oh, for fucks sake, i'm on hacker news again
Conversation
great question, hhsbz: the problem is that mixing glibc and musl is akin to mixing mentos and diet coke. you just don't do it. they're not compatible.
1
18
what the hell is a "right to foss" exactly? also, the only thing my proposed change does is encode something that is already a fact: mixing musl and glibc runtimes results in an unstable system.
2
1
18
it's not pointless complaining when you're the one who gets to deal with the pile of shit some "consultant" created 2 years from now.
1
11
perhaps instead of replying to every post on hacker news with the same thing, because you can't take that a trans girl on the internet wrote about mixing alpine and glibc, you should try reading my post.
4
11
this is actually a point of contention in the alpine community, and we're working on a solution for it, but the best thing developers can (and should) do is use a proper DNS library instead of getaddrinfo(3)
4
15
Replying to
I don't see how that solves anything. You can't expect users to use a nonstandard library in their software. The solution available that works just fine right now is switching to a nonbroken (not Google) recursive, or running caching (+validating 👍) nameserver on ::1.
4
3
I think the nicest setup would be shipping with a minimal unbound as a forwarding-only caching resolver automatically using the DNS servers from DHCP/SLAAC.
It'd be nice to have opportunistic DoT by default like AOSP too but I don't think unbound can enable it automatically yet.
DANE TLSA isn't being broadly adopted outside of mail servers yet but it has momentum going now. SSHFP records are also really nice and available today. I always set up ed25519 sha256 SSHFP record for each server with zeroed ones for names that aren't meant to be used with SSH.
1
1
It's also nice to have a separate process for all this complexity so it can be contained separately from applications.
There's little downside to a shared local resolver/cache since everyone is just using a caching resolver over the network anyway.
1
1
Show replies