I can’t be bothered to build them but looking at the releases on GitHub openssl 3.4.0 is 17.5mb and rustls is 2.6mb. both of these releases are source files not binaries but I don’t see how rustls could possibly be larger than openssl.
Comparing source code sizes is completely meaningless. Rust projects are usually smaller with far more granular dependencies.
FizzyOrange@programming.dev
on 23 Oct 03:01
collapse
Unless the binary size difference is insane, who would say “oh well we were going to pick the library that wasn’t riddled with security issues but we decided to save 2MB instead, hope that makes you feel better about your $12m cybersecurity fine!”.
KamikazeRusher@lemm.ee
on 23 Oct 04:05
nextcollapse
There are only going to be edge-cases where the binary size will really cause headache. Individual projects probably won’t worry too much about a size difference if it’s less than 10-20MB.
I don’t doubt that some places care about a 1MB size difference. After all, some embedded systems with limited storage need every megabyte they can spare.
KamikazeRusher@lemm.ee
on 23 Oct 03:53
nextcollapse
Some of the notes highlight that performance differences in specific tests were due to AVX-512 support. I’d like to see a post going into detail about what challenges the libraries (or their dependencies) went through to get that integrated and how much of an increase came from it.
patrick@lemmy.bestiver.se
on 23 Oct 05:52
collapse
This article is so weird. “We outperformed our competitors because Intel improved the performance of the AWS owned cryptography library we use.”
So like…what did you guys do? Don’t get me wrong, I’m not saying that you did nothing, but your career would go better if you put it in the article that is specifically for bragging about your accomplishment.
threaded - newest
very nice, now let’s see that binary size.
I can’t be bothered to build them but looking at the releases on GitHub openssl 3.4.0 is 17.5mb and rustls is 2.6mb. both of these releases are source files not binaries but I don’t see how rustls could possibly be larger than openssl.
Comparing source code sizes is completely meaningless. Rust projects are usually smaller with far more granular dependencies.
Unless the binary size difference is insane, who would say “oh well we were going to pick the library that wasn’t riddled with security issues but we decided to save 2MB instead, hope that makes you feel better about your $12m cybersecurity fine!”.
There are only going to be edge-cases where the binary size will really cause headache. Individual projects probably won’t worry too much about a size difference if it’s less than 10-20MB.
my whole career is those edge cases
I don’t doubt that some places care about a 1MB size difference. After all, some embedded systems with limited storage need every megabyte they can spare.
yes, i know people that will pay 12m to save 2mb.
Some of the notes highlight that performance differences in specific tests were due to AVX-512 support. I’d like to see a post going into detail about what challenges the libraries (or their dependencies) went through to get that integrated and how much of an increase came from it.
This article is so weird. “We outperformed our competitors because Intel improved the performance of the AWS owned cryptography library we use.”
So like…what did you guys do? Don’t get me wrong, I’m not saying that you did nothing, but your career would go better if you put it in the article that is specifically for bragging about your accomplishment.