .Net ... you're suggesting I should go back and create installers for this system that is only running in one production environment, and a handful of stage/dev environments? Really? Even if it were installed a few dozen times a year, it wouldn't justify the cost of automating that process, vs. a checklist.

1) How good is your checklist? If it actually works, you're already not on my shit list ;-) The article referenced involved multiple steps that were documented that did not work.

2) You're not denying that an installer could be built. You're saying that you understand what it would take, and that it would likely be more effort than just going through the manual process. (And you don't even mention estimation risk--you really know how long it takes to do the manual install, but you can only estimate the project of building the installer.) The post to which I responded claimed it couldn't be done.

3) You seem to be talking about an in-house system, since you talk about running in one environment. The post to which I responded seemed to be talking about a commercial product ("...I manage a product line..."), which is an altogether different story. Not only do developers of expensive products owe decent installers to their paying customers, but in your case the people responsible for the manual installation were involved in the development of the solution and so start with a much greater understanding of the pieces than the poor customers of that poster's company.

Re:Okay.

[jythie]

That is not how I read the comment, esp since the person said they had installers for individual applications/tools. I read the post as the person pointing out that a single installer for the whole system does not make sense and sometimes having an 'installer' is just an unnecessary extra step since all such things do is automate a process... but automation is not always applicable.

Re:Okay.

He's a manager, and he doesn't know enough to realize his programmers either don't want to fix these things, or don't know how.

Re:Okay.

[sgbett]

I don't know, I don't want to! I am sure that doesn't mean everybody else shouldn't want to either though ;)

Next you'll be telling me I can only download apps from one place!

Re:Okay.

[hawkinspeter]

Generally, system user accounts are not referred to as "users" - that's usually reserved for people. Software should be installed to be run as a system user with the minimum necessary permissions and the software binary should be installed as root so that no-one else can change the binary (obviously the config files may be writable by other accounts).

When people talk of installing software into a user directory, they're usually referring to installing all the binaries, configs and working files into their own home directory. Yes, you can relocate it when you find out what's happened, but you shouldn't be running production software that way.

Re:Okay.

[hawkinspeter]

Okay, can anyone who *ISN'T* sgbett answer why someone would want to install multiple versions of Apache on the same machine apart from testing?

Re:Okay.

Lots? The VMWare vSphere installer just needs you to provide the SQL Server name and sa password, for instance. Why is that difficult?

Re:Okay.

[History's+Coming+To]

Any script will do it if the remote machine allows remote database access. Commonly they don't to close an obvious attack vector, but it's perfectly possible.

Re:Okay.

Doesn't work when your enterprise app needs to be very specifically optimized to the target environment. What is your installer going to do, explain and prompt for thousands of different settings/configuration options? And of course the operator installing the software isn't going to know all the answers.

At some point of complexity, an expert *is* needed to install enterprise software. And most large enterprise sales contracts include on-site installation.

Re:Okay.

[Anarke_Incarnate]

It's a difference of nomenclature, and I don't really need a lesson on managing systems, as that's been my field for quite some time. System level accounts are just that, built in. You can, however, have application accounts, and they are still users.

Running production software out of /home/bob is bad. Running it out of /opt/software/versionX/bin/foo with a link back to /opt/software/bin is good. You can make /opt/software a home directory.

Plus one for root creating the files/configs so the user has the ability to execute, but not modify beyond perhaps some sudo rights. Unfortunately, politics often screws that up, and an exception is filed, accepted, and never read.

Re:Okay.

[Applekid]

Not blind, necessarily. Enterprise software is almost certainly designed to be "consultant ware."

Oh, having trouble getting it installed? Yep, our software is very powerful therefore very complex. We can help you with that, let's talk about a retainer.

A function isn't working? It must be your sprawling IT infrastructure. We can help track it down for you with an engineer dispatched to your data center, what's your closest hotel?

Re:Okay.

[war4peace]

Bullshit. If you charge a few millions for such a product, you can afford making a custom installer. Yes, I agree that from a strict profit-making point of view it's better to go with manual steps because that brings you more money. But please, for fuck's sake, don't tell me it can't be done.

Re:Okay.

[icebraining]

Proxmox + OpenVZ?

Re:Okay.

[war4peace]

Include that in the install interface, then.

Re:Okay.

[hackula]

This. Although a single script would be great, just have a script for each machine, with a thought out name for each. Include a readme with the install package that runs through which script to run on each machine step by step. Problem solved. Manually setting up databases and configs on every machine/server is a huge PITA. This is a development failure more than anything though. I would not expect the help desk guy to be able to automate all of this. Automated install and versioning is a developer's responsibility for any production software, MAYBE with the exception of prototypes and custom one offs.

Re:Okay.

[Giant+Electronic+Bra]

Exactly. There are just such a HUGE number of different possible things that can go into an individual setup. There are in our main 2 pieces of product each a rather extensive and tricky XML file that you're almost certain to have to do some significant surgery on. It is POSSIBLE you can set up a 'vanilla' setup for demo purposes basically, but you're sure to have to edit this beast real soon anyway.

There are other aspects too. While I say our system is a 'piece of software' it is really a number of services which can be distributed in different ways between however many machines someone needs for their purposes, and there are several ways you could do that. Depending on exactly how you actually set things up there could be various quirky setup and configuration issues. In most cases the specific setup is one that hasn't been entirely tested before or even entirely anticipated. Often you're dealing with the person that designed some part of things to know exactly how (or even if) something can be done. This is mainly because this sort of software is EARs deploying onto J2EE servers, databases (there are 4 separate schemas that we use for various things, they might well not even be on the same servers). It is just complex and ugly.

I think people get the misimpression from what I said that we aren't concerned with making things easy and smooth. That wouldn't be true. Ease of use is always a concern for any decent ISV. It is just that some issues aren't reducible to a few choices in an install wizard, and there are just factors that aren't sensible to deal with at that level. In fact there are a lot of automation scripts of various types that we use. All database updates for instance are done via a structured set of script modules that we wrote years ago. That can reduce a really complex process to a couple shell commands. Other bits of software DO have installers.

Re:Okay.

[Tanktalus]

I just used Apache as an example, feel free to use Enterprise-class software (I think the article referred to Oracle, too, but I worked on one of their competitors).

Testing is a big one. Ensuring that your existing apps are going to continue working under the new version. In enterprise-class software, this is sufficient reason right here. There is no need to keep looking for other excuses, it's so critical that everything continues to work with an upgrade that we can spend three months just planning to apply a quarterly update.

Embeddability. I want to run Apache. I also want to run Frobnitz, which embeds Apache (so they can run precisely the version that they've certified against). I also want to run a test version of Apache before I update it. Likewise with Frobnitz. Obviously this is going to throw my port usage all over the place, but that's a whole different can of beans. Maybe Frobnitz is a bad example of an enterprise-class software, but my management still wants to use it (they had the Shiniest Trinkets at the trade show they went to), it embeds Apache, and if Frobnitz is installing a downlevel Apache using RPM with the standard name, I'm screwed.

I'm sure there are other reasons, but I've not been there. I've just been on the other side, where enterprise-class customers have made requirements on us, including multiple copy support, that made continued use of RPM impractical.

Re:Okay.

[ColdWetDog]

Oh come on. Wouldn't you rather meet the 'giant electronic bra' than the usual humorless, overworked and hung over system rep? If (he / she / it) could only get past security (or the TSA for that matter) it might well liven up your day.

Expand your horizons!

Re:Okay.

[nabsltd]

The solution I am working on right now involves connecting to MS-SQL, RabbitMQ, and MongoDB. It's utilizing IIS, Node.js, as well as .Net ... you're suggesting I should go back and create installers for this system that is only running in one production environment, and a handful of stage/dev environments?

Yes, if the "stock" install of a product that your is a dependency for your "system" isn't good enough, then at the very least you need to supply a script that will change the config of that product to your liking. If at all possible, that script should be run as part of your installer, asking for passwords and connection information if necessary.

For example, if your system depends on a DBMS, obviously you need to provide a script that creates the actual database you need. If the DBMS needs changes to its config (for example, more memory use than a stock install), then you need to script that as well. It may not be possible to have these scripts run directly as part of your install, but you can pause your install, present the script, tell the user to copy/paste the script and run it on the appropriate machine. If the user clicks "Next" but hasn't actually run the script, then your overall install might fail, but that's not your fault.

So, no, we don't expect you to create a custom installer for some third party product, but we do expect you to automate any changes needed to those third party products.

Re:Okay.

[berashith]

does it have to be a good reason? I can think of one, but it is convoluted and stupid, and would only give a manager a bad idea if I were to put it in print.

Re:Okay.

[aquabat]

You won't be making millions from the people who go to your competitors because your demo doesn't work.

Re:Okay.

[ae1294]

It's harder for some admin to pirate his software and upload it to pirate bay if there isn't a installer....

Re:Okay.

[curunir]

Other than proprietary software which you might not have the right to distribute and might, itself, not have an automatable install process, I don't see anything on your list that cannot be automated with Chef. Each service can be mapped to a chef role and individual machines easily provisioned with knife.

But then you'd lose the perception of complexity that you get from having a complex install process. A simple install process would give customers the illusion that the product itself is not complex and then they might balk at the 100K up-front costs you're charging and even, possibly, the 1000's per month.

Re:Okay.

[Giant+Electronic+Bra]

I think what you'd find is that each install is unique enough that the effort needed to set up an install script which would have to be gone over with a fine toothed comb and tested several times just to do one or two customers wouldn't be cost effective. We've looked into these things in the past, trust me.

In fact you're probably wrong about perceptions. Everyone enjoys convenience and simplicity. Automatic installer scripts would generally convey a polished appearance, BUT our customers are our customers because of the significant savings and ability to integrate into their own business process and flexibility that our product gives them vs what they have from other vendors. Of course they'd love to pay less, but they know the deal they're getting from us is great for them and that we don't charge stupid amounts of money for nothing. All I can say is we are doing something right because business grows every year.

Re:Okay.

[hawkinspeter]

I agree that testing is a valid reason to do multiple installs and deb/aptitude package management will let you install multiple versions providing they've got different names (e.g. libcap1 and libcap2).

I know that Oracle installs a specific version of java in an Oracle installation as quite a few tools use java and they don't want to be wasting support services on debugging java version problems. However, this specific version of java won't be used by other programs (unless you force them to) and you can install other versions of Oracle without them conflicting if you use different different ORACLE_HOMEs for them.

When moving stuff to production, you're much better off having Frobnitz running on it's own (virtual) machine. That way, Frobnitz can have exactly the version you want and you can put apache onto a different machine and there'll be no trouble with them conflicting. It then also becomes much easier to test as you can replace the Frobnitz or apache functions separately from each other (and you'll also have the luxury of rolling back to snapshots if/when a virtual machine gets broken).

Re:Okay.

The problem with that is that someone has to maintain the checklist (which is really just a script that is partially run on non-silicon hardware...).

It's not been my experience that the checklist is maintained by the developers.

Instead it might be maintained by the people who are expected to follow it. People who might not know why a particular step is there, or a particular order is given, and who might "optimize" the checklist in their ignorance....

Re:Okay.

In the company I work for, our product includes a lot of the sort of thing you're talking about that makes it very difficult to use any kind of traditional installer (need to work with databases usually on other machines, configuration files editing, integration with deeper IT infrastructure [for us, a lot of the applications the clients run have several tools requiring access during the installation process; thankfully those applications' SDKs, the pain in the ass they are, have allowed some automation], etc.). Over time, we've built up a simple stand-alone application that automates everything with just a few inputs of server names, UNC paths, usernames/passwords, etc. Of course, they have to have things set up before hand and have to be sure that everything is up and running as needed (including a few things that the user installing our software is never actually going to use but their end users are, so that gets frustrating with some clients, but that's always been the case for us). Not a traditional installer by any means, but rather a home brewed installer that fits the needs for most clients. It works great, actually, and has overall saved time for development--we're a small team filling a very niche market, so the two developers in my company, myself being one, have to walk every client through the installs, and as such, the more we can automate the process, the sooner we can get back to development. Unfortunately, though, even with that, it only works flawlessly, requiring almost no input from us, if they're system is flawlessly setup. One thing unusual, and the install process that takes 30 minutes mostly automated suddenly can take, in some cases, even as much as a week or two before their users are able to utilize it. Some of that is deficiencies in our software that we have to overcome (except the boss has decided that meaningless functionality that ends up never being used by any clients we talk to about it and rather just confuses them is more important than overcoming those deficiencies), but this is my anecdotal evidence of cases like this.

Re:Okay.

[Rakarra]

Ever want to install more than one copy of Apache?

This is up to the installer writer. I don't have experience with DEB, but with RPM, there is, for instance, no reason why you can't have two versions of the same package installed as long as they don't try to own the same file locations (or at least, as long as those shared files are the same). The Linux kernel does this by default on many Linux distributions, allowing you to have several different versions of the kernel installed that you can switch between. The version of the program is baked into the base install directory, something I note that many non-rpm enterprise software installers do anyway.

Re:Okay.

[X0563511]

Why would you ever want to run testing on production equipment? Mirror production, and test in test.

If you want to test on production anyways you'll find that a silly mistake can result in disaster.

Re:Okay.

[gmueckl]

What check? That's at most half of the solution. It covers most cases on Unix systems, but the situation on Windows (which was referred to explicitly) is a far greater mess. The way linking happens depends on about 10 to 20 different things, and not all of them are under your control.

Re:Okay.

[Anarke_Incarnate]

Easy enough. Don't use that hot mess.

Re:Okay.

[aix+tom]

Exactly. Being both a developer and an admin having "installers" is often worse than not having them. I much prefer the "copy the software files somewhere, set environment variables A, B and C, and fill out configuration files X, Y and Z"

An administrator in an enterprise environment should know better how to to those things in HIS environment than a person that has to write an installer that has to fit ALL environments. I can't count the times I had to snapshot a system, run an installer, and then compare the systems to find out what the installer was doing so that I can figure out what needs to be done in my "real" environment, because the installer didn't work in my real environment. A good list about what needs to be done is often more helpful than an automated installer.

Re:Okay.

[aix+tom]

It might be difficult because if there is a bug (or a malicious hack) in the installer, then the installer could delete all other databases on that server once it has obtained the sa password of that server.

The question basically boils down to "How much do I trust an installer I have no clue about what it actually does to mess with my systems."

Re:Okay.

[kiwimate]

Link to your own directory first in your search path.

Where's my check?

You'll get it when you fix the other part of the question:

...without breaking the other applications that depend on them

That's the key point your technique misses.

Next...

Re:Okay.

So I take it you basically don't do any regular out-of-box testing on your product (because otherwise you'd be doing such an install probably at least weekly).
Well, I sure would recommend to not use such a product then.

Re:Okay.

[Anarke_Incarnate]

Your lack of ability shines here. This technique carries it all. If the application brings all it needs, then it doesn't matter if the user of the application has their directory first in the search path. If you want to make sure you use your own version of shared or linked objects, that's how you segregate them. It won't break anything, as the path is user specific.

Now again... where's my check.

Re:Okay.

[flink]

What's difficult is prying the sa password out of your DBA's cold, dead, hands :P

Re:Okay.

[semi-extrinsic]

Please, stop with the bullshit. "A couple man-years of labor"? No way. I'm not buying that it takes more than roughly 10 times a single run through your checklist. And I know all about complex systems with insane interdependencies, I've worked on writing and maintaining a thermodynamic simulation code that interfaces various inhouse Fortran and C libraries, where some of the Fortran ones are so old that there are comments referencing the punch cards it was originally written on.

To be frank, I suspect that your single biggest problem is what Linus Torvalds acutely summed up as "idiotic object model crap", or more politely:

inefficient abstracted programming models where two years down the road you notice that some abstraction wasn't very efficient, but now all your code depends on all the nice object models around it, and you cannot fix it without rewriting your app.

Re:Okay.

[Tanktalus]

Maybe, yeah, if you're working on commodity hardware, running your test server on a mirrored system makes sense.

When the hardware costs $1m+, having a spare might be economically less feasible.

Oh, and I've seen cases where "mirroring" was incomplete, leading to either errors in test, or, worse, errors when you get to the production system. Not always the best idea, either.

Re:Okay.

[X0563511]

Well, I'd say your test system isn't going to have the load of the production system. You could very well get away with cheap hardware on that side. After all, if your test system breaks it doesn't really hurt anything.

As you say, if you go this route you have to make sure it's done right. You have to verify the mirroring is actually working.

Re:Okay.

I'm gonna give you a horrible answer that's basically the same as his:

"Because the vendor says so".

Because there's a version of bizarre $ADMIN_FRONT_END that requires $PHP_BLAH with $ORACLE_FOO with driver $SOME_CUSTOM_PATCH.rpm

Because their people are incompetent and have no process...

And while other versions are documented as working, they are outside the scope of your 4-hour SLA agreement.

Seriously. I've done it for that reason.

If you assume you control and are responsible for everything, your assumption is great. The moment your software is an externality you host and someone else maintains...this breaks down.

Let's brainstorm some more reasons...

1) A hypothetical bug in some newer version with a known workaround in an older version -- you run side-by-side temporarily with a given application to host a workaround.

2) You're not yet virtualized for some reason, and you have software that ships with bad dependencies... some sort of remote management console that has a specific version pinned via the RPM you get handed.

3) You're doing too much on an application server (you should be virtualizing), and have various applications that depend on whole installs and associated different versions of libraries. Unlike the above where we just get a crappy package handed to us, in this version we get a package that says "I'm going to search for and run REALLY_OLD_VERSION_PHP_CURL by absolute location of... or worse...and I've seen this "I'm going to engage in access controls via apache1-htpasswd invoked from web" hardcoded into god knows where...

The applications /should/ be rewritten to work correctly, but ... that will never happen unless it's an enterprise shop that gets into centralized business logic... or actual maintenance orders...

All you have to do is imagine:
      1) you have a platform with a (bad) business policy against virtualization.
    2) with your bad business policies, you have bad or hurried developers that pull in libraries inappropriately from global settings

    There's your shitty resource constraint that forces...a shitty decision to do this.

It's still out there, people still run it... "if it ain't broke don't fix it" has been the bane and consulting-fee reward of many competent admins and programmers... fees.

Re:Okay.

[DigiShaman]

Which is bullshit! If that's the entire point of Enterprise software is primarily to get the foot in the door and milk the client for all their worth and then expend them like a used husk, why bother?

If you're going to be honest about it, price the software along with a dedicated software developer for $120k a year (not included). At least they have an idea of what they're getting into.

Re:Okay.

[radtea]

you're suggesting I should go back and create installers for this system that is only running in one production environment, and a handful of stage/dev environments? Really? Even if it were installed a few dozen times a year, it wouldn't justify the cost of automating that process, vs. a checklist.

That depends. Checklists are more error-prone than scripts, and doing things via scripts pretty much forces you to keep the scripts up-to-date, so there is a higher degree of knowledge capture. When I do things via checklists the checklist is often a few iterations behind the reality, because I know what the current deviations are. When I do things via scripts they are always up-to-date, and if I get hit by a bus my employer won't lose anything.

