1 00:00:00,240 --> 00:00:02,910 Mike McQuaid: If you want to release a new version of your package or whatever, 2 00:00:03,420 --> 00:00:06,390 we, yes, we have lots of automate update tooling or whatever that might 3 00:00:06,390 --> 00:00:10,890 pick that up, but the process of like actually getting that out to users. 4 00:00:11,219 --> 00:00:15,899 One of our humans is always looking at that and saying, yes, this looks fine. 5 00:00:21,000 --> 00:00:22,740 Corey Quinn: Welcome to Screaming in the Cloud. 6 00:00:23,009 --> 00:00:26,250 I'm Corey Quinn, and today's guest is one of those. 7 00:00:26,400 --> 00:00:31,020 He, or at least his work needs no introduction to most of us. 8 00:00:31,110 --> 00:00:34,920 Uh, Mike McQuaid is the project leader for Homebrew. 9 00:00:35,160 --> 00:00:36,090 If you have not. 10 00:00:36,810 --> 00:00:38,490 Been become acquainted with Homebrew. 11 00:00:38,490 --> 00:00:43,500 You either have been living under a rock for 15 years or alternately you probably 12 00:00:43,530 --> 00:00:48,660 don't touch Mac Os, which is like living under a rock for the last 15 years. 13 00:00:48,870 --> 00:00:50,460 Mike, thank you for joining me. 14 00:00:50,670 --> 00:00:51,830 Mike McQuaid: Thanks for having me here, Corey. 15 00:00:52,455 --> 00:00:55,545 Corey Quinn: This episode is sponsored in part by my day job Duck. 16 00:00:55,545 --> 00:00:58,754 Bill, do you have a horrifying AWS bill? 17 00:00:59,025 --> 00:01:00,915 That can mean a lot of things. 18 00:01:01,125 --> 00:01:05,144 Predicting what it's going to be, determining what it should be, 19 00:01:05,384 --> 00:01:10,365 negotiating your next long-term contract with AWS, or just figuring 20 00:01:10,365 --> 00:01:12,405 out why it increasingly resembles of. 21 00:01:12,525 --> 00:01:16,155 Phone number, but nobody seems to quite know why that is. 22 00:01:16,455 --> 00:01:20,025 To learn more, visit duck bill hq.com. 23 00:01:20,325 --> 00:01:23,205 Remember, you can't duck the duck bill. 24 00:01:23,265 --> 00:01:28,605 Bill, which my CEO reliably informs me is absolutely not our slogan. 25 00:01:29,160 --> 00:01:34,050 And I feel like I just misstated already off to a great start because I've always 26 00:01:34,050 --> 00:01:40,020 used Homebrew on a Mac, but apparently it supports Linux as well, uh, as a, as 27 00:01:40,020 --> 00:01:42,240 a first party target operating system. 28 00:01:42,240 --> 00:01:43,740 Am I misunderstanding something here? 29 00:01:44,080 --> 00:01:46,780 Mike McQuaid: No, it's, yeah, it's been doing that for a wee while. 30 00:01:46,810 --> 00:01:50,710 A lot of people are surprised both that that happens. 31 00:01:50,710 --> 00:01:53,980 And then generally the next reaction is, why would you do such a thing 32 00:01:53,980 --> 00:01:57,910 like Linux has a lot of perfectly functional package managers. 33 00:01:57,910 --> 00:01:58,870 Why would you bring your 34 00:01:58,900 --> 00:02:00,520 Corey Quinn: No, it doesn't, it has things like. 35 00:02:00,585 --> 00:02:01,994 Apt and Yum. 36 00:02:02,414 --> 00:02:04,425 And now start replaced by DNF. 37 00:02:04,485 --> 00:02:07,604 There's, there's always a thing like, uh, it's like Thomas Jefferson once 38 00:02:07,604 --> 00:02:11,265 said that the Tree of Liberty must be refreshed with the blood of Patriots, 39 00:02:11,355 --> 00:02:16,424 and it feels like generationally we need to refresh package management with a new 40 00:02:16,424 --> 00:02:18,915 version to supplant the old one in Linux. 41 00:02:18,915 --> 00:02:19,394 Distros. 42 00:02:19,635 --> 00:02:23,924 Every distribution I can think of has gone through this entire process 43 00:02:24,075 --> 00:02:25,815 and it shows no sign of stopping. 44 00:02:25,965 --> 00:02:28,005 But what's the Linux story for Homebrew? 45 00:02:28,280 --> 00:02:30,290 Mike McQuaid: So the living story for Homebrew, I guess it started 46 00:02:30,290 --> 00:02:34,220 out with being a bunch of people in Bioinformatics labs who were like, 47 00:02:34,519 --> 00:02:37,790 uh, I don't have Root, so I can't use the assistant package manager. 48 00:02:37,820 --> 00:02:41,930 And if I sort of like fiddle with Homebrew enough, then I can use it 49 00:02:41,930 --> 00:02:43,400 to install shit in my home directory. 50 00:02:43,700 --> 00:02:48,920 And then like, Hey, presto, fast forward a while and a non-trivial 51 00:02:48,920 --> 00:02:50,390 number of people have used it. 52 00:02:50,450 --> 00:02:53,149 And the kind of cross-platform nature is kind of. 53 00:02:53,715 --> 00:02:54,975 Appealing for some people. 54 00:02:55,005 --> 00:02:59,415 'cause you can have the same package manager commands on Mac and Linux 55 00:02:59,415 --> 00:03:03,165 and CI and development perhaps and whatever and all that good stuff. 56 00:03:03,645 --> 00:03:06,195 Uh, and then more recently we've actually seen, like there's a couple 57 00:03:06,195 --> 00:03:07,920 of Linux Distros that do the whole, uh. 58 00:03:08,655 --> 00:03:13,005 Like immutable root file system thing, and then they use Homebrew, 59 00:03:13,365 --> 00:03:16,905 uh, and flat pack as their kind of primary package manager basically. 60 00:03:17,205 --> 00:03:21,915 Um, so that's, that's been interesting seeing those like Homebrew being mentioned 61 00:03:21,915 --> 00:03:24,045 on the front page of a Linux distro. 62 00:03:24,135 --> 00:03:26,595 That's a. New development. 63 00:03:27,045 --> 00:03:27,225 Corey Quinn: Yeah. 64 00:03:27,255 --> 00:03:32,685 For me, it came back for a very simple starting point of once upon a time, back 65 00:03:32,685 --> 00:03:36,255 in the day, a Thursday I believe was the day, but that's neither here nor there. 66 00:03:36,525 --> 00:03:40,454 And I wanted to, I was trying to copy and paste a command off of 67 00:03:40,454 --> 00:03:43,875 Stack Overflow, which was a best practice as is for many of us. 68 00:03:44,174 --> 00:03:46,950 And W get wasn't installed on a Mac and, huh? 69 00:03:47,595 --> 00:03:49,515 What's the best way to get this installed? 70 00:03:49,605 --> 00:03:52,454 So first I went down the primrose path for a couple of years of playing 71 00:03:52,454 --> 00:03:57,135 around with Mac ports because I am an old BSD saw, and I don't believe that 72 00:03:57,135 --> 00:04:00,975 Homebrew really existed back in those very early days, but it was just night 73 00:04:00,975 --> 00:04:02,834 and day once I first encountered it. 74 00:04:02,894 --> 00:04:06,265 Uh, and it had all the hallmarks of a. Terrible decision. 75 00:04:06,265 --> 00:04:07,255 Let's be honest here. 76 00:04:07,465 --> 00:04:10,705 Oh, I just copy and paste this Curl Bash equivalent, though we didn't 77 00:04:10,705 --> 00:04:12,775 call it back then into my terminal. 78 00:04:12,775 --> 00:04:15,895 It'll just do all the magic things it needs to do and set it 79 00:04:15,895 --> 00:04:17,605 up from a security perspective. 80 00:04:17,605 --> 00:04:18,834 It's something of a nightmare. 81 00:04:18,985 --> 00:04:21,565 Oh, it'll just install the latest version of everything. 82 00:04:21,565 --> 00:04:24,985 So what you run today and the new developer runs next week are going 83 00:04:25,040 --> 00:04:27,535 to be not exactly the same thing. 84 00:04:28,310 --> 00:04:31,070 But it worked and I started using it extensively. 85 00:04:31,070 --> 00:04:33,890 I became a, uh, I started doing some of the packaging for a few 86 00:04:33,890 --> 00:04:35,570 things back in the day for Homebrew. 87 00:04:35,810 --> 00:04:38,420 I'm running my own tap now with a couple of things that have now 88 00:04:38,420 --> 00:04:42,320 gotten enough traction that I probably should prob try submitting 89 00:04:42,320 --> 00:04:43,910 'em to core and see what happens. 90 00:04:44,090 --> 00:04:48,170 But everything I've ever really wanted, what lives inside of Homebrew. 91 00:04:48,690 --> 00:04:52,800 And when I redid a laptop for the first time in a few years, a month ago, 92 00:04:52,950 --> 00:04:56,010 suddenly all the stuff that I installed that were, that was graphic utilities 93 00:04:56,010 --> 00:04:59,640 live within casks, which used to be its own separate thing and now seems to 94 00:04:59,640 --> 00:05:01,409 have more or less merged into mainline. 95 00:05:01,530 --> 00:05:02,280 What's the history there? 96 00:05:02,430 --> 00:05:02,700 Mike McQuaid: Yeah. 97 00:05:02,700 --> 00:05:06,930 So casks were, again, you've probably clicked on, if you haven't 98 00:05:06,930 --> 00:05:10,230 already been familiar with Homebrew before this podcast, that we like 99 00:05:10,230 --> 00:05:11,700 our beer metaphors over here. 100 00:05:11,730 --> 00:05:15,690 Uh, this was partly 'cause Max, the creator of Homebrew, uh, conceived it. 101 00:05:16,035 --> 00:05:19,785 While under the influence, uh, after being in a pub in London, 102 00:05:19,845 --> 00:05:22,395 whining about package management and having his friends tell him. 103 00:05:22,950 --> 00:05:26,099 Presumably also under the influence, well, if you're so smart, why don't 104 00:05:26,099 --> 00:05:27,330 you make your own package manager? 105 00:05:27,539 --> 00:05:28,320 And turns out, 106 00:05:28,320 --> 00:05:30,060 Corey Quinn: thank God, usually those drunken, belligerent 107 00:05:30,060 --> 00:05:32,940 conversations turn into, and that's how I built a database engine. 108 00:05:32,940 --> 00:05:34,109 So at least this one's novel. 109 00:05:34,200 --> 00:05:35,219 Mike McQuaid: Yeah, exactly. 110 00:05:35,219 --> 00:05:35,729 Exactly. 111 00:05:35,729 --> 00:05:40,650 So casks were, uh, again, you're seeing a bit of a running theme here, like also 112 00:05:40,650 --> 00:05:44,890 a kind of side offshoot of Homebrew where some people were like, okay, Homebrew 113 00:05:44,909 --> 00:05:46,679 installs, all your nice open source stuff. 