NPM 5.7 recursively changing ownership of system directories when using sudo npm -g
-
@izzion said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@jaloopa
Even if you can't fix it globally by making changes to the repository, you can fix it for your self by coding the fix and then maintaining that monkey patch in perpetuity. Duuuuhhh.Filed under: Why no, I've
totallynever had to do that for Asterisk, why do you ask?I am way too familiar with that process (just locally fixed a bug of a popular add-on yesterday) because our legal team seems to believe that if we submit pull requests to open source projects, we're somehow losing out on our intellectual property. While that may be true in certain cases (with non-viral licenses we could presumably sell the customized version), they don't seem to understand that we don't necessarily want the intellectual property; we want to not have to spend the man-hours to maintain a customized fork of everything just because we made one-line fixes. They also don't consider that it could be beneficial from a PR perspective for us to have active involvement in the open source community.
I keep meaning to create a personal (and non-identifiable) GitHub so these changes can "sneak their way in" to upstream...
-
@thecpuwizard said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
There is a huge difference between "make a local change so that the problem does not impact you" [which is what Open Source allows] and the ability to "fix" the root cause so that other users of the original repository are not impacted.
How and why has this thread devolved into professional developers explaining to each other what open source is and how it works as if they think the people they're speaking to have literally never seen a public GitHub repo before? I am so confused.
If anybody in this conversation is female, this is definitely their opportunity to accuse everybody else in the conversation of mansplaining.
-
@cabbage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@thecpuwizard said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
There is a huge difference between "make a local change so that the problem does not impact you" [which is what Open Source allows] and the ability to "fix" the root cause so that other users of the original repository are not impacted.
How and why has this thread devolved into professional developers explaining to each other what open source is and how it works as if they think the people they're speaking to have literally never seen a public GitHub repo before? I am so confused.
If anybody in this conversation is female, this is definitely their opportunity to accuse everybody else in the conversation of mansplaining.
I do not see it as that. Rather a discussion about the different interpretations of the word "fix" and the ramifications of accepting a given meaning.
-
@heterodox Is explaining to management "legal are forcing us to spend significant amounts of company resources just to harm other people in a way that provides no benefit to us" not a viable option?
-
Did they ever unpublish / roll back the thing?
-
@boomzilla I think there was something upthread saying they've now released 5.7.1 which fixes it
-
-
@anonymous234
The center panel should read "That's nice, but we need one that doesn't permanently brick all of our production servers"
-
@cabbage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@heterodox Is explaining to management "legal are forcing us to spend significant amounts of company resources just to harm other people in a way that provides no benefit to us" not a viable option?
Oh, my management has the same view + 100%. Doesn't seem to matter. We're still politicking though, when we have time. We know there are other projects/units with VPs who are close to being open source "zealots", so we're going to see what they do and try to network with them. They just probably didn't make the mistake of asking permission rather than forgiveness. ;)
-
@anonymous234 said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Doesn't even need to be a different programming language that prompts the new package manager; see also npm vs. yarn.
-
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Did they ever unpublish / roll back the thing?
Nah, it's still there.
-
@jazzyjosh I believe they have pushed version 5.7.1 to the release channel so that upgrading (or was it
install
ing?) no longer gives you the broken version.
-
@jbert Yeah, but there's nothing preventing you from downloading the
THIS WILL BREAK YOUR SYSTEM
build.
And they still haven't updated the release notes to address this
AND THE BUILD STILL ISN'T VERSIONED TO INDICATE IT'S A PRE-RELEASE.
-
@jazzyjosh
Well, 5.7.1 isn't pre-release now, it's a main stem release to fix issues from 5.7.0. And as an added bonus, they got to skip all that pesky pre-release testing time for the 5.7 branch. #itwasplanned #illuminati
-
@izzion said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
pre-release testing
There is no pre-release testing in npm.
The users are the
guinea pigsQA teams
-
@timebandit
Thankfully, npm is just minor hobby software that is never used in any business critical environ.....Oh, right.
-
@cabbage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Hmm. Maybe I'll pop open a pull request to fix this in the npm docs. Oh, wait; somebody already did: https://github.com/npm/docs/pull/679. It hasn't been merged in the two years since it was opened, though, or even acknowledged by a member of the npm team, because FYTW.
