I find the response of the maintainer to be typical of the kind of detached attitude that you come across every now and then with issues reported.
I've had bugs converted to 'wontfix' and 'unconfirmed' in spite of giving detailed info and / or situations where it clearly is a bug.
It shouldn't take a 'thinking over a cup of tea' to recognize this is highly undesirable behaviour, a fix is practically free and very easy, the results of executing that script are potentially very expensive.
It's a bug. Not a feature for the wishlist.
And I never did get why there has to be yet another way to start stuff up in the first place. /etc/inittab, /etc/init.d/ and now 'upstart'...
It doesn't seem to be a great improvement over the previous system but requires a bunch of new stuff to be learned and old stuff to be unlearned. That should come with a clear advantage of sorts and I can't seem to find any.
One nice feature of upstart is its ability to start services, disk checks, etc, in parallel. This will dramatically decrease boot times on modern systems. ( http://www.linux.com/archive/feed/57213 )
Changing his mind (without hinting that he may have been wrong) was a step in the right direction, and he did propose a clean fix that will prevent other similar bugs, but he flagged this as a wishlist which shows that he still doesn't consider it to be of major importance. He could always safeguard the script and treat his suggestion as a wishlist item, which would have been more reasonable.
The absurd thing is that one simple, proposed patch (#20) is just a few lines of actual code - far less than all the "blah blah blah" attached to the bug report.
It fixes the problem now but does nothing to prevent the same problem showing up again in another script. Good maintainers are careful about putting some band-aid over a problem instead of fixing it. And from what he said it seems he rather plans fixing it in Upstart instead of having to patch scripts every-time. That does not sound absurd to me.
Not only is it not productive, it's disingenuous. After all, tihs is a bug that in the worst of cases you're going to be hit by only once (unless you're a masochist), so whoever you tell 'don't do that then' that has just experienced your bug already knows that.
It's the people that haven't experienced it yet that are at risk, and you can't tell those 'don't do that then' preemptively.
The specific bug was fixed elsewhere (if you check the updates to the bug report).
All that has happened was that didn't get properly referenced and the changes to priority suggested that the bug wasn't being addressed. Someone has just jumped on that ;)
I can understand how something you have to really make an effort to blow up does not make the urgent list. It would never have occurred to me to go about running random startup scripts manually. I am not a Linux Hacker - but neither are most other Ubuntu users. My reaction to "hm, installation/upgrade did not work" would be to revert to the old version.
Not dissing the people who try to find the errors and fiddle around - they are the ones who advance the state of Linux in the long run. But it's probably a good idea to use a test system for fiddling around.
Daemontools is nice because it works fine as a init.d replacement, and you can just run the individual programs when appropriate. I use it to start emacs, offlineimap, etc., when I log in for the first time.
Seems like it can stand in as both your init daemon and your process monitor, replacing (for example) supervisord. I guess that means one less config file, at least?
Indeed, this is the sort of fiasco Microsoft wishes that money could buy. "I'm a PC ... because Windows DOESN'T wipe all your data without asking first. "
But I think your comment is still vast overkill. The fact is, I get really, really worried every time I see a BSOD'd airline departures board or worse, an ATM booting up Windows (usually Win 2000). Don't these people know?! That there's another OS out there called (GNU/)Linux and it's fast and free and doesn't have a long tradition of crap engineering?
And then I see this and remember that while Linux is (mostly) well-engineered, it has all sorts of equally well-engineered, completely unmarked "self-destruct" buttons. And if there's anything scarier than Windows near airplanes, it has to be Windows users near Linux near airplanes.
We may have flippant maintainers once in a while, but open-source is actually a protection against that, not a liability.
