APT Features that Web Tooling Craves

January 04, 2017 •

Part of my switch to the Bash on Ubuntu on Windows (can we call this “Winbuntu”?) means that I’ve been using apt on a regular basis. The Advanced Packaging Tool (apt) is a package manager for installing Linux packages, not too different from web tool package managers like bundler, gem, npm, yarn, bower, etc. I’ve grown to really appreciate the design decisions that have gone into apt and I’d like to bring up a few killer features inside apt that I think web tool package managers are missing:

  1. Update and security notifications
  2. Package size confirmation
  3. Autoremove notification

Update and security notifications

Every two weeks or so when I log into bash I get one of these messages:

66 packages can be updated.
37 updates are security updates.

Out of ~532 packages, 66 needed updating. More importantly 37 of those are security updates! This simple notification nudges me to keep my system updated and more secure. I wish npm or bundler had functionality like this for web projects. It would be ideal for our package management systems to encourage better security by default. There is npm outdated and bundle outdated but there are two deficiencies with web tooling: one is that in my experience wholesale update on projects rarely goes smooth and two, to my knowledge there is no way flag the difference between a regular update and a security update.

I understand features like this aren’t easy and probably exacerbates existing performance problems but this is something I’d like to see in web tooling. Maybe the interim is making sure our editors nag us about outdated dependencies like this Atom plugin.

Package size confirmation

Whenever I install a package using apt install, I get a confirmation dialog about the size of the package.

~$ apt install cowsay
Reading package lists... Done
Building dependency tree
...
After this operation, 90.1 kB of additional disk space will be used.
Do you want to continue? [Y/n]

This kind of information is valuable. 90kb just to make a cow say stuff in my command line! This would be especially useful on the web where every kilobyte matters. Not every package or gem is served to the client, but the default state of web tooling right now is ignorance. I don’t find out about the weight of dependencies until after I’ve required, preprocessed, transpiled, postprocessed, webpacked, tree-shaken, and served. It’s way harder to unearth deeply buried problems.

Every install or update inside apt reports the size of the changes on my system. I suspect this reporting occurs in part because of Linux’s tendency to run on extremely variant, low-power hardware with storage and memory constraints. Sound familiar? Those are the same constraints of the web! But the web also deals wtih hyper-flaky and latent cell phone towers mixed in. With apt, the size of the packages I’m installing is always top of mind.

Recently, Addy Osmani added Performance Budgets to Webpack and I think these types of features are invaluable. Having our tools continually monitor basic performance like filesize reduces the collective developer ignorance about what these black boxes are spitting out and we in-turn send to the client. Unfortunately, the decision was made to turn this off by default because it was too verbose.

Autoremove notification

There’s other helpful information when you apt install, it checks the state of your pages and determines which packages are no longer in use:

Reading state information... Done
The following packages were automatically installed and are no longer required:
  cpp-4.8 gcc-4.8 libasan0 libboost-iostreams1.58.0 libc-ares2 libcloog-isl4 libgcc-4.8-dev libisl10 libstdc++-4.8-dev
  libv8-3.14.5
Use 'apt autoremove' to remove them.

Using apt autoremove I can begin cleaning up my system. This maybe happens inside the miles of logbarf in my console, but it’s not clear and I’d wager the apt autoremove notification is a stronger mechanism/reminder to get people to clear out old/unused packages. Less legacy code that could sneak into the dependency graph.

Smarter defaults in software design

These three microfeatures are examples of great design decisions in software. Smart defaults like these can nudge users towards better decision making and behaviors. It’s called “Libertarian Paternalism”; give people choices, but make the defaults beneficial to the user. And if we developers have tools that help us make better products, that will translate to users of the products we’re building.

And here’s a hilarious joke a cow once told me:

 _________________________________________
/ Q: What did the cow say about your slow \
\ website? A: It's UDDERly useless.       /
 -----------------------------------------
        \   ^__^
         \  (oo)\_______
            (__)\       )\/\
                ||----w |
                ||     ||