The original thread had one of those "it's open source so you can just fix it yourself!" guys in it, to which the reply was, "the core developers haven't merged a PR from someone else in like 4 years." (Paraphrasing.)
So, you know. It's all open source-y!
-
@cabbage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
How and why has this thread devolved into professional developers explaining to each other what open source is and how it works as if they think the people they're speaking to have literally never seen a public GitHub repo before? I am so confused.
TheCPUWizard has no sense of humor, so he didn't get the original joke. Then "mansplained" it. Which then turned into a boring-ass conversation because people on this forum love nothing more than talking about boring-ass things like software licenses.
-
@izzion No, 5.7.0 and 5.7.1 are both marked as pre-releases.
-
@jazzyjosh
Facts making fun of Open Source s
-
@mrl said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@carnage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Because it's provably a clusterfuck, in every concievable way. The actual package manager is maintained by a bunch of drunk monkeys hammering away at keyboards, and the packages it manages are worse ....
And all this in javascript land. I'm shocked.
-
@jaloopa said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@thecpuwizard can you please tell that to the zealots who always insist that nobody has any right to complain about any open source product ever because they can fix it themselves? KTHXBAI
The open source model assumes that the repository is not maintained by a bunch of incompetent morons.
-
@deadfast said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
The open source model assumes that the repository is not maintained by a bunch of incompetent morons.
Would a repository (not) maintained by a single incompetent moron be better or worse???
-
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Apparently the npm developers feel they can do whatever they want with your system. Seriously, this isn't a subtle bug, this is code doing exactly what it claims to do. Which is stupid and clearly nobody tested this on a real system.
And now they have someone tested this on a real production system.
-
@jaloopa said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@thecpuwizard said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
make a local change so that the problem does not impact you
apart from the fact that you have to maintain a custom build for ever and constantly merge any upstream changesbuild the custom code once, deploy it, and then never ever update it; going so far as to turn off Auto Updates, because the next version has been "lol rewritten" so you can't even merge it if you wanted to. And besides, you actually bothered to give a fuck about security, so you closed the gaping XSS and CSRF and SQL Injection attacks when you made your monkey patch.
-
@blakeyrat said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
people on this forum love nothing more than talking about boring-ass things like software licenses.
Or which sites have the best logo designers.
-
@deadfast said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
The open source model assumes that the repository is not maintained by a bunch of incompetent morons.
The open source end-user model assumes that the repository IS maintained by a bunch of incompetent morons.
-
@blakeyrat said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@cabbage said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
How and why has this thread devolved into professional developers explaining to each other what open source is and how it works as if they think the people they're speaking to have literally never seen a public GitHub repo before? I am so confused.
TheCPUWizard has no sense of humor, so he didn't get the original joke. Then "mansplained" it. Which then turned into a boring-ass conversation because people on this forum love nothing more than talking about boring-ass things like software licenses.
Your boring ass is another man's treasure.
-
Oh, my management has the same view + 100%. Doesn't seem to matter.
Sounds like you're talking to the wrong level of management, then. I don't know how big your organisation is, but there must be managers somewhere above you who can tell legal to fuck off. If your boss1 is on-side, perhaps the next move is to escalate to your boss2 (and CC boss1 in) and continue until you reach whichever bossn can actually fix it.
-
@jazzyjosh said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@izzion No, 5.7.0 and 5.7.1 are both marked as pre-releases.
Under the SemVer spec, which NPM claims to use, 5.7.0 and 5.7.1 are very much not pre-release version numbers.
-
@ben_lubar I agree, but they are marked as such on GitHub.
-
I have a simple policy on
npm
: I refuse to usenpm
in combination withsudo
.npm
has to stay in~
. Same withpip
. Both commands support installing into the homedir. There is no reason for them to write anywhere else.The official asstorials that put
sudo
in front ofnpm
are simply wrong. The developers' cavalier reaction tonpm
destroying their users' setup just reinforces my opinion. They could have pulled the package with an apology. Not fine but dandy. Instead the package is still there and can still break systems
-
@gleemonk I want a
docker
-like desktop OS where I can run every program in its own virtual filesystem and process space.
