Possible Distributions quote of the year
Possible Distributions quote of the year
Posted Jan 23, 2025 22:35 UTC (Thu) by Cyberax (✭ supporter ✭, #52523)In reply to: Possible Distributions quote of the year by bluca
Parent article: Distributions quote of the week
Yeah, new-fangled stuff introduces half-brained ideas that have not been vetted and tried in practice.
> It's useless in an immature, experimental ecosystem, sure.
Like all the new systemd tools? E.g. resolved breaking mDNS that has been working for decades. Or mount units that break with systemd's own philosophy of job supervision and don't support retries.
> In a stable distribution it is very useful to have a stable ABI, so that for example you do not ship hundreds of gigabytes of binaries, and for example you don't multiply the memory footprint by x10000 as the dso are shared among all processes
We actually have numbers. Alpine is mostly statically linked, and it's not that much larger in practice.
We also have a pretty good experience with Rust for large projects. I've been using it myself since before it was cool, and my project from 2016 still compiles fine. API stability is great, and Cargo works well to create reproducible environments. I don't have to tear out my hair because the newest distro lacks the old version of OpenSSL that is not backwards compatible with the one that I used.
And dynamic linking can't reasonably work with languages like Rust or C++ with templates. The most advanced language that even tries that is Swift.
Posted Jan 24, 2025 12:42 UTC (Fri)
by bluca (subscriber, #118303)
[Link] (2 responses)
So it's new according to you? That's funny, because according to the rest of the universe dlopen is so incredibly old that even ancient and dusty parchments known as POSIX mention it: https://pubs.opengroup.org/onlinepubs/009695399/functions...
But don't let facts get in the way of a good old baseless rant, by all means
> E.g. resolved breaking mDNS that has been working for decades
Works fine here, have you tried turning it off and on again?
> Or mount units that break with systemd's own philosophy of job supervision and don't support retries.
We use the interfaces that we are given, and proc/self/mountinfo was an absolutely horrid interface to work with, that doesn't work at any scale beyond trivial fixed mounts and is inherently racy. Now we got new and shiny APIs in the kernel, and as libmount from util-linux switches to it, the situation with mounts tracking should massively improve, especially in complex deployments. Yeah the situation sucked until now, no argument there.
> We actually have numbers. Alpine is mostly statically linked, and it's not that much larger in practice.
Yeah, because it ships nothing, it's basically busybox and a bunch of symlinks...
> I don't have to tear out my hair because the newest distro lacks the old version of OpenSSL that is not backwards compatible with the one that I used.
So the epitome of the Rust ecosystem can be summarized with "Let's use an old OpenSSL choke full of CVEs and with no security support whatsoever, that will surely cause no issue at all". That's a great advert. And then Rust fanboys wonder why people who need actually stable, secure and maintainable distributions have a problem with all of this...
> And dynamic linking can't reasonably work with languages like Rust or C++ with templates. The most advanced language that even tries that is Swift.
You say that it can't reasonably work, and then provide an example where it does reasonably work. That seems odd. But anyway it's an entirely self-inflicted problem: after the whole horrid mess of C++ templates, why oh why would anyone look at that and say "more please!" is something I cannot possibly fathom. But de gustibus, I guess.
Posted Jan 24, 2025 18:31 UTC (Fri)
by Cyberax (✭ supporter ✭, #52523)
[Link]
Yeah. My dlopen()-less Alpine Linux now has dlopen() calls all over the place.
> Works fine here, have you tried turning it off and on again?
Yeah. And it changed the hostname behind my back: https://github.com/systemd/systemd/issues/35780
> We use the interfaces that we are given, and proc/self/mountinfo was an absolutely horrid interface to work with, that doesn't work at any scale beyond trivial fixed mounts and is inherently racy.
I don't really see what the lack of retries on positively indicated mount failures has to do with this API.
> Yeah, because it ships nothing, it's basically busybox and a bunch of symlinks...
And a libc that doesn't suck. And actually a quite complete distro with a fast package manager (apk routinely finishes installation while dnf/apt is still starting).
> So the epitome of the Rust ecosystem can be summarized with "Let's use an old OpenSSL choke full of CVEs and with no security support whatsoever, that will surely cause no issue at all".
In my case, I was using OpenSSL for encryption primitives that were not affected by any CVEs. Of course, having only crude C-style ABI it's not possible to have finer-grained libraries that only contain a subset of functionality. Just look at what systemd had to suffer through, they couldn't just split the utility library into a small "core" subset and a larger "journal" subset. They had to invent a whole new dynamic linking mechanism to paper over the insufficiencies of C.
> You say that it can't reasonably work, and then provide an example where it does reasonably work.
Yes, and Swift generics do not provide the functionality needed for Rust. In particular, they rely on runtime-linking (basically, a fancy vtable and autogenerated getters/setters) that makes it impossible to write high-performance code with dynamically-linked generics.
Posted Jan 24, 2025 19:03 UTC (Fri)
by mb (subscriber, #50428)
[Link]
No. Rust people rewrite critical CVE-ridden libraries in safe Rust and get entirely rid of the entire class of bugs that caused the most severe OpenSSL bugs in the past decades.
https://crates.io/crates/rustls
Possible Distributions quote of the year
Possible Distributions quote of the year
Possible Distributions quote of the year
> "Let's use an old OpenSSL choke full of CVEs and with no security support whatsoever,
> that will surely cause no issue at all".