Anyone can take care of this bug and release their own patches and spins with any given bug or set of bugs or set or features implemented/removed/whatever in open-source. If you get a flippant maintainer of, say, a component of Windows, you're just going to have wait until one of his bosses decides a given bug is a large enough threat to the company to demand it gets fixed. This can be a very, very long time, especially where only edge cases are affected, where you have no option to do anything but beg someone to listen to you. With open-source software, you can fix it yourself, you can hire someone else to fix it, you can put something else in its place, you can do anything! One of these options is obviously better.
> open-source is actually a protection against that, not a liability
Theoretically, but in practice open source software is decidedly worse at this sort of thing than OS X or Windows. I suspect that the profit motive is a driving factor here. You can tell that this maintainer does not care or lacks the capacity to empathize at all about his users. Maybe because they are not the ones paying the bills?
Not so much. Im dealing with a vendor right now -- we have paid support, and have spent thousands with them. As a developer, I have sent several fairly deep/detailed questions about their api and code. The response has been alternating evasions and attacks on my "style" for not using the api the way they intended.
If this is what profit motive gets me, I'll stick with "for the love of it" motive any day. There are jerks everywhere, at least with OSS I'm not paying for the privelege.
(The fact I'm using the vendor's stuff wrong is entirely possible, but the training supposedly included in our support package keeps getting delayed so I can't be certain how to properly use it).
Hmm? Could you care to explain your reasoning? Are you speaking of bug counts per lines of code? Or something else?
In my eyes, I'm glad that this bug report is in the wild. I'm glad microsoft employees are waving this around in our faces because look how many lives this bug report will save. Look how many people won't get bit by this bug now that they know about it. On the other hand, I can't explain how many times I've used Microsoft's installers, following the instructions to the T only to wind up with broken software or even yes, trashed filesystems.
Perhaps you're right. Maybe open source software is more buggy than our middle-management-driven alternatives. But at least we aren't afraid to warn people of its faults. I think the fact that we don't need to cover critical bugs like this up to keep profits high says something positive about this model of development.
> Are you speaking of bug counts per lines of code? Or something else?
I speak of incidents I've read about and incidents experienced myself. These are not statistics, but they satisfy me.
> I'm glad microsoft employees are waving this around in our faces
Where? Or is this the standard OSS "everyone who criticizes Linux is a secret Microsoft employee" line of thinking?
> Look how many people won't get bit by this bug now that they know about it
Falsely assuming that a significant number of those with the potential to be affected actually know about it . . .
> following the instructions to the T only to wind up with broken software or even yes, trashed filesystems.
Somehow most other people manage to do it without many problems.
> But at least we aren't afraid to warn people of its faults . . .
I believe Microsoft and Apple's KB systems are more complete and well organized than Ubuntu's bug-tracker.
> critical bugs like this
You may not need to cover them, but you're also the only ones who actually have them in significant number. I prefer an organization that cares enough to prevent the bugs from happening but does not disclose them to one where the bugs are disclosed then ignored with insults.
I have used at work both MSDN and Microsoft KB in the past. I wouldn't say they are more complete than launchpad (bigger, yes, more complete, no). And they certainly are not better organized, finding anything in MSDN is painful.
Oh, I see where you're coming from. Sorry, I didn't mean no flamin'. Let me clarify my points real quick, then I'll go back to my n00bishness with my 5 precious karma and my fiery tongue.
>> I'm glad microsoft employees are waving this around in our faces
>Where? Or is this the standard OSS "everyone who criticizes Linux is a secret Microsoft employee" line of thinking?
> > Look how many people won't get bit by this bug now that they know about it
> Falsely assuming that a significant number of those with the potential to be affected actually know about it . . .
I think most competent system administrators who would invoke such a script (it was not an automatic action, this bug is triggered by explicitly running a script that was introduced in the latest unreleased ubuntu version) probably read either reddit or digg or hackernews and would likely know about this very popular bug by now. Which is an advantage because now they won't be bitten by it.
> Somehow most other people manage to do it without many problems.
Guess I'm not one of them.
