This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-12-20
Channels
- # adventofcode (47)
- # announcements (3)
- # aws (29)
- # bangalore-clj (3)
- # beginners (63)
- # boot (2)
- # braveandtrue (40)
- # calva (34)
- # cider (37)
- # cljs-dev (8)
- # clojars (3)
- # clojure (45)
- # clojure-europe (2)
- # clojure-france (4)
- # clojure-india (2)
- # clojure-italy (44)
- # clojure-japan (4)
- # clojure-nl (39)
- # clojure-serbia (1)
- # clojure-spec (21)
- # clojure-uk (75)
- # clojurescript (28)
- # cursive (24)
- # data-science (3)
- # datomic (31)
- # emacs (13)
- # fulcro (35)
- # hoplon (21)
- # jobs-discuss (66)
- # nrepl (18)
- # off-topic (72)
- # pathom (35)
- # re-frame (20)
- # reagent (54)
- # shadow-cljs (35)
- # spacemacs (9)
- # specter (8)
- # sql (13)
- # testing (9)
- # tools-deps (21)
- # vim (3)
I wonder if this argument against open maps has ever been discussed before https://twitter.com/chris__martin/status/1075213406582571010
That sounds like that would deserver to be a completely different function, or you'd at least have to opt in to get the credit card number
I'd have thought the moment you start handling sensitive data, you need to bring a whole new level of rigour to the entire program
the “solution” is this: don’t operate on the whole map, use select-keys
to pick out the parts that are relevant for that particular context
the funny thing about this argument is that in statically typed languages, println
-like functions accept anything as input, so in the scenario he describes the compiler will basically break all legitimate usages but not the dangerous one
you can't have a "generic" toString a -> string
function in languages like ocaml/haskell
how do you log anything
even with records?
e.g. in ocaml you do
# type t = A|B;;
type t = A | B
# Format.printf "%a" (fun fmt -> function | A -> Format.fprintf fmt "a" | B -> Format.fprintf fmt "b") A;;
a
right but if the println
was already there, the type was likely to implement some kind of stringifiable protocol
I guess but then it would only print the bits it knew about
but letting the compiler do some auto code generation is different than saying there exists println
like functions that accept anything as input & break type safety
well this is exciting
I'm learning new things
so in a web framework, if you switch on logging of requests, say, what happens
supposedly the request would be a closed record, so it'll have a printer defined for that type
so for each set of query-params/form-paramse etc, you define the type, and then if you want it to log, you implement Show
I think that tweet didn't make a good point TBH, you can still print the return value of whatever you return and if you rely on the compiler to generate your printer for you (which haskellers do a lot, ocaml is starting to go in that direction too with ppx) it won't make any difference in clojure vs haskell/ocaml
it's a format for microtonal musical scales
it's really great
Yeah, I think that's what I was kind of getting at. Like the domain has completely changed, this is now a completely new kind of thing
even if you were returning {:name foo}
and now you're returning {:name foo :credit-card bar}
?
you can do this kind of stuff (scope expansion), but you do it in parameter types, not return types
Yeah - in my head before it might have been in a user namespace, now it's in a finance namespace, and it's a whole different kettle of fish
I'd at least make getting the extra data opt in
i.e. (get-user {:user-id <blah> :include-financial-info? true}
I think
but yeah, it feels more like a new function entirely
I wonder if a stronger argument along the same lines of the original tweet could be constructed though
Like is there a realistic case where you'd want an additive (stronger promise) change to be breaking
On the topic of printing credit card numbers, I think we should stop using String
for representing those. Same for other secrets.
Instead create a SecureString
wrapper, which:
• has a opaque pr
representation by default
• cannot be =
ed against a string: you are forced to explicitly use a constant-time equality predicate
@U45T93RA6 credit cards maybe? 🙂
carbon capture and storage?
Yep, credit cards, sorry. Typing while heading to the airport made for brevity over clarity :)
@danieleneal sensitive information aside, do you think it would be okay to start returning, eg age or favourite colour from a function in addition?
I like the concept of SecureString but worry that people will expect more security from it than it actually delivers. The expectation of magical protection is a real risk, even for security professionals.
Yay! That fixes it!
Actually, it really does. Names matter.
Isn’t this why many places use char[] rather than Strings?
Anyone have experience with Akka from Scala-land? I’m debugging a legacy app and have some noob questions
hello guys! what's the options to go mobile with Clojure, besides React Native via re-natal?
react-native is the best bet imo. There's a few options within that - @bhauman has a brand new hot off the press thing which might be worth a look if you're starting fresh https://github.com/bhauman/react-native-figwheel-bridge. I use expo which means I can avoid the xcode/android studio setup