114 00:05:47,100 --> 00:05:50,910 Uh, but what if you could use it to just like download Google Chrome and 115 00:05:50,910 --> 00:05:53,880 put that on your machine or one password or any of these other things, right? 116 00:05:53,970 --> 00:05:56,160 Yeah, so basically like they were running their thing. 117 00:05:56,160 --> 00:06:00,330 It got a bit of traction we noticed in the main project and we like 118 00:06:00,480 --> 00:06:03,180 brought those people over and, and merged the two projects essentially. 119 00:06:03,180 --> 00:06:05,700 So that's been one of the nice things with home ecosystem is 120 00:06:05,700 --> 00:06:07,290 that over the years, essentially. 121 00:06:07,599 --> 00:06:11,469 When people do cool stuff that are like broadly in the ecosystem, we 122 00:06:11,469 --> 00:06:15,400 try and like bring them into the fold and make it all official. 123 00:06:15,400 --> 00:06:17,050 And part of our main thing, 124 00:06:17,409 --> 00:06:21,039 Corey Quinn: which is a, a nice approach, it's, I've also found what I was looking 125 00:06:21,039 --> 00:06:26,680 at, the submission requirements recently, that if you have auto updating nonsense, 126 00:06:26,680 --> 00:06:28,539 uh, Claude Co is a good example of this. 127 00:06:28,695 --> 00:06:30,789 Uh, it doesn't really belong in Homebrew Core. 128 00:06:30,789 --> 00:06:32,169 That's what casks are for. 129 00:06:32,505 --> 00:06:36,435 I guess, how do you view doing an installation dance like that where 130 00:06:36,705 --> 00:06:40,875 at any given moment what is being installed in your system is not 131 00:06:40,875 --> 00:06:42,435 gonna be what it was 10 minutes ago? 132 00:06:42,735 --> 00:06:46,755 Mike McQuaid: Yeah, I mean that's the fun of, I guess Homebrew package management, 133 00:06:46,755 --> 00:06:47,985 you alluded to that earlier, right? 134 00:06:47,985 --> 00:06:51,255 We've always been, I guess what you would call in package management, 135 00:06:51,315 --> 00:06:56,445 nerd Nerdland, AKA, my life, a rolling release package manager. 136 00:06:56,445 --> 00:06:58,185 And what you mean by that is like we. 137 00:06:58,605 --> 00:07:01,845 Whenever we get the newest version of stuff, if it doesn't break 138 00:07:01,845 --> 00:07:05,145 Homebrew itself, we generally just foist that upon people. 139 00:07:05,475 --> 00:07:05,685 Right. 140 00:07:05,685 --> 00:07:09,225 So in casks, as you say, there's some more extreme stuff where the 141 00:07:09,225 --> 00:07:11,385 cask itself can update auto update. 142 00:07:11,625 --> 00:07:14,235 So Homebrew doesn't necessarily even know the version of the cask that you 143 00:07:14,235 --> 00:07:16,395 have installed at this time, but that. 144 00:07:16,724 --> 00:07:20,775 We found that works a little bit better than, you know, a lot of tools like maybe 145 00:07:20,835 --> 00:07:24,675 Claude Code or Google Chrome or whatever nowadays that end up shipping their 146 00:07:24,675 --> 00:07:26,594 own auto update engine and it's like, 147 00:07:26,775 --> 00:07:28,875 Corey Quinn: and there are four releases on day in some cases. 148 00:07:28,905 --> 00:07:29,265 Mike McQuaid: Yeah. 149 00:07:29,265 --> 00:07:30,690 And we could try and fight that, but. 150 00:07:31,365 --> 00:07:35,745 Again, like, I mean Homebrew in many ways like keeps after me in terms of 151 00:07:35,745 --> 00:07:37,545 like I'm exceptionally lazy, right? 152 00:07:37,545 --> 00:07:40,605 So it's like if there was some, so say like Debian, right? 153 00:07:40,605 --> 00:07:45,855 Debian is a beautiful, morally pure distro and on a lot of this stuff they're 154 00:07:45,855 --> 00:07:46,910 like, well, if there's like, there's 155 00:07:46,910 --> 00:07:49,065 Corey Quinn: the kindest way you could have found to put that. 156 00:07:49,155 --> 00:07:52,125 Mike McQuaid: If they're like gone auto update, they're like, yeah, we'll patch 157 00:07:52,125 --> 00:07:55,784 out that auto update and we'll just keep patching it out forever or whatever. 158 00:07:56,145 --> 00:07:59,715 Whereas I'm just like, eh, that sounds like a lot of work. 159 00:07:59,955 --> 00:08:00,230 Like that's. 160 00:08:01,015 --> 00:08:03,505 Well if, if that's what the software project is trying 161 00:08:03,505 --> 00:08:04,760 to do, let's try and find. 162 00:08:05,460 --> 00:08:09,420 A place in our ecosystem that we can slot in and they can do things the way 163 00:08:09,420 --> 00:08:12,240 they wanna do it, and we can do things the way we wanna do it, and users can 164 00:08:12,240 --> 00:08:15,540 end up ultimately moderately happy. 165 00:08:15,720 --> 00:08:18,600 Corey Quinn: Yeah, I, I prefer being able to do it through Cask just because that 166 00:08:18,600 --> 00:08:22,410 way I don't have to crawl across half the internet to find stuff that I care about. 167 00:08:22,590 --> 00:08:25,500 The only time I've run into trouble with it has been, oh, there's this 168 00:08:25,500 --> 00:08:28,230 thing that I wanna install, forgot I got it from the Mac app store, and 169 00:08:28,230 --> 00:08:29,790 that's where the license is tied to it. 170 00:08:29,970 --> 00:08:30,990 So, okay. 171 00:08:30,990 --> 00:08:33,630 Now I have to keep a separate exception list for that. 172 00:08:33,924 --> 00:08:34,314 Oh wow. 173 00:08:34,314 --> 00:08:34,734 Too bad. 174 00:08:34,734 --> 00:08:35,304 So sad. 175 00:08:35,724 --> 00:08:37,135 Mike McQuaid: If you didn't know about this already. 176 00:08:37,135 --> 00:08:40,204 I'm gonna, I'm gonna transform your life here, Corey. 177 00:08:40,224 --> 00:08:40,464 Right? 178 00:08:40,464 --> 00:08:40,794 So that 179 00:08:40,885 --> 00:08:41,364 Corey Quinn: hit me with it. 180 00:08:41,364 --> 00:08:41,604 Please. 181 00:08:41,604 --> 00:08:43,284 I'm about to redo this machine, so tell me more. 182 00:08:43,314 --> 00:08:43,734 Mike McQuaid: Oh yeah. 183 00:08:43,794 --> 00:08:44,364 Oh yeah. 184 00:08:44,425 --> 00:08:45,055 It's coming. 185 00:08:45,055 --> 00:08:45,655 It's coming. 186 00:08:45,834 --> 00:08:46,675 Prepare yourself. 187 00:08:46,854 --> 00:08:52,045 So Homebrew has this thing called Homebrew Bundle, which uses brew files, right? 188 00:08:52,045 --> 00:08:55,645 And it's loosely based off GEM files in the Ruby Ecosystem order. 189 00:08:55,944 --> 00:08:57,925 So what you can do in there is you can specify. 190 00:08:58,260 --> 00:09:01,350 Your taps, your formula, which are things that built from 191 00:09:01,350 --> 00:09:05,340 source supplied by Homebrew, your casks, your Mac app store apps. 192 00:09:05,580 --> 00:09:09,150 Uh, recently your GO cli, if you've got them. 193 00:09:09,210 --> 00:09:10,860 Your Visual Studio code plugins. 194 00:09:10,860 --> 00:09:15,030 Someone was proposing adding cargo, the rust package management 195 00:09:15,030 --> 00:09:16,050 support in there as well. 196 00:09:16,530 --> 00:09:17,460 So that file. 197 00:09:18,110 --> 00:09:21,020 Lets you basically be like, okay, you can dump everything you have 198 00:09:21,020 --> 00:09:23,630 installed to that file and you can install everything on that file. 199 00:09:23,990 --> 00:09:26,120 Um, and so you could have like a global wide thing. 200 00:09:26,120 --> 00:09:29,060 I keep mine in my dot files, and then I also have a little 201 00:09:29,060 --> 00:09:30,380 mini open source project. 202 00:09:30,440 --> 00:09:33,710 The, the most successful thing I've created by myself called Strap, 203 00:09:33,950 --> 00:09:36,230 which is basically like the idea when you get a new computer, you run 204 00:09:36,230 --> 00:09:38,080 this one script installs, Homebrew. 205 00:09:38,330 --> 00:09:39,680 It looks on your GitHub. 206 00:09:39,860 --> 00:09:42,350 If it finds your DOT files repo, it pulls that down. 207 00:09:42,350 --> 00:09:45,470 If there's a brew files inside it, it installs from the brew file. 208 00:09:45,530 --> 00:09:46,400 So you basically have like. 209 00:09:46,689 --> 00:09:49,479 One command you could just run to basically be like, install 210 00:09:49,479 --> 00:09:51,785 all my stuff and get my, all the software on my computer release. 211 00:09:52,410 --> 00:09:54,450 Back to where it was before. 212 00:09:54,510 --> 00:09:54,810 Right? 213 00:09:55,020 --> 00:09:59,010 So hopefully this is gonna make your new build experience that bit 214 00:09:59,010 --> 00:10:00,360 more pleasurable than it currently 215 00:10:00,360 --> 00:10:00,420 Corey Quinn: is. 216 00:10:00,420 --> 00:10:00,750 Yes. 217 00:10:00,960 --> 00:10:04,500 And the, the counterpoint that I find here, 'cause I, I built a bunch 218 00:10:04,500 --> 00:10:09,510 of these things before, uh, this machine has been around for a while. 219 00:10:09,570 --> 00:10:13,500 Uh, let me just, for example, run this now Brew list pipe to WC dash l. 220 00:10:13,830 --> 00:10:18,960 I have 365, which is a suspicious number of, uh, packages installed on this thing. 221 00:10:19,620 --> 00:10:22,680 So part of me, like a lot of that is stuff I needed for weird 222 00:10:22,680 --> 00:10:24,150 one-offs that I no longer need. 223 00:10:24,360 --> 00:10:30,990 I honestly, on my laptop I have about, I dunno, 15 to 20% of that where it's, I 224 00:10:30,990 --> 00:10:34,230 just, because I just recently did that one and it'll, it'll eventually grow in time. 225 00:10:34,515 --> 00:10:37,335 But I don't necessarily want to have all those things reinstalled. 226 00:10:37,335 --> 00:10:40,935 Part of the reason to do a fresh install is to get away from the legacy Croft. 227 00:10:41,145 --> 00:10:44,475 I have something like four different ways of managing N VM on this 228 00:10:44,475 --> 00:10:46,215 system, which is kind of a problem. 