Software Bloat

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

dlang dub, "dub add tcltk" , pulls in x11 & tcltk sources and start to compile these in your user home directory to create bindings.
Even if you have x11 & tcltk installed with headers and shared libraries.
 

astyle

Daemon

Reaction score: 653
Messages: 1,464

dlang dub, "dub add tcltk" , pulls in x11 & tcltk sources and start to compile these in your user home directory to create bindings.
Even if you have x11 & tcltk installed with headers and shared libraries.
🤣 And here I thought Java and Windows were the worst offenders.
 

kpedersen

Son of Beastie

Reaction score: 2,168
Messages: 3,006

Old Fart C Programmer may have a point here
For so long I was a Java developer. But over time I just realized the old fart C programmers wrote better software, achieved better things, earned more money and got assigned cooler projects. So I joined them basically!

UK inflation and house prices has kinda nulled the benefits of the higher pay... but the rest stayed true ;)
 

ct85711

Member

Reaction score: 63
Messages: 93

Yeah... Shouldn't the FreeBSD version of pip/pypi check for presence of stuff like ninja, cmake and meson on the system?
Should is the key word, I haven't checked on FreeBSD if pip does or not; but either way that is an assumption that can (and have on linux distros) have disastrous results. Then you get into the part, just because pip does, what about rust, ruby, npm, and any others? Sure the examples are more relatively harmless/less dangerous, but at the same time consider what damage would say pulling in clang/llvm or even libressl (libressl isn't part of base, but it uses some of the openssl library names, so could overwrite libraries)

Sure, some of the damage can easily be mitigated (and possibly avoided) using some common practice (like not running as root); but we all seen several times people ignore or even straight out do so anyways. Afterwards come complaining (like usual) that their system is
broken.

Update:
Just did a small check, and pip does NOT check if the system installed package is installed or not. While it will use the already installed package if it is needed as an dependency; it still overwrote the file(s) that was already installed.
What I did was, installed ninja and cmake and python38-pip through pkg. Next, I ran pip install ninja. Afterwords, did pkg check -s ninja. Result, the /usr/local/bin/ninja did not match the checksum. Also verified through pip show -f ninja that is where ninja was installed.

Now, yes did run pip as root (this was intentional for testing), which pkg strongly recommends not to do.

Update 2:
Just noticed removing ninja through pip; also removed the executable, thus completely leaving the ninja pkg broken.
 

Jose

Daemon

Reaction score: 1,081
Messages: 1,303

Simple: we can't expect root pip to respect what's done by root pkg, and vice versa.
Awesome! Now calculate the blast radius of the Cartesian product of pip, cargo, rubygems, npm, CPAN, CRAN, and the native package manager.
 

astyle

Daemon

Reaction score: 653
Messages: 1,464

Awesome! Now calculate the blast radius of the Cartesian product of pip, cargo, rubygems, npm, CPAN, CRAN, and the native package manager.
3 TB, 1 GB, 4 MB, 1 KB, 5 bytes, and 2 bits exactly.
 

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

astyle, do not forget the blast-radius of "ansible", "nim nimble", "ruby gem","go","ocaml opam".
But R & Python are huge. On my desktop:
Code:
pkg info | grep -i cran | wc -l                                                                                                                  
373
pkg info | grep -i py38 | wc -l                                                                                                                
 464
 

covacat

Aspiring Daemon

Reaction score: 325
Messages: 663

Code:
/2001-11/freebsd.log.gz:*** [31-Oct:21:03] Signoff: thn1k3r (ircII2.8.2-EPIC3.004 --- Bloatware at its finest.)
 

