3·
12 days agocompatible with C
myth
- 2 Posts
- 13 Comments
Joined 3 years ago
Cake day: July 6th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
I will let you expand on this before responding to both:
And also, cargo.toml has inconsistencies and double-standards.
Not cargo per se, but even the tutorial for a cli-tool is like “setup clap, which has 20 dependencies and a kitchen sink”. The whole (cargo-centric) ecosystem is much like Node, with the same problems.
cargo new with-clap cd with-clap cargo add clap --no-default-features% cargo tree with-clap v0.1.0 (/tmp/with-clap) └── clap v4.6.0 └── clap_builder v4.6.0 ├── anstyle v1.0.14 └── clap_lex v1.1.0And also, cargo.toml has inconsistencies and double-standards.
Can you expand on that?
Why do you think cargo is a problem?
Not sure how are you and @kibiz0r@midwest.social coming up with these concerns.
The only correct way to package such software is to vendor dependencies (packaged together or separately). And you can trivially change the sonames of vendored deps in your build scripts so that there are no conflicts whatsoever (I dual-package some stuff against an upstream and a fork and do just that). So dynamic vs. static is not the crux of the issue. The primary concerns are that distributors hate vendoring, irrespective of whether the vendored libs are linked in statically or dynamically. Distributors also hate potentially diverging forks maintained by random downstreams, which is what “patched dependencies” effectively are.
There is always room for some leeway of course, but that would depend on how relevant your software is, and/or whether a maintainer would want to take that burden on.
And finally, sometimes, such dependencies may provide added value that trumps all these concerns. So judging these things is always situational.
Then you could be forced to vendor everything. And if it’s open-source and relevant for distros to pickup, then you will need to find out if distros would be willing to take your library with its vendored libs (or package them separately just for your library)…etc.
And you may need to figure out if there are bus factor concerns with your direct dependency, since such libraries are not necessarily maintenance free, even from a mere compiling/building stand point (what if a patched indirect dependency no longer builds with new compilers…etc).
This would depend on the language/ecosystem. It’s worse for C and C++ than for example Rust because of packaging policies and ease of distributability.
how many real-world attacks happened since the XZ fiasco outside of the webshit ecosystem?
You may want to lookup Freenet(Hyphanet) first.
I gave this a quick look at 2X speed with a lot fast seeking, and my brain still hurts.
First of all, and concerning Rust, please familiarize yourself with the mem module and its functions at least. You didn’t even get near a situation where using
unsafe{}was actually required.Second of all, and concerning the task at hand itself, for someone who knew to make the distinction between bytes and chars, you should have known about grapheme clusters too. There are a lot of multi-char (not just multi-byte) graphemes out there. You can make a “Fun With Flags” 😉 segment to show that off (no attribution required). Just don’t do anything silly, and make sure to just utilize the unicode-segmentation crate.
Is this going to be re-posted every month?
Anyway, I’ve come to know since then that the proposal was not a part of a damage control campaign, but rather a single person’s attempt at proposing a theoretical real solution. He misguidedly thought that there was actually an interest in some real solutions. There wasn’t, and there isn’t.
The empire are continuing with the strategy of scamming people into believing that they will produce, at some unspecified point, complete magical
mushroomsguidelines and real specified and implemented profiles.The proposal is destined to become perma-vaporware. The dreamy guidelines are going to be perma-WIP, the magical profiles are going to be perma-vapordocs (as in they will never actually exist, not even in theoretical form), and the bureaucracy checks will continue to be cashed.
So not only there was no concrete strike back, it wasn’t even the empire that did it.
It’s not mostly compatible, not even on the surface level, with any version of C post C89. And most of the ever-growing crap in the language came after the early years anyway, with constructs that are C++-exclusive.