229 00:10:46,365 --> 00:10:49,935 I wanna start standardizing around Meison pri, which is I the one that I've. 230 00:10:50,015 --> 00:10:53,675 Found that I like the most these days For Python, it's strictly UV 231 00:10:53,675 --> 00:10:56,135 system wide and so on and so forth. 232 00:10:56,135 --> 00:10:59,165 A SDF get rid of it because its ergonomics are terrible. 233 00:10:59,165 --> 00:11:02,314 I can never remember which command parameter goes where, and 234 00:11:02,314 --> 00:11:05,705 they're positionally dependent, which is just wonderful. 235 00:11:05,735 --> 00:11:06,845 Simply wonderful. 236 00:11:06,965 --> 00:11:09,875 I have opinions and I'm belligerent, and I refuse to learn new things. 237 00:11:09,875 --> 00:11:12,125 I am the worst engineer you've ever met. 238 00:11:12,185 --> 00:11:13,745 It's great, but I'm also a typical one. 239 00:11:15,285 --> 00:11:18,765 Mike McQuaid: Yes, I wish I could say that, that, uh, rant was not 240 00:11:18,765 --> 00:11:21,615 representative of the typical Homebrew user, but you, you will 241 00:11:21,615 --> 00:11:24,855 fit in well with our community of people who do not like it when we 242 00:11:24,855 --> 00:11:27,465 change their shit, I guess on that. 243 00:11:27,465 --> 00:11:32,355 So while I am evangelizing the Why Brew files will change your life, right? 244 00:11:32,355 --> 00:11:35,805 So if you run brew bundle dump, which dumps all your things out, one 245 00:11:35,805 --> 00:11:40,485 thing at least of that list of 365 is that it will only output the things. 246 00:11:40,750 --> 00:11:42,579 That you have intentionally installed. 247 00:11:42,579 --> 00:11:43,510 So anything that was pulled in, not 248 00:11:43,510 --> 00:11:44,530 Corey Quinn: its dependencies along the way. 249 00:11:44,530 --> 00:11:44,620 Yes. 250 00:11:44,620 --> 00:11:44,680 By 251 00:11:44,680 --> 00:11:45,250 Mike McQuaid: dependencies. 252 00:11:45,250 --> 00:11:45,670 Exactly. 253 00:11:45,670 --> 00:11:48,880 Unless you also intentionally support installed the dependency, 254 00:11:48,880 --> 00:11:51,730 in which case that it will remember and know to do that as well. 255 00:11:51,880 --> 00:11:55,360 So the little workflow I have after that, like, sounds like you have a, 256 00:11:55,599 --> 00:11:59,079 you know, a, a world of craziness to unpack, but maybe on this new build, 257 00:11:59,079 --> 00:12:02,349 if you're doing it from scratch, then what I do is I have my brew file. 258 00:12:02,699 --> 00:12:06,329 I keep that in my dot files directory, which is a GitHub repository, uh, 259 00:12:06,329 --> 00:12:08,100 and a locally checked out git repo. 260 00:12:08,310 --> 00:12:11,490 And then what I do is I just install my stuff and then every so often I run 261 00:12:11,490 --> 00:12:14,069 brew bundle, dump dash, just global. 262 00:12:14,459 --> 00:12:17,400 Uh, and then I get my brew file in my dot files repo. 263 00:12:17,969 --> 00:12:19,829 Is like being nicely replaced. 264 00:12:19,890 --> 00:12:21,930 And because it's a GI repo, I don't care that it's being replaced. 265 00:12:21,930 --> 00:12:26,189 And then I look through the diff, I do a little local review in my local, get gooey 266 00:12:26,189 --> 00:12:28,199 of Choice Fork, which I would recommend. 267 00:12:28,199 --> 00:12:29,490 Very nice little get gooey. 268 00:12:29,910 --> 00:12:32,010 And then I'm basically like, which of these do I wanna keep? 269 00:12:32,069 --> 00:12:33,689 Which of those do I wanna delete? 270 00:12:33,750 --> 00:12:34,020 Right? 271 00:12:34,319 --> 00:12:37,620 So I stage it, I commit the stuff that I want to keep, and then I maybe get 272 00:12:37,620 --> 00:12:38,880 rid of the changes I don't want to keep. 273 00:12:39,209 --> 00:12:41,520 And then after that I can then run Brew bundle cleanup. 274 00:12:42,120 --> 00:12:45,420 Which will then use that brew file and then uninstall everything that is not 275 00:12:45,450 --> 00:12:50,939 present in that brew file, so then I can get myself from a world of chaos 276 00:12:51,150 --> 00:12:53,970 into a world of order and serene. 277 00:12:54,495 --> 00:12:55,575 Package management com. 278 00:12:55,995 --> 00:12:57,225 Corey Quinn: I like this quite a bit. 279 00:12:57,435 --> 00:13:00,255 Yeah, honestly, it's going through and like, uh, doing the dump on this. 280 00:13:00,255 --> 00:13:00,525 Okay. 281 00:13:00,525 --> 00:13:04,035 I've got a whole lot of lines to delete in this, like rust. 282 00:13:04,065 --> 00:13:05,385 When the hell am I gonna need rust? 283 00:13:05,385 --> 00:13:08,445 Well, the next time I grab something opinionated off of GitHub, but 284 00:13:08,445 --> 00:13:12,405 until then I can enjoy not having to build a conference talk as a 285 00:13:12,405 --> 00:13:13,665 prerequisite for writing code. 286 00:13:14,385 --> 00:13:15,824 You know, basic stuff in life. 287 00:13:15,944 --> 00:13:19,155 I've also seen Homebrew itself over the years has changed significantly, where 288 00:13:19,155 --> 00:13:23,324 just even the process behind it, it auto updates now, which I think is great. 289 00:13:23,444 --> 00:13:27,495 Your analytics, I think, have been handled in the most user respectable way possible. 290 00:13:27,850 --> 00:13:30,795 The, the fact itself updates only intermittently. 291 00:13:30,795 --> 00:13:33,194 Not every time you do stuff that's phenomenal. 292 00:13:33,314 --> 00:13:36,704 It seems to have paralleled itself a lot better than it once did. 293 00:13:36,704 --> 00:13:38,655 As far as downloads and installs go. 294 00:13:38,805 --> 00:13:40,485 Like someone has put some thought into this. 295 00:13:40,485 --> 00:13:43,305 There's an entire, there clearly is some sort of dag involved. 296 00:13:43,830 --> 00:13:47,280 Mike McQuaid: Yes, there definitely is the occasional thought that 297 00:13:47,280 --> 00:13:49,980 happens, uh, that results in a change. 298 00:13:50,190 --> 00:13:53,490 Uh, s several of the changes you've mentioned are things that people 299 00:13:53,490 --> 00:13:57,240 still besmirch my name across the internet for, for ramming home aga 300 00:13:57,720 --> 00:13:59,250 against the interest of the users. 301 00:13:59,250 --> 00:14:01,560 But the problem is with things like open source, right? 302 00:14:01,560 --> 00:14:03,330 Is Homebrew has we gasti. 303 00:14:04,719 --> 00:14:09,160 About 10 million users from like analytics analysis stuff where like we 304 00:14:09,160 --> 00:14:13,689 don't have, like, we have opt-in, uh, sorry, opt out analytics not opt-in. 305 00:14:13,719 --> 00:14:16,569 Again, another cause of contention, but you, you can sort of infer that 306 00:14:16,750 --> 00:14:17,979 the vast majority of people opt. 307 00:14:18,555 --> 00:14:24,285 Out, uh, based on the download numbers from GitHub's packages, uh, versus 308 00:14:24,285 --> 00:14:26,445 the numbers we get for analytics. 309 00:14:26,445 --> 00:14:28,155 So that's our, our rough guesstimate. 310 00:14:28,215 --> 00:14:29,745 So for those 10 million people still feels 311 00:14:29,745 --> 00:14:32,565 Corey Quinn: low based upon the sheer number of developers in the world. 312 00:14:32,565 --> 00:14:32,775 Most 313 00:14:32,775 --> 00:14:34,605 Mike McQuaid: of the news, yeah, maybe it may, maybe that's, 314 00:14:34,605 --> 00:14:35,775 maybe that is on the lower end. 315 00:14:36,015 --> 00:14:39,735 But, uh, the number of people who essentially service their requests 316 00:14:39,735 --> 00:14:42,075 for those people are 30 maintainers. 317 00:14:42,075 --> 00:14:42,405 Right? 318 00:14:42,585 --> 00:14:47,085 So when, when you are dealing with that level of scale, a all glory to. 319 00:14:47,645 --> 00:14:51,155 The internet and open source for making that sort of scale even flipping 320 00:14:51,155 --> 00:14:56,765 possible, but also you end up having to make nasty little compromises sometimes. 321 00:14:56,795 --> 00:14:58,415 Like say the auto update thing, right? 322 00:14:58,505 --> 00:15:03,244 Lots of people really hate that, but what it stopped was 95% of 323 00:15:03,244 --> 00:15:05,885 issues being this thing is broken. 324 00:15:06,375 --> 00:15:07,215 Run brew update. 325 00:15:07,245 --> 00:15:07,905 Does it still happen? 326 00:15:07,965 --> 00:15:08,445 Oh no. 327 00:15:08,445 --> 00:15:09,315 It's fixed now. 328 00:15:09,375 --> 00:15:09,675 Right? 329 00:15:09,675 --> 00:15:13,485 And there's only so many times you can, uh, respond to that and 330 00:15:13,485 --> 00:15:17,475 not write an auto updater before your brain just turns to pulp. 331 00:15:17,775 --> 00:15:20,085 And my brain was starting to turn to pulp and auto 332 00:15:20,085 --> 00:15:20,955 Corey Quinn: update bugs are the worst. 333 00:15:20,955 --> 00:15:21,825 'cause how do you fix them? 334 00:15:21,945 --> 00:15:23,865 Mike McQuaid: Well, yeah, that, that's the other beauty. 335 00:15:23,865 --> 00:15:24,105 Yeah. 336 00:15:24,135 --> 00:15:28,155 Is when, when you break the auto update, which I have done once, that is a whole 337 00:15:28,155 --> 00:15:31,875 new world of pain as well, where it's like, but I, I did everything you said. 338 00:15:31,875 --> 00:15:32,865 I ran the updates. 339 00:15:33,180 --> 00:15:37,140 Uh, yes, but the update is broken so you can't run the update because 340 00:15:37,140 --> 00:15:38,730 the update won't update the updates. 341 00:15:38,969 --> 00:15:41,160 Uh, and neither will the auto update update the update. 342 00:15:41,160 --> 00:15:44,130 To run the updates, you have to run another update to update this. 343 00:15:44,250 --> 00:15:45,689 So now whenever anyone who's gonna help my 344 00:15:45,689 --> 00:15:48,060 Corey Quinn: mom with that, her, nothing was working in her browser 345 00:15:48,060 --> 00:15:49,319 anymore, turned out it fell off. 346 00:15:49,319 --> 00:15:52,199 That Google Chrome update path doesn't like four years 347 00:15:52,199 --> 00:15:53,910 Mike McQuaid: beforehand and sadness. 