Most active commenters
  • throwawaymaths(3)
  • zaphirplane(3)

←back to thread

Zig is hard but worth it

(ratfactor.com)
401 points signa11 | 21 comments | 01 Jun 23 10:44 UTC | HN request time: 0.678s | source | bottom
Show context
latch ◴[01 Jun 23 13:19 UTC] No.36150665[source]
I've now written a lot of zig code (http.zig, websocket.zig, log.zig, zuckdb.zig, etc.) I think Zig falls into an "easy to learn, average/hard to master" category.

Some insiders underestimate the effort required for newcomers to build non-trivial things. I think this is because some of that complexity has to do with things like poor documentation, inconsistent stdlib, incompatible releases, slow release cycle, lack of package manager, etc. For an insider living and breathing Zig, not only aren't these huge challenges, they aren't really "Zig" - they are just transient growing pains. For someone getting started though, the current state of Zig is Zig.

I wish Zig had a polished package manager (there's one in the current development branch, but you don't as much use it as fight it). They could then move some of the less polished code into official experimental packages, helping to set expectations and maybe focus the development efforts.

replies(7): >>36151206 #>>36152145 #>>36153037 #>>36153777 #>>36159350 #>>36159799 #>>36178599 #
zoogeny ◴[01 Jun 23 14:07 UTC] No.36151206[source]
I've lately thought that a package manager is as essential to a new language as a standard library. I would also add a LSP and standard code formatter to that list.

It is a bit unfortunate because all of the above is a pretty tall order. We're getting to the point that new languages are expected to boil the ocean by the time they reach 1.0

replies(8): >>36151679 #>>36152038 #>>36152323 #>>36152773 #>>36153966 #>>36154058 #>>36155307 #>>36159420 #
1. johnnyjeans ◴[01 Jun 23 15:44 UTC] No.36152773[source]
I disagree. I actively avoid languages that rely on package managers simply because they only give the illusion of being beneficial. It ends up being more boilerplate I have to learn to use an ecosystem, because they don't actually solve dependency hell and now there's a whole additional complicated tool with its own DSL I have to contend with in order to fix what's broken (or even diagnose issues.)

The more peripheral crap I have to deal with to use your language, the less I'm likely to use it in the first place. I don't need, want or care to learn yet another idiosyncratic fragile system. Finding source tarballs is a complete non-issue, and inevitably I'm going to have to manually build things anyways to figure out what erroneous assumption a library is making about the underlying system which is causing the build to fail or the runtime to crash, so the package manager just ends up being extra steps. Without fail, that has always been my experience with language package managers.

In the pursuit of making things simpler, we're really just making them harder.

replies(6): >>36153099 #>>36153117 #>>36153992 #>>36154251 #>>36155105 #>>36172876 #
2. zoogeny ◴[01 Jun 23 16:03 UTC] No.36153099[source]
I'm not sure I understand this issue. The existence of a standard package manager doesn't prevent you from manually vendoring dependencies if you want to. I have personal experience working on node.js projects where several dependencies were just `cp` into a directory and treated like local modules, no npm involved at all.

It's like `apt` or `brew` for system dependency management. It is there if you want it but you can just as well download a tar and config/make/install yourself if you want.

In many ways, it is like a standard lib. No one forces you to use it. If you prefer the simplicity of your own implementations then I see no reason why you can't just write your own.

But when you want the advantages of a package manager, and there are advantages that you may not appreciate but others do, then having a standard one built into the language feels preferable to having a dozen non-standard independently competing variations that the community cobbles together.

replies(1): >>36161988 #
3. fauigerzigerk ◴[01 Jun 23 16:03 UTC] No.36153117[source]
The cynic in me would say that including a standard package manager is absolutely necessary to stop several of them popping up every year :)
4. gen220 ◴[01 Jun 23 16:57 UTC] No.36153992[source]
Just curious, not snide: what language fits this criteria?

C/C++? Using Python 3.7+ in a way that completely ignores Pip, because the stdlib is now quite expansive?

replies(3): >>36154078 #>>36154752 #>>36155431 #
5. paulddraper ◴[01 Jun 23 17:03 UTC] No.36154078[source]
Must be C/C++.
replies(1): >>36162805 #
6. JohnFen ◴[01 Jun 23 17:14 UTC] No.36154251[source]
I agree entirely. Relying on a package manager in order for a language to be useful indicates to me that there's a deficiency in the language.
replies(1): >>36155497 #
7. seba_dos1 ◴[01 Jun 23 17:48 UTC] No.36154752[source]
Python is quite often being used without pip, as the modules are often packaged by distros already (and in many distros they have to be packaged this way in order to include the application that uses them in the repos).
8. jeroenhd ◴[01 Jun 23 18:15 UTC] No.36155105[source]
The problem with source tarballs is that you need to then manually watch out for updates and bugfixes for every dependency you pull in. You also need to deal with the bespoke build system of your packages of choice or manually build something compatible with your project. You can also choose not to and skip vulnerable, buggy code for a few years like some companies do, but that's hardly an advantage. You also need to ship (and possibly license) all of your dependencies.

