Too Perfect a Mirror

Carewolf writes "Jeff Mitchell writes on his blog about what almost became 'The Great KDE Disaster Of 2013.' It all started as simple update of the root git server and ended up with a corrupt git repository automatically mirrored to every mirror and deleting every copy of most KDE repositories. It ends by discussing what the problem is with git --mirror and how you can avoid similar problems in the future."

Lean how your tool works?

[gweihir]

Preferably, before using them? This sounds very much like plain old incompetence, possibly coupled with plain old arrogance. Thinking that using a version control system does absolve one from making backups is just plain old stupid. Then, with what I have seen from the KDE project, that would be consistent.

Re:Lean how your tool works?

[maxwell+demon]

Also, mirrors are not backups. Mirrors are intended to be identical to the original, so mirroring worked as expected. How should the software know that the removal of most repositories was not intentional?

Re:Lean how your tool works?

[gweihir]

Yes, it is too much. How would the mirror operation ever know without full checks on everything? Quit asking for nanny-software that treats its users as incompetent and illiterate. Is it too much to ask for the admins to actually have a brief look at the description of the operation they are using as their primary redundancy mechanism? I don't think so. If they had done this very basic step, they would have known to run a repository check before mirroring. If they had any real IT knowledge, they would have known that mirrors are not backups and that you need backups in addition.

Also, from what I gather from their grossly incomplete "analysis" is that they had a file that read back differently on multiple reads (not sure, they seem not to have checked that), which is not a filesystem corruption (the OS checks for that on access to some degree), but a hardware fault. Filesystems and application software routinely do not check for that. It is one of the reasons to always do a full data compare when making a backup.

Re:Lean how your tool works?

[vurian]

"I would also like to point out that the incompetence and arrogance of the KDE team is quite visible once you investigate a bit of their history." Actually, if you would investigate the history of the KDE sysadmin team you would find out that this handful of volunteers are doing a job that many full-time, well-funded sysadmins cannot rival. And.. Anyone who talks about "the KDE team" as if it's a single, monolithic entity doesn't know what they're talking about.

Re:Lean how your tool works?

[TheRaven64]

In a traditional filesystem, yes. The mirroring happens at the block device level, and so it is completely unaware of the semantics of the filesystem and will duplicate anything, potentially overwriting good data with bad if the filesystem is corrupted. Worse, unless the drive fails catastrophically, you're liable to either duplicate single-block errors or to be unable to tell which copy of a block is the damaged one. ZFS fixes the second of these problems with block-level checksums, so it can tell which disk has errors. It also makes the mirroring infrastructure partially aware of the filesystem layout, so it shouldn't duplicate filesystem corruption, however it will happily copy user errors. For example, if your word processor corrupts a document as it saves it, then there's nothing ZFS can do about that (unless you have an earlier snapshot). And, of course, if there's a bug in the filesystem driver, all bets are off.

Mirroring, as the grandparent says, is not a substitute for proper backups. One of the most common reasons for restoring from backups is accidental deletion. Even a filesystem with 100% reliability won't protect you against this.

Re:Lean how your tool works?

[socceroos]

Mirrors should be backups ideally. See Byzantine Fault Tolerance. A really good mirroring system would be properly BFT.

Not git related

[Rob+Kaper]

This is not a problem with git --mirror: rsync or any other mirroring tool would end up in the same situation.

It's up to the master to deliver the goods and upgrading a master should include performing a test run as well as making a backup prior to the real upgrade. This was a procedural failure, not a software failure. But good to hear disaster was averted.

Re:Not git related

[Carewolf]

True, but git does have a mechanism for checking integrity, and the discussion here is where you should use the fast git --mirror which has no checks, and where the slower mechanism which does fits in.

Re:Not git related

[gweihir]

Indeed. Git is blameless here. Git also is not a backup tool, you need backups in addition, just for cases like this one.

Re:Not git related

[gweihir]

You can --mirror any time. If you actually have backups, not just mirrors and hope.

Re:Not git related

[qbast]

No, the main function of version control is ... version control.

The 'K' stands for ...

