this post was submitted on 25 Jun 2023
807 points (100.0% liked)

Technology

37738 readers
531 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

I wholeheartedly agree with this blog post. I believe someone on here yesterday was asking about config file locations and setting them manually. This is in the same vein. I can't tell you how many times a command line method for discovering the location of a config file would have saved me 30 minutes of googling.

you are viewing a single comment's thread
view the rest of the comments
[–] SocialJusticeHeals@mastodon.social 5 points 1 year ago (1 children)
[–] TheBaldness@beehaw.org 1 points 1 year ago (1 children)

Isn't this what updates are for? maybe I'm misunderstanding what you mean by static libraries.

[–] SocialJusticeHeals@mastodon.social 6 points 1 year ago (1 children)

@TheBaldness
When you bundle everything for an app inside a self-contained directory, it's no different than static linking a binary.

An exploit in a library the package links against means that application is still vulnerable even if the same library on the operating system has been updated to fix the security flaw.

[–] TheBaldness@beehaw.org 1 points 1 year ago (1 children)

Apple managed to do it for a long time. I imagine they update the app more frequently than they would otherwise.

@TheBaldness
For apps that Apple controls that may be fine, but most people do not get their apps from a single vendor and not all vendors are fast at pushing updates.