-
@gąska said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Your boring ass is another man's treasure.
This is Chad.
He isn't much for clubs or discos or loud, trendy restaurants. He loves nothing more than what others would call a "boring" night in; some takeout, some video games, maybe a movie. All relaxed. Maybe he isn't a party animal, but he'll cherish you like a treasure. Every part of you.
Even your boring ass.
-
@ben_lubar said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@gleemonk I want a
docker
-like desktop OS where I can run every program in its own virtual filesystem and process space.I don't see why you couldn't set up an X client application in a docker container with a TCP tunnel.
-
@ben_lubar said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@gleemonk I want a
docker
-like desktop OS where I can run every program in its own virtual filesystem and process space.Writing LPAD is too hard
you can get that function from us!
How do I do that?
Just install this whole OS-like system, configure it, and use commands to get a package that may do what you want, or will blow up your system, 50/50.
kewl
{blows up system}
oh no! Why is this so complicated
Let's simplify things by taking everything above, and writing a whole OTHER operating system to wrap around it. Then LPAD won't blow up your system. Might now blow up your system. Well, 25/75 now.
-
@lorne-kates if NPM blows up my development docker container, I can just copy my files to a different, non-broken container.
-
@pleegwat said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@ben_lubar said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@gleemonk I want a
docker
-like desktop OS where I can run every program in its own virtual filesystem and process space.I don't see why you couldn't set up an X client application in a docker container with a TCP tunnel.
Yeah, the only problem with that is that 99% of the time when someone has computer issues like "this website told me I had a virus so I clicked the button to fix it" they're not the kind of person who knows what an X client is.
Also, you don't need TCP - you can just mount the X socket on the Docker container's filesystem.
-
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Did they ever unpublish / roll back the thing?
I believe under npm's own rules, you can't
npm unpublish
after 24 hours.Of course, personally, the minute they introduced the business logic to limit
unpublish
to 24 hours, the command itself stopped working for me. Now even if I publish something and try to unpublish seconds later, I'll get a 403.I think maybe I figured out why they couldn't unpublish npm v5.7.0, because unpublishing just doesn't work :face_with_stuck-out_tongue:
-
@julianlam That's a techy talking.
It's their own distribution system. The typical boss would call nobody's going home till the release is pulled.
-
@gleemonk said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Same with
pip
.At least with
pip
, it's really easy to just get avirtualenv
going and then completely stop worrying about all that shit. We outright state this in our install instructions now, it's that much less painful than screwing around with the system installation of Python packages.If only languages worked that way by default. Oh, wait. Some already do; just not the one I need to use for work…
-
@julianlam said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Did they ever unpublish / roll back the thing?
I believe under npm's own rules, you can't
npm unpublish
after 24 hours.Of course, personally, the minute they introduced the business logic to limit
unpublish
to 24 hours, the command itself stopped working for me. Now even if I publish something and try to unpublish seconds later, I'll get a 403.I think maybe I figured out why they couldn't unpublish npm v5.7.0, because unpublishing just doesn't work :face_with_stuck-out_tongue:
Filed as PG-1226
-
@ben_lubar said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Filed as PG-1226
Huh. You'd think they'd just give it an R rating at that point.
-
@boomzilla It was rated by the Elves, and they think the human race is still too young for it.
-
-
@erufael said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@boomzilla It was rated by the Elves, and they think the human race is still too young for it.
-
@ben_lubar Damn Elves.
-
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@jazzyjosh What did he say?
Does github run on node? I keep getting when I try to view the issue now.
I do like AOKP's mascot...
-
@boomzilla said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
Does github run on node?
Worse, it's Ruby on Rails
-
@pie_flavor said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@blakeyrat said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
@julianlam said in NPM 5.7 recursively changing ownership of system directories when using sudo npm -g:
(People on Reddit are pointing out that he's not an npm dev, so perhaps some of our anger is misdirected)
People white-knighting for others they have no relationship with is even worse.
Yes, nobody should ever stick up for anyone.
I'll stick up for anyone willing.