> I believe Microsoft and Apple's KB systems are more complete and well organized than Ubuntu's bug-tracker.
Perhaps you're right. You have more experience with them. I haven't even seen their bug trackers, and likely wouldn't have access to them unless I were a Microsoft or Apple employee. That's how most proprietary companies' bug trackers work.
> You may not need to cover them, but you're also the only ones who actually have them in significant number.
Funny, I thought all software was buggy? At least, the stuff I write sure is.
> I prefer an organization that cares enough to prevent the bugs from happening but does not disclose them to one where the bugs are disclosed then ignored with insults.
Fair enough. But to be honest, this is not an organization we're dealing with here. This is not a system we're criticizing here. This is the problem of one maintainer's silly response to a simple problem. No reason to blame the entire system for one maintainer's bad day.
No software is bug free. But I personally would rather either submit a patch (you can do that with open-source software) or poke a maintainer (a living breathing doorway into the code and the development process) than navigate through Apple corporation's or Microsoft corporation's complete and well-organized knowledge bases or bug tracking systems only to find out this programmer might not feel like fixing that bug and there's nothing more I could do.
Oh wait, I guess I contradicted myself there. Bah, you know what I meant; I'm still new to this 'arguing with people over the Internet' thing and you hacker newsies are quite an incredibly perceptive bunch.
Good luck trying to discuss with Microsoft about the implementation of some step in the Windows boot sequence. In fact, good luck trying to find out details about such implementation.
I guess "out of sight, out of mind" works for you.
What a sucky display of moderation here, -4, really ? So what if you disagree with the guy, he's backing away from linux for a fairly good reason.
I'm writing this on an ubuntu box in a microsoft free house, in case anybody suspects me of astroturfing for ms.
It should be possible to criticize linux and / or state that you are 'leaving the fold' without getting modded in to the ground.
Open source and linux are great imo, but there is still lots that could be done a whole lot better, and maintainer 'king of the realm' attitude is a fairly large problem.
It's all too often true that if your 'itch' isn't the exact same as the maintainers that it will not get scratched.
I suspect that if he had left out the "yay Open source" bit and just said, "This is why I am slowly backing off blah" he wouldn't get as many downvotes, though it would still be a vacuous statement.
Sure it is a matter of tone, but downvoting for tone does happen and I am not sure it is a bad thing. As it is he sounds like (NB: not saying he is, just sounds like) some immature fellow passing by from reddit knocking Open Source/Linux without adding any value to the discussion. I would expect a comment like "Yay Apple! Yay Steve Jobs! This is why I don't use OSX" to be downvoted too.
And even without the "yay" bit, his comment doesn't add much and has close to zero information content. It is equivalent to someone saying "this" or "upvoted" or "+ 1" or "me too" to something someone else said.
Such comments do get downvoted on HN. I don't have an opinion either way though I wouldn't care if it got downvoted to -4 or stays at +1. Anything above that would be scary!
I tend to look at the factual content of a contribution and less at the tone. It's like the RMS/Miguel de Icaza thing but in miniature, if you 'leave' open source after having used it you're almost worse than if you were a windows user all your life long, and I think the moderation in part demonstrates that. If it's just about the tone that's different, but since 'tone' is hard to gage it's a bad reason to moderate for, unless it is crystal clear that the words are offensive or rude. In this case 'linux' and 'open source' are not people, so they can't be insulted and 'yay open source, yay linux' can be interpreted as showing that not everything is good and great about linux and open source, which is undeniably true.
It's significant in this case because in closed source there is usually a solid ($) reason to keep your customers satisfied, in open source much less so because plenty of the people there do it on a volunteer basis, so you have to be 'happy you got it in the first place'.
"I tend to look at the factual content of a contribution and less at the tone."
Well even with that filter there isn't much "content" to that comment besides "me too". :-)
" 'yay open source, yay linux' can be interpreted as showing that not everything is good and great about linux and open source, which is undeniably true."
