DotSlash: Simplified Executable Deployment(github.com)
31 points by microflash 3 days ago | 7 comments
mbreese 22 hours ago
I'm not sure how to feel about this.

On one hand, it's an appealing way to manage dealing with different OS/Arch for a binary. On the other hand, this is not something I'd want to use in production, as it's very implicit. I'd rather explicitly call specific versions of installed binaries over implicitly call files installed in $DOTSLASH_CACHE (particularly if the binary is fetched on-demand).

This looks like it could be a useful tool in certain situations, such as shared/consistent dev environments. But generating the dotslash file (with hashes, urls, etc...) seems quite manual, which will limit adoption. In this way, it's not too different from traditional environmental module files, but it does automate a good chunk. If the main use-case is development, I'm not sure if this is better than devcontainers.

It seems like a useful tool, but I'm not sure where I'd actually use it. Maybe I'm missing the main use cases?

mhh__ 21 hours ago
It's a tool for fetching things and making sure what you fetch is what it's supposed to be.

For facebook in particular I'd guess it's basically just a bootstrapping step for buck2 and other basic tools like that.

Containers are obviously tempting but I think they're basically a way of shoving complexity under the bed whereas the approach that dotslash nudges you towards is slightly hormetic in that it helps you manage the complexity while also acting a slight tax on it's growth.

0cf8612b2e1e 23 hours ago
What’s the sell on this vs committing a mise/asdf/etc configuration with pinned versions?
mrbluecoat 23 hours ago
> executing a DotSlash file could "run anything,"

https://dotslash-cli.com/docs/motivation/

Seems promising but obviously security around the dotslash file needs to be well thought out.

Rohansi 23 hours ago
Why does it need to be thought out at all? The whole point of this is to run something on your machine.
umvi 1 day ago
This seems like it could be a good way to manage multiple toolchains as well (multiple golang, etc)
mhh__ 23 hours ago
Absolutely love this style of tool management. Why do we ever install anything?

Edit: consider also git bisect!

JTyQZSnP3cQGa8B 22 hours ago
> Why do we ever install anything

To be able to reproduce all the procedures reliably, constantly, and without an internet connection. At least it's a requirement for my job and some other industries. Also because it's good to be serious about your job, and because reproducible builds is a nice thing to do.

mhh__ 22 hours ago
This is more reproducible than most things people come up with ad-hoc, it insists upon the hash of the thing it downloads.
hiatus 23 hours ago
This _does_ seem to "install" things to a DOTSLASH_CACHE dir though.[1] It seems similar to tools like nvm of pyenv but in this case can handle more than just a single target language. Pretty neat.

[1] https://dotslash-cli.com/docs/flags/#environment-variables

bityard 23 hours ago
Well, it looks like you have to install DotSlash.
mhh__ 22 hours ago
You can actually just bootstrap with a shebang script
VyseofArcadia 22 hours ago
Not to be confused with Slashdot, the tech and tech-adjacent news aggregator of yore.
mvuksano 23 hours ago
Looks like one more open source project used to show "external impact" for a PSC.
guessmyname 23 hours ago
Don’t hate the player, hate the game.

Many people, including myself (currently at Apple) play the promotion game every cycle to continue making progress in our individual careers.

Many of us try to build useful things, but that’s not possible every single time due to seasonal interest on certain technologies.

mvuksano 21 hours ago
Not hating the player nor the game. Point was that it's hard to adopt something that one can't be confident will be maintained and supported a year from now.
quesera 22 hours ago
The player and the game are symbiotic.