←back to thread

I couldn't find a logging library that worked for my library, so I made one

(hackers.pub)
28 points todsacerdoti | 1 comments | 12 Dec 25 15:46 UTC | HN request time: 0.201s | source
Show context
KellyCriterion ◴[13 Dec 25 07:27 UTC] No.46252778[source]
industry-proven and mature libs like LOG4J or LOG4Net are not sufficient?
replies(4): >>46254636 #>>46306388 #>>46306464 #>>46306602 #
hansvm ◴[13 Dec 25 14:14 UTC] No.46254636[source]
You mean this log4j [0] with major vulnerabilities the industry missed for nearly a decade?

[0] https://en.wikipedia.org/wiki/Log4Shell

replies(3): >>46254979 #>>46255024 #>>46306127 #
KellyCriterion ◴[13 Dec 25 15:06 UTC] No.46255024[source]
Have you used ever OpenSSL? :-D

The thing is: A bug does not invalidate enterprise adoption - Microsoft ist a good example.

replies(1): >>46255251 #
hansvm ◴[13 Dec 25 15:34 UTC] No.46255251[source]
That was less my point, and more that "battle-tested" doesn't have to be a cudgel to argue against in-house projects, especially when considering defect rates (the more-general solution is very often slower and buggier to support the features you don't need).
replies(1): >>46255492 #
1. KellyCriterion ◴[13 Dec 25 16:00 UTC] No.46255492[source]
Maybe we should differ the terms:

"industry proven" -> MS/Windows -> yes

"battle tested" -> MS Windows -> you may discuss? :-D

If there is an inhouse solution available and which is really working, then Id not introduce an externa component here. If you start from zero, then using a pre-existing component should be the path, in my perception. Sure, one can waste time write a logger, but should have e.g. Bezos spent time coding on a logging lib or care about the webshop and use an existing lib for that - but in most cases it does not payoff to do whatever self-implementation-voodoo someone imagines: its just a waste of time. (Esp. since most companies do not take off enough to make such an investment plausible)