[erlang-questions] Patch Package OTP 21.2 Released

Jesper Louis Andersen jesper.louis.andersen@REDACTED
Mon Dec 17 13:04:15 CET 2018


On Fri, Dec 14, 2018 at 4:52 PM Edmond Begumisa <ebegumisa@REDACTED>
wrote:

>
> However, I fear that there is going to be a lot of abuse.
>
>
I'm guessing there is going to be a lot of abuse as well. But I don't think
that is different from using a large list where a map would do for
instance. So lots of code has performance problems, uses excessive amounts
of memory or otherwise slows down your system.

As for the discussion on reading through your dependencies:

There is a security aspect and a performance aspect. Both are important.
Currently I think the best tool wrt. security is to have libraries define
capabilities on what they do, and then verify those capabilities with a
crash in the system. See e.g., OpenBSDs pledge(2) system call. Once a
process pledges itself to a subset of all syscalls, it will be terminated
if it ever calls one of the illegal targets. But as for the slowness, the
best bet is to run benchmarks on your system and profile the code base
extensively. People tend to make innocuously looking changes to a
system---only for it to have catastrophic consequences on your software.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20181217/05fb1559/attachment.htm>


More information about the erlang-questions mailing list