There is certainly a place for checklists, but for any software that is going to be deployed to customers--even one or two--scripts are almost always the right way to go, in part because they encourage in-house testing before release, and remove from the customer's hands a very error-prone and stressful step.

Re:Okay.

[Comrade+Ogilvy]

The question is where the profits come from. Faced with short-sighted would be buyers, many enterprise software companies take a small loss on the original software sold and make their actual profit on the services getting it up and running, and maintenance charges of the same. It is an anti-virtuous circle, because a new company selling a product that is not plainly outright superior cannot charge a fair price for their software when the customer mindset works against the customer's own long termbest interest.

Re:Okay.

[curunir]

...each install is unique enough that the effort needed to set up an install script...

The fact that you're still thinking of it as an install script is indicative that you might not have explored solving the problem with some of the more modern tools. You should really take a look at Chef...when you automate with Chef, you're not building an install script but a set of re-usable and configurable installation components that the engine intelligently applies based on the profile for the target machine. Those XML files that you're editing can become Ruby ERBs with logic to build the XML based on per-profile data, reference data and data obtained through searches of the network topology. For instance, let's say your XML file needs a comma separated list of ip/port combinations for all servers of a certain type in the deployment. Something like this would be very difficult to put into a deployment script, but is almost trivial to do in Chef (search based on role with a little ruby code to join the results together.) And as the deployment changes and new machines are added/removed, the tool handles re-generating those configuration files based on the updated deployment topology.

I work in enterprise software too (albeit SaaS) and we have everything automated with Chef. Our application has many different components (dbs, queues, schedulers, caches, REST services, etc) and Chef is able to coordinate everything fairly easily. The fact that we can use the same Chef recipes to deploy to production, QA and developer environments (through vagrant-managed VMs on developer machines) attests to how flexible the tool is.

Re:Okay.

[kiwimate]

Why start with an insult?

You're half right - if the file is found in the start directory, no need to go to the search path. As for the rest of it, I think this comment and your response says it all. Remember that you can't control how other applications may edit the path, nor what versions of dependencies they may place on the system. The comment about the path being user specific is just irrelevant.

If you're concerned about isolation at this level, you can always use dedicated servers at the application layer or the data layer or where ever you're likely to run into problems. Presumably anyone who's spending hundreds of thousands of dollars on software won't balk at this.

Re:Okay.

Most also allow you to manually create a blank database and a service account that provides access to it (and only it), so your trust of the installer doesn't necessarily have to be compromised.

Re:Okay.

What do you mean, don't *need* bacon??

Re:Okay.

Why can't the expertise captured in the brains of your various installers be captured in an expert system installer? Presumably, the knowledge involved is crystallized enough to be transferred from an expert to a new crop of installers, so why can't the rules, algorithms, heuristics, questions for the users, tests and metrics of the hardware, etc. be enacted in software? If a company can't/won't do that, then I question their ability to get the much less well defined details of my business (which they know a lot less about than they do their own software's requirements), their dedication to cutting labor costs they charge to me, or their just giving a damn.

Re:Okay.

[badkarmadayaccount]

Pre-configured OpenVZ images on linux+ NSIS on win?

Re:Okay.

[aztracker1]

In some installs, the database is Oracle, in others MS-SQL or DB2... Some installs will be MS-SQL and the application services, and front end will be on a single system, in others they may be split up. Some systems interface outside services and other systems. You really think that creating an installer flexible enough to ask for all the options, and baby stepping through is more effective than a checklist... dbms installed (check), application installed (check), application's config pointed at correct database (check)... I mean you really want my installer to know enough about the SQL installer, as well as the MQ and other systems to install them too?

Re:Okay.

[semi-extrinsic]

Huh, didn't know you could necrobump on /.
Nevertheless: Yes. Yes, an installer can have multiple options for satisfying its dependencies. Yes, it can check on runtime which of these are present on the system. Have you never seen the output of a "./configure" (often used before "make && make install" on Linux)? As I said previously: if you are a good programmer, it will take you roughly 10x the time you use for installing your software once to create a working installer. Then of course it depends on how often you install your software whether it makes sense for you to create an installer.

Installers?

apt-get and checkinstall.
Do we need anything else?

Re:Installers?

[vlm]

puppet to automate it.

package { "wtf" : ensure => latest }

Re:Installers?

[Qzukk]

And etckeeper to make sure you can blame whoever comes along and fucks it up later.

Re:Installers?

[omglolbah]

Oy, never knew of this little gem... Installing immediately!

Re:Installers?

You made a typo. I think you meant Chef? It's okay, a lot of people make a similar typo. :D

Re:Installers?

[Anonymous+Brave+Guy]

That sort of tool is great as long as there are pre-packaged builds available for whatever versions you need. But if you're looking at a package-based model on Linux, things can get a lot more complicated as soon as you're not just working with packages that are part of your distro.

For example, suppose you want to run Python 2.7 on Debian stable, which is so stable that unfortunately its preferred Python version is still 2.6 (which was written some time around the Dark Ages). Assuming you aren't able to find someone who's conveniently bundled up a suitable package already because this is a somewhat common case, how would you go about integrating this with the likes of Puppet?

If there's any universal solution that doesn't involve at least looking through the makefiles to work out exactly what gets compiled and where it gets installed when you build from source so you can manually create your own package file, I haven't found it yet. (If anyone knows something I don't, I'd love to learn about it, so links etc. are very welcome.)

Re:Installers?

[semi-extrinsic]

This is one of the beautiful solutions in ArchLinux. If a package is not in the main repos as a binary, you make a PKGBUILD yourself. It's basically a few lines describing your program, version, architecture, dependencies, where to get the source from, etc., and then a few lines of bash script that calls make, patch, whatever. To wit:

pkgname=foo
pkgver=10.0.2
arch=('x86_64' 'i686')
depends=('php' 'mysql')
optdepends=('java-runtime')
source=("http://www.server.tld/${pkgname}-${pkgver}.tar.gz")
md5sums=('a0afa52d60cea6c0363a2a8cb39a4095')

build() {
cd "${srcdir}/${pkgname}-${pkgver}"
cmake ./ -DCMAKE_INSTALL_PREFIX=/usr
make
}

package() {
cd "${srcdir}/${pkgname}-${pkgver}"
make DESTDIR="${pkgdir}" install
install -Dm644 COPYING "$pkgdir/usr/share/licenses/$pkgname/COPYING"
}

Re:Installers?

[petermgreen]

I find that most of the time you can grab a source package from testing/unstable and build it on stable with only minor modifications (sometimes none at all) and get a usable package.

But ultimately yes someone has to do the work of preparing the software you want in a form that is suitable for what you are going to run it on before you can deploy it.

It's the submitter's fault.

[mcgrew]

Not as a user, the guy has been writing software for 20 years and complains about poor design and bugs? Nerval's Lobster should clean up his own house.

I finally found a system log from the installation. There were a whole bunch of exception errors, but no explanation of the exception, what caused it, whether the installer took care of the problem, and if there was anything I should do to fix it. Yet the installer claimed everything had installed correctly.

I wonder how the UNIX SAP software fared; Windows is not a robust OS. Flaky hardware will make Windows and its software crash every time, while apps running Linux on the same flaky machine work fine, as I've seen on two different occasions.

Part of the problem is the tools. A poor workman always blames his tools, but a good workman doesn't use faulty tools. The tools I'm talking about are compilers, 3rd party installers, and OSes.

There really is no excuse for today's shoddy software. Why should an automobile last longer than an OS?

Re:It's the submitter's fault.

Why should an automobile last longer than an OS?

Because it is a profitable business model.

Re:It's the submitter's fault.

[war4peace]

Why should an automobile last longer than an OS?

That has no longer been valid since post-'95. An OS lasts just as long as an automobile, if you consider all the variables. If the infrastructure doesn't change, an OS would last forever. But infrastructure (read hardware support, network support, etc) does change, and rapidly. Your own automobile would be good for nothing if, for example, current roads would be replaced by magnetic field monorails.

Re:It's the submitter's fault.

[Kielistic]

Why should an automobile last longer than an OS?

If you don't pay for regular maintenance (which costs more per year than a single OS license) I think you will find that your automobile will not last longer than an OS.

Re:It's the submitter's fault.

[Megane]

Not as a user, the guy has been writing software for 20 years and complains about poor design and bugs? Nerval's Lobster should clean up his own house.

Pay more attention to what you are complaining about. NL is just the guy who crossposts stuff over from SlashBI. (He used to submit a lot of not-news-for-nerds crap that never got posted, but seems to have gotten a lot better in the past few weeks.) The guy you are complaining about is in the linked article.

Re:It's the submitter's fault.

[westlake]

Flaky hardware will make Windows and its software crash every time, while apps running Linux on the same flaky machine work fine, as I've seen on two different occasions.

"Two different occasions." eh?

Rather a small data set.

Personally, I would rather see hardware problems exposed sooner rather than later.

Why should an automobile last longer than an OS?

Because we have been manufacturing cars for over 100 years and most of the basic engineering problems were solved no later than the mid 1950?s?

Re:It's the submitter's fault.

I've never paid for maintenance. We still have windows xp boxes running just fine. Qualify your statements if you're going to make blanket assertions.

Re:It's the submitter's fault.

[mcgrew]

Bullshit, XP works just fine but MS chooses to no longer fix its bugs and the vulns they pose. In fact, Windows 95 would still run fine. TCP/IP hasn't changed, nor has much else in computers except their speed. It's an excuse for a ripoff. Do you work for them by chance? If so, tell them to stop writing shitty software.

Re:It's the submitter's fault.

[mcgrew]

The linked article said he wrote commercial software. Commercial software is crap, and commercial software was what his rant was about..

Re:It's the submitter's fault.

[mcgrew]

I can maintain my own auto, I can't maintain closed source software. If my ten year old car has a design flaw (bug) that makes it leak gasoline, it will be fixed for free.

A person or company should fix their fuckups. Commercial software companies don't, and it's just plain wrong that they refuse to.

Re:It's the submitter's fault.

[Kielistic]

You absolutely cannot maintain an automobile all by yourself. You must purchase parts and materials from vendors. In fact unless your car was built before the '70s it relies on closed source software to run. If these parts are no longer on the market you are more SOL than XP users on EOL day. They can still use XP to their hearts' content; your car just won't work.

What's more- if your gas tank starts to leak in a ten year old car the manufacturer will definitely not fix it. That's normal owner maintenance.

The fact that you think a person has to indefinitely maintain any software they've ever written leads me to believe you don't know much about software development.

Re:It's the submitter's fault.

[war4peace]

Dude! You pointed out the SAME thing but somehow managed to look like you disagree with me.Congrats for going full retard here :)

Re:It's the submitter's fault.

[mcgrew]

You must purchase parts and materials from vendors.

Physical moving parts wear out. Software doesn't.

What's more- if your gas tank starts to leak in a ten year old car the manufacturer will definitely not fix it.

No, not if you hit a sharp rock and puncture it, but if your tank leaks because of a design flaw, they'll recall it.

The fact that you think a person has to indefinitely maintain any software they've ever written leads me to believe you don't know much about software development.

Lets see, BASIC, assembly, JPL, NOMAD, dBASE, FoxPro, various scripts including javascript... and a few more I've completely forgotten about, I've been doing it for thirty years. I software-hacked an old TRS-80 MC10 which was text-only and uppercase only into high-res (for the time) graphics and mixed case presentation. I wrote quite a few games on that and other machines, including early DOS machines. I know how computers work down to the solder, and how software works. Ever hand-assembled machine code? I have.

You only have to indefinitely maintain software if it's a shitpile of buggy code. Windows 95 would still be useable if it wasn't a bug-ridden pile of shit. You kids today seem to take no pride whatever in your work, especially the ones working for MS, Adobe, and actually quite a few other vendors. To be fair, though, my guess is it's more the bean counter's fault than yours.

Re:It's the submitter's fault.

[mcgrew]

No, we're obviously talking cross-purpose. yes, XP will run fine, but your machine will be pwned because MS won't fix its still lingering bugs.

Re:It's the submitter's fault.

[war4peace]

Depends what you use it for.
Windows 95 would NOT run fine on a new machine. It would, however, run fine on an old machine, but would NOT be able to run most modern software. Hence the analogy with a car and the infrastructure it runs on. Same goes for Windows XP, albeit to a lesser degree.
I had the displeasure of working on a Windows 95 machine no earlier than two weeks ago. It looked and acted so aged... after being used to Windows 7 and Ubuntu 12.04, for example.

no installers wanted

[oever]

There should not be any installers. A software package should be one file that is download and run. The file should not be unpacked, it should simple be one executable with all necessary parts inside.

Any software that is not simple a single file is complex and brittle.

Re:no installers wanted

We had that, then they invented fixed disks and shared libraries.

Re:no installers wanted

[cfulton]

Well yes, theoretically I would agree. But, then that damn reality pokes its ugly head in and things are more complicated than we want them to be. Enterprise software, especially web based applications often cannot be packaged as a single file. Companies often want the database to run on their existing Oracle (or whatever) install, which means scripts to build out the tables in their database. There are often existing APIs that need to be called that are custom to the client. That means that after the install you will need to add code to make API calls that the standard install does not necessarily make. Many companies have existing web server farms that they want to run the application on so it will have to be deployed to each of the existing servers or they want to separate the static content from the dynamic. There are a million and one reasons that your simplistic view of the world cannot be achieved in the real world.

Re:no installers wanted

[TheDarkMaster]

Well, you can make a good installer and not every software is simple and/or small enough to use a "all-in-one" executable. The problem is finding qualified people for the job.

Re:no installers wanted

[somersault]

Define "necessary parts".

We have a lot of storage space these days, but I don't think every piece of software basically having their own /usr/lib or /windows directory is feasible yet.

Re:no installers wanted

[hawkinspeter]

That sounds like a backwards move to me. Usually, you want config files to be in a separate place than your binaries. What about shared libraries? Do you recommend statically linking everything?

Re:no installers wanted

A software package should be one file that is download and run. The file should not be unpacked, it should simple be one executable with all necessary parts inside.

Total and utter crap.

Just a few of many reasons why:
Many more complex packages (which is what we are talking about) need background services (often smallish executables with different elevated privileges required). They also have a huge gui front end which can run at normal user privilege level. From the security and efficiency point of view, only a total moron would combine these into one executable.
Many packages have to modify system configuration items (systemwide config files, registry, whatever, depending on OS). The modifications *cannot* be packaged as part of a single executable (does not even make sense).
Nearly all packages have their own private configuration items (default config files or whatever). Having data files like these incorporated into an executable is totally barking from the security point of view - executables should (almost) never be self-modifying; they should sit in protected non-modifiable storage.
Many complex packages have multiple components of which a typical install only requires a subset. Installing the unnecessary components because they are all packed in a single executable is idiotic, it introduces extra potential security holes.
I could go on like this all day but it should be clear by now that packaging *complex* products as a single executable is one of the stupidest ideas ever suggested on slashdot.

Re:no installers wanted

[war4peace]

I would watch with interest when that single-file Database you're using messes up for good, completely, because that single-file was deleted by mistake. Tee hee. Or when it got corrupted by power loss, etc.

Re:no installers wanted

[Half-pint+HAL]

There should not be any installers. A software package should be one file that is download and run. The file should not be unpacked, it should simple be one executable with all necessary parts inside.

Any software that is not simple a single file is complex and brittle.

Do we have to include the whole operating environment in the file, even eliminating BIOS? Because all modern software builds on external functions and libraries, even on a game console. Heck, even the cartridges for the original Nintendo relied on firmware inside the console to some extent....

Re:no installers wanted

[jythie]

Not all software is that simple. There are more then just 'apps' out there.

Re:no installers wanted

[tepples]

Heck, even the cartridges for the original Nintendo relied on firmware inside the console to some extent....

The Famicom had no firmware at all. The NES added only a CIC (Checking Integrated Circuit), a microcontroller on a completely separate bus that communicated with a matching microcontroller on the cartridge to make sure that the game was "licensed by Nintendo".

Re:no installers wanted

[berashith]

like an OVA or an OVF. those can contain only the copies of whatever your software needs. I have a feeling that this isnt the best way to distribute everything.

Why even use installers...

...when there are package managers?

Re:Why even use installers...

[J_Darnley]

Because they're better. With package manager it is usually "use this old version" or "compile from source". On occasion you get the rare third option of "add this repository of compiled binaries to your package manager" which is no different to downloading a random installer.

Re:Why even use installers...

[icebraining]

Yes, there is. The packages from that repository will be able to specify dependencies on standard packages (instead of bringing outdated copies of every library they use), their updates can be centraly managed and scheduled, installations are much easier to automate, etc.

The problem is that we still use installers...

[gestalt_n_pepper]

Instead of creating single exe. Memory and disk space are cheap. Portable application creators are easily and cheaply available (e.g. Cameyo.com - both free and excellent at what it does). It's easier to copy a single file than to go through the hell that is installation for most apps.

Re:The problem is that we still use installers...

[Tackhead]

Instead of creating single exe.

This is enterprise software; it's a much bigger problem than that. You're not installing "a single app", you're typically installing an entire software stack. LAMP is just the beginning.

From TFA:

Except it didn't really install correctly. One of the servers just wouldn't start up, and gave me no indication whatsoever the problem was. Another serverâ"the Tomcat web server that hosts the user interfaceâ"started up fine, so I was able to get to a login screen through the Web browser.

... Oracle provides a pre-built Linux image with all of the necessary business-intelligence tools already installed, running inside Oracle VirtualBox. "What could be easier?" were my famous last words.

The past 20 years have seen us escaped Windows and DLL hell by moving to Linux. Then, we escaped its own little twisted maze of dependency hell by using apt-get. Then, we used all those open source tools to build ... the infrastructure that was then used by the closed-source community. In the case of the SAP product, it comes with Tomcat as a web server. In the case of the Oracle .OVA installation, an entirely preconfigured Linux install that probably comes with its own separate stack. If you keep them all on separate VMs, you've got a shot at getting them to talk to each other, but is that really the best use of the underlying hardware? One bit of Java talking to some other abstracted piece of Java, using dozens of VMs as intermediate layers of abstraction?

And now we're right back where we started. SAP will support this revision of Tomcat which works with this version of Java, because, well, that's the Java way. And Oracle appears to have solved that problem by throwing down a .OVA for every subcomponent.

Web services are a great way to save developer time - but in return for that, they're yet another layer of abstraction that has to be dealt with. Virtualization's a great way to save administrator time. Rather than having to separately install "the right version" of the entire stack from the OS to Java to the configuration properties of the web server, just grab the .ova and work from there. It also gives you some scalability that you might not have had - fire up the .ova on your PC for a demo, or on bigger iron for production.

But in exchange for the ability to get crap out the door ("it works on my machine / Great! Virtualize it and your machine's now the installer!") faster, we've merely exchanged one dependency tree for another: instead of kilobyte-sized .DLLs or megabyte-sized repositories of source from which we can rebuild our binaries, we're now dealing with gigabyte-sized VMs.