You know, calling it a disaster really depends on your point of view.

No backups?!

[Blymie]

Good grief!

After all of that, not a single proposed solution is a proper, rotational backup.

This is what rotational backups are FOR. They let you go back months in time, and even do post-corruption, or post-cracking examination of the machine that went down!

Backups do *not* need to be done to tape, but a mirror or a raid card is NOT a backup. This is actually simple, simple stuff, and it seems like the admins at KDE are a bit wet behind the ears, in terms of backups.

They probably think that because backups used to mean tape, that's old tech, and no one does that.

Not so! Many organizations I admin, and many others I know of, simply do off-site rotational backups using rsync + rotation scripts. This is the key part, copies of the data as it changes over time. You *never* overwrite your backups, EVER.

And with proper rotational backups, only the changed data is backed up, so the daily backup size is not as large as you might think. I doubt the entire KDE git tree changes by even 0.1% every day.

Rotational backups -- works like a charm, would completely prevent any concern or issue with a problem like this, and IT IS WHAT YOU NEED TO BE DOING, ALWAYS!

Re:No backups?!

[Blymie]

Git has no rotational backup ability in it. You can't do rotational backups of the machine, on the machine for starters!

ZFS is not a rotational backup as well!

Failure, 101, backups. Go back to school.

Both of the above solutions do not prevent slow corruption, and they do not prevent issues where the machine is suspect. (Yes, ZFS can have bugs). They also do not help if the machine has been hacked into. They don't help if there is a fire, flood, or theft of the local box.

Modern backup methodology has been developed over decades of people suffering JUST THROUGH THIS VERY THING. If you plan to just throw all that away, and pretend everyone doing backups is an idiot -- MAKE SURE YOU KNOW WHAT YOU ARE DOING.

Because -- this very issue would not have been even a tiny concern, if proper, off machine, rotational backups were being done. And, if you aren't going to follow proper backup methodology, then you'd better sit down in a quite place for a few hours, and think of every possible disaster scenario, AND issues with the code you're going to be using for those backups.

Hell, this whole KDE problem started, because the people using it did not even know how git works, 100%! Now, you're suggesting that using another tool, ON THE SAME BOX, is the answer? What will someone miss on ZFS?

No, please, think about this more carefully.

Re:No backups?!

[Blymie]

A 24 hour old sync isn't a backup. It's a slightly delayed mirror.

"Rotational backups" isn't just a single thing. It's a whole ball of wax. Part of that ball of wax, are test restores. Another part of that are backups that only sync changes, something exceptionally easy with rotational backups, but not as was with a filesystem snapshot.

In 10 seconds, I can run 'find' on a set of rotational backups I have, that go back FIVE YEARS and find every instance of a single file that has changed on a daily basis. How does someone do that with ZFS snapshots? This is something that is key when debugging corrupt , or looking for a point to start a restore from (someone hacks in).

Not to mention that ZFS could be producing corrupt snapshots -- what an annoyance to have to constant restore those, then do tests on the entire snapshot to verify the data.

What I see here is a reluctance to do the right thing, and a desire to think that the way people do traditional backups is silly.

Re:No backups?!

[Doc+Hopper]

I do storage & backup for a living on an extremely large scale. Your post is correct in the main, except for this:

You *never* overwrite your backups, EVER.

You must overwrite tapes if you want to keep media costs reasonable. In our enterprise, we typically use $30,000 T10Kc tape drives with $300 T10K "t2" tapes. Destroyed/broken/worn-out media costs already eat the equivalent of several well-paid sysadmin salaries each year. Adding additional cost for indefinite retention is a huge and unnecessary cost.

Agreed, though, this KDE experience isn't quite like that. Source code repositories commonly have 7-year-retention backups for SLA reasons with customers; most of my work deals with customer Cloud data, which kind of by definition is more ephemeral and we typically only provide 30, 60, or 90-day backups at most, in addition to typical snapshotting & near-line kinds of storage.

