this post was submitted on 06 Aug 2023
386 points (94.5% liked)

Programmer Humor

19522 readers
215 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] scrapeus@feddit.de 1 points 1 year ago* (last edited 1 year ago) (1 children)

Tbh I wouldn't use languages but rather chainable configurations. Those could be yaml, JSON, toml etc.

I really dislike running any dynamic code for those things. I mean you really only need rbac providers and/or auth providers.

Maybe I underestimate Polkit by a far at the current state, but the 2 times I used it could have been a config file.

[–] argv_minus_one@beehaw.org 2 points 1 year ago

That's how polkit used to work. It was changed, presumably because the old system was excessively complex and inflexible. Arbitrary code is the correct solution when the set of potentially needed behaviors is unbounded, which in this case it is.

Another example of this is CSS. The vast majority of its features today—shadow effects, filter effects, animations, layout modes, even text colors—could have been implemented with WebAssembly and shaders. Instead, all of this stuff is implemented by the browser, and as a result, there are only three browser engines, two of them are on life support, and there is zero hope of meaningful competition among browsers ever arising again.

Let's not overcomplicate polkit, please. It's more than enough of an attack surface already.