El Reg reports
Microsoft had to emit a hasty update for its R Open analysis tool after developers found the open-source package was not playing nice with some Linux systems.
The issue was brought to light earlier this week by developer Norbert Preining, who found[1] that the Debian GNU/Linux version of Open R[2]--Microsoft's open-source implementation of the R statistics and data science tool--was causing headaches when it was installed on some systems.
In particular, Preining noted that the shell instructions Microsoft used to install the software would fail on a computer where another version of R is already installed. Worse, the script would delete whatever is at /bin/sh and override it with Bash, changing the system's command interpreter.
[...] Additionally, Preining found, the script Microsoft used to uninstall R Open would cause further problems, one being that it would delete files without checking where they actually pointed
[...] Fortunately, it looks as though Redmond was listening, and Microsoft's dev team was quick to act. Within two days of Preining's blog post going up, he reported that R Open had been patched by the Windows giant to resolve the issues and properly install and remove itself on Debian systems.
"Thanks Microsoft for the quick fix, it is good news that those playing with Open R will not be left with a hosed system", Preining noted.
[1] Text highlighting and scrollwheel scrolling on the page work now. Mouse actions were broken June 13. (Scrolling was mentioned down in the comments there.)
[2] Content is behind scripts.
(Score: 2, Funny) by Anonymous Coward on Friday June 15 2018, @10:44AM (12 children)
This is one of the main reasons why executable installers were dropped for package managers by everyone who cares about having a stable system.
Clearly Microsoft still doesn't.
(Don't say they didn't know better. Even Microsoft must have heard of the idea behind MSI at least once).
(Score: 0) by Anonymous Coward on Friday June 15 2018, @10:50AM (11 children)
Reading the article, it looks like this is a script hidden inside a debian package and auto-run by the package manager.
If that's the case, Microsoft is not the only ones at fault. Whoever though that a package manager running random scripts was a good idea is also at fault.
(Score: 5, Informative) by isostatic on Friday June 15 2018, @11:34AM (3 children)
Debian has had preinst and postinst scripts for 20 years, RPM has something similar. It's far better than a tarball deployed with "installMe.sh"
If you install some random software from some random company, it's your responsibility to test it. I'm assuming this package wasn't accepted into the official repositories.
(Score: 0, Troll) by Anonymous Coward on Friday June 15 2018, @02:06PM (2 children)
That doesn't change the fact that an installer based on running a random script or executable is exactly what package managers were intended to avoid. It just means that Debian and Redhat failed at building a package manager.
(Score: 2) by lentilla on Saturday June 16 2018, @01:05AM
Possible - just extremely unlikely. I sincerely hope you were trolling.
(Score: 2) by Bot on Sunday June 17 2018, @06:48PM
> It just means that Debian and Redhat failed at building a package manager.
Hello there, you seem lost. Here's a quick map.
Microsoft Infinite monkeys at infinite typewriters = systemd Apple modern shoddy FOSS Linux userland and drivers other unices and the Apple of yore = linux kernel openbsd.
Account abandoned.
(Score: 2, Disagree) by driverless on Friday June 15 2018, @12:56PM (2 children)
It's a simple programming mistake, not some conspiracy by MS. Years ago nn, an otherwise excellent news reader, had the cute feature that if some shell variable got unset then an rm of $some_path_or_other/* became an rm of ./*. I remember going though some of the scripts it ran and finding quite a few places where this could happen when the contents of my $home disappeared after firing up nn one day. I wouldn't be surprised if things like this were hidden all over various programs, it's only the fact that it happened to MS that makes this one newsworthy.
(Score: 1, Informative) by Anonymous Coward on Friday June 15 2018, @02:04PM
That's happened in Steam also.
The difference is that this case did not involve any variable. It plain and simple did:
rm /bin/sh
ln -s /bin/bash /bin/sh
No variable, no weird edge cases, no mistake. It's either willful destruction of the target system or incompetence. Probably the latter, but I doubt Microsoft would admit that even when given that choice.
(Score: 2) by Bot on Sunday June 17 2018, @06:51PM
> It's a simple programming mistake, not some conspiracy by MS.
"DOS ain't done till Lotus won't run."
Account abandoned.
(Score: 4, Informative) by FatPhil on Friday June 15 2018, @04:15PM
Hidden? Bollocks!