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

Interested how ocaml compiles hello world ?
here it is:
Code:
CC  -v -o 'a.out'  \
'helloworld.s' 'a.out.startup.s' \
'/usr/home/x/.opam/4.13.1+options/lib/ocaml/std_exit.o' \
'/usr/home/x/.opam/4.13.1+options/lib/ocaml/stdlib.a' \
'/usr/home/x/.opam/4.13.1+options/lib/ocaml/libasmrun.a' \
'-L/usr/home/x/.opam/4.13.1+options/lib/ocaml' \
-pthread -Wl,-E -lm
The opam directory in the home folder contains dynamic and static libraries compiled by the "package manager opam".
Sources of it are downloaded somewhere over the rainbow.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 226
Messages: 750

astyle, do not forget the blast-radius of "ansible", "nim nimble", "ruby gem","go","ocaml opam".
But R & Python are huge. On my desktop:
Code:
pkg info | grep -i cran | wc -l                                                                                                                 
373
pkg info | grep -i py38 | wc -l                                                                                                               
 464
maven, gradle, ivy, sbt.
 

kpedersen

Son of Beastie

Reaction score: 2,168
Messages: 3,006

But package managers share one common thing.
Multiple versions of the same library, a problem known as "hell".
The closest I have seen to a solution to this was Solaris. You could have different "software stacks" with different versions of the same library in:
  • /usr/csw
  • /opt/csw
  • /usr/local
  • /usr/sfw
  • etc
But you can easily achieve this with FreeBSD by changing the Ports PREFIX variable as you build them. It would be an interesting prospect to have something like:
  • /usr/local/2020
  • /usr/local/2021
  • /usr/local/2010 <--- Mainly for a decent Gnome 2 stack ;)
But we actually have this in place and can mostly work today already if you can be bothered to build the packages. FreeBSD is actually one of the few operating systems that has decent compatXX packages (allowing us to even run versions as old as 3.x in a Jail / chroot.)
 

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

I think having multiple versions of a library is a bad software design. (unless it is development or testing).
Alot of times i have seen it using just because software was not more maintained.
 

kpedersen

Son of Beastie

Reaction score: 2,168
Messages: 3,006

Alot of times i have seen it using just because software was not more maintained.
Such is life. This will never change. Throw in the fact that software can sometimes regress and you end up with quite a hard problem for a package manager to solve.
 

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

In the blacklist of my desktop i currently have,
Code:
net/samba412
net/samba413
lang/python2
lang/python27
lang/python36
lang/python37
lang/ruby26
www/qt5-webengine
So whatever needs these accuse me for the wording ,obsolete versions, falls definitive of my system.
 

roccobaroccoSC

Aspiring Daemon

Reaction score: 226
Messages: 750

In the blacklist of my desktop i currently have,
Code:
net/samba412
net/samba413
lang/python2
lang/python27
lang/python36
lang/python37
lang/ruby26
www/qt5-webengine
So whatever needs these accuse me for the wording ,obsolete versions, falls definitive of my system.
Maybe blacklist any package that has a digit in its name :D?
 

astyle

Daemon

Reaction score: 653
Messages: 1,464

Maybe blacklist any package that has a digit in its name :D?
You won't be able to install KDE (which depends on QT5) or Apache24. Sometimes, you just gotta accept that imperfections are unavoidable, go drink some tea, and watch a loud, smelly, burning dumpster truck rumble by once in a while. 😮‍💨
 

Alain De Vos

Son of Beastie

Reaction score: 789
Messages: 2,574

I have the following installed:
Code:
ap24-mod_fastcgi-2.4.7.1       Apache 2.4 fast-cgi module
ap24-mod_fcgid-2.3.9           Alternative FastCGI module for Apache2
ap24-mod_scgi-2.0              Apache module that implements the client side of the SCGI protocol
apache-commons-beanutils-1.9.4 JavaBeans utility library
apache-commons-codec-1.15      Implementations of common encoders and decoders
apache-commons-collections-3.2.2 Classes that extend/augment the Java Collections Framework
apache-commons-httpclient-3.1_2 Package implementing the client side of the HTTP standard
apache-commons-io-2.11.0       Collection of I/O utilities for Java
apache-commons-lang-2.6        Apache library with helper utilities for the java.lang API
apache-commons-lang3-3.8.1     Apache library with helper utilities for the java.lang API
apache-commons-logging-1.2     Generic logging wrapper library
apache-openoffice-4.1.11       Integrated wordprocessor/dbase/spreadsheet/drawing/chart/browser
apache24-2.4.51                Version 2.4.x of Apache web server
apachetop-0.18.4_1             Apache realtime log stats
But indeed no kde. But life is ok with sway.
If i could compile kde without its akonadi/nepomuk stuff it would be nice. In fact something between kde & lxqt would be nice.
 
Top