No reasonable-cost disk-based storage solution in the world today provides a cost-effective way to store over a hundred petabytes of data on site, available within a couple of hours, and consuming just a trickle of electricity. But if you have a million bucks, a Sun SL8500 silo with 13,000+ tape capacity in the silo will do so. All for the cost of a little extra real-estate, and a power bill that's a tiny fraction of disk-based online storage.

Tape has a vital place in the IT administration world. Ignore this fact to your peril and future financial woes.

Re:No backups?!

[Carewolf]

More accurately the problem is that the hardware resources available to KDE are very limited and the KDE repository is one of the largest git repositories in the world. Back when subversion was the hot new thing, the thing that carried it forward was KDE because it was trying to migrate for SVN for several years before subversion was even capably of handling a repository that large. Git still can't remotely handle a project that large, which is why KDE is now split into a thousand different git projects.

How often would you do do complete backups of KDE? How many would you save? How much hardware would that require? ZFS snapshots sounds like an ideal situation to handle the backups, since it can deduplicate. It does give another point of failure, but ZFS is pretty professional and high quality, and this is something it is designed to handle.

Re:No backups?!

[gweihir]

What really surprises me is that people still do not understand backup, after it has been solved for decades. Backup _must_ be independent. It _must_not_ be on the same hardware. It _must_not_ not even be on the same site, if the data is critical. It must protect against anything happening to the original system. Version control, mirrors, RAID, all do not qualify as backup. They are not independent of the system being backed up.

However, the amount of incompetence displayed in the original story and the comments here explains a lot. Seems that in this time of "virtual everything" people do not even bother to learn the basics anymore and are then surprised when they make very, very basic mistakes.

Re:No backups?!

[drinkypoo]

No reasonable-cost disk-based storage solution in the world today provides a cost-effective way to store over a hundred petabytes of data on site, available within a couple of hours, and consuming just a trickle of electricity.

Lots of businesses (and most open source projects) are still dealing with only a couple terabytes of data or far less, and so they not only can but probably should use disk-based backups for reasons of both cost and convenience as nothing else will be cheaper, faster, or easier.

Tape is now an enterprise-only thing, and good riddance.

Re:No backups?!

[Doc+Hopper]

Unless there are legal reasons to keep 5-10 years of backups, or you are dealing in more then 3-5 TB of storage to be backed up, or taking things off-site daily via courier tape is just too expensive.

I like your summary of three important reasons for tape archive. I'll restate in different terms.
1. Mid-term to indefinite data retention.
2. Large quantities of data, where "large" is a value greater than a single hard drive can reasonably store.
3. Disaster recovery planning.

But there are more.

4. "Oops".

That's the category of this KDE git issue. Recovering from an "oops". People screw up. How do you recover? I'm a big fan of having multiple layers in that onion: online snapshots, near-line replicas, and off-line tape backups are a basic three-tiered framework for figuring out how to protect the data. I'm amazed as big as KDE is, they don't have storage/backup expertise helping them keep their data secure. Makes me think I may have found my next open-source niche to fill.

5. Reliability. Contrary to the "fragile, expensive" opinion above, tape failure rates are demonstrably lower than hard drive failure rates despite regular handling. Research left to the reader; hard drives fail at a rate about fifteen times higher than their rated MTBF, which was already considerably higher than tape. Data on tape is far more resilient than data on a hard drive.

6. Cost. If you have to store data long-term, consider tape. Administrative, electrical, power, cooling, and storage requirements are all cheaper.

That's what I can think of off the top of my head; I'm sure there are more reasons for tape to be a good choice. The reality for many people that want to store their data "in the cloud" also is this:

I back up your "cloud" storage onto tape drives. Your cloud storage is only as reliable as my ability to recover it from a disaster.

Re:No backups?!

[fikx]

Hey, they had their backups setup....just switch some terms around and you can see how they actually DID have backups like they claim. sync happened every 20 minutes....so they kept multiple copies of one backup that was overwritten every 20 minutes. So, their window to detect and fix the issue before overwriting the backup is 20 minutes. no problem, right? What could possibly go wrong?
:)

Re:No backups?!

