dynamic linking bad

static linking good

@sir binary size tho .-.

with a good package manager dynamic linking is fine?

@syntacticsugarglider @sir

Binary size, RAM usage and loading time are increased with static linking.

@danyspin97 @syntacticsugarglider binary size, RAM usage, and loading time can all be improved by not making your application a giant hulking monster

Also loading time is definitely faster with most statically linked programs

@sir @danyspin97 right but why have your application be a non-hulking reasonable sized program when it could be an absolutely tiny program that ships a negligible amount of executable code

and the security updates point still stands, which is probably the most important argument for dynamic linking bc all of this other stuff is, as you said, somewhat irrelevant while we're still shipping entire browsers with our executables

@syntacticsugarglider @danyspin97 the hulking monster doesn't go away if you shove it into your libraries. Most programs *don't* share most libraries, odds are that when your program is installed most of its dependencies are also being installed for the first time - and you're probably using less than half of each.

And the importance of shipping security updates via dynamic linking is grossly overstated.

@sir @danyspin97 most programs share **some** libraries, not most libraries.

but... what? you can't just state something is "grossly overstated". how is it not a huge issue? openssl breaks constantly and if anything links statically against it it's not like it's going to get instantly rebuilt and updated and, even if it were to, you would have to redownload **every single binary** that uses it. you could say "just don't use openssl" but that's a "if things were nice they would be nice" argument

@syntacticsugarglider @danyspin97 oh yeah sure bring up openssl, literally the only library for which this argument is ever made. I'm surprised it took this long.

Of the 2188 packages I have installed, 70 of them depend on OpenSSL.

@sir @danyspin97 it's just the best example

and honestly... i've heard a lot of refutation of my various arguments for why dynamic linking is advantageous

...why is static linking advantageous? because you don't need a good package manager? we have those. because you might end up with wasted space in fact if a library isn't widely used? well, as a developer one has no idea how widely a library is going to be used in the future at compile time.

@syntacticsugarglider @danyspin97 because a statically linked program which works today will work tomorrow, and a dynamically linked program which works today will break tomorrow.

@sir @emacsomancer @danyspin97 "severe security vulnerabilities are rare"

drew i know you live in some sort of weird future utopia where people write good, stable, minimal software but... the rest of us don't

you continually acknowledge that software is terrible. software is often vulnerable. this is ridiculous, especially coming from you.

Follow

@syntacticsugarglider @sir @emacsomancer @danyspin97 I'm confused. You have a vulnerability in some software, it's patched upstream, you rebuild / update it. Why is this an argument against static linking? I think I'm with Drew here, the percentage of programs depending on the same libs is too little for this to matter.

Sign in to participate in the conversation
icyphox's Mastodon

icyphox's personal mastodon instance.