From: Hal Clark <hdeanclark@gmail.com>
To: musl@lists.openwall.com
Subject: Re: High-priority library replacements?
Date: Thu, 25 Apr 2013 00:21:12 -0700 [thread overview]
Message-ID: <CA+vfKE+CrhRG-basaVqLE4Bc6X5T1CbftJmBurrhwAxFTPc3jA@mail.gmail.com> (raw)
In-Reply-To: <20130425041553.GA13951@brightrain.aerifal.cx>
On 4/24/13, Rich Felker <dalias@aerifal.cx> wrote:
> Hi all,
>
> The recent thread "Best place to discuss other lightweight libraries"
> had me thinking we should really put together a list of high-priority
> library replacements that need to be done. I don't think I'll be the
> one to do them, but I wouldn't mind overseeing/mentoring someone
> working on them, or just getting somebody else interested in these
> projects.
>
> A few initial ideas:
>
> 1. A light, C, UTF-8-only Unicode library. The most important things
> it should implement are things needed by any application that presents
> text to the user, specifically line-breaking (UAX#14), bidi (UAX#9),
> identifying grapheme clusters, etc. Things like case- and
> normalization-insensitive comparison, application of Unicode-format
> collation rules, etc. would also possibly be useful.
>
> 2. SSL. The modern internet basically requires using SSL everywhere.
> We should be aiming/expecting to transition to a world where even
> non-login-based sites are 100% https; the threats of malicious http
> injection attacks from rogue or advertising-based access points has
> gotten too great. Unfortunately, all of the existing SSL
> implementations are bloated, buggy, and fail even the most basic
> robustness requirements. A good solution would be based on tomcrypt
> and would expose a minimal, simple API suited for event-loop-based or
> threaded use. It may also be useful to have an optional wrapper layer
> to expose an API that mimics openssl or gnutls. It should also be able
> to keep up with the changing demands of how to determine which
> certificate authorities are to be trusted.
>
I saw earlier that Cyassl was briefly mentioned. Now, in general I am
interested in your idea of a "minimal, simple API", but I've had great
experiences with Cyassl. IMO it is exactly what you're looking for.
Could you comment on what parts of it are unsuitable for your intended
purposes? I'm curious what would need to be changed or replaced.
(I'm not affiliated with Cyassl - I have just had (really) good
experiences with it after trying the GnuTLS/OpenSSL route.)
> 3. Image format and compression (libpng, zlib, etc.). The existing
> libraries are full of atrociously bad error-handling practices, and
> quite bloated. These libraries should be well-factored so that
> programs that just want to read (the majority of use cases) don't have
> to pull in code for writing. Unfortunately the interfaces might not be
> so simple, since an important usage case is progressive rendering of
> partially-loaded images, both for the purpose of loading over slow
> network connections and for rendering thumbnails quickly.
>
> All of these libraries should:
>
> - Avoid namespace pollution. Only external symbols should be the
> public API and internal-use stuff prefixed with an ugly prefix
> that's extremely unlikely to clash with anything.
> - Avoid unnecessary allocation. Use caller-provided objects where
> possible or provide both options.
> - Have absolutely zero global state.
>
> That's all I can think of at the moment but I'm sure there are other
> needs I've come across and forgotten. Please feel free to supplement
> this list.