348 00:15:54,390 --> 00:15:54,720 Yes. 349 00:15:54,720 --> 00:15:58,950 And, and this is why like I break out in hives anytime anyone submits a pull 350 00:15:58,950 --> 00:16:02,640 request, changing that auto update file, because I'm just like, are you sure? 351 00:16:02,645 --> 00:16:04,170 Are you sure you really want to do this? 352 00:16:04,260 --> 00:16:07,560 Do you really wanna roll the dice and be the person that breaks the auto update? 353 00:16:07,830 --> 00:16:10,050 Because I've been that person and it sucks. 354 00:16:10,320 --> 00:16:10,590 Corey Quinn: Yeah. 355 00:16:10,590 --> 00:16:13,530 But, uh, suddenly on the plus side, once you do that, everyone knows your name, 356 00:16:14,760 --> 00:16:16,680 Mike McQuaid: one way to become famous or infamous, I guess. 357 00:16:16,950 --> 00:16:17,310 Corey Quinn: Yes. 358 00:16:17,340 --> 00:16:21,445 It's Do you find that people tend to pin particular brew releases? 359 00:16:22,200 --> 00:16:22,710 Uh, I'm sorry. 360 00:16:22,710 --> 00:16:25,950 Package releases inside of brew, like, oh, always install this 361 00:16:25,950 --> 00:16:27,990 particular version of this package. 362 00:16:28,110 --> 00:16:29,010 Mike McQuaid: Yes, sometimes. 363 00:16:29,010 --> 00:16:33,000 So we, we have like a pin command that lets you do that, but like the usability 364 00:16:33,000 --> 00:16:34,950 around that is kind of like, blah. 365 00:16:34,950 --> 00:16:37,590 Corey Quinn: Only time I've ever used it has been in highly prescriptive, 366 00:16:37,590 --> 00:16:41,280 here's how to install a dev, uh, environment in old school stuff 367 00:16:41,280 --> 00:16:42,570 before the advent of docker. 368 00:16:42,720 --> 00:16:42,930 Mike McQuaid: There. 369 00:16:42,930 --> 00:16:43,680 There's a bit of that. 370 00:16:43,680 --> 00:16:48,780 And also like, what we recommend nowadays is like there's, we provide. 371 00:16:49,185 --> 00:16:50,835 Version packages for some stuff. 372 00:16:50,835 --> 00:16:51,945 So if, if that's available. 373 00:16:51,945 --> 00:16:54,765 So say like, it used to just be, there was just Postgres, right? 374 00:16:55,425 --> 00:16:58,605 And then Postgres got a new, made your version update and you wanted 375 00:16:58,605 --> 00:16:59,745 to set an older version of Postgres. 376 00:17:00,630 --> 00:17:01,920 Sucks to be you, right? 377 00:17:01,920 --> 00:17:04,560 Like, and then we had a slightly more middle ground now where it's 378 00:17:04,560 --> 00:17:06,329 like, okay, now we have Postgres. 379 00:17:06,389 --> 00:17:08,429 I forget the versioning scheme off the top of my head, but 380 00:17:08,429 --> 00:17:09,990 whatever it is, Postgres 18. 381 00:17:10,379 --> 00:17:11,639 Postgres at 18. 382 00:17:11,760 --> 00:17:13,980 Postgres at 17, Postgres at 16. 383 00:17:13,980 --> 00:17:14,190 Right? 384 00:17:14,190 --> 00:17:17,730 And you can choose to jump your way between those different packages. 385 00:17:17,730 --> 00:17:17,879 Right? 386 00:17:17,879 --> 00:17:18,625 And for a lot of people, for a lot. 387 00:17:18,625 --> 00:17:20,639 Corey Quinn: But just installing Postgres is the latest stable. 388 00:17:20,879 --> 00:17:24,119 Mike McQuaid: It depends, uh, I think Postgres is a special case 'cause we're 389 00:17:24,119 --> 00:17:25,290 still dealing with some issues there. 390 00:17:25,650 --> 00:17:27,930 In In general, yeah. 391 00:17:27,930 --> 00:17:30,690 In situations where it's like, I need this exact version. 392 00:17:30,690 --> 00:17:33,540 I need Postgres, not 18, not 18.1. 393 00:17:33,540 --> 00:17:38,340 I need Postgres point 18.1, 0.3, because that was the best version ever as a 394 00:17:38,340 --> 00:17:39,840 particularly fine vintage that year. 395 00:17:39,960 --> 00:17:42,000 Then what we recommend in that situation is like. 396 00:17:42,285 --> 00:17:46,725 There's a command called Brew Extract, which then pulls, uh, Postgres 397 00:17:47,235 --> 00:17:50,955 out of our repositories and then gives it in your own little GitHub 398 00:17:50,955 --> 00:17:53,175 repository for a very specific version. 399 00:17:53,175 --> 00:17:56,535 And you have ultimate control over that, and you can choose what to do, and then 400 00:17:56,685 --> 00:17:58,215 you can live in happy, stable land. 401 00:17:58,275 --> 00:17:59,925 So that, that's generally what we recommend. 402 00:17:59,925 --> 00:18:02,595 It's a little bit more work, but we do provide a bunch of 403 00:18:02,595 --> 00:18:04,875 helper commands and whatever. 404 00:18:05,085 --> 00:18:07,155 As you may notice, again, there's like a brew command to 405 00:18:07,155 --> 00:18:08,565 do just about everything, right? 406 00:18:08,745 --> 00:18:09,025 So like. 407 00:18:09,629 --> 00:18:13,050 Even within Homebrew itself, the way we run the project, like 408 00:18:13,290 --> 00:18:18,120 we give our maintainers who are remain active 300 bucks a month. 409 00:18:18,540 --> 00:18:22,200 Uh, if they are like regularly contributing to Homebrew, which probably 410 00:18:22,200 --> 00:18:27,030 contributes about as much money, probably less than your average like paper boy 411 00:18:27,060 --> 00:18:30,210 or girl gets when they're 12 years old going around the neighborhood. 412 00:18:30,240 --> 00:18:32,790 I think that's the going rate for a open source maintainer nowadays. 413 00:18:32,940 --> 00:18:36,090 So, yeah, not a lot of money, but like we have to have a way of 414 00:18:36,090 --> 00:18:38,970 figuring out, oh, if someone was on a away for three months, like. 415 00:18:39,300 --> 00:18:40,500 Do they earn that or not? 416 00:18:40,500 --> 00:18:43,500 So we have a Command brew contributions, which looks at 417 00:18:43,500 --> 00:18:45,990 the contributions of the various maintainers in that timestamp, right? 418 00:18:46,139 --> 00:18:50,730 So essentially, almost all of our tooling by default is public, right? 419 00:18:50,730 --> 00:18:54,990 And that little tool I use to figure out who gets 300 bucks in a given 420 00:18:54,990 --> 00:18:56,850 month or a quarter or whatever, right? 421 00:18:56,910 --> 00:18:58,875 Anyone can use that and you can run that tool and. 422 00:18:59,430 --> 00:19:01,410 In fact, there was a bunch of brew I 423 00:19:01,410 --> 00:19:03,540 Corey Quinn: yelled at just now saying, your token needs the read 424 00:19:03,540 --> 00:19:05,790 org scope to access this API. 425 00:19:06,060 --> 00:19:06,750 Mike McQuaid: There you go. 426 00:19:06,870 --> 00:19:08,280 What a beautiful error message. 427 00:19:09,090 --> 00:19:10,050 If I did say so myself 428 00:19:10,050 --> 00:19:12,510 Corey Quinn: at least tells me I don't have access to a thing, which is great. 429 00:19:12,660 --> 00:19:15,750 Uh, brew doctors spits out three pages of nonsense because I've. 430 00:19:15,810 --> 00:19:19,080 I had this machine for too long, which tells me that if ever I need to report 431 00:19:19,080 --> 00:19:22,830 a bug against Homebrew, I've got some housekeeping to do first because 432 00:19:22,830 --> 00:19:26,790 everyone will blame this like un brewed files in certain places from all the 433 00:19:26,790 --> 00:19:31,080 various things I've used, apparently Postgre Squeal 14 is now deprecated. 434 00:19:31,530 --> 00:19:31,980 Ha. 435 00:19:32,100 --> 00:19:35,460 Some installed kegs have no formula, which that's novel. 436 00:19:35,520 --> 00:19:36,570 I dunno where those came from. 437 00:19:36,840 --> 00:19:40,200 Uh, a bunch of casks are deprecated, et cetera, et cetera, et cetera. 438 00:19:40,350 --> 00:19:42,210 Like this is what happens with five years of crt. 439 00:19:42,840 --> 00:19:43,169 Mike McQuaid: Yep. 440 00:19:43,169 --> 00:19:46,590 Effectively, you've had your yearly health check and the doctor said, 441 00:19:46,800 --> 00:19:48,060 how the hell are you still alive? 442 00:19:48,060 --> 00:19:48,300 Man? 443 00:19:48,450 --> 00:19:49,710 Corey Quinn: Your blood type is chunky. 444 00:19:49,830 --> 00:19:50,040 Yes. 445 00:19:52,020 --> 00:19:53,399 Yeah, it's not going super well here. 446 00:19:53,429 --> 00:19:54,570 It's so great. 447 00:19:54,570 --> 00:19:56,520 It's, it's time to wind up basically rebuilding things 448 00:19:56,520 --> 00:19:57,120 from scratch, but that's. 449 00:19:57,930 --> 00:20:00,150 That is the nature of the beast on some level. 450 00:20:00,150 --> 00:20:03,030 I've also found historically that having a bunch of deprecated stuff or 451 00:20:03,180 --> 00:20:06,510 packages you didn't, you installed, then removed in some district, some package 452 00:20:06,510 --> 00:20:07,950 managers could lead to security issues. 453 00:20:08,160 --> 00:20:11,640 Uh, apparently for a while on one of my test boxes that I used as a dev 454 00:20:11,640 --> 00:20:16,020 box, it used it set up a poster, squeal user with a password poster squeal. 455 00:20:16,200 --> 00:20:18,630 Then I uninstalled the package, the user hung out. 456 00:20:18,630 --> 00:20:20,460 So suddenly I had a problem there. 457 00:20:20,760 --> 00:20:21,270 Mike McQuaid: Nice. 458 00:20:21,420 --> 00:20:21,810 Yes. 459 00:20:21,870 --> 00:20:22,230 Corey Quinn: Yeah. 460 00:20:22,320 --> 00:20:22,500 Yeah. 461 00:20:22,500 --> 00:20:23,670 I felt real smart after that one. 462 00:20:24,030 --> 00:20:28,200 I've also found that you folks are quick to update where the day of a 463 00:20:28,200 --> 00:20:32,010 new Mac os release, suddenly I'll get error messages that I'm not, I have not 464 00:20:32,010 --> 00:20:34,020 installed the latest version of Xcode. 465 00:20:34,260 --> 00:20:35,130 It's like, well, that's great. 466 00:20:35,130 --> 00:20:36,300 It's been out for 20 minutes. 467 00:20:36,300 --> 00:20:40,230 The mirrors themselves do not have it yet, but it's already telling me 468 00:20:40,230 --> 00:20:43,170 that, Hmm, you need to update your stuff if you wanna be supported. 