Post 9yBhI6RVfUM7OekTui by wolf480pl@mstdn.io
(DIR) More posts by wolf480pl@mstdn.io
(DIR) Post #9yBhI6RVfUM7OekTui by wolf480pl@mstdn.io
2020-08-16T18:05:24Z
0 likes, 0 repeats
We may have approximate solutions for "write once, run everywhere". But what about "write once, run forever"? Has anybody approached that problem yet?
(DIR) Post #9yBiDImiSAI2BHwUHA by brad@weeaboo.space
2020-08-16T18:15:47.834397Z
0 likes, 0 repeats
@wolf480pl I think Guix is working on software preservation
(DIR) Post #9yBj8HSg2sVWaEjs2q by wolf480pl@mstdn.io
2020-08-16T18:26:01Z
0 likes, 0 repeats
@brad that's not quite what I had in mind.Even if dependency version conflicts weren't a problem (and Guix prevents a large portion of them AFAIK), sooner or later you will have to update because of vulns.And it's not like the newer version has fewer vulns than the old one. If it has new features, it's very likely that it has more vulns. It's just that those new vulns aren't known yet. So you're stuck in an endless cycle of replacing buggy software with more buggy software.
(DIR) Post #9yBjD8szMBP3R0MdLU by wolf480pl@mstdn.io
2020-08-16T18:26:53Z
0 likes, 0 repeats
@brad what's worse, you may update from a version which has a bug that doesn't affect your usecase, to a version which has a bug which breaks your usecase.
(DIR) Post #9yBm5BG0xKPMKq1sh6 by brad@weeaboo.space
2020-08-16T18:59:09.185917Z
0 likes, 0 repeats
@wolf480pl ah, didn't know you had updates in mind. I saw somewhere that guix was used to demonstrate a piece of software still working after 3 years, so I was picturing that sort of thing
(DIR) Post #9yBn7VsXMCp2pAixPc by silver@fedimaker.space
2020-08-16T19:10:29Z
0 likes, 0 repeats
@wolf480pl sh scripts?
(DIR) Post #9yBnNYIo76SAyUeyMS by wolf480pl@mstdn.io
2020-08-16T19:13:36Z
0 likes, 0 repeats
@silver if you only rely on POSIX, maybe. But the moment you start to rely on 3rd party binaries whose CLI is subject to change, or on file locations, you're screwed.
(DIR) Post #9yBnZfv3cUHU4bKckK by wolf480pl@mstdn.io
2020-08-16T19:15:49Z
0 likes, 0 repeats
@brad 3 years is awfully short time?Like, Debian Stable has 5 year extended support and it's still isn't all that much... and even then, when you have to update to the next release, you'll find that the world has changed a lot.
(DIR) Post #9yBoXycDElr5QuGrya by brad@weeaboo.space
2020-08-16T19:26:46.431123Z
0 likes, 0 repeats
@wolf480pl I don't actually remember it that clearly. It was some sort of contest/challenge that one of the Guix people entered and they used Guix to achieve their goal. Maybe it was more.
(DIR) Post #9yBqAxyLf4jqgdmSDw by Marty@oldbytes.space
2020-08-16T19:44:51Z
0 likes, 0 repeats
@wolf480pl #COBOL 😉 Code written in the 1960s runs fine today.
(DIR) Post #9yBqCfjSRtoKh9d3jM by wolf480pl@mstdn.io
2020-08-16T19:45:17Z
0 likes, 0 repeats
@Marty is it exposed to an untrusted network
(DIR) Post #9yC4L8gW5QvgAHBW4G by glaurungo@niu.moe
2020-08-16T22:23:36Z
0 likes, 0 repeats
@wolf480pl feels like you're approaching world of erlang
(DIR) Post #9yC5hwxJxcaCP1UBFo by wolf480pl@mstdn.io
2020-08-16T22:38:58Z
0 likes, 0 repeats
@glaurungo do Erlang libraries get bugfixea forever without getting any new bugs ot features?
(DIR) Post #9yCwP2kzSmKKSlaWPY by glaurungo@niu.moe
2020-08-17T08:29:24Z
0 likes, 0 repeats
@wolf480pl I don't know about fixes, but you can run erlang code on embedded, so I'd assume you don't put in too many dependencies/librariesand you can do code upgrades without restarting the device and losing state. So that's probably the closest you'd get.
(DIR) Post #9yCwclK94jVERwZbDU by wolf480pl@mstdn.io
2020-08-17T08:31:54Z
0 likes, 0 repeats
@glaurungo see I don't mind restarting the thing.But I really don't want to fix stuff or have new bugs introduced when I update.As for keeping dependencies minimal - what would you use to write a bug tracker in Erlang, such that your bug tracker can stay exposed on the public internet for 10 years without any code modifications, and without getting pwned?
(DIR) Post #9yCxA1VRvlkWC7ik76 by wolf480pl@mstdn.io
2020-08-17T08:37:55Z
0 likes, 0 repeats
@glaurungo s/don't want to fix stuff/don't want to have to fix stuff/
(DIR) Post #9yCxTlMZezvfv2ywDI by glaurungo@niu.moe
2020-08-17T08:41:28Z
0 likes, 0 repeats
@wolf480pl Sadly, public internet is a beast. You could get really close to no need for fixes (just by choosing dependencies that have really stable APIs, and developers who care about that. Like linux Kernel. Or something more mature like OpenSSL. I don't expect updating either to introduce bugs)If you have little number of small libraries, and good written system, need for maintenance should be minimal.The most you can do after that is making it really easy to detect what gone wrong and also easy to fix it.If that is not enough, I fear teqwve infected you with his love of COQ
(DIR) Post #9yCxaCp4TknqoyNpWi by wolf480pl@mstdn.io
2020-08-17T08:42:39Z
0 likes, 0 repeats
@glaurungo so no Phoenix?
(DIR) Post #9yD7xAv6ia7f7dnXRg by glaurungo@niu.moe
2020-08-17T10:38:49Z
0 likes, 0 repeats
@wolf480pl I never had a problem with trying to upgrade Phoenix. But neither did I have a need to upgrade it much. Haven't heard of much security problems with non-newest versions.I guess it's a newer software so you could approach it wearily, but from my experience it didn't really get breaking changes
(DIR) Post #9yDiuzSm2ZdHJWMnEe by cy@fedicy.allowed.org
2020-08-17T17:33:05.822855Z
0 likes, 0 repeats
@wolf480pl What you need to do is write a program to determine which programs will run forever, and which ones will eventually… halthttps://en.wikipedia.org/wiki/Halting_problem
(DIR) Post #9yDqDbycHn3LeZ5Sqm by wolf480pl@mstdn.io
2020-08-17T18:54:50Z
0 likes, 0 repeats
@cy not necessarily. I don't need to know all programs that will run forever.A subset of them about which I'm sure will run forever is enough, as long as that subset includes at least one program for each of my usecases.
(DIR) Post #9yGJqxmaQoyhZ1Ur2m by Marty@oldbytes.space
2020-08-18T23:36:16Z
0 likes, 0 repeats
@wolf480pl NGROK.io proxy