>
> Rich
>
-hal clark
next prev parent reply other threads:[~2013-04-25 7:21 UTC|newest]
Thread overview: 84+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-04-25 4:15 Rich Felker
2013-04-25 5:05 ` Daniel Cegiełka
2013-04-25 5:21 ` Rich Felker
2013-04-25 5:55 ` Kurt H Maier
2013-04-25 7:34 ` Jens Staal
2013-04-25 12:18 ` Rich Felker
2013-04-25 13:54 ` Kurt H Maier
2013-04-25 6:43 ` Gregor Pintar
2013-04-26 0:55 ` idunham
2013-04-26 1:11 ` crypto libraries idunham
2013-04-26 7:51 ` Daniel Cegiełka
2013-04-26 1:51 ` High-priority library replacements? Rich Felker
2013-04-26 8:11 ` Gregor Pintar
2013-04-26 15:47 ` Rich Felker
2013-04-26 17:24 ` Gregor Pintar
2013-04-28 21:43 ` Rob Landley
2013-04-29 10:16 ` Szabolcs Nagy
2013-04-29 12:09 ` Rich Felker
2013-04-29 17:35 ` Gregor Pintar
2013-04-29 21:55 ` Szabolcs Nagy
2013-04-30 2:10 ` Rich Felker
2013-04-30 6:32 ` Gregor Pintar
2013-04-30 8:35 ` Szabolcs Nagy
2013-04-30 9:58 ` Gregor Pintar
2013-04-30 11:30 ` Szabolcs Nagy
2013-04-30 14:11 ` Gregor Pintar
2013-05-01 7:26 ` Gregor Pintar
2013-05-08 21:37 ` Daniel Cegiełka
2013-05-08 23:00 ` idunham
2013-05-09 7:36 ` Daniel Cegiełka
2013-05-09 9:03 ` Daniel Cegiełka
2013-05-09 11:10 ` LM
2013-05-09 14:08 ` Rich Felker
2013-05-09 14:40 ` Daniel Cegiełka
2013-05-09 14:45 ` Rich Felker
2013-05-12 22:42 ` Brad Conroy
2013-05-15 20:17 ` Rich Felker
2013-05-16 16:12 ` Justin Cormack
2013-05-17 1:56 ` Rich Felker
2013-05-17 7:28 ` Justin Cormack
2013-05-09 16:40 ` LM
2013-04-30 18:47 ` Nicolas Braud-Santoni
2013-04-30 19:18 ` Gregor Pintar
2013-05-26 20:09 ` Daniel Cegiełka
2013-05-27 15:53 ` Gregor Pintar
2013-05-28 9:27 ` Daniel Cegiełka
2013-05-28 17:30 ` Gregor Pintar
2013-05-28 13:11 ` LM
2013-05-28 21:38 ` Rob Landley
2013-05-31 11:13 ` LM
2013-05-31 11:36 ` LM
2013-04-25 7:21 ` Hal Clark [this message]
2013-04-25 10:58 ` Igmar Palsenberg
2013-04-25 12:28 ` Rich Felker
2013-04-25 11:44 ` LM
2013-04-25 12:51 ` Rich Felker
2013-04-25 15:30 ` Jens Staal
2013-04-25 16:51 ` Zvi Gilboa
2013-04-25 16:57 ` Justin Cormack
2013-04-25 17:53 ` Zvi Gilboa
2013-04-27 5:45 ` Rob Landley
2013-04-27 8:13 ` Luca Barbato
2013-04-27 13:05 ` Zvi Gilboa
2013-04-26 6:11 ` Igmar Palsenberg
2013-04-28 21:34 ` Licensing Rob Landley
2013-04-29 20:47 ` Licensing Rich Felker
2013-04-29 21:10 ` Licensing Jens Gustedt
2013-04-29 22:47 ` Licensing Kurt H Maier
2013-04-29 22:50 ` Licensing Rob Landley
2013-04-30 12:32 ` Licensing LM
2013-04-26 4:19 ` High-priority library replacements? Isaac Dunham
2013-04-26 11:41 ` LM
2013-04-26 12:57 ` Muhammad Sumyandityo Noor
2013-04-26 15:53 ` Rich Felker
2013-04-28 6:53 ` Muhammad Sumyandityo Noor
2013-04-28 17:46 ` Rich Felker
2013-04-26 16:52 ` LM
2013-04-26 4:32 ` nwmcsween
2013-04-29 5:51 Brad Conroy
2013-04-29 16:38 ` John Spencer
2013-04-29 20:14 ` Rob Landley
2013-04-29 20:53 ` Rich Felker
2013-04-30 1:53 ` idunham
2013-04-30 2:21 ` Rich Felker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CA+vfKE+CrhRG-basaVqLE4Bc6X5T1CbftJmBurrhwAxFTPc3jA@mail.gmail.com \
--to=hdeanclark@gmail.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).