[nray]

When Microsoft launched the (let's face it, baroque) complexity that is Windows Installer (MSI), we didn't get the WiX Toolset, instead we got an expensive proprietary profiling tool for capturing before/after snapshots, and an entry-level version bundled on the Windows 2000 CD which didn't really solve anybody's problem. No suprises then that the MSI format didn't immediately take over, and Microsoft would presume all the way to Intune that their customers were deploying MSI packages when mostly we weren't.

I always wondered what would have happened if the WiX Toolset had been available from the start, and I like to compare the more organic success of the Microsoft Deployment Toolkit (MDT) being more open and hackable as an example. I guess the time just wasn't right.

[api]

This is a bit tangential, but I consider all this complexity to be a code smell. The real answer to the problem MSI, WiX, and on Linux package managers and nix are trying to solve is the wrong problem.

The entire concept of installing application software “on” the system in a way that modifies the OS is deeply flawed. It’s a security nightmare and it doesn’t scale. As you try to scale it you inevitably have to build a massive baroque state management system that is brittle and terrible for developers to use.

Mobile has the right idea here. Apps are containers. If it seems like an app needs to reach outside of its container this in fact is revealing a shortcoming of the OS APIs that should be addressed there.

Installing an app should be a matter of dropping it on the system. Uninstalling it should be a matter of deleting it.

There might still be a niche for installers in this world but they would be for drivers and OS level third party enhancements. There would not be many of these. 99% of apps do not need this level of access.

Going back to the first paragraph: if you find yourself trudging through a tangled swamp of complexity with no end in sight, I personally believe that this a sign that you are either solving the wrong problem or solving it in a fundamentally wrong way.

When confronted with this a good developer will solve it. A great developer will question it. A genius will make it unnecessary.

The question to always be asking is: is this incidental complexity or essential complexity? Essential complexity is present in the real world problems being solved. Incidental complexity is self inflicted. I personally believe that most software complexity is incidental. It’s at least more than half.

[k8svet]

I feel like this comment awkwardly intermixes the problems of global shared-state package management (which Nix does not suffer from), and runtime isolation (which Flatpak/Portals are for).

EDIT: I do think there's a lot of interesting space to explore, for bringing isolation concepts into NixOS (or one of the other nix-based distro-likes)

[xcdzvyn]

In what way do you feel Nix doesn't achieve this? Because software can still ultimately rely on system state?

I'd contend Nix is the best package management system yet, and while its certainly complex, much of that complexity only exists to hack around decades of bodges.

[cfn]

I really tried to use msi back when it appeared but it wouldn't work in certain versions of Windows without installing something else before. I can't remember the details but it was self defeating.

[viraptor]

Now the same thing happens with msix. Looks nice, but want to manage services through it? Only allowed on consumer editions, not on fairly recent server systems. Totally makes sense /s

[burnte]

I'm not sure what your experience is, but in the vast majority of enterprise AD forests, most apps are deployed by MSI and have been for quite a while. MSI actually took off really quickly, and most installer kits shrank a lot, many disappearing. These days most of the remaining large commercial installer kits generate MSIs as well as EXEs.

[nray]

In my experience large Microsoft customers deployed applications with SCCM, now perhaps moving to Intune. Distributing MSIs via group policy is fairly primitive compared to what endpoint management platforms can offer.

But my point was that large commercial installer kits were always required to produce MSIs, in the absence of something like the WiX Toolset.

[burnte]

Using SCCM doesn't preclude MSIs at all. MSIs via group policy are probably used 1000x more often than SCCM.

[firesteelrain]

OR Ansible.