Those package managers all look to me like a giant disaster, and the first order of business should be to eliminate all of it. So if you are using that as an example of how to do things well, I am not riding that train.
-
-
Replying to @Jonathan_Blow @al45tair and
Separately, there was no acknowledgement or rectifying of failure of terrible ideas that were pushed specifically to avoid things like this. So, COM is still here, which was supposed to "solve" the versioning problem, but we _also_ now have package managers. It's truly insane.
2 replies 0 retweets 14 likes -
Replying to @cmuratori @Jonathan_Blow and
What sane ways to deal with versioning and dependencies are you aware of ? It seems to me that the problem itself is unavoidable if you want reusable pieces software that can evolve, but I don't know of environments where it's not a nightmare to deal with.
2 replies 0 retweets 2 likes -
Replying to @moskitoc_ @Jonathan_Blow and
Just don't. Basically none of the things that are done today with package managers, containers, etc. actually need to be done. A statically linked executable would have worked, it's just people no longer even know how to build such a thing.
4 replies 2 retweets 39 likes -
Replying to @cmuratori @moskitoc_ and
The problem with that approach is what happens when for example there is a security issue in the library. If you statically link you need to release a new version. This happened already with openssl for example.
2 replies 0 retweets 0 likes -
Replying to @fede_cba @cmuratori and
This is solely due to operating system implementation details that would be easily rectifiable if anybody fucking cared.
1 reply 0 retweets 2 likes -
Replying to @Jonathan_Blow @cmuratori and
Most issues are caused by buffer overflows or memory issues and can be prevented. But they are other side channel or timing issues that are not so easy to avoid
1 reply 0 retweets 0 likes -
Replying to @fede_cba @cmuratori and
That has nothing to do with what I am talking about. Why do you think static libraries can't be patched?
1 reply 0 retweets 0 likes -
Replying to @Jonathan_Blow @cmuratori and
It can, but every single program linking it has to update. And that won't happen with most software.
3 replies 0 retweets 0 likes -
Replying to @fede_cba @Jonathan_Blow and
Basically imho both approaches have issues. So is kind of a pick your poison situation
1 reply 0 retweets 0 likes
Except they don't have the same number of issues is my point. Static linking at least ensures that we are all talking about the same configuration. Dynamic linking means it is very difficult to know what the security status of a server even is.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.