oh, for fucks sake, i'm on hacker news again
Conversation
great question, hhsbz: the problem is that mixing glibc and musl is akin to mixing mentos and diet coke. you just don't do it. they're not compatible.
1
18
what the hell is a "right to foss" exactly? also, the only thing my proposed change does is encode something that is already a fact: mixing musl and glibc runtimes results in an unstable system.
2
1
18
it's not pointless complaining when you're the one who gets to deal with the pile of shit some "consultant" created 2 years from now.
1
11
perhaps instead of replying to every post on hacker news with the same thing, because you can't take that a trans girl on the internet wrote about mixing alpine and glibc, you should try reading my post.
4
11
this is actually a point of contention in the alpine community, and we're working on a solution for it, but the best thing developers can (and should) do is use a proper DNS library instead of getaddrinfo(3)
4
15
Replying to
I don't see how that solves anything. You can't expect users to use a nonstandard library in their software. The solution available that works just fine right now is switching to a nonbroken (not Google) recursive, or running caching (+validating 👍) nameserver on ::1.
4
3
I think the nicest setup would be shipping with a minimal unbound as a forwarding-only caching resolver automatically using the DNS servers from DHCP/SLAAC.
It'd be nice to have opportunistic DoT by default like AOSP too but I don't think unbound can enable it automatically yet.
1
2
DANE TLSA isn't being broadly adopted outside of mail servers yet but it has momentum going now. SSHFP records are also really nice and available today. I always set up ed25519 sha256 SSHFP record for each server with zeroed ones for names that aren't meant to be used with SSH.
It's also nice to have a separate process for all this complexity so it can be contained separately from applications.
There's little downside to a shared local resolver/cache since everyone is just using a caching resolver over the network anyway.
1
1
systemd has these features via systemd-resolved. I always replace it with unbound on systemd distributions but their implementation isn't that bad anymore.
It would be nice if non-systemd distributions kept up and started providing DNSSEC and the other advantages of this too.
1
1
Show replies