Re:The problem is that we still use installers...

It sounds like you're saying that Java is 100% of the problem here.

Re:The problem is that we still use installers...

[marcello_dl]

But then you depend on the software vendor to fix bugs or worse vulnerabilities in libraries used by the program that you otherwise would update separately.

It would be feasible to provide static packages in FOSS, though. Gobolinux and its rootless mode are one approach alternative to the monolythic package.

Re:The problem is that we still use installers...

[Zadaz]

DRM. I love to keep installs as simple as possible. Every program should be able to be run on removable media. But back when I had a little less control over the software I develop, clients were horrified by such an idea. They wanted applications locked to a specific machine, permanently, if possible. If they would have known the lingo they would have asked for rootkits and BIOS viruses to keep their app from running anywhere it wasn't supposed to. (They would have gone with hardware dongles, but they were far too cheep for that.)

And to do that (Without hardware dongles) you have to get stupid. Insinuate files into places they're not supposed to be and generally just dick with a person's computer in a way that would make them unhappy if it wasn't hidden by a shiny graphic on the installer's splash screen.

You can understand why I don't do that work anymore, but I guarantee that someone does.

Re:The problem is that we still use installers...

[gbjbaanb]

With the single executable - you know you have no dependency issues but you do end up with security/update issues. Updating requires a new version that is rebuilt with every dependency again - which can be a major download, especially for things that never change.

But I agree with you generally. There is the case for security updates - if library x needs an update, too bad, you have to update all the programs that are built with it whereas a shared library system would let you update that library just once (of course, the library developer has to keep an eye on backwards compatibility which is a bit of a dead art by today's coders)

Even with huge executables, you can deploy them with patch updaters that only transfer diffs. Or you could deploy with a single directory full of shared libraries, which still makes it difficult to update every app that uses a particular library, but is easier than updating an equal number of single-exe programs.

Trouble is... imagine you have this single-directory deployment mechanism. You think "you know, I'll just store the list of libraries somewhere common so if one needs updating, there's a list of all the places it can be found", and you end up needing an installer and a registry and then you think "but why not store the library in a common place and avoid this overhead and just update it once" and you then have a global cache, and then you think "but what about when that library changes its interface and breaks dependencies" and then you have a side-by-side common directory, and then you realise that you need a new way of loading dlls so you can load 2 different versions of the same dll and you end up with the monstrosity that is probe path loading and then you have everything big and complicated and really messy.

So yeah, a single executable is a good thing. Shame there's so few xcopy-style deployments on Windows despite them saying they'd go with this when .net first came out. I guess the need for complexity is baked in to Windows architects now.

In fact, with .NET, I notice that the latest anti-pattern is embedding the installation code inside the executable itself, so you not only need an installer(installutil, comes with the .net framework) but you need to store the installer code inside the thing that is installing. Way to go - to take something that was reasonably sensible and twist it so that it is still just as complex but now less configurable and manageable!

Re:The problem is that we still use installers...

Instead of creating single exe.

This is enterprise software; it's a much bigger problem than that. You're not installing "a single app", you're typically installing an entire software stack. LAMP is just the beginning.

That would be understandable if it were only enterprise software that did this.

Re:The problem is that we still use installers...

[Darinbob]

Or just shove everything in the same directory instead of the Windows style of spreading it all around.

However that doesn't solve much of what an installer does, which is to register, configure, maintain settings from previous installs, verify dependencies, etc.

Re:The problem is that we still use installers...

And it still doesn't work! The original problem with Oracle was that after he installed the VM and started it up, things still didn't work. Why is the virtual web server returing a 500 HTTP error? Who knows -- it's not like he has any idea of how it's configured.

dom

Re:The problem is that we still use installers...

A single EXE? Who are you and what boring projects do you work on? Do they pay well ?

I'm a dev of a /small/ local government project. We deliver a whole platform-in-a-box. Only real requirement is that you have your own windows licensing server to point the image at... although we obviously recommend you run the image on vSphere instead of replicating our install procedure.

Per requirement it all runs on Windows... in the system alone we have:

- A file database (SQLite)
- A real database (postgresql)
- A highly customized search platform (Apache Solr, running on Apache Lucene, Running on Apache Tomcat)
- Memcached
- Two instances Apache (bound two four total ports, only two of which accept remotely)
- A web platform stack that shall remain nameless, utilizing at least 38 separate modules.... this depends a bit on how you count submodules, or what I'm going to call a 'micro-fork'
- A customized local web-tech based admin client for the permissions and controls of users
- Several local binaries -- things like curl,openssl etc.

Any one of these components *could* be broken out into a more scalable, larger, higher performance system via editing of config files on a system that supported fast network storage or sockets.

Pretty soon it's also going to get two specific part of its database tossed into mongo...although that will likely be in the next year.

What the hell type of world are you in where you would suggest this 'platform' should be an exe?

Yes, "turnkey" is nice -- that's why we actually deliver an appliance, but to be blunt -- it just wouldn't work without spending hundreds of hours on install scripts. And even then, the return on testing isn't worth it -- most of these devices need a config file set up once, a periodic update for security (even though the firewall won't permit access), and that's it.

I want to spend my time working on the application, not compiling a bunch of config-file based plugin infrastructure that will take thirty times longer than the budgeted component simply because you aren't competent enough to get Tomcat setup...

Now...if you want that... that's fine. But the cost to implement your search just went up by a factor of probably ten. And it became more brittle as a result.

Software isn't a single EXE any more unless you're doing pretty straightforward work -- it's an entire platform with dependencies that you need to work to glue together. If you want it pre-assembled, that's fine ... but you're going to pay for that cutting and gluing. And it's going to be in violation of your corp policy out of the box.

Re:The problem is that we still use installers...

[Qwertie]

When I saw that the user had "several 2-gigabyte zip files downloaded separately to make it more manageable", the problem seemed pretty clear already. This software might have been over 20 GB unzipped, which is larger than the plain text of Wikipedia; how many parallel versions of how many software stacks is this? (Only games can reasonably be this large--because their size comes from media files, which are easy to manage.)

Dependencies are bad unless you have a really good way of managing them, and sheer size is bad because it makes testing very slow and difficult--and installers themselves are already difficult to get right (I therefore avoid writing software that needs any kind of installation but, obviously, large enterprise software can't avoid it.)

Any company that makes a product this large is surely drowning in technical debt. They will have to spend a lot quality time eliminating unnecessary dependencies and brittle old code. In the meantime, users will be unhappy and new customers will be few.

Re:The problem is that we still use installers...

[JonySuede]

You are confusing over abstraction and SAP bad use of languages with Java. I have seen SAP Java, ABAP and even some SAP C, systematically it was suffering from lasagna architecture and insane naming conventions, however that bad style is portable across languages.

Maintenance Isn't a Bad Job

[Greyfox]

As long as you can incrementally improve the design and code, maintenance isn't a bad position to be in. I've seen far too many programmers who whine and whine about how much the code base sucks, but they never do anything to make it better. They insist that the only way to go forward is to rewrite the whole thing, a project that is almost inevitably doomed to failure. If you actually design new code, implement policies if the company doesn't have any in place, and clean up the old code while you're hunting bugs, it can be every bit as rewarding as new development. ANY programming project can be a joy to work on, or a nightmare to work on, and it's entirely the discipline and ability of the team and its management that makes all the difference.

Re:Maintenance Isn't a Bad Job

That's because those programmers are not professionals but basically code churning prima donnas. They like to write new code and move on rather than do boring things like bug fixing and other maintenance tasks. The GNOME project epitomizes this attitude in spades.

Re:Maintenance Isn't a Bad Job

As long as you can incrementally improve the design and code, maintenance isn't a bad position to be in. I've seen far too many programmers who whine and whine about how much the code base sucks, but they never do anything to make it better. They insist that the only way to go forward is to rewrite the whole thing, a project that is almost inevitably doomed to failure. If you actually design new code, implement policies if the company doesn't have any in place, and clean up the old code while you're hunting bugs, it can be every bit as rewarding as new development. ANY programming project can be a joy to work on, or a nightmare to work on, and it's entirely the discipline and ability of the team and its management that makes all the difference.

The real problem is that for the most part the system they rewrote would probably have all the same disadvantages as the current one; they keyword in your statement is "improve the design". A lot of programmers are kinda lousy. And a lot of orgs still reward seniority as well or better than they reward skill/performance. This is a recipe for disaster, since as soon as your talent pool starts to collect seniority-minded programmers you are doomed. A few years of talented programmers realizing they can go elsewhere and do better, and you have a self-selected pool of shitty talent. Managers just want to keep the senior staff happy since they all went to school back when "turnover is the enemy" was the only thing retained from management school.

Posting anon since this is the case at my org (and it makes me sad inside)

Re:Maintenance Isn't a Bad Job

[Todd+Knarr]

The big problem I have with your statement is that often the problem with the software is the basic design. It's 10 years old, completely insufficient for what's being asked of it today, and has so many kludges and hacks bolted on that you can't do anything outside a tight set of constraints without irreparably breaking something else. Usually it gets to this state because management or the team leadership won't permit changes to the design (the usual justification is that there's too much risk and no business benefit right now). Once code's in that state, new code has to follow the old design to work and it's that old design that's adding complications and keeping new requirements from being cleanly implemented. You can't design new code, because the constraints imposed by the design it has to live inside are too tight. You can't implement new policies because they break existing code. You can't clean up code because every bit you try to clean up requires you to first clean up 8 other bits, and eventually you hit a stop-point in the recursion where cleaning up that level requires that the program design be changed, see above.

Yes, good code should never get to this state. But the problem cases aren't good code, that's why they're problem cases.

Re:Maintenance Isn't a Bad Job

[quietwalker]

There is a problem in what you've stated, and it comes down to the last line, "entirely the discipline and ability of the team and its management that makes all the difference"

I've know a lot of exceptional programmers, and I've known a few absolutely horrible developers. However, I've known of NO developer who wanted to push code out that door that was just awful. Rather, I see a lot of developers end up over-engineering on every level to ensure that their product is the brightest, best thing ever. If they had all the time in the world, I'm sure their products would be simply exceptional.

On the other hand, I haven't worked for a single manager who, when the chips were on the table, said something along the lines of, "We'll give you 5 more moths to refactor this, to ensure that ongoing updates and maintenance will be straightforward, and our internal tools can support automation of common tasks," instead of "Just make it work, we'll worry about the rest in the next release." ...and when the next release comes up, it's, "We promised these new features, we don't have time to refactor: if it ain't broke, don't fix it."

I actually just left a company which has been fighting this problem for so long that the entire dev department is spending 80-90% of their time tracking down reported bugs, and the remaining time cramming in whatever was promised to the customers in the fastest way, damn the maintainability. Each year, the cost of bugs and maintenance has gone up, and the devs are now all on call - the operations team cannot support the product themselves anymore. Think about that; you are a developer, and you are on call. 24-7.

The problem is that you need an exceptional development manager who can fight the good fight for the good of the product and the company, and can make the subjective value of code reuse, good architecture, and so on apparent to those above and around him. The company needs that discipline you point out to set realistic customer expectations, to train their sales people not to overreach just to ensure a sale, to listen to the development managers when they describe cost, manpower required, and so on.

Of course, that's only if you want a perfect product, with ever-decreasing quality returns for your time and money investment. It's probably impossible for a developer or even development manager to say where the pivot point is in the market; where time and money spent on quality causes a potential loss of revenue for a product. Unless we're talking about military, healthcare, or hostile environment systems (subs, satellites, space travel, etc), there IS a point where the cost for quality is too high.

In layman's terms, the cost to make high-quality software exceeds the price people would be willing to pay for it. This means that we're all going to be happy 'enough' with imperfect software.

Re:Maintenance Isn't a Bad Job

Try working in a place that doesn't permit rewrites and frowns on refactoring. I've seen software policies that a 120% guaranteed to result in the shittiest, cruftiest, nastiest pile of the most vile mismanaged crap you'll ever have the misfortune of trying to debug. What you call "whining" is usually the programmers trying to get 15 minutes of refactor time into the schedule. Answer: "No, bitches, where iz my features?"

Trying to fix it is futile and "against company policy".

Re:Maintenance Isn't a Bad Job

[interval1066]

They insist that the only way to go forward is to rewrite the whole thing...

Yeah, I've heard those comments. In my experience they are almost 100% of the time ignored, or explored for only a moment. At those times management usually steps in and says "No", that's not happening due to the usual cost constraints, etc. In most of the orgs I've been in the primadonas are deeply entrenched and stand behind their designs, bad or otherwise.

Re:Maintenance Isn't a Bad Job

[Stirling+Newberry]

I actually just left a company which has been fighting this problem for so long that the entire dev department is spending 80-90% of their time tracking down reported bugs, and the remaining time cramming in whatever was promised to the customers in the fastest way, damn the maintainability. Each year, the cost of bugs and maintenance has gone up, and the devs are now all on call - the operations team cannot support the product themselves anymore. Think about that; you are a developer, and you are on call. 24-7.

Which is to say about half the software companies in the world these days.

Re:Maintenance Isn't a Bad Job

As long as you can incrementally improve the design and code, maintenance isn't a bad position to be in.

It can actually be impossible on rare occasions, or not worth the brain damage it'll cause (and I'm not exaggerating).

I ran into code maintenance at a former job. The owner of a small electronics business wrote a program, in BASIC for PIC microcontrollers. It had every variable declared globally, because there were no subroutines for those thousands of lines of code.

I tried to start cleaning up his program, but what I immediately encountered was there was no more free RAM. The language tried allocating space for the heap, when I put in a subroutine, and it failed. I would've had to remove a lot of redundant temp variables, first. The boss had been complaining about the program being unstable, and having to switch to a bigger microcontroller twice.

When that's the quality of work the boss produces, there's very little hope things can improve. If he had been a decent guy I could've stuck with it, but he was an image-obsessed prick.

I quit that job, fast. Because of that experience, I can see why rewriting programs from scratch can be the right choice.

Re:Maintenance Isn't a Bad Job

[rmstar]

I've seen far too many programmers who whine and whine about how much the code base sucks, but they never do anything to make it better. They insist that the only way to go forward is to rewrite the whole thing, a project that is almost inevitably doomed to failure.

I'd add that this is true in more ways than the obvious one.

If you run into a team declaring their work to be crap and insisting on a rewrite based on your principles then you are most likely going to fail, not only technically but also professionally. People will talk shit behind your back, and all sorts of good things won't be happening to you.

There are, of course, exceptions to that rule, but they are rare.

Re:Maintenance Isn't a Bad Job

For each piece off code there should 2 programmers: one to write the code, one to fix it up. It takes a ton of time to make sure every exception is handled properly, every piece of code is well commented, and it makes the original programmer lose momentum, lose track of the actual development. Ideally one person writes the code as properly as possible then hands it off to their partner who goes through the code and plugs in every hole. A walkthrough of sorts but one where the reviewer is also responsible for the fixes.

Re:Maintenance Isn't a Bad Job

[quietwalker]

This was the first company I had worked for - including startups - that was this badly managed, and I've been doing this for 15 years.

I think that 40% dev work on bugs in a continually-updated, large product seems reasonable. 10% seems like an exceptional - but realistic goal. At the 80-90% point where your devs are working and on call 24/7 just so you can fall behind less quickly, you need to re-evaluate how the product is being managed. It then becomes a more than an SDLC issue; it engenders problems with morale and the loss of experienced personnel, and encourages an attitude where you do just enough to get by in the day, because you can't afford to be personally vested in the product or company.

Re:Maintenance Isn't a Bad Job

Kudos to you.

Re:Maintenance Isn't a Bad Job

And 90% of the other half just haven't gotten there yet.

Re:Maintenance Isn't a Bad Job

[Greyfox]

I like to hold a project I worked on from 2000 to 2005 as an example. When I started on it, it was ramping up from an informal two-developer project to a team of five. The code parsed data files in a number of formats and placed the results into a database. It was written in C, was difficult to test, crashed all the time (Usually on the weekend) and was not what you might call "designed."

One of the first things we did was add version control, because the original two programmers didn't use it. I went through and replaced all the strcpys with strncpys, which got rid of many of the crashes. It had a function to iterate through its batch directory and process each file therein. I modified it to take a filename as a parameter to main and wrote a launcher that would start it as a child process and spool files to it. This eliminated many problems from memory leaks and allowed the launcher to move the file to a holding directory if the file caused a crash. That pretty much eliminated getting called on the weekend because the application was misbehaving.

Some work with electric fence on the files in the holding directory revealed a number of places where we had double frees or used memory after freeing it. By that time, we understood the code a lot better and were able to clean up how the individual file parsers were called. I went through and wrote a simple linked list library and a simple hash table library for use in the newer code. They wouldn't let us use C++ and were nervous about using GPLed components, but I can write a linked list library library in my sleep.

By the time we hit our third year in there, we all had pieces of the code we were particularly good at, and the team as a whole could diagnose reported problems almost immediately. Sometimes they could even tell you what function the problem was in.

On the management side of things, we had a contract manager and a project manager. New feature requests would come in, the team would estimate the time (Very accurately toward the end of the project.) and priorities would be set. We had a monthly code roll, so usually had a couple of weeks for new development and a week for testing. If our code wasn't going into this month's code roll, we could work right through to the next month.

The entire operation was extremely smooth and we improved the code from the point where we'd normally have two or three emergencies in a given month to the point where we could go months without a major problem or emergency code roll. Although we never actually "rewrote" the code, the original developers would have been hard pressed to identify anything in it anymore.

One of the interesting things about this project was that three projects were started to do exactly the same thing in the company at exactly the same time, but this was the only one that succeeded. Originally it was half-assed, clunky, unstable and difficult to maintain, but it got the job done and the other two projects didn't. All of the cleaning up we did preserved this one essential ability of this code, and all of the quirky business logic that was embedded in it which we originally would have been hard-pressed to tell if the behavior was a bug or intentional. The more we learned about the business as we went, the easier it was to make those calls.

Re:Maintenance Isn't a Bad Job

[Greyfox]

Usually it's a new maintenance programmer making that call. He just got there, doesn't understand the business, doesn't understand the design of the program (if there is one) or what it's supposed to enable and the knee-jerk reaction is "Ugh this sucks, we should throw it all out and start over."

I've heard horror stories from the companies that took this advice; turns out that code was partially so bad because of all the kludges added to work around business logic exceptions. The new programmer or team of programmers didn't take that into consideration and so their code never did the right thing. So the project either failed or ended up equally as bad as the old one after all the exceptions were discovered and put back in. Either way, the company ends up paying a lot of money for development and getting nowhere.

This ends up making experienced managers' knee jerk reaction to the news that the code is a steaming pile of crap that has to be rewritten, "NO!" Turns out this response isn't always appropriate, either, but you need to have some pretty solid proof if you want to get past the knee-jerk reaction.