[akozakie]

And it's not going to get better. Read the comments at the site. Most of them are surprised that no backup procedure was implemented and most of the answers to those comments are "I'm telling you, there were backups! The mirrors. And if you mean old-school backup, that's not easy for a live git repository".

They simply Know Better (TM). Discussion is useless, arguments are not even being parsed fully - the token "backup" throws an exception in their minds. They had the closest thing to a lose-it-all lesson you can get without... well... losing it all and they still do not see the problem. Sort of impressive, if you ask me. In a bad way, of course.

Re:No backups?!

[lennier]

Here's the problem with backups: You're still trusting software to not have bugs. If you have a tape library what prevents a bug in the library from overwriting the wrong tapes?

I can see you've worked backup shift operator before. :)

In my experience, tape backup software is just about the buggiest, cranky, least resilient piece of software I've had the displeasure of attempting to make half-work. There are so many ways an inventive tape jukebox can decide to fail (trying to backup an open database is a popular one). Pretty much if your backup completes at all, you can be sure it's because it didn't write what it was supposed to. If you're lucky it maybe wrote something to the log before it crashed!

Oh, and testing by restoring? Onto the live production server which doesn't have an identical hot-swap live backup? Or even the one that does, but is in full-time use by the development team? Good luck getting permission to try that just to see if the backup system is working.

Admittedly that was ten years ago. But I'm sure things have been fixed completely since then, just like security has.

Re:No backups?!

[Doc+Hopper]

Absolutely fair comments, thanks for the information that new tapes have a higher cost on a tape drive than used tapes. I should have said "millions upon millions of feet of tape", which would have been a correct statement. I stand corrected.

Re:Sounds like...

[bmo]

There is nothing wrong with using the internet as a backup machine - with the caveat that you know what you're doing and you're using the right service/tool properly.

Personally, I have all my very important documents in an encrypted archive labelled "Area_51_Aliens_Proof.rar" with the note "It is dangerous for me to provide the key, but in the event of my death or imprisonment, a key will be provided EXPOSING EVERYTHING!!!" and uploaded to various paranormal bittorrent trackers and mirrored by various denizens of /x/.

I expect my documents to be archived in perpetuity.

--
BMO

No backup of the KDE sources!

They had/have no fucking backup! And complain about some git mirror issues. I can't fucking believe it that they can be so stupid.

The solution: MAKE BACKUPS!

No Git also failed

The files were corrupted, Git didn't report squat about the problems. The sync got different versions each time. Sure there are two layers of failure here, but one of them certainly is Git.

What he's saying is simple, Torvalds comment is not completely true:
"If you have disc corruption, if you have RAM corruption, if you have any kind of problems at all, git will notice them. It’s not a question of if. It’s a guarantee. You can have people who try to be malicious. They won’t succeed. You need to know exactly 20 bytes, you need to know 160-bit SHA-1 name of the top of your tree, and if you know that, you can trust your tree, all the way down, the whole history. You can have 10 years of history, you can have 100,000 files, you can have millions of revisions, and you can trust every single piece of it. Because git is so reliable and all the basic data structures are really really simple. And we check checksums."

He's saying that if the commits are corrupted:
"If a commit object is corrupt, you can still make a mirror clone of the repository without any complaints (and with an exit code of zero). Attempting to walk the tree at this point will eventually error out at the corrupt commit. However, there’s an important caveat: it will error out only if you’re walking a path on the tree that contains that commit. "

So there's a clear room for improvement. Sure the fault was a corrupt file, but the second layer of protection, Git's checking, ALSO FAILED. Denial isn't helpful here, Git should also be fixed.

Re:No Git also failed

[gweihir]

Well, so this was _not_ a git failure, as there was an explicit warning that it does not cover this case. Not the fault of git but those that did not bother to find out. That a "mirror" operation does not check the repository is also no surprise at all.

Incidentally, even if git had failed, that is why you have independent and verified backups. A competently designed and managed system can survive the failure of any one component.

Re:No Git also failed

[jankoh]

Did you read the whole article?
Even the part about "git fsck"?
I just assume, that it was a design choice of Linus, NOT to run fsck each time, when performing let's say, mirror.
Anyway, you can adjust just your sync scripts to include the fsck and carry on.
(or better yet, run git fsck after each filesystem fsck???)