469 00:20:43,380 --> 00:20:47,280 It seems to have backed off from that jumping the gun mentalities last few 470 00:20:47,280 --> 00:20:49,170 releases, so someone's paying attention. 471 00:20:50,085 --> 00:20:53,625 This episode is sponsored by my own company, duck Bill. 472 00:20:53,925 --> 00:20:57,465 Having trouble with your AWS bill, perhaps it's time to 473 00:20:57,465 --> 00:20:59,535 renegotiate a contract with them. 474 00:20:59,895 --> 00:21:05,265 Maybe you're just wondering how to predict what's going on in the wide world of AWS. 475 00:21:05,355 --> 00:21:07,965 Well, that's where Duck Bill comes in to help. 476 00:21:08,175 --> 00:21:10,935 Remember, you can't duck the duck bill. 477 00:21:10,935 --> 00:21:14,505 Bill, which I am reliably informed by my business partner 478 00:21:14,655 --> 00:21:17,115 is absolutely not our motto. 479 00:21:17,190 --> 00:21:20,610 To learn more, visit doc bill hq.com. 480 00:21:21,420 --> 00:21:25,200 Mike McQuaid: We try to be like aggressively chill, right? 481 00:21:25,200 --> 00:21:27,780 So because we're a bleeding edge package manager, we tend to 482 00:21:27,780 --> 00:21:29,040 attract the users who have that. 483 00:21:29,250 --> 00:21:30,270 So generally there's like. 484 00:21:30,825 --> 00:21:36,165 A little, almost like internal Homebrew bingo about like how soon after the next 485 00:21:36,165 --> 00:21:40,515 Mac West release gets announced until, until Apple says the developer beta is 486 00:21:40,515 --> 00:21:44,565 coming until someone opens an issue on Homebrew saying this doesn't work yet. 487 00:21:44,775 --> 00:21:45,075 Right? 488 00:21:45,135 --> 00:21:47,295 Like, I think we've literally had about 20 minutes. 489 00:21:47,595 --> 00:21:50,325 After the keynote ends, someone's like, yeah, why is that? 490 00:21:50,355 --> 00:21:51,225 Why is this not working? 491 00:21:51,375 --> 00:21:53,475 It's like, 'cause we haven't downloaded it yet. 492 00:21:53,475 --> 00:21:55,725 Your dummies like, chill your boots. 493 00:21:55,965 --> 00:22:01,665 Like, but yeah, so we, we tend to do a little bit of that ourselves where I 494 00:22:01,665 --> 00:22:05,715 guess we're maybe unlike some software where what we try and do is we're like. 495 00:22:06,075 --> 00:22:09,255 We're gonna warn you about anything that might be a problem. 496 00:22:09,315 --> 00:22:09,615 Right? 497 00:22:09,615 --> 00:22:12,555 And like, if you're not getting any warnings from Homebrew at all, 498 00:22:12,705 --> 00:22:17,025 like you know that you have been a good little boy that day, right? 499 00:22:17,025 --> 00:22:17,415 And 500 00:22:17,505 --> 00:22:18,705 Corey Quinn: or if not properly installed 501 00:22:18,705 --> 00:22:19,125 Homebrew, 502 00:22:19,155 --> 00:22:20,805 Mike McQuaid: or not properly owned until Homebrew. 503 00:22:20,805 --> 00:22:21,105 Indeed. 504 00:22:21,345 --> 00:22:24,675 But yeah, so like our, our kind of like brew doctor command, I feel 505 00:22:24,675 --> 00:22:25,380 like we were one of the first. 506 00:22:26,355 --> 00:22:28,845 Things to do that, like what we're trying to do is provide, 507 00:22:28,845 --> 00:22:30,555 Corey Quinn: it was the first time I encountered back then most 508 00:22:30,555 --> 00:22:31,845 other things called it pre-flight. 509 00:22:31,965 --> 00:22:32,745 Mike McQuaid: Yeah, exactly. 510 00:22:32,745 --> 00:22:36,675 So we just try and provide a lot of pointers for like, look, if something's 511 00:22:36,675 --> 00:22:39,915 broken and someone's not, particularly in the early days of Homebrew, it's 512 00:22:39,915 --> 00:22:41,295 like maybe no one's awake to help you. 513 00:22:41,325 --> 00:22:41,655 Right. 514 00:22:41,655 --> 00:22:44,265 And you want to get this fixed in the next 12 hours. 515 00:22:44,265 --> 00:22:44,625 So. 516 00:22:45,195 --> 00:22:47,145 Here's some stuff you can try, right? 517 00:22:47,175 --> 00:22:47,445 Like, 518 00:22:47,445 --> 00:22:50,595 Corey Quinn: I mean, I used to be a, uh, part of the CentOS project. 519 00:22:50,595 --> 00:22:52,365 This was back when I was free, no network staff. 520 00:22:52,365 --> 00:22:55,845 IRC was the way that I encountered a lot of this stuff and got support for it. 521 00:22:55,845 --> 00:22:59,985 And there's one thing that I learned, and that is people are freaking terrible at 522 00:22:59,985 --> 00:23:03,044 asking for help in ways that makes sense. 523 00:23:03,165 --> 00:23:06,710 So having a. Doctor command that will identify all the issues with it. 524 00:23:06,920 --> 00:23:11,270 And it, it's almost, it, it's close cousin to a diag, uh, spit out where 525 00:23:11,270 --> 00:23:12,950 it's like, okay, what version of Mac os? 526 00:23:13,160 --> 00:23:15,170 Oh wow, I didn't realize numbers went that low. 527 00:23:15,379 --> 00:23:19,010 What else is going on with this system that otherwise they'd have to tease 528 00:23:19,010 --> 00:23:23,629 out of people over a period of hours as they start trying to figure out 529 00:23:23,629 --> 00:23:25,055 how their system was put together. 530 00:23:25,649 --> 00:23:28,770 Mike McQuaid: Yeah, it's funny, so like GitHub has, Homebrew is 531 00:23:28,770 --> 00:23:31,500 one of the first users of like the GitHub issue templates, right? 532 00:23:31,500 --> 00:23:34,320 Where you have like mandatory information you have to fill in. 533 00:23:34,379 --> 00:23:38,760 But a part of the reason I think GitHub even has them is because when I was 534 00:23:38,760 --> 00:23:43,080 a GitHub employee, I whined about wanting those templates so incessantly 535 00:23:43,080 --> 00:23:45,330 that I feel eventually someone just gave up and was like, right. 536 00:23:45,720 --> 00:23:48,990 Mike, if it will make you shut up, we'll build these stupid issue 537 00:23:48,990 --> 00:23:50,730 templates and no one's gonna use them. 538 00:23:50,730 --> 00:23:51,900 And then turns out everyone uses them. 539 00:23:52,230 --> 00:23:52,930 But anyway, so like, it, 540 00:23:52,930 --> 00:23:54,780 Corey Quinn: it's a terrific gen AI use case too. 541 00:23:55,050 --> 00:23:55,380 Uh, I found, 542 00:23:55,380 --> 00:23:56,460 Mike McQuaid: that's exactly what I was gonna say. 543 00:23:56,490 --> 00:23:56,790 Yeah. 544 00:23:56,850 --> 00:24:01,320 Like, so we, we found, we found them great for that because, so our, and 545 00:24:01,320 --> 00:24:05,220 again, our issue template was basically based off, and I, I used to have like 546 00:24:05,220 --> 00:24:08,580 a text expander shortcut literally for coworkers when people would basically 547 00:24:08,580 --> 00:24:10,890 ask me for help in a very unhelpful way. 548 00:24:10,890 --> 00:24:12,395 And I'd be like, okay, what did you do? 549 00:24:13,110 --> 00:24:14,520 What did you think was gonna happen? 550 00:24:14,790 --> 00:24:15,930 What actually happened? 551 00:24:16,320 --> 00:24:19,020 Tell me what I can run to see the same thing on my machine. 552 00:24:19,050 --> 00:24:19,350 Right? 553 00:24:19,530 --> 00:24:22,410 And if you could do those four things, then like, Hey, 554 00:24:22,410 --> 00:24:23,400 we've got a great bug report. 555 00:24:23,520 --> 00:24:25,320 And also as you say, like for Gen ai. 556 00:24:26,205 --> 00:24:29,175 So if you could say the same thing like, a lot of the time, like 557 00:24:29,175 --> 00:24:31,635 copilot will like one shot though. 558 00:24:31,640 --> 00:24:35,325 If, if it's completely a hundred percent reproducible and it's well explained in 559 00:24:35,325 --> 00:24:39,615 the issue, like copilot can go, okay, run this command, got this output, change 560 00:24:39,615 --> 00:24:43,215 some code, run this command until it gets the right output and then ta-da. 561 00:24:43,245 --> 00:24:43,695 Here you go. 562 00:24:43,695 --> 00:24:45,690 There's a PR and the code quality might be garbage, but. 563 00:24:46,395 --> 00:24:51,795 Often it, it gets a decent amount of the way there if it, part of that 564 00:24:51,795 --> 00:24:53,055 Corey Quinn: is the stuff you never see. 565 00:24:53,085 --> 00:24:54,645 'cause I used to do that by hand. 566 00:24:54,645 --> 00:24:57,855 A friend ran ask me better.com, which asked those exact questions. 567 00:24:57,855 --> 00:24:59,205 There was no real submit button on it. 568 00:24:59,415 --> 00:25:03,135 But by the time that you wrote that out and became with a repro case, you realized 569 00:25:03,165 --> 00:25:06,870 you were the one that forgot a comma or something weird had happened and oh. 570 00:25:07,635 --> 00:25:11,325 I misread the documentation, like the best requests for help that I ever 571 00:25:11,325 --> 00:25:13,755 written are the ones I never submitted anywhere, because it's solved my 572 00:25:13,755 --> 00:25:15,255 problem going through that process 573 00:25:15,405 --> 00:25:15,945 Mike McQuaid: a hundred percent. 574 00:25:16,095 --> 00:25:17,985 And that's, that's a big part of the goal as well. 575 00:25:18,015 --> 00:25:20,745 Like, and ironically, the people that find those. 576 00:25:21,240 --> 00:25:26,070 Flows to be overly prescriptive are often the same people who if they slowed down 577 00:25:26,070 --> 00:25:31,350 and ran the flow, they might have avoided having that issue in the first place. 578 00:25:31,530 --> 00:25:33,360 Corey Quinn: What's the security posture on this stuff look like? 579 00:25:33,360 --> 00:25:36,060 I mean, I know that at this point enough people use Homebrew that if I 580 00:25:36,060 --> 00:25:39,750 can compromise the w get package, for example, suddenly everyone's gonna 581 00:25:39,750 --> 00:25:41,879 run the code that I want them to run. 582 00:25:42,420 --> 00:25:43,560 What are the safeguards on this? 583 00:25:43,560 --> 00:25:46,830 I know that, uh, PI Pi, pi, PI, whoever they pronounce it, I get 584 00:25:46,830 --> 00:25:49,380 yelled at if I say the wrong one, but I can't remember which is which. 