Re:Maintenance Isn't a Bad Job

[jonwil]

Doesn't help if the "lead coder" (who has been there for years and is responsible for most of the bad code) or the PHBs who dont know the codebase refuse to accept your incremental improvements (because they aren't "necessary" and because there is the risk, however small, of breaking things)

Re:Maintenance Isn't a Bad Job

[Todd+Knarr]

I'd point out a difference in scale, though. What you describe would be, in the system I work on, one single major class in one component, probably running in it's own thread. A single component would have anywhere from half-a-dozen to a couple dozen major classes handling the major aspects of it's operation. A change can involve code spanning 3-4 different components.

The code wasn't always like this. 10 years ago it was small and simple. But that was 10 years worth of additional features, contradictory design decisions and conflicting requirements ago. As time goes by I'm more and more convinced that an article in an IEEE journal had it right: major software has a lifespan of about 7 years, and if you want to be successful you have to plan on rewriting it every 5-7 years based on what you're learning as you maintain it in production.

apt-get

Yawn

Professional Software

[inglorion_on_the_net]

Disclaimer: My head hurts too much to read the article, so this may or may not be on topic.

A former colleague of mine likes to define "professional software" as "you need a professional to get it to work". Makes for a nice soundbite, but it's also very often right on the money.

That, however, isn't a problem with installers. It's just a general lack of quality and polish.

I do also have a problem with installers as they are commonly found in Windows software. Too much human interaction required. Obtain the software, launch the installer, click to actually start, oh wait, have to click acceptance of the license agreement, click to accept where it wants to install stuff, click once more once it's done. That's about the lowest number of steps I've seen. With aptitude, it's one command.

Re:Professional Software

With aptitude, it's one command.

Well, yes, Linux does win with the number of commands neccessary. Windows shall never match the eloquence of "sudo apt-get -qyb -c=/var/custom/aptitude/configurations install solitare=2.3"

Re:Professional Software

[smooth+wombat]

Obtain the software, launch the installer, click to actually start, oh wait, have to click acceptance of the license agreement, click to accept where it wants to install stuff, click once more once it's done. That's about the lowest number of steps I've seen.

So you're saying the end-user should have no say about where to install files? That they should rely on the package to install the files wherever it pleases based on the whim of the person who created the package? I'll pass.

There are enough issues with shitty software due to bad programming that taking away that last vestige of user control is a non-starter. I want my software to be installed where I want it, not where the prima dona programmer decides.

Considering how often the words "freedom to choose" is bandied about on here, it's amazing when people start talking about not giving the end-user the choice of what to do.

Re:Professional Software

[0123456]

So you're saying the end-user should have no say about where to install files? That they should rely on the package to install the files wherever it pleases based on the whim of the person who created the package? I'll pass.

A real OS doesn't let apps install files in random places all over the disk, so it's not a problem. If Windows programmers hadn't been allowed to install in random directories and write data files into the program install directories, it would be far less of a horrible mess.

Re:Professional Software

So you're saying the end-user should have no say about where to install files? That they should rely on the package to install the files wherever it pleases based on the whim of the person who created the package? I'll pass.

So you're saying that you want in every case for every pissant little program on your system to decide exactly where all the various components that make up a package install? And what about pre-installed software with the OS? Do you want to move it all to a place of your chooosing?
Or (more likely) are you saying that occasionally for specific products you want to install to a non-default location?
  If it's the first one, your system must be a real mess and a complete nightmare to administer.
If it's the second one, there are a number of ways to install packages to alternate locations (e.g. rpm has a location override option).

Also note that packages (almost) never "install the files wherever it pleases based on the whim of the person who created the package". They install to a few well-known standard locations which most people find convenient.

Re:Professional Software

[Half-pint+HAL]

I do also have a problem with installers as they are commonly found in Windows software. Too much human interaction required. Obtain the software, launch the installer, click to actually start, oh wait, have to click acceptance of the license agreement, click to accept where it wants to install stuff, click once more once it's done. That's about the lowest number of steps I've seen. With aptitude, it's one command.

Most Windows installers can be executed with a single text command. .MSI files installed with the MS Installer packages (or packaged as an .EXE installer) have one set of switches, and older Installshield packages have another and Wise packages a 3rd. Remote installations over SMS usually either contain every option as command-line arguments or are accompanied by an install script. It's a pretty powerful system, really.

My argument against Windows has always been that it discourages doing things the right way -- it makes people stupid. It never occurred to me to me that installers might work that way until someone asked me to repackage things with Wise Package Studio and I thought "hang on a minute..."... and sure enough, all the options we needed were available on the disks we already had...

Re:Professional Software

[inglorion_on_the_net]

So you're saying the end-user should have no say about where to install files? That they should rely on the package to install the files wherever it pleases based on the whim of the person who created the package? I'll pass.

Yeah, I'm ok with that, or at least with the way it works out in practice. A couple of points:

1. It's not really "on the whim of the person who created the package". There are standard locations where the files are supposed to go. Most packages you end up installing are created and maintained by your distribution. Part of the quality control that they do is actually put the files in the prescribed locations.

2. Back when I still used Windows, I would always use the same location anyway, i.e. install under D:\Program Files.

3. The only reason I would have to change the location to install to is that I wanted the applications to go in a different partition than the Windows partition. There were two reasons for me to want that: (1) to not lose all my applications when I would (re)install Windows and (2) because D: would have more space. The constraints are different under *nix. For (2), all storage is mounted under the same directory hierarchy, regardless of where it physically is. I would specify different directories to be on different disks, rather than specifying different disks to install to. For (1), this didn't really work very well under Windows (because some stuff always ends up on C:), and basically doesn't work at all on *nix, because the application packages go with the OS. Single-command installation also makes it much less of an issue.

Long story short, where you have a problem with not having as much control over where an application is nominally installed, I see that control as a partial solution to a problem I don't have.

Re:Professional Software

[inglorion_on_the_net]

Thanks! I learned something today. Wish I could mod that informative, but, you know, something about already having posted.

Why?

[BCW2]

Why does every windows application programmer think their program is so special or important that it needs to run in the background? The first thing to speed up any computer is to kill all the crappola trying run at start up. A program should run when started and when exited from it should completely shut down and even delete any temp files it created. I did a cleanup on a customers machine once and deleted over 10,000 temp files. That is lazy and stupid programming.

Re:Why?

If Microsoft had properly implemented its (C-library) tmpfile function, we would not have had so many leftovers.

Re:Why?

[marcello_dl]

The windows pc+user is "Territory", applications have the main function of occupying it, and if feasible preventing the competition to do the same as much as possible. Exerting control yields profits.

Probably, programmers wouldn't build daemons when simpler GUI triggered processes are enough, PHB make them build them anyway. Real world experiences anyone?

Re:Why?

[Chris+Mattern]

The windows pc+user is "Territory", applications have the main function of occupying it, and if feasible preventing the competition to do the same as much as possible. Exerting control yields profits.

Exactly. Program A completely exits when the user shuts it down. Program B keeps most of itself still in memory and running in the background when the user "shuts it down." Result: When the user starts up Program B again, he is pleased at how fast it comes up. When he starts up Program A again, it has to load--this is an acceptable price for not turning your PC into a mass of sloth all the time, but the user doesn't see that part. And the loading is even slowed down by Program B hanging eating up memory and cycles! So the user thinks of Program B as an efficient, fast program, and Program A as a slow piece of crap.

Re:Why?

Why does every windows application programmer think their program is so special or important that it needs to run in the background?

I must have no less than 5 "Update Agents" running on my system right now. Seems ridiculous that every program needs to have its' own update agent.

Re:Why?

[JaredOfEuropa]

Indeed... and that brings me to an area that needs way more attention than installers, which (in my experience) mostly work reasonably well. Lets talk about the way installed software is kept up to date. You'd think by now we would have solved this problem, but the following list of my issues with this process is still sadly valid in 2012:
- Program installs a little update process to run in the background. Don't. Acceptable ways to check for updates are: checking when the software itself is run, or glomming onto some centralised updater (take the App store as an example).
- Program doesn't really update itself, but initiates the download for a fresh install file that I then have to run and click through. Don't. Instead, make sure the program updates itself with minimal user interaction. (Kaspersky does this well; the Battlefield 3 browser plugin doesn't)
- Program updater makes you specify every install option again, like the installation directory, or even the ^&%$*(&@$ license that has to be accepted again. (Java is one of the many things that does this)
- Program updater asks to install a browser toolbar (the default is "yes", of course). Seriously, Adobe, a browser toolbar, in 2012???
- On top of all of the above: publish an update every other day or so. Don't unless you're patching critical security holes.

In short, the updater should not be implemented as a background process unless there is a very, very, very good reason to do so, and should perform the update with minimum user interaction required. That is: asking me for permission, and nothing else. And it certainly should not install anything other than the software being upgraded: publishing an update is not "an opportunity to re-engage with existing customers".

Re:Why?

[tepples]

Would you rather require that each developer have to pay Microsoft an annual fee plus a cut of the application price for the privilege of using Microsoft's update agent?

Re:Why?

[tepples]

Acceptable ways to check for updates are: checking when the software itself is run

Checking when the application starts and silently applying the update when it closes leaves the software vulnerable for hours while the user is using the old version.

or glomming onto some centralised updater (take the App store as an example).

Which usually requires an annual fee plus a cut of the sales.

or even the ^&%$*(&@$ license that has to be accepted again. (Java is one of the many things that does this)

The legal department often demands this when it updates the EULA to cover a newly discovered loophole.

- Program updater asks to install a browser toolbar (the default is "yes", of course). Seriously, Adobe, a browser toolbar, in 2012???

What other revenue source would you recommend for an application distributed for no fee?

On top of all of the above: publish an update every other day or so. Don't unless you're patching critical security holes.

Newly released software often has critical security or functionality defects that are discovered "every other day or so" once the user base expands by orders of magnitude from beta to general availability.

Re:Why?

[JaredOfEuropa]

Checking when the application starts and silently applying the update when it closes leaves the software vulnerable for hours while the user is using the old version.

So prompt the user about the urgency of the patch *if* it is a critical patch. Or even force them to update before the software can be used. Some software already does this.

or glomming onto some centralised updater (take the App store as an example).

Which usually requires an annual fee plus a cut of the sales.

True, at the moment there isn't a good, free and widely used mechanism for this. Not on Windows or Apple platforms anyway. That doesn't mean current practices are acceptable.

The legal department often demands this when it updates the EULA to cover a newly discovered loophole.

Screw the legal department. Seriously. And if there is some law that requires the EULA to be accepted on *every* patch, then screw the legislators too. I understand that sometimes there is a requirement to change the EULA, but it should be a rare occurrence, and if it happens they can just link to the new version and just post the delta. You know, so that we actually have a chance of understanding what it is we're agreeing to, without having to spend a few hours wading through legalese.

- Program updater asks to install a browser toolbar (the default is "yes", of course). Seriously, Adobe, a browser toolbar, in 2012???

What other revenue source would you recommend for an application distributed for no fee?

Ads are fine. Or charge for your software and see how fast people adopt your proprietary standard. Or charge for the backend stuff (which Adobe already does). Not by making sure it is the de facto standard first, then bugging your clients with this douchebaggery.

Newly released software often has critical security or functionality defects that are discovered "every other day or so" once the user base expands by orders of magnitude from beta to general availability.

I was talking about non-urgent patches.

Re:Why?

[MMC+Monster]

or glomming onto some centralised updater (take the App store as an example).

Which usually requires an annual fee plus a cut of the sales.

True, at the moment there isn't a good, free and widely used mechanism for this. Not on Windows or Apple platforms anyway. That doesn't mean current practices are acceptable.

What needs to happen is someone creates an open source repository engine for MSWindows +/- OS X similar to Synaptic. Something that has default repositories for the usual open source applications people may be interested in, but also extensible for people to add their own apps (ie: Flash).

Now hear's the tricky part: You have to make it resilient to the typical malware associated with Windows installations (particularly malware directed at this application to corrupt the list of repositories). I don't know if this is possible.

Re:Why?

- Program updater asks to install a browser toolbar (the default is "yes", of course). Seriously, Adobe, a browser toolbar, in 2012???

What other revenue source would you recommend for an application distributed for no fee?

Adobe Reader is the revenue generator. It serves to make the PDF format ubiquitous so that Adobe can sell PDF editing tools and get a foot in the door to sell other tools. Piggybacking the Yahoo toolbar (of all things) in the installer as an opt-out step is just slimy. Not wrong, but definitely slimy.

- T

Re:Why?

[zippthorne]

Checking when the application starts and silently applying the update when it closes leaves the software vulnerable for hours while the user is using the old version.

I'm curious how, "Check at start" became "Check at start and don't do anything with the info for hours." Typically, programs that check at start offer to download and launch the installer via modal dialog as soon as the check is complete.

Which usually requires an annual fee plus a cut of the sales.

Google and Apple are like this. The linux software repositories have different requirements.

There should be a fee, though. The repository service handles notification and downloads for you, and they should be providing some kind of validation service for their users - ranging from, "the checksum matches" to "we reviewed the source code and tested it on a similar machine and didn't see anything harmful" (the extreme at that end should probably be borne by the users. I can see a market for high-end curated repositories.)

What other revenue source would you recommend for an application distributed for no fee?

Adobe Reader is distributed at no fee. But it's distributed so that adobe can sell licenses of Adobe Acrobat to businesses under the promise that the results will be have a wide potential audience, so Adobe already has a revenue model that should work.

Other software products should push out patches for the life of their products, having reserved some of the original revenue to pay for the ongoing support. They should probably announce their expected software lifetime, so that people know what they're getting into when they buy the product. One does not expect support for a product to continue forever without revenue, but one does expect there will be some finite, definable amount of support to accompany the purchase of a software product.

The legal department often demands this when it updates the EULA to cover a newly discovered loophole.

I'm sure that they do. I doubt that any but the original eula are in any way enforceable for purchased software, though. Holding the software itself or security updates hostage seems a lot like duress in my book.

Lawyers love stuff like this because even an unenforceable contract will result in billable hours (for at least two teams of lawyers, even...) for lawyers.

Newly released software often has critical security or functionality defects that are discovered "every other day or so" once the user base expands by orders of magnitude from beta to general availability.

Which is why the OP spelled out security fixes as an exception to the general rule of not pushing updates every day. Not sure where you're going with this.

Re:Why?

[Control-Z]

Trying to sneak in stuff like McAfee with program updates (I think Flash does this) is also a Very Bad Thing. Stop doing this, reputable companies. Or you become unreputable.

Re:Why?

Load time is insignificant. Any hard-disk can read at 40 MB/sec or more, so even if the OS had dropped the disk-cache of your program, you can load 10MB of binary code in 1/4 of a second. On an operating system that uses virtual memory addressing, code re-location should normally never be needed. If your program is bigger than 10 MB, I definitely don't want to keep it running in the background. If your program spends more time initialising than loading (which can be done in parallel!), you are doing it wrong. Even if you really must initialise all the RAM your program could possibly use, at several GB/s RAM bandwidth, it should take less than a second.

Re:Why?

>- Program updater asks to install a browser toolbar (the default is "yes", of course). Seriously, Adobe, a browser toolbar, in 2012???

Adobe gets paid a considerable amount of money for that so that's simply not going to change.

Re:Why?

[jonwil]

Tell me about it, I installed an update to a program and (without any indications I saw) I somehow ended up with Google Chrome (which I dont want, I use SeaMonkey)

Re:Why?

[rubycodez]

that is how it works in windows. you don't understand, you're not the customer, you are the product. your attention is for sale and you must therefore not be in control of your computer (advertising portal)

Re:Why?

[Nefarious+Wheel]

Tell me about it, I installed an update to a program and (without any indications I saw) I somehow ended up with Google Chrome (which I dont want, I use SeaMonkey)

Adobe Reader does that.

Re:Why?

[Volguus+Zildrohar]

Did I miss a joke, or are there really people this deluded? Sadly, I suspect the answer is 'yes' to both questions.

Re:big bucks

The applications themselves are just WAR and JAR files drop them into the configured server and BAM

What?! The server explodes? I'm surprised you continue your nefarious business practices, don't you have any shame?

This is slashdot so...

The problems will be the faults of everyone except for the developers and software engineers. Problems are always the caused by the "other guy", including previous developers. According to the developers, they should be the supervisor, the team lead, the manager, the lead salesman, the system engineer, the network engineer and every other position higher than what is beneath them. In their minds, problems only happen when they are not in those positions controlling it.

The funny part about this attitude with developers is they always feel there are two distinct groups of themselves, ones that are awesome and ones that suck. Every developer thinks they are in the group that is awesome and thinks just about every other developer sucks. Just about every developer I have ever known has complained about the existing code, previous developers, and work flow processes, and his/her eventual replacement will do the same about them, it is a predictable cycle and trait. It is a field of work where everyone thinks they are the best and can do no wrong and everyone else does it wrong.

Mod me down but analyze the comments from this story and previous stories and you will see this pattern.

Re:This is slashdot so...

[maeglin]

What you've said is true but not for the snarky reasons you think it is. As a development manager it is my job to make sure the developers can create the best software possible. If that means I need to guide them toward an incremental approach because of time constraints or I need to help them find the best solution for a bad situation so be it. If I fail to do this and they implement something they are not proud of then it is my fault, not theirs.

Also, there really are two groups: programmers that are great and programmers that suck. The great programmers group only has one member: you, right now. The group that sucks is everyone else and you from every point in the past. Thinking in this way will help a developer admit mistakes and will also encourage thinking in terms of "what would my future self think of this."

No snark necessary.

Re:This is slashdot so...

[Rakarra]

Problems are always the caused by the "other guy", including previous developers

Come on, that happens pretty often -- a developer quits, leaving a mess behind (possibly quitting because he didn't want to fix the mess). Another developer is hired to clean things up. How are the short term problems not the fault of the previous developer? Things like getting up to speed with the code, writing and testing fixes all take time, and during that time you're in "I've inherited a mess" mode.

How about using a package manager?

Come on,... every reasonable operating system has got a package manager and an easy-to-use frontend for it.

You don't know "package managers"? It's the same as an "app store", only more portable.

A Gentle Rant About Fixed Width Web Content

[c0d3g33k]

I have a wide screen monitor. The article uses about 1/4 of the total screen width. The column on the right a little bit more. The rest is whitespace. Resizing my browser window has no effect - just more or less whitespace. I skimmed the article but didn't read it because it is annoyingly narrow and I balk at zooming in or increasing the font size to fill more of the screen. Fixed width content needs to go.

Re:A Gentle Rant About Fixed Width Web Content

[Willuz]

I felt the same way about fixed width. Then I tried to open my website on a cell phone... Unfortunately, most current web CMS require fixed width to work properly on smaller screens. Fortunately, in Windows all you need to do is hold Shift and scroll the mouse wheel up to zoom. In some browsers the zoom ratio is even site specific so all pages on the size use the same zoom.