Well isn't this true about everything in the world? Not everything is good and great about $X. I (vehemently!) agree, but by itself, that isn't a very useful thing to say. Coupled with the "script kiddie" tone, it is hard to fault downvoters (imo)!
On Wed, 2010-04-07 at 14:12 +0000, Thomas Krause wrote:
> The problem is, that you don't know this script is
> dangerous before you executed it.
Then you should not execute it.
Scott
--
Scott James Remnant
<email address hidden>
Brilliant. Exactly what you want to hear when a seemingly innocent vendor init-script just erased your harddrive.
A few comments down is a particularly rich response to this:
So, just to clarify that:
What you are basically saying is that the manpage stating
> start JOB...
> Requests that the named jobs be started. The status of the jobs will be output to standard output until
> they are succesfully running, or in the case of tasks, until they have completed.
should in fact be read as: "might either start the job or delete all your data, and we neither check, warn or document regarding this issue anywhere visibly"? Seriously?
Ubuntu has a cultural problem at times, wherein sane bug reports from experienced UNIX users are dismissed as "not getting it", or similar. There seems to be a certain smugness when they make decisions that are obviously wrong, and certitude where there shouldn't be. I don't know why this is so; Debian has a somewhat argumentative culture, and occasionally makes dumb decisions, but folks usually try to argue their way to a consensus rather than just say "This is the way it is". Ubuntu has diverged from that seemingly entirely, and maintainers sometimes make bizarre proclamations and stick to them against all reason.
I think it's an interesting aspect of the different Linux distributions. Someone else mentioned Gentoo being similar to Ubuntu in this regard, and I would agree...though it takes it to such an extreme that it's hard for me to even take it seriously as an OS. At least the end result of Ubuntu's obstinance is pretty solid, even if every new release has some weird quirks that I just can't figure out how they made it through QC (and more often than I'm comfortable with, those quirks are intentional).
To add insult to insult to injury (the first insult was "Don't do that then"), the person handling the bug is a member of the "Canonical User Experience and Design team". It's like they're annoying people on purpose sometimes...
Reminds me of why I finally left Gentoo. Some maintainers started believing that their default configurations where the only correct configurations. For example, the Apache maintainer believed the virtual hosts was the correct way to run Apache. I felt that my simple static html webpage didn't need that, so I just used /etc/apache2/httpd.conf and /var/www/htdocs/index.html plus a handfull of other static files.
Then around 2005 or so, an update to Apache replaced my httpd.conf with the default and deleted everything in htdocs and added a default index.html. Lots of people complained and the Gentoo maintainers said anyone not using virtual hosts was wrong, so it was not their fault the user's lost all their data and configuration on an upgrade.
After that, I started noticing more and more arguments from maintainers and users. Frankly, I am glad I am no longer using Gentoo and fighting their system. And I am glad I don't use Ubuntu and fighting their system either.
What operating system are you currently using? I just transitioned from Ubuntu to Gentoo, but now you've got me wondering if I have overlooked a better alternative.
After using Ubuntu for three years I switched to Arch Linux and I like it a lot. It has a great package system, and packages are updated continually. I upgraded my desktop to Gnome 2.30 a few days ago with only a couple of minor issues.
I'm sorry he had such a bad experience with Gentoo. I personally have been using Gentoo for all our servers for the past 3-4 years now and could never go back to anything else. I love portage, ports, and use flags.
It's hard to believe that Gentoo wiped out your web directory, but I can believe it. However, I am careful to make backups before I make a drastic upgrade. For example, when upgrading PostgreSQL I always make sure to back up my dbs before hand, though I've never had an issue with it wiping out. Not yet anyway.
I really loved how portage worked as well. I started using Gentoo in 2004 because it was one of the 2 distros that initially supported AMD64—I had an AMD64 FX51. In fact, I used Gentoo until about 2 years ago, so another 3 or 4 years after that incident. I stopped using Gentoo because my home computer blew up (major hardware failure) and I had to switch from Linux to Windows at work. And I still haven't replaced my home computer.
