there is an important third category of options, which is to reproduce the desired functionality of a library. good text handling is important to users, so it is equally important that more programmers practice the implementation of good text-handling libraries (from scratch).
-
-
With all due respect, this is implying that English speakers can write, say, Arabic text handling just as well as Arabic speakers can. Not only is this false, this sentiment has ugly cultural implications.
2 replies 0 retweets 3 likes -
Replying to @pcwalton @JamesWidman and
Expecting everyone to contribute to one monolithic culture has its own problems. Would building a software ecosystem for Arabic speakers be easier if it didn't need to fit in Latin-centric infrastructure?
1 reply 0 retweets 0 likes -
I think this is key to argument: _small_ deps are the concern, and the putative "harm done" by rewriting a dep (because you don't trust it or simply don't _like_ it -- deps are always a bit of an imperfect fit) is proportional to the dep's size. Big deps matter, but are accepted.
1 reply 1 retweet 6 likes -
Replying to @graydon_pub @jckarter and
I dunno. libsodium is a small dependency. But rewriting that puts users at risk.
2 replies 0 retweets 1 like -
This Tweet is unavailable.
-
Replying to @_moonstorms @sunshowers6 and
Crypto is no less dangerous to rewrite if it’s 20 lines or 200.
3 replies 0 retweets 0 likes -
Replying to @pcwalton @sunshowers6 and
Let me define "small" differently: a dependency you would feel little difficulty in rewriting yourself. Especially if picked up transitively, without even noticing it. The concern here is that people are underestimating the additional auth & audit risk when making that judgement.
1 reply 0 retweets 3 likes -
Replying to @graydon_pub @sunshowers6 and
I have the opposite concern. People *feel* little difficulty rewriting text shaping. Then they ship Latin-only apps. There are costs the other way too, and programmers frequently underestimate *those* costs.
1 reply 0 retweets 3 likes -
Replying to @pcwalton @graydon_pub and
The biggest danger is in areas that *seem* simple, but due to programmer overconfidence, they are not. Areas where, as an industry, we repeatedly make the same mistakes. Crypto, internationalization, date/time handling, HTML escaping, Windows-friendly path handling…
3 replies 1 retweet 6 likes
When I was a kid I wrote a website that used regexes for HTML escaping, because I didn’t want dependencies. That’s what I want to push people away from doing. :)
-
-
Replying to @pcwalton @sunshowers6 and
I think that's a valid concern. But I think there's a nuance to it because there are lots of legit reasons to rewrite, revisit or subset. The position you're presenting is, after all, part of how we got so many people using OpenSSL for so long instead of revisiting & redesigning.
1 reply 0 retweets 7 likes -
Replying to @graydon_pub @pcwalton and
And like .. text libraries have hugely complex feature spaces (as you know). Wrong library FFI shape, alloc patterns, code footprint, latency, hardware assumptions, compat layers, security hardening, etc. etc. I think there are many cases where non-reuse makes sense.
2 replies 0 retweets 2 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.