Re:A Gentle Rant About Fixed Width Web Content

Here are some options, please let me know if any are helpful:
a) rotate your screen 90 degrees and adjust your display settings accordingly
b) save the HTML locally and extra any inappropriate table formatting (you may need to look in the CSS file for that)
c) Copy and paste the text into your favorite editor such as VI, EDLIN, etc
d) Ask the submitter and/or /. to accomodate your request by publishing a full-page ad in the New York Times
e) learn to lower your expectations in life; you may use dulling medication to assist you with that task
f) keep complaining

Re:A Gentle Rant About Fixed Width Web Content

[Marc_Hawke]

I see your, 'fixed width web content' rant, and raise you a 'running browser full-screen' rant. There's no useful purpose (as you've so elegantly pointed out) to running your browser the entire width of your monitor. In fact, the entire point of a wide screen monitor is so you can get more done (ie, more done at once.) So, have your browser as a nice window on the side, that's in a size and shape that's useful for the content, and use the rest of your widescreen monitor for something else. Save 'full-screen' for those times when the content dictates that you use full-screen.

I find it interesting that 'zooming' was one of your proffered solutions, but scrolling isn't. You realize that even if you did zoom, you'd still have to scroll?

Re:A Gentle Rant About Fixed Width Web Content

I see your "'running browser full-screen' and raise you "have a text-to-speech application running".

To have a true cybernetic experience your senses should be fully utilized, so why even have a browser open? You should have the text spoken to you so that you multi-task like a boss. Screen real estate is secondary; MIND real estate is what you need to look at.

Re:A Gentle Rant About Fixed Width Web Content

[Zenin]

In fact, the entire point of a wide screen monitor is so you can get more done (ie, more done at once.)

I call Bullshit.

The entire point of wide screen monitors was for playing video content, period. Mostly as a meaningless marketing ploy ("Yes, our monitor is HD!"), it had absolutely nothing to do with usability, productivity, or additional space to get "more done at once".

That's what high res monitors were all about. Devices that once were common, but now after the rise of "HD" are hard to find and very expensive when you do.

Re:A Gentle Rant About Fixed Width Web Content

[hackwrench]

Personally I'm fond of f. If it doesn't achieve results, at least it's a comfort.

Re:A Gentle Rant About Fixed Width Web Content

[c0d3g33k]

Wasn't running full screen - otherwise there would have been no mention of the fact that resizing the browser window had no effect (meaning the page wasn't even coded to fill a percentage of the window).

I don't give a crap about scrolling - that's what mouse wheels are for, and they work great.

I mentioned zooming because on several of the dozen devices I view internet content with, zooming onto an element is a viable way to focus on the content of interest without being distracted by the other content on the page (ads etc). It's easy on an Android device (double tap with the finger), but not so easy on the desktop (if the browser can zoom at all), so not worth the bother.

Re:A Gentle Rant About Fixed Width Web Content

In fact, the entire point of a wide screen monitor is so you can get more done (ie, more done at once.)

I call Bullshit.

The entire point of wide screen monitors was for playing video content, period. Mostly as a meaningless marketing ploy ("Yes, our monitor is HD!"), it had absolutely nothing to do with usability, productivity, or additional space to get "more done at once".

That's what high res monitors were all about. Devices that once were common, but now after the rise of "HD" are hard to find and very expensive when you do.

Nope. Your'e just making poor use of the technology. Stop using the mental model that was developed back when you had a 15-inch tube. Un-minimize your windows and make use of the features of your WM. A 1080 x1920 display should easily support three columns of readable text side-by-side, something that would have been pretty much imposible using an old blurry "high resolution" 1600 x1200 tube. Yeah, you loose an insignificant amount vertical resolution, but it's not like you're not going to be scrolling anyway.

Re:A Gentle Rant About Fixed Width Web Content

[RocketRabbit]

In this day and age, there is no reason for a web page to render its content at the same width as a newspaper column in the classifieds section.

Bad design should be punished, or routed around. Safari's Reader feature does just this (along with loading the rest of the article from subsequent pages) and it's magical.

Re:A Gentle Rant About Fixed Width Web Content

[Zenin]

I still own a 2048x1536, 24 inch "tube" and while it's plenty old, it's not the slightest bit blurry. Over a decade old and still a better picture then any LCD on the market.

Snark all you like, but CRTs didn't go out of style over image quality or resolution.

---

The fact is practically NO ONE designs article content on the web to ever be read in multiple columns, side by side, no matter how many you could fit on a single screen. They're all designed for a single column, on a single browser, taking up much or all the width of the screen, very much including "HD" screens. They do this not least of which because that's how users view their site.

So the column is centered on the screen, so what? That doesn't mean they expect people to only run their browser that wide, quite the contrary: http://www.houseofblues.com/ See all that content on the sides in the background image? By design.

"HD" was marketing BS that allowed laptop makers to offer crappy, lower resolution screens while making clueless users think they were getting gold. That's just reality, plain and simple.

Thank GOD for the likes of Apple, finding a way to leverage marketing spin to get high resolution screens back on laptops, and thus forcing everyone else to follow.

A high res 16:10 is a productivity screen. 16:9 is a media consumption (primary video) screen, period. That's what it was designed for, that is what it does best, at the expense of every other use case.

Agree

[pr0nbot]

I frequently remark to my colleagues how bizarre it seems to me that after 50 years or so of software engineering, we're still building awful crap. If we were architects, we'd be unveiling skyscrapers built using favela techniques of plugging any old crap together, in the mud, next to a river.

There are lots of reasons, but the two big ones I'd say are time pressures (which we as programmers will never be able to resolve) and a lack of code reuse (which we can resolve). For example, the constant churn of technologies to me is simply a failure to reuse code.

I would start by trying to engineer whole classes of faults out at the language level, as has been done with buffer overflows and garbage collection.

Make static analysis much more anal, forcing the programmer to express their intent up front - static types, constraints, etc. Make the compiler a totally pedantic Nazi. Sure, it's nice to be able to hack shit up in an afternoon in Python or whatever, but then it ships, and the bugs come in, and you end up adding a pile of asserts and whatnot that should have been caught way before the product shipped.

Make unit/integration testing a mandatory part of the build, i.e. the compiler/linker refuses to link with code that hasn't been marked as tested.

If we learned to put the hard thinking and effort into designing APIs, and then reusing those same APIs across whole new classes of problem (because the language makes defining APIs is such a hassle that we'd rather not dream up new ones left and right), I think things would improve massively. Forcing the APIs to be public, but allowing the internals to be as obscure and proprietary as you like, would allow for reuse, interoperability, and hopefully improvement (by replacing particular implementations of APIs with better ones). Add a sane API mechanism for backwards compatibility, so that when you realise the API is fundamentally bad, you can or are required to implement the old API in terms of the new, and you don't just abandon people to DLL version hell. A language could provide support all of these things.

None of this would stop you from writing shitty code. But at least, to do so, you'd have to knowingly subvert the compiler in a bogus way, ignoring screeds of the compiler telling you that you and your code suck goats' balls.

Is there a patent on administering electric shocks every time there's a build error?

Re:Agree

[slim]

All of this assumes that the vendor *wants* it to improve. TFA shows that where there's an incentive for good installers, they get written. MySQL installs in a snap. Mainstream open source software installs on Linux in an apt-get/yum/whatever one-liner.

Now look at Oracle DB -- one of TFA's examples of "bad". The people who specify Oracle are seldom the people who will be installing it; or if they are, they're people who've done Oracle training and are charging by the hour for Oracle consultancy.

Lots of people *benefit* from Oracle being a dog to install. Consultants, as above. Staffers who get to put down a week's timesheets for "Oracle installation and configuration". Oracle themselves, because for certain decision making managers, "serious" software is difficult to install -- if you can install it in 20 minutes it must be a toy; and because they can sell books / training / certification.

There's a lot of people who would lose out on profitable (but wasteful) activity if enterprise software was easier to install.

Re:Agree

Make unit/integration testing a mandatory part of the build, i.e. the compiler/linker refuses to link with code that hasn't been marked as tested.

public class TestEncabulator() {
        public void testTurbo() {
                assert(1);
        }
}

Re:Agree

[JaredOfEuropa]

I frequently remark to my colleagues how bizarre it seems to me that after 50 years or so of software engineering, we're still building awful crap. If we were architects, we'd be unveiling skyscrapers built using favela techniques of plugging any old crap together, in the mud, next to a river.

Good software engineering is harder than architecture. There, I said it. (And by the way, I am not a software engineer; I'm more of a favela style programmer...). As the tired old saying goes: if we build our skyscrapers like we do our programming, then the first woodpecker that came along would destroy civilisation. But it wouldn't be because of poor design or slack discipline, it would be because a poorly designed light switch or ill-fitted door would cause buildings to topple. That is the condition under which software engineers work.

The problem is that software engineers have to deal with a great many abstraction levels. Part of that problem is the poor quality and ever-changing nature of the APIs, but that's only part of the problem. Even a well defined and agreed API is likely to constantly change under the hood because of changing technology, new platforms, etc, and the smallest flaw at the lowest level can propagate upwards to cause unexpected results and disaster. I'm not so sure we can really shield against that, unless we spend an enormous effort to do so (like we do in space programs and hopefully in control software for nuclear plants). In contrast, tiny flaws may cause disasters in buildings, but it's very, very rare. The comparison is cute but not at all realistic.

Re:Agree

[ak3ldama]

I frequently remark to my colleagues how bizarre it seems to me that after 50 years or so of software engineering, we're still building awful crap. If we were architects, we'd be unveiling skyscrapers built using favela techniques of plugging any old crap together, in the mud, next to a river.

So... you know: we should stop calling it software engineering, and stop calling those attempting it software engineers. At least until it has been earned.

Re:Agree

[Maximum+Prophet]

I would start by trying to engineer whole classes of faults out at the language level, as has been done with buffer overflows and garbage collection.

I once started a library of C wrappers that would handle most normal and a few abnormal errors. For instance, the fopen() wrapper instead of saying "no such file or directory", would tackle each part of a path like /usr/etc/subdir/file and tell you where it couldn't go further. If there was a permission problem, it would say "Cannot search /usr/etc/subdir", or if subdir didn't exists, it would say so, rather than just spitting back the whole path and letting the user figure out what went wrong. It used C preprocessor tricks to get the source file and line number where the function was called.
It was call the ED (Error Detecting) library. You could set environment variables to shut it up or make it more verbose.
I never got much interest or traction. It's under the Purdue Research Foundation license, but I don't think the code is available anywhere.

Re:Agree

[g01d4]

Is it really the installer or what it's being installed on? If the OP problems occur in less than one percent of all installs being done then let the finger pointing begin.

Re:Agree

I frequently remark to my colleagues how bizarre it seems to me that after 50 years or so of software engineering, we're still building awful crap.
There are lots of reasons, but the two big ones I'd say are time pressures and a lack of code reuse

The real problem is an industry full of professionals that call themselves engineers and not enough professional engineers.

If you ship bad code because of time pressures, you lack either the necessary authority or the necessary ethics to call yourself an "engineer" as every other industry uses the term.

Re:Agree

[pr0nbot]

I would expect the tests to be part of the public API, possibly augmented by third party tests. So while I could provide stubs, they would be there for users of my API to see. They would no doubt judge the quality of the software I've provided accordingly.

Re:Agree

[firewrought]

Make static analysis much more anal, ... make unit/integration testing mandatory,... [force] API's to be public,... add a sane API mechanism for backwards compatibility,... [require] implementing the old API in terms of the new.

Groan.... everybody's got a solution for code quality, and it always seems to involve being real anal in some respect or another.

The problem with these (untested, speculative) solutions is that they prioritize one development concern at the expense of others. Notice how your own solutions, for example, do nothing to address the installation/deployment issues spoken about in the fine article. Mandatory unit testing is not going to solve usability problems and better static analysis tools (wonderful as they are) aren't going to cue your dev team to add good diagnostic support to the product.

That's not to say that you can't improve code quality thru better languages and tools. You can. But it takes engineering wisdom. And it takes testing (both dog-fooding your own dev tools and community review). And languages/tools can't do everything: to get better code, you ultimately need to get better people, ideally ones who have a balance of all the hard and soft skills needed for successful development. For a field with strong market demand and low barrier to entry, that's going to be hard do anytime soon.

Re:Agree

[pr0nbot]

"The problem with these (untested, speculative) solutions"

I'm not sure they're untested or speculative; they're all in use somewhere, but because we're not required to use them, we don't. Whether in combination they'd yield a greater quantity of robust, higher quality code is speculative, but given that the status quo ain't working, I'm open to alternative suggestions.

"Notice how your own solutions, for example, do nothing to address the installation/deployment issues spoken about in the fine article."

True - I'd broadened to software engineering in general. OTOH, if there were an accepted, stable, boring but well defined API for installation, tested and hardened over the course of 50 years, I'd expect fewer issues. E.g. .deb means I can write an installer (for one system only, which is the tragic part) without having to devise my own, and without understanding how it works internally, only the options it gives me (i.e. its API).

"languages/tools can't do everything: to get better code, you ultimately need to get better people"

On this specific point, the point of code reuse is that
(a) people would write less code, so they wouldn't need to have as much engineering wisdom as otherwise; in my experience the average coder works better in the constraints a framework than when given free reign. If nothing else, it gives them time to learn without fubaring things fundamentally and leaving spaghetti in their wake.
(b) the code gets better over time, meaning less need to fork off and write new code
(c) if they were writing new code, they'd be encouraged to reuse an existing API written by their betters, which is the hard bit

Re:Agree

[purpledinoz]

Trust me, it's the installer. Have you ever installed any Oracle product? Maybe it installs right the first time, but see what happens when you need to install a new version. Or uninstall the old version. Oracle shits all over your computer and doesn't clean up after itself.

Re:Agree

[pseudorand]

> Make static analysis much more anal, forcing the programmer to express their intent up front - static types, constraints, etc. Make the compiler a totally pedantic Nazi. Sure, it's nice to be able to hack shit up in an afternoon in Python or whatever, but then it ships, and the bugs come in, and you end up adding a pile of asserts and whatnot that should have been caught way before the product shipped.

Sometimes, but other times I write a function that I call two or three times but never gets used anywhere else. They work fine when I wrote them and they always will. Why should I have to deal with the extra time it takes to get all the types and arguments and interfaces right (and yes, those small bits of time really really really do add up). Python is faster to code that Java. Period. And because I took me 3 times as long just to get a working prototype in front of the customer and now I'm that much closer to being out of budget, we've just been pushed from iterative development right back to the waterfall model. It's all about striking a /balance/ between strict, compiler-enforced, future/change-proof coding and get-er'-done imperfect and fragile but cheap and useful software.

What we /really/ need is language that fully supports strict typing but keeps it optional and allows us to turn type checking on and off at compile-time and on a class-by-class, function-by-function basis. That way we start with quick-and-dirty working prototypes and turn on additional compile-time checks as we go.

> Make unit/integration testing a mandatory part of the build, i.e. the compiler/linker refuses to link with code that hasn't been marked as tested.
Even with a good unit test framework, writing unit tests takes me just as long as writing the original code. And yes of course it /may/ save time later if my unit test catches breakage as things change, but half the time it's the unit test rather than the code that needs to change when a unit test fails. Whether unit testing has a net benefit is project dependent. Who pays for the extra time unit testing takes if it's always mandatory?

> If we learned to put the hard thinking and effort into designing APIs, and then reusing those same APIs across whole new classes of problem (because the language makes defining APIs is such a hassle that we'd rather not dream up new ones left and right), I think things would improve massively.
So you're saying we should just think about our requirements a bit more up front before we go writing code? I know getting those requirements on paper before they're in code /always/ makes things go better. ;) Oh, wait, that's not right. Actually, in the history of software development, no one has ever developed an even remotely useful set of requirements before writing some code and putting it in front of users. You've got to code the API, use it, find it where its design falls down, fix it, fix all the code that uses it, and eventually, over time, you end up with something that's both stable and good (not bug-free and perfect, but stable and good). It's called mature software, and short of a crystal ball, iterative development and time is the only thing I've ever seen produce it.

> None of this would stop you from writing shitty code. But at least, to do so, you'd have to knowingly subvert the compiler in a bogus way, ignoring screeds of the compiler telling you that you and your code suck goats' balls.
Have you ever tried compiling anything remotely complicated with gcc? The compile logs are filled with warning this and incompatible type that, yet the resulting software works quite well. Based on compiler complaints, I don't think I've ever seen code more complicated than Hello, World! that doesn't suck goats' balls. The /real/ solution are things like the language-based buffer overflow and garbage collection fixes you mentioned above. It's simply syntactically-impossible to write a buffer overflow or me

Re:Agree

Sounds like a huge clusterfuck. M$ APIs already return this information and it becomes basic exception handling. You should switch to a real OS and stop wasting your time on *NIX.

Re:Agree

Cool story, bro.

Re:Agree

[LordLucless]

If we were architects, we'd be unveiling skyscrapers built using favela techniques of plugging any old crap together, in the mud, next to a river.

There's a lot of reasons for this. Off the top of my head:

• Time scale. How long was it between the time the first brick was laid, and the first skyscraper built? I dunno, but I'm guessing it's in 5000+ year range. Architecture, as a discipline, is the product of one solid step at a time, over a very long time. By contrast, we're developing skyscrapers ~40 years after we discovered how to fire bricks
• Complexity. Skyscrapers are complex beasts. They've got to be aware of, and responsive to, everything from geological shifts to internal air pressure, as well as the usual structural components. But they're still orders of magnitude less complex than even a fairly modest app. Sure, they're on a far larger scale, and much more difficult to build, but in terms of design they handle fewer variables.
• Lethality. Architectural failure could kill hundreds of people quite easily. Apart form a few niche areas (vehicle control, medical systems, etc) software failure isn't lethal at all, let alone to hundreds of people.
• Quality Control. Partly related to lethality, but also because people are accustomed to software failure, vendors are rarely considered liable to any great degree for faulty software. Therefore there's little incentive to spend time (and therefore, money) in a robust QA process. It's much more profitable to push out featurful-but-buggy software and promise a fix than it is to push a robust-but-limited piece of software.

Re:Agree

I'm posting as AC, and you don't need to respond, but I bet you're a really good dev and are paid quite well, if not working for yourself. I'm not being facetious, the reason I say this is that what you did (in principle, my error library works on .NET) is exactly what I did, and what it means is you have an extremely high level of attention to detail and you want your software to help the user get stuff done.

My motto when I develop is: "make the computer do the work"

Top stuff mate.

Registry entry and the likes are stupid!

I run binaries straight out of a user directory and avoid system wide installations of programs when it is at all possible.
I know that this is not ideal on a multi user system. BUT it could be. Why not because like all systems that try to make the core too flexible, there will be user permission issues, core call conflicts created, library compatibility issues that need to be addressed and complicated installation requirements as a consequence.

I run the Firefox binary in my user space, Google Earth, music notation programs and the list goes on. With storage being cheap why not allow and teach users to do this instead of having to become root or administrator to accomplish the use of a friggin' binary!
DUMP system wide installers completely and just use README quit doing the click this bs gui garbage to do things that are not really necessary! AND above all quit dummying down computer users and thinking that programmers are by nature just that much more intelligent than us poor stupid (L) users. :(){ :|:& };:

Re:Registry entry and the likes are stupid!

[hawkinspeter]

That works for some scenarios, but what happens when the user leaves the business, his/her account is locked and suddenly, critical software no longer runs?