I had backups, but I actually never applied them because I decided to create a new website instead.
I think that this is a perfect illustration of software developers not being real engineers as they don't think as engineers. My first degree is in Mechanical Engineering and I can assure you that proper engineer would never consider anything like that short of being an "absolutely critical flaw". Real-life machines such as elevators or various industrial equipments have all sorts of fail-safe mechanisms built in. These people aren't born with safety always being the first thing they consider, it's something they are taught at university.
Simply telling people to "don't do that" is not an adequate approach because people make mistakes, it is part of human nature.
Such a lack of any failsafe behavior in a script that can potentially erase whole disk should have been against all reasonable policies that distribution's init scripts should have. I'm not a fan of Ubuntu, and I have very, very low opinion about it, but still, there must be such guidelines and policies. If there aren't, it's the primary bug.
Debian is still considerably more solid. However, improvements and software development has outpaced the Debian release cycle. In order to be "competitive" for what a large number of people want on the desktop side, unstable or testing are the repo's they should be pulling from rather than stable. However, unstable and testing are exactly that, unstable and testing, and it can be pretty frustrating for unfamiliar users to have to deal with kinks that haven't been worked out yet.
I didn't do any statistical survey of thousands of users, but I am using Debian5 and Ubuntu8.04. The former feels and acts considerably more broken, in my experience. This is in addition to being more pain to install. Just my $0.02.
The way Debian manages it, only bugfixes are added once something hit's "stable" (current Debian 5). This means that drivers and new versions of applications are typically frozen except for bug patches only. Debian 5 was released a little over a year ago, leading to the software being outdated by standard desktop/consumer use compared to the number of improvements and bugs fixed in the mean time (most applications provide feature+bug releases which are not added to Debian once it hits stable). For servers, this is reliable and actually wonderful to deal with. For desktop/laptop systems, it can be frustrating because the code exists, and it should be nice, easy and non-broken for applications and drivers, but in reality it's not, because the release is behind. Ubuntu's goal is to have a much quicker release cycle to keep this from happening, but in the mean time never get a system that's really 100% stable and usable. Ubuntu also does some weird crazy hacks to get things to appear smooth to the user, when in reality they have pre-programmed guesses you can't override. So if it doesn't work, the only recovery is seasoned Linux experience. Debian, on the other hand, gives a large number of options making the installation not seem as smooth, but is recoverable with quick Google searches or reading of the explanations.
I know all this, as I've been using Debian/Ubuntu for years, but I think that far fewer people are using Debian now than Ubuntu, resulting in less testing. Developers probably migrated as well. People vote with their feet.
This crap is the embodiment of everything that is wrong with Linux.
Another non-serious example. I used a dual-boot Linux&Vista laptop. Innocently tried to update Ubuntu. This changed the boot loader to Ubuntu only (removed the Windows menu).
This may be fine for me, but it fails the grandmother test (or any other test of a normal casual computer user). Aren't updates tested before they are added?
I've actually taken to installing Windows on a separate hard drive, and disconnecting my primary drive before I even begin the installation, because I've had Windows screw so many things up.
I actually can't think of a context where this would happen. There has been a recent upgrade of grub which could cause problems with dual boot systems, but it wasn't automatically upgraded to for precisely this reason (you have to go out of your way or do a fresh install). And a standard grub upgrade should have kept your previous settings intact.
So - since this happened and I can say with some certainty that it wasn't by design - have you opened a bug report about it? (I know that the unfortunate tone of this specific bug report is unfortunate but most are handled in a friendly manner)
This may be fine for me, but it fails the grandmother test (or any other test of a normal casual computer user).
I suspect that any dual-boot configuration would fail such a test, though I do admit to being out of touch with any computer user who might be considered normal.