585 00:25:49,590 --> 00:25:51,960 Uh, they have an entire security team that books at this top. 586 00:25:51,960 --> 00:25:52,050 It's 587 00:25:52,050 --> 00:25:52,590 Mike McQuaid: PP, right? 588 00:25:52,890 --> 00:25:53,040 Corey Quinn: Yeah. 589 00:25:53,040 --> 00:25:54,270 That's what I'm gonna go with that. 590 00:25:54,270 --> 00:25:56,550 I'm sure that Mike Feeder, who runs that will not punch me in the 591 00:25:56,550 --> 00:25:57,570 mouth the next time you sees me. 592 00:25:58,530 --> 00:25:58,770 Mike McQuaid: Yeah. 593 00:25:58,770 --> 00:26:04,900 So like, we're lucky in ho Brew land in the r. Trust model is very different 594 00:26:04,900 --> 00:26:07,540 to pipe IPP, whatever we call it. 595 00:26:07,630 --> 00:26:09,220 Uh, MPM, Ruby Gems, et cetera, right? 596 00:26:09,220 --> 00:26:13,585 So those package managers fundamentally have a trust model of we will trust. 597 00:26:14,220 --> 00:26:18,900 People to do some verification of the people whose stuff they download. 598 00:26:18,900 --> 00:26:19,170 Right? 599 00:26:19,170 --> 00:26:23,370 And we will not be a gatekeeper, middleman, whatever, unless it's 600 00:26:23,370 --> 00:26:26,610 like gratuitously obvious that this is malware or whatever, right? 601 00:26:26,610 --> 00:26:30,030 That I'm sure some of those folks would say, that's a gratuitous simplification 602 00:26:30,030 --> 00:26:33,390 and I'm being very meaning unfair or whatever, but, oh, well that's, that's me. 603 00:26:33,720 --> 00:26:36,980 Whereas in Homebrew, every single change that happens in Homebrew. 604 00:26:37,425 --> 00:26:41,370 A, a human homebrew maintainer has to verify that, reviews the 605 00:26:41,370 --> 00:26:43,020 code and says, this looks okay. 606 00:26:43,080 --> 00:26:43,379 Right? 607 00:26:43,379 --> 00:26:46,800 So if you want to release a new version of your package or whatever, 608 00:26:47,250 --> 00:26:50,250 we, yes, we have lots of automate update tooling or whatever that might 609 00:26:50,250 --> 00:26:54,750 pick that up, but the process of like actually getting that out to users. 610 00:26:55,125 --> 00:26:59,775 One of our humans is always looking at that and saying, yes, this looks fine. 611 00:26:59,835 --> 00:27:00,135 Right? 612 00:27:00,585 --> 00:27:03,975 Uh, and same deal with the way we kind of build packages and things like that. 613 00:27:03,975 --> 00:27:09,495 Like we operate our ci like we were pretty early to the party of having essentially 614 00:27:09,675 --> 00:27:14,925 binary packages built from users, pull requests on GitHub, and then just 615 00:27:15,255 --> 00:27:17,085 deployed straight out to users, right? 616 00:27:17,085 --> 00:27:17,175 With. 617 00:27:18,060 --> 00:27:21,630 Again, with human intervention, but like as a result of that, we have built 618 00:27:21,630 --> 00:27:25,020 everything with a trust model that essentially you can't trust anything ever. 619 00:27:25,050 --> 00:27:25,320 Right. 620 00:27:25,320 --> 00:27:27,750 And all of our CI workflows. 621 00:27:28,155 --> 00:27:31,215 Essentially treat even the code they're running most of the 622 00:27:31,215 --> 00:27:33,195 time as like untrusted input. 623 00:27:33,225 --> 00:27:33,495 Right? 624 00:27:33,495 --> 00:27:38,655 So we generate, you know, for example, when we generate a binary package, we then 625 00:27:38,655 --> 00:27:43,125 generate JSON that describes the binary package and then later we read the JSON. 626 00:27:43,185 --> 00:27:46,755 Because you can't embed arbitrary executable code in the JSO, 627 00:27:46,905 --> 00:27:48,765 like you can in the room files. 628 00:27:48,765 --> 00:27:49,240 No, it's like counter talk. 629 00:27:50,150 --> 00:27:50,720 Yeah, exactly. 630 00:27:50,720 --> 00:27:52,120 Challenge accepted anyone. 631 00:27:52,260 --> 00:27:55,215 But yeah, so like that's what we try and do. 632 00:27:55,215 --> 00:27:57,330 So like our, our trust model and we are. 633 00:27:57,880 --> 00:28:01,570 Lucky enough, careful enough, whatever it may be to touch wood, 634 00:28:01,570 --> 00:28:06,160 have not had any major attacker driven security vulnerabilities. 635 00:28:06,160 --> 00:28:08,410 I guess if you go through the Homebrew blog, you can see we've 636 00:28:08,530 --> 00:28:10,030 disclosed things in the past. 637 00:28:10,390 --> 00:28:14,050 Uh, I think our worst one was based on a Jenkins misconfiguration, which 638 00:28:14,170 --> 00:28:15,250 Corey Quinn: was it called Jenkins? 639 00:28:15,370 --> 00:28:15,670 Mike McQuaid: Yeah. 640 00:28:15,670 --> 00:28:19,420 Well, so that's one of the reasons why we don't use Jenkins anymore, because 641 00:28:19,630 --> 00:28:21,610 Jenkins misconfiguration was, uh. 642 00:28:22,185 --> 00:28:24,705 Rather easy to achieve, I would say. 643 00:28:24,825 --> 00:28:28,905 But yeah, like generally we, I think we've had a fairly good track record 644 00:28:28,905 --> 00:28:33,765 on this stuff, and obviously as I think Homebrew may have been the first project 645 00:28:33,765 --> 00:28:35,895 to create the Carl to Bash pattern, right? 646 00:28:35,895 --> 00:28:38,535 So people are gonna hate us forever for that. 647 00:28:38,625 --> 00:28:44,055 But I think in terms of actually user experience, security 648 00:28:44,055 --> 00:28:45,180 problems as opposed to just. 649 00:28:45,855 --> 00:28:48,765 People in the security community shouting at us and calling us 650 00:28:48,765 --> 00:28:50,355 morons, uh, security problems. 651 00:28:50,625 --> 00:28:51,705 Uh, I think we're doing all right. 652 00:28:52,065 --> 00:28:54,705 Corey Quinn: Uh, I do wanna ask, uh, before we call this an episode 653 00:28:54,735 --> 00:28:56,355 about your approach to open source. 654 00:28:56,355 --> 00:28:58,245 I mean the, the triggering event that's, oh, yeah. 655 00:28:58,245 --> 00:28:59,655 I should really talk to you about this. 656 00:28:59,865 --> 00:29:03,765 Uh, was a LinkedIn shit post that I did, uh, somewhat recently about. 657 00:29:03,970 --> 00:29:07,150 The experience I had when I did a brew install Terraform, and it's like, great, 658 00:29:07,150 --> 00:29:10,960 this is an old version because the new versions are not open source license. 659 00:29:10,960 --> 00:29:14,230 SSPL is not open source or BUSL, whatever the hell they're using. 660 00:29:14,470 --> 00:29:17,200 And I thought that was a terrific position to take. 661 00:29:17,710 --> 00:29:21,430 Some people are whiny about it and I honestly don't care about them because 662 00:29:21,430 --> 00:29:25,480 if, why don't you do volunteer work for an IBM subsidiary is one of the 663 00:29:25,480 --> 00:29:27,490 dumbest things I can think of to ask you. 664 00:29:28,760 --> 00:29:29,060 Mike McQuaid: Yeah. 665 00:29:29,060 --> 00:29:34,910 So I mean our, our view on this is, so what we say in BR is we have BR Core, 666 00:29:34,940 --> 00:29:39,710 which was our kind of original package manager, like open source stuff we did. 667 00:29:39,920 --> 00:29:43,370 And at some point we're like, okay, we say we only package open source stuff in here. 668 00:29:43,370 --> 00:29:47,750 What, what do we actually mean when we say that the nicest definition we came across 669 00:29:47,750 --> 00:29:49,639 was the dbn free software guidelines. 670 00:29:49,639 --> 00:29:49,940 Right. 671 00:29:49,940 --> 00:29:50,990 And they. 672 00:29:51,810 --> 00:29:55,170 Are not, as it might sound like if you're not, someone deeply versed with 673 00:29:55,170 --> 00:29:56,280 open source or free software, whatever. 674 00:29:56,310 --> 00:30:01,020 Essentially everything within their description is open source and it's 675 00:30:01,020 --> 00:30:02,820 a nice, clear definition of things. 676 00:30:02,820 --> 00:30:03,120 Right. 677 00:30:03,360 --> 00:30:07,890 And there we have a body called the OSI, who we also look to for the 678 00:30:07,890 --> 00:30:11,365 advice, who were the one, essentially the body that came up with the term. 679 00:30:12,014 --> 00:30:16,064 Open source back in the day, and I have the controversial viewpoint that words 680 00:30:16,064 --> 00:30:20,864 mean things and it's a good idea to make words continue to mean things such 681 00:30:20,864 --> 00:30:24,405 as, don't say literally when you don't mean literally, and I will die on that. 682 00:30:24,975 --> 00:30:26,955 Corey Quinn: Figuratively is the word you're grasping for and 683 00:30:26,955 --> 00:30:27,435 Mike McQuaid: Exactly, 684 00:30:27,495 --> 00:30:27,735 Corey Quinn: yes. 685 00:30:27,735 --> 00:30:31,544 Mike McQuaid: So with open source, we have rules on this stuff and 686 00:30:31,544 --> 00:30:33,405 when various companies lately. 687 00:30:34,649 --> 00:30:39,629 Have decided to, I guess, Hatchie Corp. Projects as example of one, maybe Redis, 688 00:30:39,629 --> 00:30:45,000 maybe Elastic Search, maybe MongoDB when they, as VC backed businesses 689 00:30:45,000 --> 00:30:49,710 decide that their business model is not well suited by their current open 690 00:30:49,710 --> 00:30:52,679 source license that they have just happened to rely on to get enormous 691 00:30:52,679 --> 00:30:54,210 amount of adoption of the last decade. 692 00:30:54,480 --> 00:30:54,780 Right. 693 00:30:54,780 --> 00:30:57,480 And they decide that they're gonna change that, uh, and relicense 694 00:30:57,480 --> 00:31:00,570 everyone's contributions over that period because they were. 695 00:31:01,304 --> 00:31:04,905 Foresighted enough to require everyone to sign over their copyright, which 696 00:31:04,905 --> 00:31:06,764 allows them to do that instantly. 