dynamic linking bad
static linking good
@sir binary size tho .-.
with a good package manager dynamic linking is fine?
@syntacticsugarglider binary size is fine if you have a competent linker and don't load up on dependencies like it's ladies night at the local all-you-can-eat buffet
@sir sure but even with LTO you still obviously have to ship the code you use
with dynamic linking you don't
with a good package manager the question isn't "can we bear the storage cost?", it's "why would we want to bear the storage cost?"
@syntacticsugarglider with people shipping entire fucking web browsers, I reckon that shipping another megabyte for some shitty library isn't going to be the end of the world. We should be spending our modern storage miracle on stability, not laziness
@syntacticsugarglider the real savings are not from dynamic linking, but from not shipping complicated, overengineered, lazy garbage
@sir yeah of course
but once you have good software, why not dynamically link common libraries?
and how far do you go? do you ship statically linked musl instead of using system libc?
i just don't really think there's a problem to be solved by statically linking everything
@sir i mean i agree that it's not the most pressing issue but at the same time why make that concession?
linking errors are basically a thing of the past with modern package managers (esp. something like Nix that maintains a fully atomic state graph where basically nothing can go wrong)
@danyspin97 @sir an important point to make is also that static linking makes updates far less efficient in most software ecosystems and also makes the developers of individual like... leaf nodes in the ecosystem (i.e. user-facing binaries) responsible for security upgrades, which is something people are notoriously incapable of doing consistently and expediently
and the security updates point still stands, which is probably the most important argument for dynamic linking bc all of this other stuff is, as you said, somewhat irrelevant while we're still shipping entire browsers with our executables
@syntacticsugarglider @danyspin97 the hulking monster doesn't go away if you shove it into your libraries. Most programs *don't* share most libraries, odds are that when your program is installed most of its dependencies are also being installed for the first time - and you're probably using less than half of each.
And the importance of shipping security updates via dynamic linking is grossly overstated.
but... what? you can't just state something is "grossly overstated". how is it not a huge issue? openssl breaks constantly and if anything links statically against it it's not like it's going to get instantly rebuilt and updated and, even if it were to, you would have to redownload **every single binary** that uses it. you could say "just don't use openssl" but that's a "if things were nice they would be nice" argument
and honestly... i've heard a lot of refutation of my various arguments for why dynamic linking is advantageous
...why is static linking advantageous? because you don't need a good package manager? we have those. because you might end up with wasted space in fact if a library isn't widely used? well, as a developer one has no idea how widely a library is going to be used in the future at compile time.
drew i know you live in some sort of weird future utopia where people write good, stable, minimal software but... the rest of us don't
you continually acknowledge that software is terrible. software is often vulnerable. this is ridiculous, especially coming from you.
@syntacticsugarglider @sir @emacsomancer @danyspin97 I'm confused. You have a vulnerability in some software, it's patched upstream, you rebuild / update it. Why is this an argument against static linking? I think I'm with Drew here, the percentage of programs depending on the same libs is too little for this to matter.
etc. are all sizeable and used (except for fontconfig, which is used by 85) by more than 100 of the only 2905 executables on my system. there are more but these are the most obvious examples
dynamically linking those would be frankly ridiculous, and it turns out examples of things that are unique to a package are very rare (at least for me) <25%
@sir with a competent package manager which tracks statically linked libraries in packages and automatically updates all dependant packages on a library update, sure. But updating a core package would require a rebuild and update of almost all packages on the system which puts a big load on the network and requires too much power. I think if we had a good package manager, the benefits would be much better than the disadvantages.
@sir for a firmware — definitely, otherwise — it isn't
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!