this post was submitted on 23 Nov 2021
36 points (86.0% liked)
Linux
48145 readers
1048 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
There are two problems these are "solving": API incompatibility and isolation. Both of this issues are a real problem when you want to run proprietary software.
When you have a source code of all applications and libraries you can compile them and otherwise patch them to get things working together most of the time. This way we don't have to worry about changing libraries that much.
When you can trust your software you don't need isolation. For programs like Firefox things are a bit different since it is, by default, running untrusted software and it's sandbox will never be perfect. You can get isolation without duplicating all dependencies using process isolation (what Android does) or even using namespaces where you share your root files system but not your home directories.
So for open source software these systems are creating more problems then solving. For running potentially malicious system on Linux I don't think we have a good solution yet, or if we even should waste time solving it. There are better OS designs that would make this easy (Plan9, object-capability bases security, etc.)
As for Windows the business model that MS is trying to support is vendor locking combined with licensed closed source binaries. In such case the long term backward compatibility is a must. And consequences of such models we are all aware of.
if needed, whats wrong with static linking?
You can statically link binaries. Plan9 does only that, Rust and Go only support static linking (by default). The problem is that you need a good meta-data system that will allow you to track what was linked into each binary, so that if there is a security issue you know exactly what needs to be rebuilt. I don't think we have such a system yet. If I have a bug in OpenSSL I just update that, restart servers using TLS and it is patched.
Fantastic idea! This would be a really important project to see developed!
Just nitpicking here, but last week i learned golang binaries are not statically-linked (at least not completely).