SoylentNews is people
SoylentNews
El Reg reports
Microsoft had to emit a hasty update for its R Open analysis tool after developers found the open-source package was not playing nice with some Linux systems.
The issue was brought to light earlier this week by developer Norbert Preining, who found[1] that the Debian GNU/Linux version of Open R[2]--Microsoft's open-source implementation of the R statistics and data science tool--was causing headaches when it was installed on some systems.
In particular, Preining noted that the shell instructions Microsoft used to install the software would fail on a computer where another version of R is already installed. Worse, the script would delete whatever is at /bin/sh and override it with Bash, changing the system's command interpreter.
[...] Additionally, Preining found, the script Microsoft used to uninstall R Open would cause further problems, one being that it would delete files without checking where they actually pointed
[...] Fortunately, it looks as though Redmond was listening, and Microsoft's dev team was quick to act. Within two days of Preining's blog post going up, he reported that R Open had been patched by the Windows giant to resolve the issues and properly install and remove itself on Debian systems.
"Thanks Microsoft for the quick fix, it is good news that those playing with Open R will not be left with a hosed system", Preining noted.
[1] Text highlighting and scrollwheel scrolling on the page work now. Mouse actions were broken June 13. (Scrolling was mentioned down in the comments there.)
[2] Content is behind scripts.
(Score: 2, Funny) by Anonymous Coward on Friday June 15 2018, @10:44AM (12 children)
This is one of the main reasons why executable installers were dropped for package managers by everyone who cares about having a stable system.
Clearly Microsoft still doesn't.
(Don't say they didn't know better. Even Microsoft must have heard of the idea behind MSI at least once).
(Score: 0) by Anonymous Coward on Friday June 15 2018, @10:50AM (11 children)
Reading the article, it looks like this is a script hidden inside a debian package and auto-run by the package manager.
If that's the case, Microsoft is not the only ones at fault. Whoever though that a package manager running random scripts was a good idea is also at fault.
(Score: 5, Informative) by isostatic on Friday June 15 2018, @11:34AM (3 children)
Debian has had preinst and postinst scripts for 20 years, RPM has something similar. It's far better than a tarball deployed with "installMe.sh"
If you install some random software from some random company, it's your responsibility to test it. I'm assuming this package wasn't accepted into the official repositories.
(Score: 0, Troll) by Anonymous Coward on Friday June 15 2018, @02:06PM (2 children)
That doesn't change the fact that an installer based on running a random script or executable is exactly what package managers were intended to avoid. It just means that Debian and Redhat failed at building a package manager.
(Score: 2) by lentilla on Saturday June 16 2018, @01:05AM
Possible - just extremely unlikely. I sincerely hope you were trolling.
(Score: 2) by Bot on Sunday June 17 2018, @06:48PM
> It just means that Debian and Redhat failed at building a package manager.
Hello there, you seem lost. Here's a quick map.
Microsoft Infinite monkeys at infinite typewriters = systemd Apple modern shoddy FOSS Linux userland and drivers other unices and the Apple of yore = linux kernel openbsd.
Account abandoned.
(Score: 2, Disagree) by driverless on Friday June 15 2018, @12:56PM (2 children)
It's a simple programming mistake, not some conspiracy by MS. Years ago nn, an otherwise excellent news reader, had the cute feature that if some shell variable got unset then an rm of $some_path_or_other/* became an rm of ./*. I remember going though some of the scripts it ran and finding quite a few places where this could happen when the contents of my $home disappeared after firing up nn one day. I wouldn't be surprised if things like this were hidden all over various programs, it's only the fact that it happened to MS that makes this one newsworthy.
(Score: 1, Informative) by Anonymous Coward on Friday June 15 2018, @02:04PM
That's happened in Steam also.
The difference is that this case did not involve any variable. It plain and simple did:
rm /bin/sh
ln -s /bin/bash /bin/sh
No variable, no weird edge cases, no mistake. It's either willful destruction of the target system or incompetence. Probably the latter, but I doubt Microsoft would admit that even when given that choice.
(Score: 2) by Bot on Sunday June 17 2018, @06:51PM
> It's a simple programming mistake, not some conspiracy by MS.
"DOS ain't done till Lotus won't run."
Account abandoned.
(Score: 4, Informative) by FatPhil on Friday June 15 2018, @04:15PM
Hidden? Bollocks!
It's one of the scripts, with well-known and unchanging names, in the package that the package manager looks for and will auto-run in order to install the package. Package managers cannot know how to install packages (some files go here, some go there, some pre-processing may be necessary before a binary can be run such as registering as a service, or as a cron job, or inserting yourself into a menu system, etc.), and therefore an essential part of playing in the managed package game is to provide these scripts that the package manager expects.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Touché) by sjames on Friday June 15 2018, @05:14PM (2 children)
So what you're saying is that MS doing the obviously wrong thing due to a boneheaded rookie mistake is fine, it's Debian's fault for not having an AI package manager that solves the halting problem?
(Score: 2) by lentilla on Saturday June 16 2018, @01:12AM (1 child)
Correct - although Debian has long identified this as a failing of its package manager. Just see what happens here:
At least they are honest about it.
(Score: 0) by Anonymous Coward on Saturday June 16 2018, @10:08PM
What? Then who did I give them to?