Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 8 submissions in the queue.

Our Software Dependency Problem

posted by martyb on Thursday January 24 2019, @10:25PM   Printer-friendly
from the ask-the-PHB dept.

darkfeline writes:

Russ Cox, who developed the dependency/package management system for Go, writes about the problems with software dependencies. A choice excerpt:

Dependency managers now exist for essentially every programming language. [...] The arrival of this kind of fine-grained, widespread software reuse is one of the most consequential shifts in software development over the past two decades. And if we’re not more careful, it will lead to serious problems.

A package, for this discussion, is code you download from the internet. Adding a package as a dependency outsources the work of developing that code [...] to someone else on the internet, someone you often don’t know. By using that code, you are exposing your own program to all the failures and flaws in the dependency. Your program’s execution now literally depends on code downloaded from this stranger on the internet. Presented this way, it sounds incredibly unsafe. Why would anyone do this?

Original Submission

 
This discussion has been archived. No new comments can be posted.
Our Software Dependency Problem | Log In/Create an Account | Top | 59 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by Anonymous Coward on Thursday January 24 2019, @10:54PM (16 children)

    by Anonymous Coward on Thursday January 24 2019, @10:54PM (#791478)

    Most software requires an operating system, which is a whole heap of code written by people you don't know, and which you have no real idea what most of it does.
    Why would anyone do this?

    Starting Score:    0  points
    Moderation   +4  
       Insightful=3, Underrated=1, Total=4
    Extra 'Insightful' Modifier   0  
    Total Score:   4  

  • (Score: 2, Informative) by Anonymous Coward on Thursday January 24 2019, @11:10PM (7 children)

    by Anonymous Coward on Thursday January 24 2019, @11:10PM (#791482)

    Don't forget the BIOS. It's insecure turtles all the way down, son.

    • (Score: 2) by fyngyrz on Thursday January 24 2019, @11:15PM (6 children)

      by fyngyrz (6567) on Thursday January 24 2019, @11:15PM (#791484) Journal

      Don't forget the microcode in the CPU, FPU and GPU, either.

      --
      Bread is like the sun. It rises in
      the yeast, and sets in the waist.

      • (Score: 1, Interesting) by Anonymous Coward on Thursday January 24 2019, @11:33PM (5 children)

        by Anonymous Coward on Thursday January 24 2019, @11:33PM (#791492)

        Intel provides that code for a very nice price though - [$0]. One of the reasons they are better than AMD, along with cpu durability,

        • (Score: 5, Insightful) by The Mighty Buzzard on Thursday January 24 2019, @11:55PM

          by The Mighty Buzzard (18) Subscriber Badge <themightybuzzard@proton.me> on Thursday January 24 2019, @11:55PM (#791504) Homepage Journal

          They do not provide source to the management engine though, which kind of makes the microcode irrelevant.

          --
          My rights don't end where your fear begins.

        • (Score: 2) by fyngyrz on Friday January 25 2019, @02:00AM (3 children)

          by fyngyrz (6567) on Friday January 25 2019, @02:00AM (#791555) Journal

          Intel provides that code

          As TMB pointed out — not all of it, they don't. So really, you have no idea what might be going on under that heat sink.

          --
          When I dunk my cookies, I think of you.
          I hold them under until the bubbles stop.

          • (Score: 0) by Anonymous Coward on Friday January 25 2019, @04:45AM (2 children)

            by Anonymous Coward on Friday January 25 2019, @04:45AM (#791615)

            So really, you have no idea what might be going on under that heat sink.

            If I remove the heatsink while it is running to check the cpu intel throttles, but AMD burns up: https://www.youtube.com/watch?v=Xf0VuRG7MN4 [youtube.com]

            This is why I say intel is more durable.

            • (Score: 2) by Immerman on Friday January 25 2019, @08:15PM

              by Immerman (3985) on Friday January 25 2019, @08:15PM (#791979)

              If you remove the heatsink while using your computer, you've got bigger issues than the quality of your CPU...

            • (Score: 0) by Anonymous Coward on Saturday January 26 2019, @12:05AM

              by Anonymous Coward on Saturday January 26 2019, @12:05AM (#792110)

              That video is almost 14 years old.

  • (Score: 2) by MostCynical on Thursday January 24 2019, @11:15PM (3 children)

    by MostCynical (2589) on Thursday January 24 2019, @11:15PM (#791483) Journal

    If systemd continues to grow, it will be a complete OS soon enough.

    --
    "I guess once you start doubting, there's no end to it." -Batou, Ghost in the Shell: Stand Alone Complex

    • (Score: 4, Funny) by fadrian on Friday January 25 2019, @12:32AM (1 child)

      by fadrian (3194) on Friday January 25 2019, @12:32AM (#791521) Homepage

      Don't worry - by that time, emacs should have absorbed enough AI to fight it.

      --
      That is all.

      • (Score: 0) by Anonymous Coward on Friday January 25 2019, @04:20AM

        by Anonymous Coward on Friday January 25 2019, @04:20AM (#791603)

        systemd should implement the emacs doctor psychotherapist

    • (Score: 3, Insightful) by DannyB on Friday January 25 2019, @04:47PM

      by DannyB (5839) Subscriber Badge on Friday January 25 2019, @04:47PM (#791856) Journal

      I'm not worried about systemd growth. Nor about the size of Emacs. Neither of these have grown anything like the bloat growth and new features of Java. A sprawling bytecode VM managed runtime with GC that grows and is almost an entire OS unto itself.

      --
      Stupid people exist because nothing in the food chain eats them anymore.

  • (Score: 1, Touché) by Anonymous Coward on Thursday January 24 2019, @11:18PM

    by Anonymous Coward on Thursday January 24 2019, @11:18PM (#791486)

    Most of us, if we had to code the OS first, ( then libraries, then then ) we never would get to the application..

    But at least having the code available means you *could* review it for yourself.

  • (Score: 5, Funny) by Anonymous Coward on Friday January 25 2019, @02:13AM (2 children)

    by Anonymous Coward on Friday January 25 2019, @02:13AM (#791563)

    True, and that's why you should avoid Linux which is written mostly at night by hackers. If you want an OS you can trust then you need professionally-written software from a trustworthy vendor like Microsoft.

    • (Score: -1, Offtopic) by Anonymous Coward on Friday January 25 2019, @03:01AM (1 child)

      by Anonymous Coward on Friday January 25 2019, @03:01AM (#791582)

      If you want an OS you can trust then you need professionally-written software from a trustworthy vendor like Microsoft.

      Going for the +5, Funny, are we? Unfortunately, I always post as AC so I can't give any mod points. But if I did, this one would surely with the internet for today.

      • (Score: 2) by DannyB on Friday January 25 2019, @04:49PM

        by DannyB (5839) Subscriber Badge on Friday January 25 2019, @04:49PM (#791859) Journal

        Hey, the +5 Troll is much more coveted than the +5 Funny.

        I have gotten plenty of +5 Funny around here. But only one +5 Troll on SN, and one, a long time ago on the green site.

        --
        Stupid people exist because nothing in the food chain eats them anymore.