697 00:31:06,764 --> 00:31:08,745 Hu Brew, various other projects do not do that. 698 00:31:09,074 --> 00:31:12,405 Then what that means is that they can do, as you described in that LinkedIn 699 00:31:12,405 --> 00:31:16,155 post, a rug pull and everyone's left going, well, wait a minute. 700 00:31:16,155 --> 00:31:17,054 Is this open source anymore? 701 00:31:17,054 --> 00:31:17,804 And the companies. 702 00:31:18,330 --> 00:31:21,000 Much to my chagrin will say, yeah, oh, yes, yes. 703 00:31:21,000 --> 00:31:23,580 This is, this is totally, so we we're just, it's just open source. 704 00:31:23,580 --> 00:31:25,889 But, uh, if you wanna make any money, then you need to give 705 00:31:25,889 --> 00:31:27,120 us all your, all of your money. 706 00:31:27,120 --> 00:31:29,040 But I mean, other than that, it's completely open source, right? 707 00:31:29,040 --> 00:31:29,790 Like it is fine. 708 00:31:30,090 --> 00:31:33,330 But again, as I say, when words mean things, it's like, well, in open 709 00:31:33,330 --> 00:31:34,500 source you don't get to do that. 710 00:31:34,560 --> 00:31:34,800 Right? 711 00:31:34,800 --> 00:31:34,810 And. 712 00:31:35,520 --> 00:31:36,570 And a lovely conversation. 713 00:31:36,725 --> 00:31:39,450 Corey Quinn: I, I will not volunteer for your pro for-profit enterprise because 714 00:31:39,450 --> 00:31:41,310 I won't let people volunteer for mine. 715 00:31:41,550 --> 00:31:46,020 Uh, when I contribute to open source, it is open source to which I am contributing, 716 00:31:46,050 --> 00:31:49,920 honestly, sometimes to that project's detriment because I'm terrible at it. 717 00:31:50,130 --> 00:31:52,860 But, you know, I, it's not for lack of caring and it's not for 718 00:31:52,860 --> 00:31:54,000 lack of philosophical purity. 719 00:31:54,060 --> 00:31:57,780 It's, there's a, there's a sense that there are things I will volunteer my time 720 00:31:57,780 --> 00:32:01,770 at energy for, and there are things I will do with a hope of making money out of 721 00:32:01,770 --> 00:32:03,450 it, and I try not to cross those streams. 722 00:32:03,675 --> 00:32:04,005 Mike McQuaid: Yep. 723 00:32:04,120 --> 00:32:05,895 And, and I, I think that's very wise, right? 724 00:32:05,895 --> 00:32:10,575 Like I, I was on a podcast recently with friend Justin Searles, and 725 00:32:10,575 --> 00:32:13,725 it was kind of cross pushed to the change log in, which I said like, 726 00:32:13,755 --> 00:32:15,555 open source is not a career, right? 727 00:32:15,555 --> 00:32:17,955 Like open source is not a business model. 728 00:32:18,075 --> 00:32:19,845 Open source is also not a career, right? 729 00:32:19,845 --> 00:32:23,985 And I think we have seen a bunch of people conflate these ideas. 730 00:32:24,885 --> 00:32:28,064 You need to pay all open source maintainers and market rate tomorrow, 731 00:32:28,064 --> 00:32:30,014 otherwise it'll not be sustainable. 732 00:32:30,014 --> 00:32:32,355 And similarly with companies, a company should be able to just 733 00:32:32,355 --> 00:32:36,314 release open source software, not charge anyone any money forever. 734 00:32:36,375 --> 00:32:40,845 And then like when they get upset that that is not a viable business model, 735 00:32:40,845 --> 00:32:44,715 they can change their license and point it the big cloud vendors and say like, 736 00:32:44,715 --> 00:32:46,064 well, they're, they're stealing our stuff. 737 00:32:46,064 --> 00:32:46,544 And it's like, well. 738 00:32:47,054 --> 00:32:49,455 You, they're stealing your stuff because you said it could be taken. 739 00:32:49,635 --> 00:32:51,345 That's what, that's what your license long 740 00:32:51,345 --> 00:32:52,935 Corey Quinn: time like back when there was a New York Times article 741 00:32:52,935 --> 00:32:55,665 about Amazon strip mining, open source like that, that's not. 742 00:32:56,280 --> 00:32:59,640 Accurate to my mind, they are doing nothing wrong. 743 00:32:59,910 --> 00:33:03,930 You can talk about whether they should be contributing back, but that's one of 744 00:33:03,930 --> 00:33:06,330 those, uh, appealing to our better angels. 745 00:33:06,420 --> 00:33:09,990 That is not one of those, if they have an obligation to do so. 746 00:33:10,110 --> 00:33:12,330 Now, I mean, Amazon does not do philanthropy. 747 00:33:12,330 --> 00:33:13,380 Let's be honest with ourselves. 748 00:33:13,650 --> 00:33:14,370 They're Amazon. 749 00:33:14,400 --> 00:33:17,280 They don't know what that word means, but so, okay. 750 00:33:17,550 --> 00:33:20,130 The problem that these companies made is early on, and I, I 751 00:33:20,130 --> 00:33:21,030 have some sympathy for it. 752 00:33:21,345 --> 00:33:22,305 2010 or so. 753 00:33:22,455 --> 00:33:23,355 Well, we wrote the code. 754 00:33:23,355 --> 00:33:25,995 Clearly we'll be the best ones to run it as a service. 755 00:33:26,205 --> 00:33:27,345 That didn't pan out. 756 00:33:27,675 --> 00:33:30,435 Now you have people starting open source based companies and they 757 00:33:30,435 --> 00:33:34,065 want all the benefits of open source without any of the drawbacks. 758 00:33:34,125 --> 00:33:37,545 Like, oh, should never have launched that project with an open source license. 759 00:33:37,635 --> 00:33:39,105 Yeah, but no one would've used it if you hadn't. 760 00:33:39,390 --> 00:33:40,350 So what's the story? 761 00:33:40,530 --> 00:33:43,620 Mike McQuaid: And the way I like to deal with this instead, right, is again, 762 00:33:43,680 --> 00:33:46,230 blog post I wrote a long time ago, a lot of people don't like me for it, 763 00:33:46,530 --> 00:33:50,340 but a bunch of open source maintainers do so worth it, uh, that I titled Open 764 00:33:50,340 --> 00:33:51,480 Source Maintainers owe you Nothing. 765 00:33:51,510 --> 00:33:54,300 And if you read any open source license, it essentially says, Hey 766 00:33:54,300 --> 00:33:57,960 look, if you use my open source and it breaks your computer on purpose, 767 00:33:58,050 --> 00:34:00,600 then sorry, you've agreed in using it. 768 00:34:00,810 --> 00:34:02,700 That you waive me of all responsibility for that. 769 00:34:02,700 --> 00:34:03,990 So tough luck, right? 770 00:34:03,990 --> 00:34:07,650 And to me, the way, if you say, you know, say Amazon, right? 771 00:34:07,890 --> 00:34:10,080 Amazon's strip money, my own source, they're using this stuff. 772 00:34:10,139 --> 00:34:14,070 Well, what you can do is just, if anyone who is an Amazon employee ever submits 773 00:34:14,070 --> 00:34:17,580 an issue on your project, you can go close and say, I don't wanna fix that. 774 00:34:17,700 --> 00:34:19,350 Your company has lots of resources. 775 00:34:19,560 --> 00:34:21,330 They can do what they want with their open source project. 776 00:34:21,540 --> 00:34:22,470 I'm not gonna help them. 777 00:34:22,530 --> 00:34:22,860 Right? 778 00:34:23,010 --> 00:34:24,210 You can choose to not accept issues. 779 00:34:24,210 --> 00:34:25,590 You can choose to not accept pull requests. 780 00:34:25,710 --> 00:34:26,580 You can choose to not. 781 00:34:26,895 --> 00:34:29,715 Respond to anyone from Amazon on your issue tracker ever again, if that's 782 00:34:29,715 --> 00:34:32,804 what you wanna do, and you as an open source maintainer, have the right 783 00:34:32,955 --> 00:34:34,574 to do whatever the hell you want. 784 00:34:34,665 --> 00:34:36,735 And that's, this is the beauty of it, right? 785 00:34:36,945 --> 00:34:38,025 And I think this is problem, the thankless 786 00:34:38,025 --> 00:34:38,385 Corey Quinn: job. 787 00:34:38,445 --> 00:34:40,965 I've gotta take the other side of it where most of the stuff I write 788 00:34:40,965 --> 00:34:43,425 these days, I used to open source all of it, because why wouldn't I? 789 00:34:43,425 --> 00:34:47,475 I, I'm sorry, but this way to wind up running a command simultaneously on 15 790 00:34:47,475 --> 00:34:50,205 nodes at once, uh, in every AWS region. 791 00:34:50,845 --> 00:34:52,375 That's not a competitive differentiator. 792 00:34:52,375 --> 00:34:55,405 That's just something I want to exist so other people can use it these days. 793 00:34:55,405 --> 00:34:58,675 I'll write quick one-offs and I just, I'll keep it in a private repo rather 794 00:34:58,675 --> 00:35:01,165 than open sourcing it just because I don't wanna hear it from people. 795 00:35:01,345 --> 00:35:01,615 Mike McQuaid: Yeah. 796 00:35:01,645 --> 00:35:01,825 Yeah. 797 00:35:01,825 --> 00:35:04,555 'cause that the, the level of entitlement is often crazy. 798 00:35:04,555 --> 00:35:04,855 And 799 00:35:04,975 --> 00:35:06,925 Corey Quinn: this is a yo low coded thing in half an hour or so. 800 00:35:06,925 --> 00:35:08,575 I just want it to work great. 801 00:35:08,575 --> 00:35:10,585 I, I know that you have other use cases for it. 802 00:35:10,645 --> 00:35:12,895 Go with God, have fun, but I don't wanna hear about it. 803 00:35:12,895 --> 00:35:13,525 I don't care. 804 00:35:13,765 --> 00:35:14,755 Vibe code it yourself. 805 00:35:14,905 --> 00:35:15,835 Mike McQuaid: Yeah, and And honestly, 806 00:35:15,835 --> 00:35:17,695 Corey Quinn: my coach should mostly be told as a cautionary tale. 807 00:35:18,715 --> 00:35:20,365 Mike McQuaid: The thing is as well, is often the people who are the most 808 00:35:20,365 --> 00:35:24,865 entitled about it, ironically, are often the people who are the most reliant on 809 00:35:24,865 --> 00:35:27,565 your free gift for them to do their job. 810 00:35:27,565 --> 00:35:30,985 I remember one time we upgraded a version of F fm PEG or changed the 811 00:35:30,985 --> 00:35:32,425 codec or something in br, right? 812 00:35:32,605 --> 00:35:36,745 And someone said like, I'm running my entire business off this, and you people 813 00:35:36,745 --> 00:35:39,115 have just broken my entire business. 814 00:35:39,115 --> 00:35:39,385 Like. 815 00:35:39,740 --> 00:35:40,700 Have you no shame. 