I'm absolutely not suggesting that. I'm suggesting that the fact that almost no meaningful AAA system exists for distributed software development teams is an interesting and worthwhile problem to focus attention on.
-
-
I mean, we have like N=47,362 incompatible chat protocols and easily exp(N) worth of JS frameworks and maybe _one_ serious attempt at thinking about distributed software update security (TUF) which every time I even mention, a dozen people pop up to argue the inadequacies of?
2 replies 0 retweets 11 likes -
Replying to @graydon_pub @mitsuhiko
I guess I don’t feel that strongly about whether there should be fewer actors to trust or not. I do feel strongly that projects shouldn’t rewrite code just to avoid dependencies.
2 replies 0 retweets 3 likes -
For example, a *lot* of the reason software is so unfriendly to non-Latin language speakers is because people who speak those languages just homebrew their text handling instead of using libraries. This is manifestly unfair to most of the world.
4 replies 1 retweet 7 likes -
there is an important third category of options, which is to reproduce the desired functionality of a library. good text handling is important to users, so it is equally important that more programmers practice the implementation of good text-handling libraries (from scratch).
2 replies 0 retweets 0 likes -
With all due respect, this is implying that English speakers can write, say, Arabic text handling just as well as Arabic speakers can. Not only is this false, this sentiment has ugly cultural implications.
2 replies 0 retweets 3 likes -
Replying to @pcwalton @JamesWidman and
Expecting everyone to contribute to one monolithic culture has its own problems. Would building a software ecosystem for Arabic speakers be easier if it didn't need to fit in Latin-centric infrastructure?
1 reply 0 retweets 0 likes -
I think this is key to argument: _small_ deps are the concern, and the putative "harm done" by rewriting a dep (because you don't trust it or simply don't _like_ it -- deps are always a bit of an imperfect fit) is proportional to the dep's size. Big deps matter, but are accepted.
1 reply 1 retweet 6 likes -
Replying to @graydon_pub @jckarter and
I dunno. libsodium is a small dependency. But rewriting that puts users at risk.
2 replies 0 retweets 1 like -
Libsodium is 56 kloc and 6 years of work by experts (plus a previous 5 years by academics developing its upstream). People who use it track its maintenance status relatively carefully (and often vendor it).
1 reply 0 retweets 4 likes
I wasn’t aware that libsodium had gotten so big, but whatever, that example isn’t central to my point. Crypto code is hard to get right, regardless of how many lines it is.
-
-
Replying to @pcwalton @graydon_pub and
What do you guys think of cargo-crev? or something similar at least?
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.