Re:No Git also failed

[gweihir]

Indeed. And it is absolutely no surprise that a fast mirror operation does not do a full consistency and data check. The most you can expect is a check whether data was copied correctly, and even for that you should check the documentation to make sure.

Also, not knowing that backups are both mandatory and not somehow "automagically" done is basic IT operations knowledge. These people did not bother to find out and now blame git, when it is only their own lack of skill they have to blame.

Re:No Git also failed

[osu-neko]

Indeed. And it is absolutely no surprise that a fast mirror operation does not do a full consistency and data check. The most you can expect is a check whether data was copied correctly, and even for that you should check the documentation to make sure.

Also, not knowing that backups are both mandatory and not somehow "automagically" done is basic IT operations knowledge. These people did not bother to find out and now blame git, when it is only their own lack of skill they have to blame.

Knowing that screw-ups happen is basic engineering knowledge. Competent engineers design fault-tolerant systems that don't fail spectacularly even when someone screws up. Yes, we understand, these people screwed up badly and are primarily to blame for the problem. This does not absolve git of any poor engineering decisions made that exacerbated the problem. A bad engineer says, "Ah, that person is to blame for causing this problem" and washes his or her hands of it. A good one says, "Ah, that person screwed up monumentally! Is there some way my tool could be improved to prevent screw-ups like that from resulting in a disaster?" You can't prevent all problems, but you shouldn't even be an engineer, software or otherwise, if you're the kind of person who doesn't even try. "Working as documented" is the poor engineer's excuse...

Re:A thousand times. (Unless online mirrors roll b

[gweihir]

No. Backup is out of scope for version control. Anybody with actual common sense would not expect it to make backups "magically" by itself and check to make sure. Then they would implement backups. But that does actually require said common sense.

Re:delayed update to servers..

[gweihir]

And another amateur-level solution. Does nobody know how to do backups anymore? O.k., here is the very basics of mandatory characteristics of a backup:

- Backup data storage independent of the system being backed up
- Several generation of backups kept for long enough to be absolutely sure you can recover (yes, that can mean years) and frequently enough that loss is acceptable.
- Expect that one backup generation can be faulty and ensure that even then, recovery is possible and data-losses are acceptable.
- Full disaster recovery possible, even if your original system is stolen by aliens.
- Disaster recovery is tested regularly
- Data is verified (full compare or 2-sided crypto-hash compare) on backup

This really is "IT operations 101". Forget about all these halve-ba(c)ked amateur stuff, IT DOES NOT WORK.

But it is SUPPOSED to

"Not the fault of git but those that did not bother to find out"

No, Git has the integrity check, the integrity check didn't work. If the integrity check had worked as claimed then their backups were solid.

I know people are saying "keep backups", but they're really missing the point. A backup is a copy of something, the more up to date the better, better still if it keeps a historic set of backups. Perhaps with some sort of software to minimize the size, perhaps only keep changes..... you can see where I'm going with this.

Git sync to a lot of drives IS A BACKUP. It is exactly what an ideal backup should be, historic, up to date, minimizes storage. What is that system if it isn't an automatic backup!

Except for this bug, which needs to be fixed, and a little less faith in git too would also be a good thing.

It's really no different than if you use the backup software, and it made careful backups and kept historic copies, and then one day your disk got corrupted, you promptly went to your backups only to find the backup software had been chomping those because it didn't notice the integrity was corrupt and had happily been corrupting the backups it was keeping.

So I see comments saying they didn't have backups OMG! But no, their problem was they only used ONE TYPE OF BACKUP SOFTWARE Git sync. I bet all of you use only ONE type of backup software and are equally vulnerable to this failure.

Re:But it is SUPPOSED to

[gweihir]

Git does not have the magic "integrity check" on making mirrors. If they had bothered to look at the documentation they would have known. If they has thought about it for a second, they would have realized that expensive integrity checks might be switched off on a fast mirror operation. If they had even be a bit careful, they would have checked the documentation and known. They failed in every way possible.

