Logs: liberachat/#haskell
| 2021-08-24 11:58:36 | → | Sinbad joins (~Sinbad@user/sinbad) |
| 2021-08-24 11:58:55 | × | xff0x quits (~xff0x@2001:1a81:5333:b100:e90f:35ab:1ea2:78fd) (Ping timeout: 250 seconds) |
| 2021-08-24 11:59:51 | → | xff0x joins (~xff0x@2001:1a81:5333:b100:677b:385:c244:5fff) |
| 2021-08-24 12:01:32 | × | chisui quits (~chisui@200116b868760900ef247521c8a78041.dip.versatel-1u1.de) (Quit: Client closed) |
| 2021-08-24 12:03:02 | × | icebreaker quits (~icebreake@user/icebreaker) (Quit: leaving) |
| 2021-08-24 12:03:06 | → | waleee joins (~waleee@2001:9b0:216:8200:d457:9189:7843:1dbd) |
| 2021-08-24 12:03:20 | → | icebreaker joins (~icebreake@user/icebreaker) |
| 2021-08-24 12:03:37 | → | chisui joins (~chisui@200116b868760900d980a481ca884939.dip.versatel-1u1.de) |
| 2021-08-24 12:04:40 | × | icebreaker quits (~icebreake@user/icebreaker) (Client Quit) |
| 2021-08-24 12:04:57 | → | icebreaker joins (~icebreake@user/icebreaker) |
| 2021-08-24 12:08:30 | ← | thornAvery parts (~Thorn@2401:c080:1800:4346:5400:3ff:fe2c:c8f8) () |
| 2021-08-24 12:08:53 | → | trcc joins (~trcc@users-5343.st.net.au.dk) |
| 2021-08-24 12:09:27 | × | polyphem quits (~polyphem@2a02:810d:640:776c:bd0c:a594:ef4e:c3f3) (Ping timeout: 240 seconds) |
| 2021-08-24 12:11:39 | → | thornAvery joins (~Thorn@2401:c080:1800:4346:5400:3ff:fe2c:c8f8) |
| 2021-08-24 12:11:39 | thornAvery | is now known as Thorn |
| 2021-08-24 12:12:20 | Thorn | is now known as thornAvery |
| 2021-08-24 12:13:19 | <kuribas> | How do you enable tracing in production? For example if I want to trace the queries generated? |
| 2021-08-24 12:13:27 | <maerwald> | https://paste.tomsmeding.com/DS3Bgy4l that looks wrong |
| 2021-08-24 12:13:49 | <kuribas> | create a query generator that runs in a logging monad transformer? |
| 2021-08-24 12:13:51 | <thornAvery> | why do people hate static linking? |
| 2021-08-24 12:14:02 | <dminuoso> | thornAvery: Who says people hate static linking? |
| 2021-08-24 12:14:19 | → | epolanski joins (uid312403@id-312403.brockwell.irccloud.com) |
| 2021-08-24 12:14:21 | <thornAvery> | I just hear a lot of people going on about it |
| 2021-08-24 12:14:23 | <dminuoso> | There's just a lot of myths that people appear to readily accept as truth.. |
| 2021-08-24 12:14:29 | <kuribas> | thornAvery: the only problem is linking libc... |
| 2021-08-24 12:14:48 | <kuribas> | thornAvery: because it is not compatible between systems. |
| 2021-08-24 12:14:57 | <thornAvery> | Oh fair call |
| 2021-08-24 12:15:08 | <maerwald> | musl? |
| 2021-08-24 12:15:20 | <maerwald> | linking crypto libs is more problematic than that |
| 2021-08-24 12:15:21 | <kuribas> | yeah, musl solves it, but introduces other problems. |
| 2021-08-24 12:15:28 | <dminuoso> | thornAvery: In principle there's nothing wrong with static linking, and it generally makes shipping isolated packages easier. |
| 2021-08-24 12:15:29 | <kuribas> | with networking |
| 2021-08-24 12:15:31 | → | shriekingnoise joins (~shrieking@186.137.144.80) |
| 2021-08-24 12:15:32 | <maerwald> | nothing is without problems |
| 2021-08-24 12:15:58 | <tomsmeding> | maerwald: two different versions of the prettyprint library? |
| 2021-08-24 12:16:05 | <maerwald> | tomsmeding: no |
| 2021-08-24 12:16:23 | <maerwald> | it's type level hackery |
| 2021-08-24 12:16:30 | <maerwald> | https://hackage.haskell.org/package/haskus-utils-variant-3.0/docs/Haskus-Utils-Variant-Excepts.html#v:catchAllE |