816 00:35:40,700 --> 00:35:44,630 And I was basically like, sir, have you no staging environment like you 817 00:35:44,630 --> 00:35:48,800 have learned a lesson today about relying on other people's software 818 00:35:48,800 --> 00:35:53,390 given freely if, if you're literally running brew update and brew upgrade 819 00:35:53,570 --> 00:35:55,700 and that hoses your entire company. 820 00:35:56,115 --> 00:35:59,415 This is what we call a you problem, sir, and not a me problem. 821 00:35:59,415 --> 00:36:00,765 I didn't tell you to do that. 822 00:36:00,825 --> 00:36:04,425 You decided to do that and now all your stuff's broken like tough, right? 823 00:36:04,425 --> 00:36:04,485 If 824 00:36:04,485 --> 00:36:07,005 Corey Quinn: you're running latest or any other bleeding edge package manager in 825 00:36:07,005 --> 00:36:08,985 production, it's just a matter of time. 826 00:36:09,225 --> 00:36:11,385 Mike McQuaid: Yeah, and in some ways, again, this, this comes back 827 00:36:11,385 --> 00:36:14,535 to what you're saying about the, you know, well we built it, we should 828 00:36:14,535 --> 00:36:15,675 be the best to run in production. 829 00:36:15,675 --> 00:36:19,275 It's like, well, no, like you've demonstrated your ability of being 830 00:36:19,275 --> 00:36:23,565 very good at running a database open source project, you did not 831 00:36:23,565 --> 00:36:28,350 demonstrate your ability to provide a. Multi-region multiculture, like 832 00:36:28,410 --> 00:36:31,680 massively scalable cloud provider, right? 833 00:36:31,680 --> 00:36:36,090 Which is essentially what if you're offering a hosted database provider in 834 00:36:36,180 --> 00:36:38,370 2025, that's what you're doing, right? 835 00:36:38,370 --> 00:36:41,880 And chances are AWS is probably quite good at that. 836 00:36:41,970 --> 00:36:43,980 They probably have quite a lot of people who are quite good at that. 837 00:36:44,280 --> 00:36:44,700 And. 838 00:36:45,345 --> 00:36:47,055 Again, like, sorry folks. 839 00:36:47,115 --> 00:36:47,925 This is capitalism. 840 00:36:47,925 --> 00:36:51,195 I don't feel bad that you as a company trying to make lots of 841 00:36:51,195 --> 00:36:53,625 money, picked a fight with another company who are also trying to make 842 00:36:53,625 --> 00:36:54,915 lots of money and you didn't win. 843 00:36:55,125 --> 00:36:58,245 Like you don't get more sympathy because your code happens to be open source. 844 00:36:58,245 --> 00:36:58,575 Right? 845 00:36:58,815 --> 00:37:01,005 Corey Quinn: Oh, for me it's, there's a reason this entire conversation for 846 00:37:01,005 --> 00:37:02,625 the last half hour has been about. 847 00:37:02,635 --> 00:37:04,735 What we do on developer workstations. 848 00:37:04,885 --> 00:37:06,505 I have asked you none of the normal questions. 849 00:37:06,505 --> 00:37:10,525 I would if you were building a package manager aimed at, you know, production 850 00:37:10,525 --> 00:37:14,005 environments, because I have a whole different laundry list of this. 851 00:37:14,125 --> 00:37:17,485 The closest I run into this is, as I mentioned earlier, well the 852 00:37:17,485 --> 00:37:20,005 next developer we hire is gonna have slightly different versions 853 00:37:20,005 --> 00:37:21,565 of everything in their environment. 854 00:37:21,685 --> 00:37:25,615 Theoretically, I really do hope that the people are updating their 855 00:37:25,615 --> 00:37:27,175 packages on a consistent basis. 856 00:37:27,295 --> 00:37:29,120 Which brings me to my last question for you here. 857 00:37:29,875 --> 00:37:34,734 Have you ever given thought to having brew auto update on a schedule Bo uh, 858 00:37:34,765 --> 00:37:39,085 both itself as well as the packages that have been installed from it? 859 00:37:39,294 --> 00:37:42,475 Mike McQuaid: Yeah, so there's actually, again, a nice little external command 860 00:37:42,475 --> 00:37:46,345 for this, which was briefly in the Homebrew system, and then we decided 861 00:37:46,524 --> 00:37:47,875 it operated better independently. 862 00:37:47,875 --> 00:37:48,475 Elsewhere. 863 00:37:48,625 --> 00:37:49,225 Uh, by 864 00:37:49,464 --> 00:37:50,455 Corey Quinn: then it's not your problem, 865 00:37:50,515 --> 00:37:51,294 Mike McQuaid: sort of Yeah. 866 00:37:51,355 --> 00:37:53,955 Uh, by a lovely Shapero called Dom, who used to be a Homebrew container, 867 00:37:54,355 --> 00:37:56,365 and it's called Homebrew Auto Update. 868 00:37:56,365 --> 00:37:56,899 If you search for that. 869 00:37:57,305 --> 00:38:00,875 And yeah, you could basically have that as Aron job that basically every night 870 00:38:00,935 --> 00:38:04,985 just in the background will just bulk upgrade everything on your machine. 871 00:38:05,165 --> 00:38:05,404 Right? 872 00:38:05,465 --> 00:38:09,335 And if that's how you want to do it, then that's how you can do it, right? 873 00:38:09,515 --> 00:38:12,935 Again, another happy middle ground on there, which I quite liked, is 874 00:38:13,355 --> 00:38:16,595 if you say using something like Brew Bundle, uh, like I mentioned before. 875 00:38:17,195 --> 00:38:18,485 Then you can have through bundle. 876 00:38:18,485 --> 00:38:20,465 By default, we'll upgrade all your packages. 877 00:38:20,465 --> 00:38:24,215 So if you have a project, say with your coworkers at work, right? 878 00:38:24,215 --> 00:38:29,045 Say you are relying on MySQL and rust and. 879 00:38:29,460 --> 00:38:33,810 JavaScript being installed in this like particular project, right? 880 00:38:33,840 --> 00:38:37,920 You can have a brew file in your repo route that has those packages in them, 881 00:38:38,190 --> 00:38:42,000 and then if someone runs it, then it'll upgrade everything and then okay, you 882 00:38:42,000 --> 00:38:44,730 might have someone else on the team who's in an inconsistent state, but 883 00:38:44,730 --> 00:38:47,520 then they, they can just run the same command and they will get to the same 884 00:38:47,550 --> 00:38:51,570 state so that the state is based on time rather than by, based on a lock file. 885 00:38:51,720 --> 00:38:54,000 But you can still get some degree of consistency there. 886 00:38:54,210 --> 00:38:56,670 And also what you could do, which is what I tend to do in those 887 00:38:56,670 --> 00:38:57,615 situations, if you want to be like. 888 00:38:58,225 --> 00:38:59,065 A step ahead. 889 00:38:59,275 --> 00:39:02,365 Say people are not running upgrade relatively often, or you're, you 890 00:39:02,365 --> 00:39:04,795 have an onboarding floor or whatever and you don't want it to break. 891 00:39:05,035 --> 00:39:07,975 You can set up a GitHub actions job with a Macs runner that 892 00:39:07,975 --> 00:39:09,055 just runs that every night. 893 00:39:09,205 --> 00:39:12,265 And then when it fails, it opens an issue or send somebody an email or 894 00:39:12,265 --> 00:39:15,475 whatever, and then you know, oh, like something in Homebrew got upgraded 895 00:39:15,775 --> 00:39:16,855 and now we need to go fix that. 896 00:39:16,855 --> 00:39:17,095 Right. 897 00:39:17,095 --> 00:39:20,545 And you can deal with that when you choose to, rather than just like being 898 00:39:20,545 --> 00:39:23,545 like, oh, some particular developer ran a particular thing at a particular time. 899 00:39:23,890 --> 00:39:27,190 No, like, come on, people like we, we have ways of solving these types of 900 00:39:27,190 --> 00:39:28,755 problems with reproducible environments. 901 00:39:29,490 --> 00:39:31,230 Which you can do with GitHub actions. 902 00:39:31,380 --> 00:39:31,860 Ta-da. 903 00:39:32,010 --> 00:39:32,550 Problem solved. 904 00:39:32,940 --> 00:39:35,940 Corey Quinn: It's, it's a fantastic tool and I wanna thank you for spending as 905 00:39:35,940 --> 00:39:37,500 much time as you do on getting it to work. 906 00:39:37,590 --> 00:39:39,870 If people wanna learn more, where's the best place for them to go? 907 00:39:40,110 --> 00:39:44,610 Mike McQuaid: Uh, more about Homebrew, you can go to brew.sh um, our lovely domain. 908 00:39:44,700 --> 00:39:47,670 If you are interested in the code or contributing, then that will also 909 00:39:47,670 --> 00:39:48,940 take you to the Homebrew GitHub repo. 910 00:39:49,335 --> 00:39:50,685 Tells you all about getting involved. 911 00:39:51,075 --> 00:39:56,085 If people want to see more about me and my ramblings on open source and other 912 00:39:56,085 --> 00:39:59,535 things, then they can go to my website at mikemcquaid.com, which links out 913 00:39:59,535 --> 00:40:01,755 to all my other internet presences, 914 00:40:02,235 --> 00:40:04,875 Corey Quinn: and we will of course put links to all of this in the show notes. 915 00:40:05,025 --> 00:40:07,125 Thank you so much for taking the time to speak with me. 916 00:40:07,185 --> 00:40:07,935 I appreciate it. 917 00:40:07,935 --> 00:40:08,595 Mike McQuaid: Thank you for having me. 918 00:40:08,955 --> 00:40:09,525 A delight. 919 00:40:09,835 --> 00:40:12,064 Corey Quinn: Mike McQuaid, project Leader at Homebrew. 920 00:40:12,384 --> 00:40:15,415 I'm Cloud economist Corey Quinn, and this is Screaming In the Cloud. 921 00:40:15,625 --> 00:40:16,884 You've enjoyed this podcast. 922 00:40:17,005 --> 00:40:20,335 Please leave a five star review on your podcast platform of choice, whereas 923 00:40:20,335 --> 00:40:23,755 if you hated this podcast episode, please, we have a five star review 924 00:40:23,755 --> 00:40:27,205 on your podcast platform of choice, along with an entitled, whiny comment. 925 00:40:27,399 --> 00:40:31,180 That we'll never see because that platform wound up, uh, having their entire stuff 926 00:40:31,180 --> 00:40:36,009 go down because someone ran a brew install without any idea of pinning or 927 00:40:36,009 --> 00:40:39,970 the fact that this is not how one should run production as a responsible grownup,