Stop blaming the tool. This is correct and documented behavior. Start blaming the people that messed up badly.

And no, nothing done within the system being backed up is a backup. A backup needs to be stored independent of the system being backed up. Stop spreading nonsense.

Re:But it is SUPPOSED to

Git does not have the magic "integrity check" on making mirrors.

Why on earth not?

If they had bothered to look at the documentation they would have known.

There's no mention of this in any of the git-clone, git-push, git-pull or git-fetch man pages on my system, at least not near any instance of the word "mirror".

If they has thought about it for a second, they would have realized that expensive integrity checks might be switched off on a fast mirror operation.

Why? The point of the mirror option (at least as far as the documentation mentions) is to propagate all branch additions/deletions/forced updates automatically, not to make it fast. Git is advertised as having strong integrity checking as a feature, so why would you assume that would ever be turned off, except maybe with an explicit --no-check-hashes option?

If they had even be a bit careful, they would have checked the documentation and known. [...] This is correct and documented behavior.

Not documented in any of the obvious places to look, at least. Maybe if they'd bothered to read literally the entire Git documentation they might have found a mention of this somewhere, but reading the entire documentation every time you start using a new option just in case there might be some special non-obvious caveat goes way beyond "even a bit careful".

And no, nothing done within the system being backed up is a backup. A backup needs to be stored independent of the system being backed up.

The whole point of the mirrors is that they're not the same system as the original.

Re:But it is SUPPOSED to

[osu-neko]

Stop blaming the tool. This is correct and documented behavior. Start blaming the people that messed up badly.

This is a false dilemma. One can certainly blame the blameworthy behaviors of the people using the tool, while still pointing out that the tool itself could be improved. Yes, there are reasons why you might want a mirror operation to be as fast as possible, and even reasons why you might want to mirror a corrupted archive. There should be a flag for that, --skip-integrity-check or the like. Making that the default behavior, however, seems ill-advised.

If they had bothered to look at the documentation they would have known.

Yes, and they should have, and are to blame for not doing so. That said, documenting poor design doesn't make it good design.

Re:But it is SUPPOSED to

[BitZtream]

It is UNIX-style design where the user is expected to actually understand what they are doing.

No, it is not, and never was. It is infact the opposite of that. man pages, as one obvious example, are there so people who don't know what they are doing can figure it out. It is designed to be intuitive and provide you with the information needed to get the job done. It was built to have small, simple tools that were easy to understand. They can perform simple tasks on their own or when working together, perform some complex ones ... hence the powerful unix command line. The original UNIX design considered but new, inexperienced users and how to bring them up to speed as well as how to empower users with more knowledge of the system.

What you are referring to is a Linux/OSS attribute, not a UNIX attribute. Linux/OSS developers typically expect the user of the software to be a developer as well. This is the result of everyone scratching their own itch only and most code being written by people for themselves without any consideration of others. No one WANTS to write the things that makes it intuitive or easy for someone else who doesn't understand all the quirks. Obviously this isn't true for some of the paid developers, but the majority of them aren't.

Re:But it is SUPPOSED to

[Zero__Kelvin]

"No, Git has the integrity check, the integrity check didn't work."

The integrity check worked perfectly. It said, in effect: "Yes, Mr. admin, this version is corrupted in exactly the same way as the original, which is I assume what you wanted since that is what you told me you wanted." Git is not to blame here. How is git supposed to know that you don't want a corrupted file in your repo? Maybe it is in there for testing purposes, for example.

Welcome to "rsnapshot"

Rsnapshot provides cheap, userland hardlinked rotating snapshots work very well. Simply do the rsnapshots in one location, and three are dozen ways to make the completed, synchronized content accessible for download or other mirrors when the mirror is complete.

The only thing I dislike about it is the often requested, always refused feature of using "daily.YYYYMMDD-HHMMSS" or a similar naming scheme, instead of the rotating "daily.0, daily.1, daily.2" names which are quite prone to rotating in mid-download for anyone accessing the snapshots via NFS or a web browser. The only way you can tell the rotations apart is by the timestamp on the top level directory, and that's very confusing when it rotates out from under you in mid-operations.