Re:Registry entry and the likes are stupid!

I know, I know!!! Can I answer please!?!
a) Have a process in place that reviews staff access before they're terminated? BONUS: Ensure you have a configuration management in place to keep an inventory of important business processes
b) Have adequate system/service accounts to run important processes? Ensure that the credentials are managed securely?
c) Have a process to enable an account temporarily (including encryption keys if applicable)?
d) Make sure that staff are cross-trained and no staff member is vital? Maybe mandatory vacations with disabling the account at the same time to detect any system disruptions?

What do I win?

Re:Registry entry and the likes are stupid!

[hawkinspeter]

Congratulations! You win 10 internets!

The correct answer is b). Install software as a system service whenever possible and also have that service run as a system user with only the required permissions to do its job.

Production software should never be reliant on an individual's account/credentials.

Re:Registry entry and the likes are stupid!

10 Internets!!! That's more than 9!!!

Yay me.

Sent from my Windows CE tablet running as local administrator

Re:Registry entry and the likes are stupid!

[hawkinspeter]

Sorry, I was writing that in base 8 - it's one less than 9.

Easy targets

Unfortunately the OP tried the two most clueless software companies on the planet. They're easy targets for this sort of rant.

Well, Oracle and SAP are THE WORST POSSIBLE

[realmolo]

It's hard for me to think of any software companies that are worse at creating software that actually WORKS.

SAP and Oracle are notorious for pushing out incredibly expensive, complex products that are impossible to install and generally don't work like ANYTHING else.

SAP, especially, seems to be incapable of releasing a product without a half-dozen show-stopping bugs that require obscure workarounds that you'll only find out about by calling support. I won't even talk about the unholy mess that is SAP's support site.

There's a rule about software that people often forget, and it's this:

"Software quality is inversely proportional to cost". In other words, the more expensive a given piece of software is, the crappier it is. Oracle and SAP are the NUMBER ONE offenders in this regard.

Re:Well, Oracle and SAP are THE WORST POSSIBLE

[Maximum+Prophet]

"Software quality is inversely proportional to cost". In other words, the more expensive a given piece of software is, the crappier it is. Oracle and SAP are the NUMBER ONE offenders in this regard.

For almost all multi-million dollar software, by the time you are installing it, the contracts have been signed, and the money is spent. Then, your bosses will fight tooth and nail to justify having spent $10,000,000 on the new system. They just don't want to hear that a $10,000 Linux solution will work better. Usually, their jobs depend on *not* looking for better products. See, "The Sunk Cost Fallacy"

Re:Well, Oracle and SAP are THE WORST POSSIBLE

TFA discusses troubles with installing what is essentially an Oracle DB VM image onto a Linux system. I have no experience with that, so maybe it's as prone to gotchas as the author seems to think.

However, the Oracle DB installers for Windows have been fairly good since version 9i (the 8g installer, if we can even call it that, was awful). IIRC, the Oracle DB installers are Java-based, so I wonder if he would have had a different experience with the Linux analogue of the Windows installer.

Now, configuring Oracle DB for particular environments/requirements is a completely different sack of cobras, but if you really need an "enterprise" app, hire the enterprise expertise to do the job properly.

- T

Re:Well, Oracle and SAP are THE WORST POSSIBLE

[kcshelby]

I once worked for a small software company that became assimilated into Oracle. One thing that absolutely floored me about Oracle's source code was the sheer number of programmer names listed in the "changes" section, nearly all of whom had left Oracle by the time I read their code. As long as the big software companies have such huge turnover in their programming staff, they will also produce code that's poorly written and poorly understood, IMHO.

Re:Well, Oracle and SAP are THE WORST POSSIBLE

Oracle's database server product is well over 30 years old, going back to the days before the IBM PC. If you go to work for a company as a software engineer and spend six years there, you've been there long enough to have worked on several projects and have made a difference (or not). So it's not surprising that there's been a ton of turnover in the list maintainers. In fact, on projects where there isn't much turnover *cough* gcc runtime library *cough*, that could be a sign of stagnation and lack of fresh perspective.

Is all about details

[TheDarkMaster]

I already have enough experience to say with some confidence: One of the major problems of current systems (and especially the installers, as the author of the topic described) is the lack of attention to detail.

If software X works in the environment Y, the author assumes that X is ready to be distributed. But what happens when the environment is Y + 0.45? Failure. Because X software never considered the possibility of Y not being exactly Y.

But NOOOO, is so "uncool" to spend time covering details, right? After all, "Works on my rig"(tm)

Too Gentle

[Internal+Modem]

The rant is so gentle, that it didn't even make it into the summary: What's the problem with installers, and why should I care enough to RTFA?

Re:Too Gentle

I was going to post the same thing, but I see the mod points were carefully distributed for this story...

The authors experience is largely my own.

[Vellmont]

I'm a developer who winds up having to do a lot of backend support and installs, I've been installing various enterprise packages for the last 6 years. The authors experience is VERY familiar to me. It's quite hit or miss, with some of the most expensive ($40,000+) pieces of software giving the most miserable experiences. You spend days trying to fix this or that, and it winds up being some obscure setting somewhere that only a super-expert could ever understand.

What sucks is that we have to put up with this crap. End users wouldn't stand for it.... but yet sometimes I swear IT staff think it's somehow OK, and they either blame themselves, or think they've "learned" something by going through these dumb install problems and jumping through the hoops. I'm tired of it, and it wastes a lot of valuable time. There's some things that can't be avoided, but the majority of the problems I've come across could have provided MUCH better indications of what went wrong, or avoided the problem altogether.

Re:The authors experience is largely my own.

[JBMcB]

I've written "enterprise" software installers, and there's a reason they are complicated. The enterprise software environment is completely different than a regular desktop. We've had to deal with:

- Fragmented domains - where users are broken up across multiple domains bridged over VLANS, needing permission to shares in one, non-hierarchical domain
- Insane security where users don't have direct access to the servers - the servers are firewalled from users, and are proxied to regulate access
- Push-installs where users have absolutely no admin acccess to their own machine, including "elevated" permissions, though users are expected to be able to do pull-updates, which is impossible without a convoluted services setup
- Pre-reqs *requiring* seperate installs, with detailed logs of what got installed, where and why (including system components)
- Requirements that functional components be broken up across different servers, even if it makes no sense to do so

This means there is no one installer to handle every possible configuration, there are simply too many variables. Then you do a cost-benefit analysis - you could spend a lot of time making a complicated installer that might not even be able to handle every possible configuration, or you could use those resources to add features your customers are asking for.

Since moving from a client-server model to a web-based model, the install is much simpler and nearly completely automated, but we still run into weird problems fairly often.

Re:The authors experience is largely my own.

[greg1104]

The problem isn't just that time spent on installers would be better spent adding features. Good installers for complicated software are also hard to write, in a way that requires your best developers to do it well. Consider the installer features being criticized here: things like good error checking. Writing code that doesn't handle errors gracefully is impossible for a junior person to do well. They just haven't been exposed to enough of the strange ways software fails in the field to do that job well. And not doing good error checking in general is a classic new developer issue.

If it were just a matter of diverting manpower from features to get a good or better installer; that could easily be justified. It's that you need to divert very experienced people to do it well, and those are never available in the quantities development companies would like.

Re:The authors experience is largely my own.

IT staff like it because it validates their existence. They may not openly admit to it, but fighting that fight against bad software gives them job security.

Enterprise apps are supposed to be hard

[quietwalker]

To those who haven't read the article, the author posits that testing two same-purpose pieces of software to see if they generate the same result is a simple proposition. Then we find out that the systems are SAP and Oracle. This is not like installing two mp3 players, these are the poorly-defined field of 'enterprise apps'.

I don't disagree that the installation for anything claiming to be an enterprise app is usually hard. Setting either SAP or Oracle ~properly~ requires expert knowledge, and running either ~properly~ requires expert knowledge. This is expected, because it's an extremely complex product which is meant to be deeply customized to your own business solutions. This is similar to the gulf between installing the next version of windows and installing, say, a slackware distribution. One is more about clicking next, while the other requests explicit knowledge of the system in order to tailor it to your specific needs, and even after install requires effort to make it usable. One requires you know nothing, and allows almost no customization, the other expects you know everything, and allows an almost infinite level of customization.

That's why the install of MySQLwas so easy for him. Nothing against MySQL, but I'm not going to put it in the same category as Oracle or SAP. It's not trying to be either of those - it has it's own niche. It just doesn't have the same level of customizations or capabilities.

The other thing that always irritates me: Why the hell would you have a software developer installing 'enterprise' software anyway, unless they're some sort of expert in that software type anyway? Don't get me wrong, I've installed many a developer version of Oracle locally, but I'd be the first to point out that I'm not the Oracle-certified expert that I expect will be running the show in production. Don't people understand that these are separate skillsets? The author states that he came from a j2ee shop running large products, my guess is, he didn't have to know how to admin the application servers. Ever try to dive into enterprise app server configurations? Clustering across firewalled domains with reverse proxies, remote caching, load balancing, certificate management, and active directory tie ins? In something 'big', like JBoss or worse, WebSphere? You could be an incredible java developer, but it has nothing to do with setting up and configuring the app server.

So, he was the wrong person for a task that was, quite honestly, supposed to be hard. Of course he had problems.

Re:Enterprise apps are supposed to be hard

Sorry, broken installers, lack of understandable error messages, lack of error checking/handling is a case of incompetence no matter what. If by adding "customizations or capabilities" you made it impossible to easily get a basic working system you've failed utterly at designing it.
Not to mention the commercial idiocy of making it impossible to do even the most basic evaluation of your software without having to calling in an expert for several thousands of dollars.
But of course if you don't like to waste a few thousand of dollars to get a demo running you probably would never become a Oracle or SAP customer anyway.

Re:Enterprise apps are supposed to be hard

That's a terrible example. If you install Slackware from the DVD, it's just "hit enter to win" in textmode plus entering a root password.

Re:Enterprise apps are supposed to be hard

[Maximum+Prophet]

Setting either SAP or Oracle ~properly~ requires expert knowledge, and running either ~properly~ requires expert knowledge. This is expected, because it's an extremely complex product which is meant to be deeply customized to your own business solutions.

I hear this, but I think, "A C complier is a extremely complex product meant to be deeply customized to your own business solutions." Yet GCC is relatively easy to install, and once installed I can start customzing right away. I can even use customizations that I've written years before and expect them to run with little or no modification. (C programs)

Installing the product, and running a test case should be a no-brainer, no matter how big the product is. After it's installed and running, then you can start to add business customizations that might be difficult and time consuming.

Re:Enterprise apps are supposed to be hard

[quietwalker]

I see where you're coming from, but you're not talking about installation. You're talking about running. Also, the output of a program is not a 'customization', it's a product. I don't create a spreadsheet and say, "Look, I customized OpenOffice!".

Installation of GCC can be potentially painful. Once you start getting into actual customizations like cross-compiler libraries, or having to bootstrap whatever native compiler you have on the machine - I still have a CD with all the bootstrapping utils to build GCC on HP-UX, and old versions of Solaris, like replacements for sed, ask, and as required by the build. All the same, once you get it built and the make install completes - or you've got an OS that will just aptitude it for you, it doesn't require a lot of interaction or maintenance. It's not a server, it doesn't have a persistent runtime, it tends not to be clustered or distributed, and so on. The customizations are generally done at build time, there's precious few system-wide persistent GCC settings that you'd ever want to change.

For the most part, you can get away with the defaults, and they're good enough.

The intended audience of Oracle or SAP tools is not the guy who's going to want the default settings (no matter how reasonable you could argue a single set will be). For the same reason I picked Slackware; if you're the guy who just wants to click 'next', then it's probably not the right distro for you.

As a side note: you can install oracle with the default settings, and get a perfectly useful - but non-optimized install. It's not going to be accurate for measuring speed or throughput, but you can write code against it at least. Of course, you're trying to run a race car that hasn't been tuned up, so expect to crash a few times, especially if you don't understand the requirements to drive it - but the point is that it's a race car, not an astrovan. That you don't know how to drive the race car, and end up crashing it is less to do with failures for the race car, and more to do with your expectations of the experience.

The virtualbox install of Oracle that was providing the 500 error? Chances are that it was due to network issues with the virtualbox install. I can say that from personal experience, but it's really just a guess until I check log files. The fact that it was provided as a virtualbox instance makes it likely it was properly configured, so the error was likely on his side, somewhere. Is that Oracle's fault, or is it the commuter who try a few laps in a formula one race?

(That he tried a reinstall before checking the logs just hammers home the point that he's not the right person to be doing this. He sounds all ... well, let's be fair. Microsofty. Reboot/reinstall to fix a problem? For enterprise apps on linux machines? Really?)

That being said, it doesn't let people off the hook for writing shoddy products, I just don't see good examples of that happening here. I see someone trying to learn how to install and run highly complex software which requires it's own skillset, and treating it like it should be no more difficult than a mobile phone app.

Re:Enterprise apps are supposed to be hard

[Vellmont]

  Setting either SAP or Oracle ~properly~ requires expert knowledge, and running either ~properly~ requires expert knowledge.

Except... why does it have to require expert knowledge? It should require expert knowledge to get maximum benefit, like anything else. But just to get the damn thing to run? That should be able to be done by a first level tech. Integrating the thing is a different matter.

Why the hell would you have a software developer installing 'enterprise' software anyway, unless they're some sort of expert in that software type anyway?
Because not everyone works at mega-corp, with super-duper expert just sitting at your disposal who's spent weeks and weeks learning about Oracle and SAP installs with little else on his/her plate. There's lots and lots of people who have to wear multiple hats, and cringe at these freaking installs.

You're basically defending the status quo here, and not doing a particularly good job of it. It doesn't "have to be hard", it just is.

Re:Enterprise apps are supposed to be hard

[Impy+the+Impiuos+Imp]

And you see nothing wrong with your conclusion? "It's a broken, difficult pile of shit because it's supposed to be a broken, difficult pile of shit?"

Re:Enterprise apps are supposed to be hard

[Maximum+Prophet]

I've worked with enterprise monitoring/ distribution tools, advertised as "Just write a few scripts on your target machines, and it works" After all the scripts where written, they dwarfted the original product, and when the new version was released, everything had to be reworked, because the old and new versions had different APIs.

Now I'm working on an Oracle OUD 11.x installation that doesn't do exactly what we want. The sales engineer said, oh you can write a custum plugin to do that. "Ok", I said, "Will the custom plugin run in OUD 12.x?". Probably not, was the answer.

Re:Enterprise apps are supposed to be hard

[scamper_22]

There's several answers.

1. Not enough resources have been put into the 'installation' program. Resources are always limited.

2. How about the myriad of consultants? They need jobs too and are they likely to push a product that they won't have any support for?

3. People have gotten used to self-service in the industry. When if you look at the rest of life, so much of it relies on the expert knowledge of specific industries. Not that it *can't be done*, but just most people don't. I don't change my own brake pads on my car or do any complex repairs on my car... and I tell you... a big software piece is probably just as complex or more complex than standard car repair.

Not to go overboard, but doctors and lawyers and dentists spend years specializing in specific areas of the human body before they are able operate on it. General doctors just refer them to experts. A complex piece of installed enterprise software is along those lines of complexity.

We should have a bit more respect for our field.

4. Many of these enterprise products are composed of multiple components often having their own configuration systems. They might have a DB from another company, a web server component... It can all get insanely complex.

Re:Enterprise apps are supposed to be hard

[quietwalker]

Actually, I had no problems installing and running these types of apps locally. Follow their suggestions and requirements exactly, and I've never had a problem. Deviate from them, and you better hope you know what you're doing with custom systems and installs.

But just to get the damn thing to run? That should be able to be done by a first level tech.

These pieces of software are not written for the first level tech. They're not written for the software dev who's forced to wear too many hats. They're not written so that your administrative assistant or their mom can install it. Where do you see those requirements, or where is the monetary incentive for these companies to do that? What significant population of their user base drives such a requirement?

These apps are written for people who are trained to install and administer them. They are complex, and unapologeticly so. There's no money in simplifying them, and frankly, they're not actively courting the lone developer at small company X that doesn't have the budget for the retail 300k/yr or better package or won't spend the time to learn their complex system. Their actual paying customers don't have the same problems, so naturally, those issues are ignored.

Aside from logistics making this a non-priority, there's also the issue of compatibility. The fact that someone who isn't suitable for it is tasked with installation and administration of these apps shows ineptitude of management, not a fault of the software or even the user.

So in summary:
    - There's no assumption that an untrained person will be using this software.
    - There's no business motivation to write the app for untrained individuals.
    - Despite that, there's nothing stopping someone from simply following their instructions and getting it running.

I understand the desire that all software products everywhere be accessible to everyone without instruction, but the fact of the matter is that complexity in processes engenders complexity in execution. You can only make a complex thing so simple, and no simpler. (example: Could you easily simplify GCC and keep all the features?)

This is where other products come in to fill those niches, like MySQL if you didn't need Oracle.

Re:Enterprise apps are supposed to be hard

[JonySuede]

I used to hate WebSphere with a passion but learning JACL made me love the poor misunderstood abomination that is WebSphere.

Everything is scriptable, and I mean Everything . I had a bash scripter learn it. And now we have the ability to remotely deploy a full WebSphere installation on an server already running up to 8 other installations, configure it, install the requested applications! All that from a shell based wizard. The actual utilization of the script is about 30 seconds long and it's execution time is about 20 minutes long if you also want to install a couple of applications. The wizard takes care of everything in one pass except evidently the installation of the yet to be generated CSR reply. However, the wizard also takes care of that if you select install received CSR CRT reply's....

HOWEVER, the above message only applies to WebSphere, no an atrocity with a name like WebSphere Lotus Inventory Maximo Enterprise Management EditionIf a product from IBM with a name designed by chtulu himself is under you care, I am sorry for you

Re:Enterprise apps are supposed to be hard

Microsoft Excel FTW!

Re:Enterprise apps are supposed to be hard

[badkarmadayaccount]

What can you say about postgreSQL?

How much more disk is static linking anyway?

[swb]

I remember being kind of annoying in the early 90s when I started using Windows and had to deal with Installers; as a Mac user, I was always used to just copying applications from system to system (although IIRC, some set resource values during install or copied INITs to the System folder).

A couple of software developers told me DLLs were better technically due to resource usage, but to me it just seemed like a clunky form of copy protection.

I kind of felt the same way on Linux/BSD platforms -- why couldn't everything be compiled statically? How much more disk space would it REALLY take to have an entire system statically linked?

I still think this would be a good idea on Windows, even though DLL conflicts seem to not occur that often.

Re:How much more disk is static linking anyway?

[aardvarkjoe]

I kind of felt the same way on Linux/BSD platforms -- why couldn't everything be compiled statically? How much more disk space would it REALLY take to have an entire system statically linked?

Disk space isn't the only concern -- it probably isn't even the most important one, at least not anymore.