| 2021-08-24 12:16:46 | <dminuoso> | thornAvery: It's just that static linking makes it harder to replace a *shared* library in one go and fix some underlying issue, since every package needs to receive that same update. But at the same time, replacing a shared library can easily break a multitude of packages.A |
| 2021-08-24 12:17:00 | <dminuoso> | And any memory arguments have been largely moot a long time ago |
| 2021-08-24 12:17:25 | <maerwald> | yeah, if you ship static binaries, don't link against ssl |
| 2021-08-24 12:18:29 | <dminuoso> | It's a trade off either way. For some reasons, it's just that folks like Ulrich Drepper held some incredibly strong opinions about it, and pushed against static linking extremely hard. |
| 2021-08-24 12:18:37 | <tdammers> | the Free Lunch Theory strikes again |
| 2021-08-24 12:18:52 | <dminuoso> | Heh yeah |
| 2021-08-24 12:19:29 | → | gehmehgeh joins (~user@user/gehmehgeh) |
| 2021-08-24 12:20:30 | <dminuoso> | maerwald: This is an interesting proposition. |
| 2021-08-24 12:21:04 | <dminuoso> | Dynamically link against libraries that can introduce severe security issues, where prompt updates are important. Or against particularly weak software that is error prone. |
| 2021-08-24 12:21:17 | <maerwald> | well, there are implementations that are made to be statically linked, such as polarssl |
| 2021-08-24 12:21:41 | <maerwald> | but you as a static binary distributor will generally do a worse job than the distro |
| 2021-08-24 12:21:54 | <dminuoso> | But perhaps the real solution here is to simply ship the source code with enough wizardry to link in the flavor that *you* want |
| 2021-08-24 12:21:59 | <dminuoso> | Then you can update libraries yourself whenever you feel like it |
| 2021-08-24 12:22:15 | <dminuoso> | Perhaps users have become too accustomed to binary packages.. |
| 2021-08-24 12:22:21 | <Jack> | How can dynamically linking be insecure? This is a serious question |
| 2021-08-24 12:22:28 | <tdammers> | problem is of course that it's not entirely clear which libraries might introduce severe security issues |
| 2021-08-24 12:22:31 | <dminuoso> | Jack: not insecure, but they can introduce brittleness |
| 2021-08-24 12:22:42 | <maerwald> | tdammers: yeah, like png |
| 2021-08-24 12:22:50 | <maerwald> | not everything needs to be crypto |
| 2021-08-24 12:22:55 | <dminuoso> | because the linked library is not under your control, it might not exist, might exist in wrong flavor, wrong compilation flags, wrong versions |
| 2021-08-24 12:23:04 | <dminuoso> | and all existing mechanisms to at least control this are error prone |
| 2021-08-24 12:23:50 | <dminuoso> | most of the time we dont notice this, because its the distribution maintainers that cherry pick everything so the dynamic libraries on your system will work with the programs |
| 2021-08-24 12:24:07 | <dminuoso> | or they add patches left and right to make things work |
| 2021-08-24 12:24:12 | <maerwald> | dynamic linking is fine as long as the distro controls it... when you have things like steam dropping random stuff that may or may not work together is a different story |
| 2021-08-24 12:24:17 | <dminuoso> | right |
| 2021-08-24 12:24:27 | <dminuoso> | I think this is the key part. |
| 2021-08-24 12:24:39 | <maerwald> | sonames aren't fool proof etc |
| 2021-08-24 12:24:48 | <dminuoso> | dynamic linking moves responsibility of library management to the distribution maintainer, because there's no real portable way to depend on shared libraries that really works. |