Alternatively, you can let the system package manager do all the hard work for you. That works great, as long as you only target one OS or put in the work to maintain compatibility with multiple OS releases.

My experience with languages without package managers is that large, maintained projects all invent their own package manager (remote git repos? shell scripts downloading files? a two-stage build process written in the language itself?) in combination with some sort of Makefile generating hell script that breaks for a while when a new OS release comes out.

This approach works if you're the entire system. SerenityOS can do this, because it's basically an entire operating system and userland all inside one repository. ChromeOS can probably do it as well, since the app portion isn't running OS-native code anyway. For everyone else, it's just making someone else do the work of the package manager manually.

9. thegeekpirate ◴[01 Jun 23 18:38 UTC] No.36155431[source]
Odin
10. pornel ◴[01 Jun 23 18:42 UTC] No.36155497[source]
Is every language supposed to come with HTTP and TLS stack, clients for every database, de/serializers for every format, every image and video codec, every de/compressor, GUI toolkits, 3D rendering, Bluetooth… where do you stop?

And then how do you maintain all of this bloat to a competitive level, so that users don't need to reach for faster/newer alternative packages anyway?

And how do you maintain portability and backward compatibility of a language with such a vast API surface?

In modern development there's just too much stuff to keep everyone happy with batteries included. Sooner or later users will need something that isn't built in, and that will cause pain and crappy workarounds if the language doesn't have first-class support for dependencies.

replies(2): >>36156115 #>>36157059 #
11. JohnFen ◴[01 Jun 23 19:25 UTC] No.36156115{3}[source]
I suppose that I just never had a problem maintaining any dependencies in code I write. Package managers have long been a bit of a pain for me as a developer, and with some languages (like Python), they are a huge PITA for me as a normal user of applications.

So overall I don't view them in a very positive light. They're something I have to put up with.

No matter, it is what it is. Carry on. :)

replies(1): >>36158409 #
12. pdntspa ◴[01 Jun 23 20:43 UTC] No.36157059{3}[source]
You could manage it like .net did before chocolatey/winget -- pretty much a free-for-all, just add yourself to the COM list through whatever means you want and have at it

But that was a mess. I still have nightmares from dealing with windows assembly cache issues.

Honestly it reminds me of some of the shit I've had to deal with with pip (what do you mean you can't resolve this dependency???)

13. pornel ◴[01 Jun 23 22:40 UTC] No.36158409{4}[source]
When Python was originally designed disk space was precious, and access to the Internet was rare, and its dependency management was designed for that world. Its multiple retrofitted package managers never fully fixed it.

However, better integrated package managers can work well. In case of Node.js and Cargo, the main argument against them is that it's too easy to add dependencies.

replies(1): >>36158952 #
14. throwawaymaths ◴[01 Jun 23 23:39 UTC] No.36158952{5}[source]
Fundamentally the problem with python is that it's packages are global and every workaround except ~docker can't fix it except in a hacky way since the package resolution is specified in the language
replies(1): >>36172854 #
15. uranusjr ◴[02 Jun 23 07:02 UTC] No.36161988[source]
Furthermore, having a package manager indicates there are some kind of specifications behind so each package and repository has an expected format (not necessarily _a_ standard package manager; in many ecosystems multiple managers share one standard). This helps vendoring a lot since the standard specification makes the vendoring process very easy to automate and validate. Dependency managers in their essence is really just automated vendoring (or vendoring is just less automated dependency management); it helps because you can pick it apart and choose to automate only the parts you want, even if you don’t like the fully automated solution.
16. ◴[02 Jun 23 08:54 UTC] No.36162805{3}[source]
17. zaphirplane ◴[03 Jun 23 01:37 UTC] No.36172854{6}[source]
Tell us more, cause it’s not a problem I know
replies(1): >>36174462 #
18. zaphirplane ◴[03 Jun 23 01:40 UTC] No.36172876[source]
So you manually do what a package manager would do automagically and better. What do you think you are doing that is better than a program resolving dependencies, downloading h them and building them, putting them in the right location and tracking the versions used in a lock file
19. throwawaymaths ◴[03 Jun 23 07:22 UTC] No.36174462{7}[source]
Try installing two pieces of software that depend on two different versions of tensorflow, then come back here.
replies(1): >>36175085 #
20. zaphirplane ◴[03 Jun 23 09:30 UTC] No.36175085{8}[source]
I can install multiple python interpreters side by side each with independent packages and I can install different versions of the same python package for the same interpreter. I haven’t tried or had a need, by induction sounds possible :shrug:
replies(1): >>36190287 #
21. throwawaymaths ◴[04 Jun 23 22:47 UTC] No.36190287{9}[source]
Tensorflow wheels are bound to cuda installation which is driver/sudo level. It's a nightmare.