If all of your programs are statically linked, then they may (in practice, almost certainly "will") all be using different versions of the same libraries. Some of them are going to be exposed to security problems fixed in later versions and some of them will be incompatible with configuration options that you are using. If you want to upgrade a library, or apply a patch, or even switch from using one library to a compatible one, you will have to recompile every single program on your system from scratch.

Re:How much more disk is static linking anyway?

[TheRealMindChild]

Or use a binary diff patch to update the singe executable

Re:How much more disk is static linking anyway?

I kind of felt the same way on Linux/BSD platforms -- why couldn't everything be compiled statically? How much more disk space would it REALLY take to have an entire system statically linked?

Disk space isn't the only concern -- it probably isn't even the most important one, at least not anymore.

If all of your programs are statically linked, then they may (in practice, almost certainly "will") all be using different versions of the same libraries. Some of them are going to be exposed to security problems fixed in later versions and some of them will be incompatible with configuration options that you are using. If you want to upgrade a library, or apply a patch, or even switch from using one library to a compatible one, you will have to recompile every single program on your system from scratch.

That's exactly where static libraries win. When SuperWidget absolutely requires somelib 0.6.1 and AwesomeDoohickey breaks unless somelib 0.5.5 is installed, static linking keeps them happy. SuperWidget bundles 0.6.1 and AwesomeDoohickey includes 0.5.5, and neither has to worry about the other. Dynamic linking means that installing one breaks the other.

Sure, if somelib is security critical and 0.5.5 has a known vulnerability, then you probably don't want it on your system. But since AwesomeDoohickey doesn't work with the later versions anyway, you're no worse off than you were. Either AwesomeDoohickey's maintainer updates to fix the incompatibility and bundles a newer version of the library, or you remove AwesomeDoohickey.

Re:How much more disk is static linking anyway?

You think that was bad, back in the bad old DOS days, I got used to reading the install batch file for programs before running them because so many of them simply didn't work, or assumed really stupid things about drive letters, etc.

The upside was that it _was_ possible to fix the installers in most cases. Since Windows came around, you pretty much had to rely on the programmer getting it right and if he didn't, then, well, you didn't get your program.

I've had generally good luck with installers over the years, but the worst one I've seen in a long, long time was Eclipse for Windows. I couldn't get it to do anything but spew endless Java errors, and no information I could find online helped. Good thing I was only trying to install it for a job I had every intention of quitting ASAP... because I was being forced to move to a Java platform.

It's amazing though how programs have gotten so ridiculously big. From what I've heard about the size of Minesweeper in Windows 8, it's bigger than all of Windows NT was 15 or so years ago.

There's much more to it than that

I've written installers for 15 years for simple apps to enterprise systems to full OS's to multiple OS's on multiple systems on a network sold as a single package. And yes I've done it for most of the OS's.

Sure simple apps to redistribute are easy, but the complexity occurs when you have to configure the OS and other third party applications. Most programmers don't realize that it's difficult if there is someone taking care of this. It doesn't matter if you're using a packager or a custom executable to do the job, it just has to be done as any other programming job needs to be done. The only thing is that you're working outside of the bubble that programming languages give you and I don't think that's taught very often in schools (from what I see anyways, maybe some do).

Just keep this in mind, if there is a 1 in 1000 chance that something can go wrong, take care of it. If a human needs to touch it, consider it broken.

If you have a problem with installs, hire someone that knows something more about computers than just how to program them.

In the end, if you have this job, and it's for something other than a simple app, you'll end up writing in 2 or 3 languages (whether they be scripting or not) and at one point during the prototyping you'll make the decision whether to use a commercial packager or not (either way doesn't matter, they may or may not include what you need).

So in the end it's like programming anything, but I find that you need to know more about your environment than just programming some software in one language, not more complex, just a larger bubble.

One mistake that some companies make is to hire people that don't know programming, or only know programming for this job. You need both.

Re:There's much more to it than that

Been there, done that and I fully agree with you.
In general the regular programmer just doesn't have that kind of grip on the complexity of a large multi-component/multi-platform environment.

You need people with enough multi-platform sys-admin experience to understand the ins and outs of integrating everything together at the OS level.
And they need to understand the product components well enough to be able to decide how to integrate it.
And they must be able to program/script in a variety of languages to build the actual installer framework.
On top of that some experience with designing GUI's isn't amiss either. The customer must be guided properly through the installation.
And some ability to think out of the box and some spine to withstand the PHB's that wanted to ship the product yesterday.

Such people are very hard to find.
Usually the best you can do is a small team that together covers the entire landscape.

Bread & Butter

Crappy code is my bread & butter. Adapt a "can do"attitude and you have job security. And frankly, stop the whining already, its 2013 and you geniuses programmers have yet deliver in a couple of areas. Where is my hard AI. Make up your mind about NP.

Crappy code had its function and if i am paid to work on that code i will do so. I will even maintain your spaghetti structure if you really want me to, but i will charge extra. For me, its just a job.

I do have my own preferred code layout for readability but even on that subject there is no industry standard. camelCase? Newline before { , what? Honestly, the worries of the next programmer is not my priority. Getting payed is. And that's highly dependent on the opinion "du jour" of the boss "du jour".

  Its a job, shut up and do your job.

I won't hold that against Oracle...REALLY??

The third one ended up crashing my entire computer (not just Virtual Box). After an hour or so of digging, I discovered that I had to turn off Data Execution Prevention at the BIOS level. That’s fair; I won’t hold that one against Oracle.

Since when is it ever OK for a virtual machine to take down the physical host? Oracle provided image, Oracle provide VM host, Oracle provided crash, and after all of the ranting, "won't hold that one against Oracle". Really?

Bespoke development of a plug-in for each client

[tepples]

Companies often want the database to run on their existing Oracle (or whatever) install, which means scripts to build out the tables in their database.

Is there a reason the installer can't have a button to execute these CREATE TABLE IF NOT EXISTS scripts in a given database? The installers for phpBB, MediaWiki, WordPress, and the like have this.

There are often existing APIs that need to be called that are custom to the client. That means that after the install you will need to add code to make API calls that the standard install does not necessarily make.

Now you're getting somewhere by mentioning the requirement of bespoke development of a plug-in for each client.

Apples and oranges.

[Alkonaut]

Shorter article:

Installing huge enterprisey things SAP and Oracle software is harder than using a package manager to install Apache.

Security updates to a "necessary part"

[tepples]

The file should not be unpacked, it should simple be one executable with all necessary parts inside.

So what happens when a security vulnerability is discovered in one of these "necessary parts" statically linked into the executable? If the part lives in its own package on which your package depends, a fix for this vulnerability is applied for all applications using the part once the part's maintainer releases the fix. Otherwise, you have to wait for the maintainer to update the application with the fix, and $DEITY help you if the maintainer has pronounced the application's end of life.

Re:Security updates to a "necessary part"

The file should not be unpacked, it should simple be one executable with all necessary parts inside.

So what happens when a security vulnerability is discovered in one of these "necessary parts" statically linked into the executable?

The developer releases an update.

If they don't do so, consistently, in a timely fashion, you can fully expect that entire application is unsupported or poorly supported and most likely has loads of other unaddressed issues waiting to bite you in the ass anyway.

Re:Security updates to a "necessary part"

[tepples]

you can fully expect that entire application is unsupported or poorly supported and most likely has loads of other unaddressed issues waiting to bite you in the ass anyway.

In the real world, it might not be possible to find a close substitute that is not "unsupported or poorly supported" and does not "most likely [have] loads of other unaddressed issues waiting to bite you in the ass anyway". Relying on shared libraries that regularly get updates at least prevents that particular issue from biting you.

Re:Security updates to a "necessary part"

you can fully expect that entire application is unsupported or poorly supported and most likely has loads of other unaddressed issues waiting to bite you in the ass anyway.

In the real world, it might not be possible to find a close substitute that is not "unsupported or poorly supported" and does not "most likely [have] loads of other unaddressed issues waiting to bite you in the ass anyway". Relying on shared libraries that regularly get updates at least prevents that particular issue from biting you.

But in the real world, it might not be possible to update a shared library without breaking one or many of the applications (generally, those are the ones that are unsupported or poorly supported) that rely on it. So in practice, you end up holding all applications back, instead of just the most fragile.

Reusing existing apt-get

[tepples]

On occasion you get the rare third option of "add this repository of compiled binaries to your package manager" which is no different to downloading a random installer.

With one big difference: adding a repository allows the existing package manager to check for and apply updates instead of adding Yet Another Daemon to do this.

Ideological blindness

His assertion that open source solutions are easy to install reeks of drinking deeply from the Kool Aid. I've had plenty of installation nightmares in Linux.

This one really takes the cake, though: "Ever installed Eclipse? Easy."

What the actual fuck? Eclipse has never been anything but a headache for me. To this day I can't upgrade anything in it because it installs with conflicting dependencies.

Re:Ideological blindness

I would like to disparage your parameters of your conditional statement that permeates the flux of the crux of the matter in the notion with the ocean of sensibilities.

I hope you won't mind.

Simpler than all that:

[macraig]

Laziness has no minimum capitalization requirement.

The reason for startup updaters is simple

[SmallFurryCreature]

Flash and Java and such run a small program at start to check for updates. They do this because if they don't even fewer people will upgrade their software this century BUT you can be CERTAIN that those who update never, SCREAM the hardest when they are affected by a bug fixed ten years ago.

You can rant gently or hard about software developers, but about [ulûk/users] *thunderclap*, you can only curse in black speech.

I am a developer myself and have had quite literally had to debug configurations where it turned out people never configured anything. Yeah, I did X and it doesn't work and they didn't do X. This is like complaining your car doesn't start when you haven't got a car. Your are correct but still an idiot.

Yes, developers are morons but users are malicious morons who predate on fools who utter the lines as "quick fix", "work around" or worst of all "quick win". But only when the shit has not just hit the fan but they are actively drowning in it. Every other time ANY thing that sounds like "permanent solution", "investment in the future" and "decision" is avoided like a... well like a user avoids making a decision or doing anything NOW to avoid trouble in the future.

Re:The reason for startup updaters is simple

1) That's no excuse for those things to stick around forever instead of terminating when they're done, as so often happens.
2) You should schedule a task for that purpose, because otherwise in all likelihood the software will fail to update if the machine is usually hibernated.

If we build it

[SmallFurryCreature]

If we build it, it is because the user, may his children be cursed for a thousand generations, told us to do so. In fact, that is pretty much the reason ANY crap building has been up to cheaply in a dangerous area. ONLY because THE LAW and BIG GOVERNMENT stops users from demanding high rises build out of mud on top of mud in a flood plane on a fault line, has this stopped... and then only when THE LAW and BIG GOVERNMENT do their job really really well. Just google engineering disasters for examples when THE LAW and BIG GOVERNMENT were stopped from doing their job.

Remember that Engineers have strict laws governing their actions. Software Engineers (HAHA) don't. You want to have the same quality from Software Engineers as real engineers? PAY FOR IT! And WAIT FOR IT.

There are good reasons for building codes and there MIGHT be a cause for coding codes BUT it won't happen when "cheapest" wins out every time. I have seen it far to often when a project was reduced in quality by the customer insisting it be done cheaper and faster. Well guess what, then you get buildings oops code that fall down when someone sneezes.

Want an installer that works in more then one near perfect situation? Sure that will be X on the total bill. User: oops no and I want to save Y amount as well, so cut some more corners please.

Is there a patent on administering electric shocks every time a user demands a shortcut but expects quality?

Security

[tepples]

why couldn't everything be compiled statically?

Please read my reply to oever.

"the disk"

[tepples]

A real OS doesn't let apps install files in random places all over the disk, so it's not a problem.

"the disk" -- there's your assumption right there, that a system has only one disk. People want to install to the other disk once one disk runs low on free space.

Re:"the disk"

Like MSSQL, you can install pieces wherever you like but a majority end up in C:\Prog Files. Aside from the fact that most winblow$ programs use the registry on C.

Re:"the disk"

Don't forget moving (read delete from old directory so they only exist in a new directory) applications to new drives entirely as tech upgrades such as updating an array of SATA 2 drives to SATA 3 drives while keeping the old ones for whatever purpose.

Re:"the disk"

So use a directory mount point. Yes, Windows does that. Or grow the volume by adding a new disk. Yes, Windows does that, too. Your 1990s complaints should stay in the 1990s.

Re:"the disk"

[KiloByte]

If you even bother installing executables on more than one physical disk (counting arrays as one) by today, you're doing something wrong. All programs in one system take a few GB, that's peanuts compared not only to smallest disks produced today but even to flash storage on modern ARM rigs. It's only actual data that's bulky.

You may have ten VMs on one disk and five on another, or have a database/porn stash/backups exceed a disk, but it's better to think of programs installed as an unit.

Re:"the disk"

[tepples]

All programs in one system take a few GB

Programs, yes. Programs and their read-only data, no. A single game might use a few GB for all the meshes, textures, and the like. Otherwise, why would video games have switched from CDs to DVDs starting about a decade ago?

Sorry, no. Informatica FTW!

[kimanaw]

Having installed both BOBJ and Oracle (and numerous other "Enterprise" software packages), I can confidently say that setting up even a small Informatica system is by far the most painful, error prone, and infuriating experience I've ever had in my 2+ decades of experience.

I usually start the process by crawling into a corner in the fetal position and sobbing uncontrollably for 30 minutes, cuz I know the next week of my life will be complete hell. Then I throw away the docs, since I know they're a work of fiction. 5-7 days of random typing and button pressing later, I may finally have a functional Informatica system.

Re:Bespoke development of a plug-in for each clien

[cfulton]

Sure the installer can CREATE TABLE IF NOT EXISTS. And it often does. I've been involved with several such installs. My point was more that at an enterprise level your application has to be deployed into and existing infrastructure and you cannot take all the possible corporate configurations. They might use akamai so custom tags have to go on each page. Or they might deploy to an application server that you have not seen before (OC4J anyone). Maybe they have a password management scheme that means you have to hit LDAP when your server starts up to pull the application password. They might restrict your ability to create tables and only allow their own DBAs to create tables. I have seen all of this and more at the enterprise level. No medium to large company really allows the possibility of just running an install script for anything of any complexity.

Re:Bespoke development of a plug-in for each clien

Is there a reason the installer can't have a button to execute these CREATE TABLE IF NOT EXISTS scripts in a given database? The installers for phpBB, MediaWiki, WordPress, and the like have this.

It is mostly just fine if you fubar a CMS or Wiki database, nobody is going to complain. Screwing up a multiple terabyte production database... different story.

License line items

[ebh]

One thing nobody's mentioned yet is that big commercial applications can have hundreds of separately ordered bits and pieces. That often affects the installation process, and can add a lot of complexity. The more paranoid vendors won't just have you install the whole thing and then disable what you haven't paid for, for fear you might crack the rest. Sometimes it's not even technically feasible either, given the app's internal dependencies.

We've all dealt with vendors and their licensing departments. Even if the technical side of it works perfectly, if there are enough different things to be licensed, sooner or later someone's bound to give you the wrong magic number.

HD blindness

[Half-pint+HAL]

Yup. As long as the GUI remains resolutely fixed size bitmaps (with a few hacks to allow smudgy zooms) all our HD monitors do for us is make everything to small to read. I always browse at 120-125%, and some sites come out completely borked -- resizing artefacts on images (including many titles, banners etc), text that gets cut off due to hacky fixed-size boxouts etc. It's all crap.

Re:HD blindness

[Rakarra]

I always browse at 120-125%, and some sites come out completely borked -- resizing artefacts on images (including many titles, banners etc), text that gets cut off due to hacky fixed-size boxouts etc. It's all crap.

That's one of the reasons why I switched from Firefox to Chrome. I couldn't believe how BAD the image resizing under Firefox (on Linux, not sure about other platforms) is, and how Chrome had far fewer resizing artifacts. It's not a speed issue either, Chrome seems refaster at scaling than Firefox is at the same time.

Then again I open a lot of webpages where it's important to not have any image resizing done at all, so I zoom text only, which breaks a number of web sites that use images as spacers.

Re:HD blindness

dude, just set a minimum font size in your browser and be done with it. no-one's using fixed size bitmaps for anything you need to actually read.

And the DB needs licensing.

And scripts need passwords to do stuff on the installation, which may not even be possible to script.

Most users don't use reasonable operating systems

[tepples]

Come on,... every reasonable operating system has got a package manager

Most users don't use reasonable operating systems on their PCs. They use Windows, which provides a package manager only for Windows components and for applications coded to the abortion formerly known as Metro.

Re:Bespoke development of a plug-in for each clien

Your binary of unknown quality will NOT get privilege enough to do CREATE TABLE and friends on my production database.

Re:Bespoke development of a plug-in for each clien

[aztracker1]

Wordpress is installed how many times a year, vs. a typical enterprise software package? Sometimes writing an installer vs. a checklist is an easy call to side with the checklist.

As an uninformed hardware guy..

[phrackwulf]

Are there any IEEE standards for software installers for different platforms right now, and if there were, can anyone reference them so as to help the hopelessly clueless start to understand the problems? Thanks.

Public APIs go against greed

[HalAtWork]

Public APIs mean you have to sell/use a competitor's products before you can sell your product, and companies are just too greedy. Plus this would mean a way around the patent problem, which means less money for the greedy as well.

Installers do suck.

I worked for a development company as a systems administrator. Not only are enterprise applications difficult when you take them across every flavor of operating system known to man it's ratcheted up even more! Try installing those apps on AIX or HP-UX Some times there is NO DOCUMENTATION at all! Honestly a Java (i do not work for any java affiliated company) interface can be made to work across all platforms but for some reason it don't make sense for application developers to use. It's maddening,

Re:Installers do suck.

I assume you are interested in knowing the scientific pattern by which the development language is selected? It is usually "I'm familiar with this" or "This looks like a cool language". Even when there is supposed to be actual study of best language, majority of the alternatives is not investigated at all.

Java itself is really nice language to write code with. It has big native library that does all sort of things to you. It is relatively fast. Rather well documented. There are some limitations with it why you don't want to use it, but for normal desktop or server tasks it works pretty well.

So why are people using alternatives:
- Microsoft actually pays money for people to write software using their tools.
- People hate Java, because of misunderstanding (e.g. checked vs. unchecked exceptions has caused a lot of hate for Java) or inability to learn it (OOP is really hard to learn for some people)
- Old code is written with some other language
- Java has some limitations and disadvantages, why it can't be used for every task.
- People love some other language and want to stick with it.
- Other applications in the company are written with some specific language and the company wants to stick with that language.

Tile Vertically

[tepples]

The entire point of wide screen monitors was for playing video content, period.

Not to me it wasn't. I've found two purposes for 16:9 monitors completely unrelated to video. One is to allow windows to keep a usable width when you Snap or Tile Vertically into two 960x1080 spaces. The other is to allow laptops to become smaller and lighter while keeping a full-size keyboard.

Re:big bucks

What?! The server explodes?

Hey man, WAR is hell.