If you check the recent update from the maintainer [1] this was just a misunderstanding - it was fixed yesterday and the bug report was wishlisted as an idea for a broader fix.
Stories like this just become lightning rods for people with similar grievances against the group in question. If there was a story about OS X deleting all of your data, we would have threads full of people complaining about how poorly Apple manages their operating system, and how they delete threads on their forums about issues that don't want to address.
Sometimes I do wonder if these older established Linux distributions aren't doomed to implode on themselves. There's just so much complexity and legacy stuff all over the place that it's unsettling to me. I've been using Debian based Linux distros for more than a decade and I'm still confused trigger shy about doing certain things because I can't mentally calculate the outcome with confidence or have a clear back-out plan if something goes wrong. This is actually why I run Linux in a VM whenever possible. Snapshots have saved me so many times.
Actually:
How an Ubuntu script which is not meant to be run manually, temporarily had a bug that deleted the file system when using the development version of Ubuntu.
"Above all, Ubuntu is set apart from other operating systems by its unwavering focus on simplicity and ease of use. Ubuntu's motto is "Linux for Human Beings" and every development decision and application has that goal in mind."
Bug reports should hold information that explains how to fix the bug or how to reproduce it. A complaint that says "me too! hurry up and fix it!" adds nothing useful and pollutes the rest of the helpful posts there.
Post your "me too!" comments on the Ubuntu forums. That's the place for them. Failing that, the "This bug affects me too [change]" button is more than willing to listen.
Uh, Seriously? Why would you run any command without knowing its purpose? Should they also disable 'rm' because idiots wipe their system with that as well?
Sure the maintainer is being a bit lazy about the issue but everyone always thinks their problems are the most important in the world. Everyone criticizing him is failing to question whether he may have more critical bugs, ones where a stupid user isn't involved.
I see a problem with a maintainer like that. Even if he thinks this is not a critical bug: 1) he could fix it in the time he took to argue the user made a stupid mistake (twice!) 2) he should've never said stuff like that as a member of the official Canonical team - in most real companies, he'd get at least a disciplinary meeting
Even if he had more important stuff to do in the meantime, it's no reason to be a jerk about it. If things like that don't get corrected the first time it happens, the history will repeat, but you'll be the one running the script the next time.
About the actual question: Why would you run any command without knowing its purpose? -- User knew the command's purpose. He didn't know that a parameter is required though. It was not documented apart from the source.
Name any commonly used Linux executable that deletes the server root when run without any arguments, with no confirmation or warning.
It's a little unexpected.
Even after reading the script, you may not catch the fact that not setting the right environment variable causes massive damage--it's not documented anywhere.
This isn't on Linux, granted, but killall will ignore its arguments and kill ALL accessible processes on a number of other UNIX-like OSes (such as Solaris).
I'd consider the name killall to be both an explanation and a warning. But yeah - I made that mistake once on Solaris. That's why you should never have applications like that. Even shutdown needs some option for scheduling when it should work.
Even then - neither killall or shutdown is as serious as deleting the root partition. It's the difference between a reboot and a complete reinstall/restore from backup.
Lazy is not the word. It would take less time to fix then it would to make a smart ass response. This guy has some personality problem, or is having a bad day.
I've had bugs converted to 'wontfix' and 'unconfirmed' in spite of giving detailed info and / or situations where it clearly is a bug.
It shouldn't take a 'thinking over a cup of tea' to recognize this is highly undesirable behaviour, a fix is practically free and very easy, the results of executing that script are potentially very expensive.
It's a bug. Not a feature for the wishlist.
And I never did get why there has to be yet another way to start stuff up in the first place. /etc/inittab, /etc/init.d/ and now 'upstart'...
It doesn't seem to be a great improvement over the previous system but requires a bunch of new stuff to be learned and old stuff to be unlearned. That should come with a clear advantage of sorts and I can't seem to find any.