Moral of the story....

[Lumpy]

you ALWAYS have incremental backups on MULTIPLE MEDIUMS.

If you think your Git repositories are your backup, then you need to learn what the word Backup means.

Re:A thousand times. (Unless online mirrors roll b

[gweihir]

I believe you are not talking about backup. A backup allows system recovery after a disaster and cannot ever be stored in the system itself. What you are talking about is availability improvement. That _can_ be part of the primary system. RAID, for example, exclusively serves this purpose (except RAID0). But backups must also protect against user and administrator error, software errors, the data-center burning down, sabotage, etc.

Replication is not the tool for that. The problem is that any data copy part of the system itself can be corrupted by the system as the system still has access to it. That is why a backup must be both removed from the system so it is independent, and allow full reconstruction, even if the original system is completely destroyed.

Now, improving uptime and reducing downtimes is important, but it is not what a backup does. A backup makes sure you do not lose your data permanently. What uptime improvement does is to make it less likely that you need to go back to the backup.

Or to put it differently, backup is for Disaster Recovery. Uptime improvement is for reducing DR cost reduction by reducing the probability of it becoming necessary and for reducing downtime cost.

I do agree to the political angle though.

Re:programming != IT

[jeremyp]

They should be backing up daily and, even if not, they should certainly have done a backup before doing a software upgrade.

response from a core Git developer

[nluv4hs]

Jeff King responded on Git's mailing list:

Jeff King at 2013-03-24 18:31:33 GMT
propagating repo corruption across clone

"So I think at the very least we should:

1. Make sure clone propagates errors from checkout to the final exit code.
2. Teach clone to run check_everything_connected.

"

Re:programming != IT

[vurian]

Your remark is typically said by the guy who doesn't understand that a project like KDE is not an organization comparable to a Fortune 500 company. It is not a company. There are no employees. There is no significant income. Everything is done by volunteers. Everything. All of it. It is a large open source community, but it is not a company. There is no one responsible for telling anyone what to to do. There is no one who said "you have this budget", because there is no budget. This is completely outside your experience. There are no "they" who take care of things -- there is just an "us" -- and if you think your experience can be of use, you can be part of the "us", but you won't be paid, and every bit of hardware and bandwidth you use, you'll have to beg for. And it still works. Isn't that effing amazing?

Re:programming != IT

[lennier]

Very good point. Many, many programmers do not get how to operate IT competently.

Yes. And this is a problem.

It leads to the atrocities that are the Adobe and Apple installers, among other things. Apparently an "application developer" these days doesn't need to trouble himself* with how his priceless treasures actually interact with the operating system they will be installed on. Because that's, like, the IT grunt's job? And anyway isn't some file copies and maybe a few registry hacks just a small matter of scripting, and not really coding at all?

I'd like to dream that one day IT will be taught in computer science courses, with the same level of theoretical abstraction, and given the same kind of functional-programming toolsets that... well, haven't made it into mainstream "software engineering" either... but at least could get us all talking in the same room again. You know, like some lectures about how just tossing a bunch of files into a filesystem is sorta like coding in raw assembler in the 1960s where we had global variables for everything? And maybe couldn't there be a slightly smarter way of organising our lives so that we didn't....? And maybe how we could apply some of that "object oriented" and "functional" stuff that exists inside a running process, to the OS layer? At a slightly finer level of granularity than "spin up an emulated image of an entire server"? And maybe even the network infrastructure guys could have some kind of version control system for all the text config files for their DHCP servers and routers? Pretty please?

Well, not next year. But maybe by 2030?

* Theoretically that could be "herself", except that this level of arrogance/ignorance really does seem to be a uniquely male failure mode . Most females are smarter than to believe that they know everything about subjects they haven't learned.

The most important...

[i]

From my 34 years of constructing, coding and maintaining applications on computers I learned by the hard way the 4 most important points:

1. Backup.
2. Backup.
3. Backup.
4. The rest.