We're too dumb and lazy for installers

[gestalt_n_pepper]

Seriously. Like it or not, when most programmers get something to work, we go home. We don't think about dependencies or low probability interactions. We're happy enough to get an install to work at all. Which brings me back to my original point. Single .exe installs aren't an ideal engineering solution, but they solve the human factors problem of engineers with limited bandwidth (and no matter how good you *think* you are, you have limits).

This isn't a job for the developer.

[kelemvor4]

Bottom line: Building quality installers is not a job generally well suited to the developer of that application. Many (most?) large firms have software distribution teams that utilize some ESD type of tool (SMS, Marimba, Tivoli, etc) and every one that I know anything about has had their own packaging team. This is a team of individuals whose entire job is to build quality installers that are robust enough to handle oddball client configurations. Further, a good installer should be capable of installing with no user interaction whatsoever; aside from perhaps allowing the user to determine if they want that interaction or not. Not that a developer could not do it, but like most specialized things there IS a benefit to having an expert in this specific area do the work. The team who designed or built my car is not the one who prepared it for delivery to me.

Sure, smaller firms (independent especially) won't be able to afford a professional packager and will have to make due. This is, however a problem that has been solved by many companies - not some mystery waiting to be solved.
A good installer should be robust enough to make intelligent decisions based on information gleaned (not from user input) at install time. The more common approach these days seems to be making very specific installer packages and forcing the user to pick the right one before installation.
Furthermore, SAP is a poor example - as best I can tell the software is deliberately made to be confusing in order to necessitate the ecosystem behind it. SAP professionals are very highly paid and specialized and if the company fixed this it would damage that ecosystem.
To be fair, hardly any company releases software with what I would call a quality installer these days. Some are better than others, but none are anything I would have been proud to put my name on back when I ran a packaging team.

Well, that's great

[Giant+Electronic+Bra]

Yet another incipient genius who probably hasn't had the slightest experience on the ISV side of this equation with the convenient one-size-fits-all answer to end all answers. Thanks, that was amazingly edifying!

Frankly, you have NO FUCKING CLUE what you're talking about. I would presume you really have no familiarity with actual commercial line-of-business enterprise class software. Any enterprise which is not run by morons and is large enough to qualify as an 'enterprise' has an extensive IT infrastructure which is highly integrated and designed around an enterprise information systems architecture, involves capacity, availability, security, and usability analysis and planning etc. When you 'deploy' software into these environments, and I'm talking about large banks, Fortune 500's, large international corps mainly there's no such thing as "drop the installer on a hard drive and run it". You're dealing with integrated management systems, enterprise-wide credentials and role management, complex licensing situations, other corporate IT policy issues, etc etc etc. The idea that MY software, which handles transactions from generally 1000's of clients and integrates with easily on average 4-5 other complex software stacks is 'lacking an installer' because you don't install it clicky--click is hilarious.

You can think what you want, but at least in my world 'enterprise software' means something very different from what some people seem to be using it for. This is not like in your typical small business environment where you slap up a copy of Apache and install Trac on it and call it a day (and even there I'll note there's no single installer that can handle setting that up for you).

Re:Well, that's great

Funny. Our software does all that and does have a clicky-clicky installer. That happens to work for Windows, *nix, and iSeries targets.

I think you're full of shit.

Re:Well, that's great

[Machtyn]

So, you have a monstrous mish-mash of software that all has to be installed. Does it have to be compiled on the fly at the client site? Yep, an installer can handle that. Does it need to have the compiler installed first at the client site? Yep, a clicky-click installer can do that and then progress right into compilation. Are there third party apps that are a bugger to install (MS SQL Server can be a bugger to install and get patched up), yeah, that can be automated, too. A computer is a numbers cruncher first. It's an automated tool second. Manual interaction is probably not even third on the list of important things a computer does.

Example: HP printer driver software installer

[SuseLover]

Why does an HP printer driver software need an installer that runs for over 45 minutes on a fast (3+GHz) multi-core system? Almost as bad just to UNINSTALL it.

I can't imagine anything so complicated for a printer driver to take that long to install (heck I can copy an entire CDROM to disk in just a few seconds).

What the heck are installers doing while you watch the progress dialog box for 2 minutes that says "Determining Disk Space", when you can get the disk freespace from the dir command in .001 seconds?

What's an installer?

*pulls the shiny icon to the Applications folder*

Re:Bespoke development of a plug-in for each clien

[nabsltd]

No medium to large company really allows the possibility of just running an install script for anything of any complexity.

So what you are saying is that because some companies lock down their systems so that they must manually configure everything, no one should ever create any installers?

The point is not that an installer fails to do something because of an obscure config. Instead it is that the installer completely assumes a very specific config that isn't the default and then doesn't either automate or give you good instructions on how to make sure the dependencies are fulfilled.

They might use akamai so custom tags have to go on each page.

Assuming you are talking about a product that front-ends a web server (like a CMS, storefront, or forums), this really isn't part of an "install", but instead should be provided by settings in the software once it is running. Adding custom tags to a web page is no different from changing a font in Word document, and shouldn't be part of an install.

Summary

I wonder if reading your code is anything like reading the 123 word sentence in your summary.

Sorry

You lost all cred as a developer as soon as you admitted to using an iPhone.

You found the link between Store and Secure Boot

[tepples]

Now hear's the tricky part: You have to make it resilient to the typical malware associated with Windows installations (particularly malware directed at this application to corrupt the list of repositories). I don't know if this is possible.

Might that be why Microsoft applied so much pressure to introduce Secure Boot when it introduced the Windows Store in Windows 8, to keep MITMs from screwing with the payment method for Windows Store?

How should hobbyists afford this fee?

[tepples]

I'm curious how, "Check at start" became "Check at start and don't do anything with the info for hours." Typically, programs that check at start offer to download and launch the installer via modal dialog as soon as the check is complete.

I was trying to allude to Apple's guidelines to not interrupt the user's work flow with a modal dialog when the user first opens the application. (No, I don't remember what Google search terms I used to find those guidelines months or years ago.)

The linux software repositories have different requirements.

Such as the program being distributed under a free software license that conforms with the DFSG. This is traditionally not acceptable for several categories of application.

There should be a fee, though.

How should hobbyist developers of applications distributed for no fee afford this fee, especially when it usually ends up being a separate fee for each platform?

Which is why the OP spelled out security fixes as an exception to the general rule of not pushing updates every day.

Where I'm going is that the only time I've seen updates more than three times a week is for security problems in Ubuntu, especially right before or right after a new six-month release.

System Engineering

From my experience the difficulties with software development, as well as hardware development, logistics, and everything else that goes into producing an efficient, upgradable, long lived system almost always arise from a lack of (what we in the defense industry refer to as) "systems engineering". You start with very high, overarching functional requirements defining what the entire system must do as a whole. You decompose those requirements into sub-functions while maintaining strict definition and control of the function-to-function interfaces, and so on until you have a functional architecture. Then you allocate functionality to software and hardware configuration items - again under strict control (i.e., configuration management). Each configuration item is tested separately to the requirements allocated to it, then configuration items are combined together and integration testing is performed to higher and higher levels until the entire system is tested as a whole to the original highest level requirements. This is all very difficult to do, granted, but with strict discipline it can be done. The biggest problem is always the same - poorly defined requirements. Always. In many to most cases, the customer thinks they know what they want - but they do not - and insist on proceeding on to the design phase before even the highest level functional requirements care iron clad. When this happens on very large projects failure is inevitable. The system engineer's job is to get the requirements right despite the best efforts of the customer to "just get something built so it looks like progress". Seen it many times.

Mod Parent Up: Good Software is Expensive

[handy_vandal]

[T]he cost to make high-quality software exceeds the price people would be willing to pay for it.

Amen to that, brother. You have reduced the argument to its most fundamental terms.

Yes, we can do it. But no, we won't pay for it.

Re:You found the link between Store and Secure Boo

BS. SecureBoot is about MAFIAA DRM.

It pays to do shitty development

[MichaelSmith]

Because you make more money on maintenance. Thats on the of the biggest problems.

Static linking doesn't require more disk space.

[Sanians]

...or, at least, it isn't enough that you'll even notice.

I've been working on a free game for a while. Everything it requires is inside the executable. The download is still just over 1 MB. It's small enough that, when trying to get people to try out the game for me, I have issues with people assuming it must be some sort of trojan simply because of its incredibly small size.

Originally I was distributing it like most software, with an executable accompanied by many other files, but this just created issues of people copying the executable but not the graphics files, or copying things but putting them in the wrong directory (which is quite amazing considering that all anyone had to do was extract the ZIP file and run the executable from where it was extracted to). So I included the files in the executable, which brought it up to 10 MB. Later I made it so that most of the graphics come from the server and are cached locally, so that different servers can have different textures, and so now it's only 1 MB.

Also, until a week ago, it was using a dynamically linked version of GLFW for the Linux version. However, I began hearing reports of people not having GLFW available, so I included the necessary apt-get command on the web page so that people would know how to install it. ...but even then, I heard from several people (which probably means everyone who used the Linux version, given that the game isn't all that popular) that they still couldn't use it because when they used that command on their 64-bit system, it would install the 64-bit version of the library, but my executable is 32-bit.

I suppose I could have installed a 64-bit system somewhere, but honestly, every time I install Linux I have to go through hell figuring out how to make it stop asking for my password every three minutes, as well as changing numerous other idiotic default settings. ...and also about 50% of the time the system ends up being unusable anyway and I have to install something else. Thus I've learned not to install new versions of Linux, even if I'm already aware of two bugs in the two and a half year old kernel that the current version of Linux Mint I'm using refuses to upgrade to anything newer. (vm86 mode is broken, and there's a thread locking issue that stalls all threads in an application until you open another terminal and type "for i in 1 2 3 4; do cat /dev/zero > /dev/null & done; sleep 0.1; killall cat")

So instead I just statically linked GLFW as well. I'm sure it added something to the size of the executable, but at present, 25% of the executable is a single PNG image used for the player avatar. While 1 MB may seems small for executables these days, there was a time when our whole computers ran in a single MB. Code simply doesn't require that much memory. When people complain of some software's memory usage, it isn't using all that memory due to a bloated code base, it's using it to store data (or memory leaks). To put it into perspective, the RGB data of a 1920x1080 display requires 6 MB of memory to store -- the entire executable for my game will fit into that multiple times. Thus, the memory saved by dynamically linking is inconsequential.

There are still things that aren't statically linked, like X11 libraries and OpenGL, but I suspect that statically linking those would cause more problems than would be solved. After all, if someone doesn't have X11 or OpenGL libraries, they probably don't have X11 or OpenGL. (I'd also have to find their various licenses to see if I'm even allowed to statically link -- LGPL won't allow you to statically link closed-source applications, despite its reputation of being nearly public domain, and so it is useless for closed-source software.)

As for the topic of this article, I also realize my game desperately needs an instal

This is EXACTLY what VMs were designed for!

After all, who would seriously run a Windows server on actual hardware with the exploits Windows has. Worse still, why would anybody want to take the time to secure it since it isn't secure enough by default when UNIX (and its various children) is already secure and just needs proper administration?

Ha ha

Love submitter's problems with Windows Explorer. Perfect example of why Shell Extensions are shit - some third party thing is trying to thumbnail files or extract metadata to display in a panel and has fallen over. But oh, it must be Microsoft's fault! (It is, really, because they created the capability of Shell Extensions in the first place.)

And holding up Eclipse as a perfect example of how to do things? Because obviously Java updates *never* break Eclipse in any way, shape or form. And because Eclipse updates *never* break ADK in any way, shape or form. Get real.

...and one other thing I wanted to say...

[Sanians]

There are two stinky common problems with my game, both of which annoy the hell out of me, but neither of which I can really do anything about.

The first is issues with graphics rendering. It seems that, even though OpenGL has a way to report errors like "out of memory," a lot of graphics drivers simply don't bother to do so. Instead they just render shit incorrectly and generally fuck shit up. The result is that it looks like the game sucks, but the truth is the game isn't being told anything about what's wrong. It presently doesn't pay attention other than to report the errors on stderr, but then to my knowledge, nothing useful has ever come out of OpenGL's error reporting functions, so it isn't like I'm missing out on a chance to give useful information to the user. Indeed, the graphics stacks which don't have these problems seem to deal with low memory not by reporting an error, but by swapping things to system memory where, if memory usage goes up further, the OS begins swapping out to disk. Thus the good drivers just get slower when they run low on memory, but otherwise present no errors. The bad ones just randomly drop textures and display lists, and again present no errors.

The second is issues with malloc(). Sure, malloc() will tell you when it cannot allocate memory. The problem is that there's generally nothing you can do in that case other than to terminate the program. You can't even printf() about the error because printf() uses malloc() internally and so if malloc() isn't working, printf() won't work either. Nevermind trying to do something more reasonable like display a message to the user about what went wrong and what they might be able to do about it.

Unfortunately, many of the tools programmers rely upon to make software have been written lazily, and so even if you yourself write your code to detect as many errors as possible, there are still plenty you can't do anything about. My game checks the return value of everything. In most cases it just prints a message to stdout and exits, as many errors are just so unlikely that it isn't worth the trouble of writing code to do anything else. Even so, I still get malloc() errors that don't make sense. I made it track memory usage and found that malloc() fails after allocating 400 MB of data on systems with 4 GB and no other software running. I have no clue why it's happening, and I can't do anything about it after it happens. It'd be nice if malloc() were more informative about why it is failing than to simply return NULL as a generic error. I've thought about simply doing one huge malloc() for everything I need and then write my own memory allocator to allocate out of that chunk so that I can be guaranteed to get what I need, but even that doesn't solve problems like a later printf() or some other library call failing when it calls the real malloc(), and I'd also lose out on features like realloc() being able to move memory around by asking the OS to remap pages rather than copying them.

Indeed, it would probably make a lot of sense if malloc(), like the good OpenGL stacks, simply started swapping to temporary files when it could no longer allocate more memory. Even better if it told the application about this so that it can drop things that aren't really necessary (like cached data), and so that the application can rely on the swapping to keep running as it informs the user about the problem and offers a choice to continue on at a snail's pace or to give up and terminate. ...but that's not what we have. We just have something that returns NULL with no warning whatsoever and leaves it up to the programmer to figure out some way to do something sensible in an environment in which it's no longer safe to make any library calls (since they may use malloc() internally).

The state of error handling is really rotten all the way to the core. It isn't just individual pieces of software that suck at it. Even people who want to do it right are kind of screwed.

Discovering these capabilities

[tepples]

So use a directory mount point. Yes, Windows does that.

Does assigning a mount point folder path to a drive support semantics equivalent to unionfs, where files on one physical drive overlay files on another, or does a drive have to be a single directory by itself? For example, if programs were unable to install anywhere other than %ProgramFiles%\Title of Program (which resolves to something like C:\Program Files (x86)\Title of Program), how could I tell Windows which drive should contain a particular directory? This guide from Microsoft sort of implies that the mount point has to be an empty folder, which %ProgramFiles% isn't. Besides, how hard is it for the end user to discover that "yes, Windows does that"?

Or grow the volume by adding a new disk. Yes, Windows does that, too.

I found a description of the process using Google windows grow volume. But how hard is it for people to discover that Windows does that? And the volume appears to be extended at the block level, not the file system level, so it's not so good for use with external drives that may not always be mounted at the same time as the boot volume.

LabTech Software

There's a software company that puts out shit, runs like shit, has a shit development process, but has a GREAT sales team that sells shit to PHBs. The PHBs then take this shit and hand it to their techs to implement. Then their business gets ran into the ground because they don't listen to how shitty the software is, and LabTech Software (during the sales process) goes on about how to change your business so it runs with LabTech.

They have so many ridiculous UI bugs and even misspellings. Their support is useless. Of course, they sell consulting services. You report an obvious bug, and their response is that it's a feature or that it is a feature request. Try tabbing through their UI and laugh at the tab order their shit-for-brains Floridian programmers are too lazy to maintain/fix.

ConnectWise is total shit, too. Took them years to link a blob of text to the fucking database entries that comprise the blob of text. The solution when changing a bunch of those entries was to either manually cleanup the resolution field (blob of text) or clear it and open/save each time entry so that the text in your time entries matched what was in your resolution field.

They still can't put a fucking "\n" at the end of their time stamp string when you click the fucking clock button. STILL! That actually worked for years, but they fucked it up for no reason. A fucking "\n"!!!

One time they cleared a bunch of password fields to "null" if the length was over some number of characters (like 40 something characters - caused a problem when maintaining a history of passwords in that field). Worked fine for years, then an update, then fucking bam! Lost your passwords. Idiots.

These two fucks ups of companies used to work together in the same building. Fuck them both. I sincerely hope someone or multiple people from both companies are reading this shit and can reflect for a bit. You know who I am. I've drank with you fucktards at Bonnet Creek.

Re:Example: HP printer driver software installer

They're registering your computer in the HP botnet, of course.

Instructions from scratch

[tempest69]

What I want are the full instructions on how to get software X to function on a known good configuration.
I'm talking ALL the instructions, as in I have a box with the minimum Fedora v 26 install, what are all the keystrokes that I will need to install this software. No assuming that I will have X set up some way on my machine, or that I've installed the right version of Mesa3D, or that vim is installed.

I don't want to find out that I'm hunting down some bug because yum install kerberos installed MIT kerberos instead of Hemidall kerberos.
I want this because almost everyone skip steps they consider obvious. The puzzle is so much easier to figure out when you can look at the picture on the lid.

Re:Instructions from scratch

[Giant+Electronic+Bra]

Oh, no doubt about it. At least in our case the thing is you probably have to start with planning at a higher level. Our customer would start by thinking about business needs, features, performance, reliability of the whole platform, and various integration needs and desires they would have. Then we would engineer them a deployment plan in conjunction with their IT people. It will be decided where the various services are deployed, are they using Kerberos, internal authz, AD, some other LDAP service, etc. for authentication. Is there external client network access required? Is it happening via a VPN, SSL, into a DMZ? If so then is there a separate server handling that, is it clustered, how is failover being handled? Do the core servers reside on the same network or on the other side of the DMZ? What about other incoming and outgoing data streams, how is high reliability being handled there? Do we have to assist in establishing SLAs? Are there extra pieces the customer needs to monitor those? There's just endless amounts of details with this stuff. It gets pretty crazy. Basically a lot of the reason we exist is to deal with all this kind of stuff, guide clients, and provide them with the information they need to make decisions and/or handle things on their own. We do have manuals, and you can definitely install the software based on the manual, but chances are you won't have a good grasp of the best ways to use it and achieve your business goals without help. I don't know how to capture all of that in any written form. I've got a large wiki, but even then you can only convey so much. A lot of it is just familiarity with the problems and knowing what kind of stuff will or won't likely work.

What is the Colour of Empty?

Hey, this is only the tip of the iceberg.

For instance, how many systems have a Country table, then force the customers to populate that table? Every. Single. Customer. Ditto for States/Provinces/Cantons.

Even if a system cannot ever be fully pre-populated, many basic setup options can be ready to go for 80% of the customers. Yet how many packages try?

The polish and sophistication of a lot of shipping software is seriously lacking.

Absolutely hilarious

What an open source shill.