It's one of the scripts, with well-known and unchanging names, in the package that the package manager looks for and will auto-run in order to install the package. Package managers cannot know how to install packages (some files go here, some go there, some pre-processing may be necessary before a binary can be run such as registering as a service, or as a cron job, or inserting yourself into a menu system, etc.), and therefore an essential part of playing in the managed package game is to provide these scripts that the package manager expects.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 3, Touché) by sjames on Friday June 15 2018, @05:14PM (2 children)
So what you're saying is that MS doing the obviously wrong thing due to a boneheaded rookie mistake is fine, it's Debian's fault for not having an AI package manager that solves the halting problem?
(Score: 2) by lentilla on Saturday June 16 2018, @01:12AM (1 child)
Correct - although Debian has long identified this as a failing of its package manager. Just see what happens here:
At least they are honest about it.
(Score: 0) by Anonymous Coward on Saturday June 16 2018, @10:08PM
What? Then who did I give them to?
(Score: 1, Informative) by Anonymous Coward on Friday June 15 2018, @10:45AM (12 children)
Three Micro$oft articles is a row? They have gotten to SoylentNews! O Tempura! O Mongolia!
(Score: 2) by Gaaark on Friday June 15 2018, @11:02AM (4 children)
O if Microsoft only knew what they were doing!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday June 15 2018, @11:11AM (3 children)
"Fear, uncertainty, doubt, incompetence, and buggy code." You were saying?
(Score: 2) by Gaaark on Friday June 15 2018, @11:26AM (2 children)
FUDIBC!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Friday June 15 2018, @11:44AM (1 child)
FTFY:
Microsoft FUDIBC™
(Score: 0) by Anonymous Coward on Friday June 15 2018, @11:47AM
FTFY 2.0 (forgot the open bit):
Microsoft Open FUDIBC™
(Score: 0) by Anonymous Coward on Friday June 15 2018, @11:47AM (1 child)
Where do you think all the "free" sub money came from ...
(Score: 2) by takyon on Friday June 15 2018, @06:38PM
I'm sure they're in love with this coverage.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday June 15 2018, @12:33PM (1 child)
FTFY
(Score: 0) by Anonymous Coward on Saturday June 16 2018, @09:32AM
Can we get Rebecca De Mornay? [wikipedia.org] She was wonderful in "Trip to Bountiful". If not, the French sauce [wikipedia.org] will do.
(And, I still smell a Redmond conspiracy. What are the sneaky bastards up to this time?)
(Score: 1) by fritsd on Friday June 15 2018, @03:33PM
The only "mores" they've heard of is "moar dollars".
(Score: 2) by takyon on Friday June 15 2018, @06:38PM (1 child)
Bill and Melinda Gates Foundation != Microsoft.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 0) by Anonymous Coward on Friday June 15 2018, @09:41PM
The Doris Duke Foundation tries to make the same claim. Doesn't wash. A Foundation funded with the proceeds of billions of Blue Screens of Death, and you think it is not a spawn of the same evil?
(Score: 2) by pkrasimirov on Friday June 15 2018, @12:33PM (1 child)
As much as I love to bash M$ as the next guy, I cannot really see malice here. Maybe H1-B at worst. It's far too common beginner mistake to overwrite a file by script. Patch & go, nothing new in the dev or ops world.
Or, if it is FOSS, (sorry, didn't RTFA) even go patch yourself.
Or, you know, just fork it...
(Score: 2, Informative) by Anonymous Coward on Friday June 15 2018, @02:08PM
There was no mistake.
The path to what gets deleted is hard coded.
Incompetence, sure; mistake, no.
(Score: 1, Informative) by Anonymous Coward on Friday June 15 2018, @12:45PM (2 children)
R is a statistical language/software popular in many fields as mentioned in the summary. It IS opensource. I dont know what Microsoft is implementing in ITS opensource version but R is certainly opensource. I remember them buying a company that implemented R commercially (Revolution Analytics?) a while ago.
sbgen (not logged in)
(Score: 2) by goodie on Friday June 15 2018, @01:28PM (1 child)
My thoughts exactly... R is FOSS to begin with. I know that MS was implementing extensions to help with some of R's default shortcomings (e.g., automated parallelism, handling of large files etc) especially as they were integrating it in SQL Server 2016. But why would you need a separate version than the standard one is beyond me and would likely only cause headaches in the long run. But it's their right to do it I guess...
