Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>. One thing to consider is that dynamic linking is so complex that it is one of the reasons why people use docker, to make sure their binary and its dependencies are stable.

Coding for almost 40 years and I am yet to use Docker to sort out this kind of issues.

> I think the experience with Go is likely enlightening in this regard. I am not aware of a huge issue of lack of security because it didn’t do dynamic linking and you couldn’t do security updates as easily.

When I started programming, dynamic linking was only available on big iron machines filling computer rooms, we did not need Go for knowing what static linking entails.

> Finally, Rust as a new language is embracing the new way of programming and deploying. We are shifting away from using binary artifacts (often closed source) that once built were rarely changed, to build from source and continuously build/deploy. Cargo makes it relatively easy to do this. In that model, updating a binary for security is just a subset of the normal building and updating of a binary that is done daily.

If Rust wants to succeed in replacing C and C++ in typical big corp, cargo better support binary libraries eventually.



You must work in very different big corps than I, I have yet to see a binary .so we linked to but didn't have the source to.


The kind of corps where Oracle and SQL Server licenses are tiny drops on project expenses, do Windows, macOS, iOS, Android and UNIX in general.

I am quite sure WebSphere, just to give an example, isn't releasing the source code for the .so that come along its Java implementation.


you live in a very shelled, blessed world (just looking at the fact that you said ".so", and not ".dll built with Visual Studio 2012").




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: