less_retarded_wiki/dependency.md

Dependency

Dependency is something your program (or similar system) depends on -- dependencies are bad! Among programmers the term dependency hell refers to a very common situation of having to deal with the headaches of managing dependencies. Unfortunately dependencies are also unavoidable. We at least try to minimize dependencies as much as possible while keeping our program functioning as intended, and those we can't avoid we try to abstract (see portability) in order to be able to quickly drop-in replace them with alternatives.

Having many dependencies is a sign of bloat and bad design. Unfortunately this is the reality of mainstream programming. For example at the time of writing this Chromium in Debian requires (recursively) 395 packages LMAO xD And these are just runtime dependencies...

In software development context we usually talk about software dependencies, typically libraries and other software packages. However, there are many other types of dependencies we need to consider when striving for the best programs. Let us list just some of the possible types:

• software
  • libraries
  • compiler supporting specific language standard
  • build system
  • GUI capability
  • operating system and its services such as presence of a window manager, desktop environment, presence of a file system etc.
  • Internet connection
• hardware
  • sufficient computing resources (enough RAM, CPU frequency and cores, ...)
  • graphics card
  • floating point unit and other coprocessors
  • CPU features such as special instructions
  • mouse, speakers and other I/O devices
• other:
  • know-how/education: Your program may require specific knowledge, e.g. knowledge of advanced math to be able to meaningfully modify the program, or nonnegligiable amount of time spent studying your codebase.
  • running cost: e.g. electricity, Internet connection cost
  • culture: Your program may require the culture to allow what it is presenting or dealing with.

Good program will take into account all kinds of these dependencies and try to minimize them to offer freedom, stability and safety while keeping its functionality or reducing it only very little.

Why are dependencies so bad? Because your program is for example:

• less secure (more attack surface, i.e. potential for vulnerabilities which may arise in the dependencies)
• more buggy (more fuck up surface)
• less portable
• more expensive to maintain (and create) (requires someone's constant attention to just keep the dependencies up to date and keeping up with their changing API)
• less future proof and more fragile (your program dies as soon as one of its dependencies, or any dependency of these dependencies)
• more bloated and so probably less efficient, i.e. slower, eating up more RAM than necessary etc.
• less under your control (in practice it's extremely difficult to modify and maintain a library you depend on even if it's free, so you're typically doomed to just accept whatever it does)
• more dangerous legally (reusing work of other people requires dealing with several to many different licenses with possibly wild conditions and there's always a chance of someone starting to make trouble such as threatening to withdraw a license)

How to Avoid Them

TODO