(Score: 2, Funny) by Anonymous Coward on Friday June 15 2018, @01:36PM
With this version of R you can calculate and see why running Windows is cheaper than Linux for your enterprise.
They clearly needed completely different statistical tools to reach that conclusion...
(Score: 2) by Sourcery42 on Friday June 15 2018, @01:34PM
It's nice that we're getting some MS love on the *nix side of the computing world. I don't have near enough excuses to tinker and troubleshoot without their shit breaking.
(Score: 0) by Anonymous Coward on Friday June 15 2018, @02:57PM
URL Below Contains Links To Articles, But this copy/paste does not!
Please see: https://www.jwz.org/blog/2018/06/lol-github/ [jwz.org]
URL Above Contains Links To Articles, But this copy/paste does not!
Please see: https://www.jwz.org/blog/2018/06/lol-github/ [jwz.org]
(Score: 4, Interesting) by fritsd on Friday June 15 2018, @03:45PM (1 child)
What I don't get is, if you're smart enough to program in R, and R already runs (well?) on Linux, why do you need to complicate things by installing the Linux and R in Microsoft Windows?
(I'm not intentionally trolling)
(Score: 1, Informative) by Anonymous Coward on Friday June 15 2018, @06:42PM
makes the phb's happy if it says m$ on the splash screen??
(Score: 3, Insightful) by PinkyGigglebrain on Friday June 15 2018, @04:47PM (5 children)
#!/bin/bash was the second command I was taught when I learned shell programming. The first was "/usr/bin/vi " .
I have little doubt that this screw up was not malicious but it speaks volumes about the level of pure incompetence and down right arrogance of the programmers employed by MS.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 0) by Anonymous Coward on Friday June 15 2018, @07:12PM (2 children)
It also says a lot about Debian's package maintainers... Who lets something like that slip past?
(Score: 4, Touché) by lentilla on Saturday June 16 2018, @01:16AM
Microsoft. You're a troll.
(Score: 1, Informative) by Anonymous Coward on Saturday June 16 2018, @04:35AM
Summary was pretty terrible. But, this is an unofficial package from M$. Install non-M$ tainted R from official repos and none of this shit is an issue.
Official packages are GNU R, not M$ "open" R:
r-base - GNU R statistical computation and graphics system
r-base-core - GNU R core of statistical computation and graphics system
r-base-core-dbg - GNU R debug symbols for statistical comp. language and environment
r-base-dev - GNU R installation of auxiliary GNU R packages
r-base-html - GNU R html docs for statistical computing system functions
(Score: 3, Interesting) by ChrisMaple on Friday June 15 2018, @10:21PM (1 child)
/bin/sh is known by nearly everyone experienced in Linux to be the standard interpreter for shell scripts. That this happened suggests that some newbie couldn't get his shell script to run with sh, but could with bash. Being too ignorant to start his script with #!/bin/bash, perhaps assuming that everything that runs on sh will also run on bash, he arrogantly decided everyone should be using the modern shiny bash.
This is something that should have been caught before it was released.
(Score: 0) by Anonymous Coward on Saturday June 16 2018, @09:38AM
OMG! UID= 6964? Is SoylentNews going to break the 7000 ceiling? OK, not to get too excited. 36 more to go.
(Score: 0) by Anonymous Coward on Friday June 15 2018, @05:13PM
embrace
extend
extinguish
(Score: 2) by VLM on Friday June 15 2018, @09:17PM
Business as usual.
In all fairness, for decades MS has produced single program operating systems where you can't run both a DHCP and a DNS server on the same box, "of course" so you need like 50 servers to replace one multi purpose linux server. Probably because MS bills by install, so having more than one program installed on a box would tend to maximize revenue. Which leads to a whole cottage industry of virtualization since you got 50 physical servers all doing approximately nothing to remain a "supported configuration" so you can virtualize them all on one physical server, whereas the Linux way of doing it is "apt-get install" like 50 packages on one box. Of course with containerization turning linux into MS windows admin style, and systemd turning linux into, WTF nothing good thats for sure,...
I'm just saying by MS admin standards, one OS with one program installed on it, is about right, so whats the issue?