HomeBrew VS spack

Since you're on macOS, Homebrew is your friend for installing and managing software like PostgreSQL. If you don't have Homebrew installed yet, head to brew.sh and follow the installation instructions.

Homebrew is the go to for developer using MacOs to be able to install applications. It's the equivalent of Aptitude in Ubuntu.

Install Vagrant using Homebrew:

Thanks for the kind words <3

Rewrite in Rust: never :)

A non-Ruby frontend may be possible but, fundamentally, the Formula DSL is Ruby and we couldn't feasibly move to another language without breaking backwards compatibility with everything.

The "update tons of stuff you never asked for": we're working on this: https://github.com/Homebrew/brew/issues/19202

Performance in general: we're doing what we can to improve it wherever possible. Ruby makes this harder but it is getting better rather than worse at this point.

> I wonder if you can get away with not doing parallel downloads, but just keep the sequential downloads going in the background while it is installing a package?

I could be wrong, but I believe multiple people, including maintainers, have looked into exactly that :-)

(I also need to correct myself: there is some work ongoing into concurrent downloads[1]. That work hasn't hit `brew install` yet, where I imagine the question of concurrent traffic volume will become more pressing.)

[1]: https://github.com/Homebrew/brew/issues/18278

Install glibc and patchelf using brew (Homebrew), or build from source, or use a prebuilt binary (if available). This guide uses brew. Also you can see this.

Install brew

In past personal projects, and in my most recent role, I've used Docker for dependency management to avoid the "works on my machine" scenario. I also just like keeping dependencies off my machine, but for this project I opted not to use containers given my lack of dependencies. I used Homebrew for all my needs :).

Install Homebrew if it's not already available on your computer.

You could use a package manager that packages C, C++, Fortran and Python packages such as Spack: here's the py-shapely recipe [1] and here is geos [2]. Probably nix does similar.

[1]: https://github.com/spack/spack/blob/develop/var/spack/repos/...

Just out of curiosity, have you checked out Spack, https://github.com/spack/spack, which has a lot of HPC users. Support for mixing and matching both system and from source dependencies has been extremely useful in my work.

> Are we talking about the same autotools?

Yes. Instead of figuring out how to do something particular with every single software package, I can do a --with-foo or --without-bar or --prefix=/opt/baz-1.2.3, and be fairly confident that it will work the way I want.

Certainly with package managers or (FreeBSD) Ports a lot is taken care of behind the scenes, but the above would also help the package/port maintainers as well. Lately I've been using Spack for special-needs compiles, but maintainer ease also helps there, but there are still cases one a 'fully manual' compile is still done.

> Suffice it to say, I prefer to work with handwritten makefiles.

Having everyone 'roll their own' system would probably be worse, because any "mysteriously failure" then has to be debugged specially for each project.

Have you tried Spack?

* https://spack.io

* https://spack.readthedocs.io/en/latest/

Well, good luck with that, cause it's broken.

Previous release miscompiled Python [1]

Current release miscompiles bison [2]

[1] https://github.com/spack/spack/issues/38724

[2] https://github.com/spack/spack/issues/37172#issuecomment-181...

gh is available via Homebrew, MacPorts, Conda, Spack, Webi, and as a…

> I can't count the number of times I've seen people say "md5 is fine for use case xyz" where in some counterintuitive way it wasn't fine.

I can count many more times that people told me that md5 was "broken" for file verification when, in fact, it never has been.

My main gripe with the article is that it portrays the entire legal profession as "backwards" and "deeply negligent" when they're not actually doing anything unsafe -- or even likely to be unsafe. And "tech" knows better. Much of tech, it would seem, has no idea about the use cases and why one might be safe or not. They just know something's "broken" -- so, clearly, we should update.

> Just use a safe one, even if you think you "don't need it".

Here's me switching 5,700 or so hashes from md5 to sha256 in 2019: https://github.com/spack/spack/pull/13185

Did I need it? No. Am I "compliant"? Yes.

Really, though, the main tangible benefit was that it saved me having to respond to questions and uninformed criticism from people unnecessarily worried about md5 checksums.