| 2021-08-24 12:24:59 | <dminuoso> | maerwald: indeed. |
| 2021-08-24 12:25:45 | <dminuoso> | For package inside your own organization, this becomes an interesting topic now. |
| 2021-08-24 12:25:57 | <maerwald> | the problem with ssl static linking is also that there's an amount of compile time configuration about certificate store etc afair |
| 2021-08-24 12:26:08 | <dminuoso> | Because then it essentialy becomes a question of whether your system administrators are capabable of managing your softwares dynamic dependencies or not. |
| 2021-08-24 12:26:20 | <dminuoso> | If not, you're better of just distributing static artifacts. |
| 2021-08-24 12:26:38 | <dminuoso> | maerwald: oh really? |
| 2021-08-24 12:26:52 | → | [itchyjunk] joins (~itchyjunk@user/itchyjunk/x-7353470) |
| 2021-08-24 12:26:59 | <maerwald> | I mean there are a number of directories an SSL implementations is *supposed* to search |
| 2021-08-24 12:27:09 | <maerwald> | but some of these are set at compile time afair |
| 2021-08-24 12:27:14 | <maerwald> | it's pretty confusing |
| 2021-08-24 12:27:16 | × | [itchyjunk] quits (~itchyjunk@user/itchyjunk/x-7353470) (Remote host closed the connection) |
| 2021-08-24 12:27:31 | <merijn> | This just in, CA based certificates are a maddening clusterfuck :p |
| 2021-08-24 12:27:40 | → | [itchyjunk] joins (~itchyjunk@user/itchyjunk/x-7353470) |
| 2021-08-24 12:27:44 | <maerwald> | just using the system dynamic lib will do the right thing |
| 2021-08-24 12:27:55 | → | eggplantade joins (~Eggplanta@2600:1700:bef1:5e10:a8c1:f34:41fc:ef3d) |
| 2021-08-24 12:27:55 | → | maroloccio joins (~marolocci@37.100.40.252) |
| 2021-08-24 12:27:57 | × | drd quits (~drd@2001:b07:a70:9f1f:1562:34de:f50f:77d4) (Ping timeout: 250 seconds) |
| 2021-08-24 12:28:22 | → | favonia joins (~favonia@user/favonia) |
| 2021-08-24 12:29:13 | <merijn> | I would disagree. I might concede that it will do the thing most people expect nowadays, but I wouldn't necessarily call that the right thing :p |
| 2021-08-24 12:31:36 | <tdammers> | problem is that you want both "give me this exact version so that my stuff is guaranteed to not break" and "give me a version that has all the latest security fixes" |
| 2021-08-24 12:31:57 | <tdammers> | but logic says you can't have both at the same time |
| 2021-08-24 12:32:17 | × | eggplantade quits (~Eggplanta@2600:1700:bef1:5e10:a8c1:f34:41fc:ef3d) (Ping timeout: 250 seconds) |
| 2021-08-24 12:32:18 | → | bontaq joins (~user@ool-18e47f8d.dyn.optonline.net) |
| 2021-08-24 12:32:30 | <maerwald> | security is expensive |
| 2021-08-24 12:32:41 | <Taneb> | Often, not security is even more expensive |
| 2021-08-24 12:32:42 | <merijn> | It's almost like half of us programmers don't deserve to call themselves engineers :p |
| 2021-08-24 12:32:47 | → | pbrisbin joins (~patrick@174-081-116-011.res.spectrum.com) |
| 2021-08-24 12:34:18 | <maerwald> | what's an engineer anyway... someone following best practices? |
| 2021-08-24 12:34:39 | <maerwald> | like running hlint over their codebase? |
| 2021-08-24 12:35:03 | → | fef joins (~thedawn@user/thedawn) |
| 2021-08-24 12:35:22 | <maerwald> | 'you could write this pointfree' |
| 2021-08-24 12:35:28 | <tdammers> | merijn: actually the majority of programmers does not hold an engineering degree, so technically only a small minority deserves the title |
| 2021-08-24 12:35:30 | <merijn> | maerwald: No, someone who *plans* for actual long term |
| 2021-08-24 12:35:42 | <maerwald> | merijn: don't talk crazy |
All times are in UTC.