Fork me on GitHub
#off-topic
<
2018-12-20
>
leonoel08:12:23

I wonder if this argument against open maps has ever been discussed before https://twitter.com/chris__martin/status/1075213406582571010

danielneal10:12:37

That sounds like that would deserver to be a completely different function, or you'd at least have to opt in to get the credit card number

danielneal10:12:02

I'd have thought the moment you start handling sensitive data, you need to bring a whole new level of rigour to the entire program

schmee10:12:37

the “solution” is this: don’t operate on the whole map, use select-keys to pick out the parts that are relevant for that particular context

schmee10:12:50

then you can add keys freely without worrying about stuff like that

8
leonoel11:12:08

the funny thing about this argument is that in statically typed languages, println-like functions accept anything as input, so in the scenario he describes the compiler will basically break all legitimate usages but not the dangerous one

bronsa11:12:39

@leonoel not sure what you mean?

bronsa11:12:03

you can't have a "generic" toString a -> string function in languages like ocaml/haskell

danielneal11:12:30

how do you log anything

danielneal11:12:31

even with records?

3Jane11:12:47

I vaguely remember you make the type printable, and in it you define what it prints

bronsa11:12:59

e.g. in ocaml you do

# type t = A|B;;
type t = A | B
# Format.printf "%a" (fun fmt -> function | A -> Format.fprintf fmt "a" | B -> Format.fprintf fmt "b") A;;
a

leonoel11:12:00

right but if the println was already there, the type was likely to implement some kind of stringifiable protocol

danielneal11:12:34

I guess but then it would only print the bits it knew about

bronsa11:12:35

in haskell you have a showable typeclass

bronsa11:12:51

which I think the GHC compiler can auto-implement for you

bronsa11:12:50

but letting the compiler do some auto code generation is different than saying there exists println like functions that accept anything as input & break type safety

danielneal11:12:17

well this is exciting

danielneal11:12:24

I'm learning new things

todo11:12:00

Anyone here just write math in APL notation instead of standard math notation?

danielneal11:12:23

so in a web framework, if you switch on logging of requests, say, what happens

bronsa11:12:08

supposedly the request would be a closed record, so it'll have a printer defined for that type

danielneal11:12:06

so for each set of query-params/form-paramse etc, you define the type, and then if you want it to log, you implement Show

bronsa11:12:54

I think that tweet didn't make a good point TBH, you can still print the return value of whatever you return and if you rely on the compiler to generate your printer for you (which haskellers do a lot, ocaml is starting to go in that direction too with ppx) it won't make any difference in clojure vs haskell/ocaml

bronsa11:12:25

which I guess may be what @leonoel was saying now that I read it again :)

leonoel11:12:08

yes but thanks for this precision, actually I read that tweet from a scala mindset !

bronsa11:12:49

I don't know anything about scala :)

danielneal11:12:02

it's a format for microtonal musical scales

danielneal11:12:04

it's really great

danielneal11:12:13

there's a library of about 3000 scales it provides

😆 8
bronsa11:12:43

it also means "stairs" in italian so I guess I do know something about it

3Jane11:12:51

Honestly that tweet is the reverse of what strengthening a promise is to me.

3Jane11:12:56

It’s breaking a promise.

3Jane11:12:31

I promised I would return a name and (implicitly) only a name.

danielneal11:12:10

Yeah, I think that's what I was kind of getting at. Like the domain has completely changed, this is now a completely new kind of thing

bronsa11:12:52

even if you were returning {:name foo} and now you're returning {:name foo :credit-card bar}?

3Jane11:12:13

you can do this kind of stuff (scope expansion), but you do it in parameter types, not return types

danielneal11:12:25

Yeah - in my head before it might have been in a user namespace, now it's in a finance namespace, and it's a whole different kettle of fish

bronsa11:12:42

oh makese sense

🇮🇹 8
bronsa11:12:54

so you're saying it would be just a new function

danielneal11:12:19

I'd at least make getting the extra data opt in

danielneal11:12:31

i.e. (get-user {:user-id <blah> :include-financial-info? true}

danielneal11:12:08

but yeah, it feels more like a new function entirely

danielneal11:12:41

I wonder if a stronger argument along the same lines of the original tweet could be constructed though

danielneal11:12:59

Like is there a realistic case where you'd want an additive (stronger promise) change to be breaking

vemv14:12:50

On the topic of printing credit card numbers, I think we should stop using String for representing those. Same for other secrets. Instead create a SecureString wrapper, which: • has a opaque pr representation by default • cannot be =ed against a string: you are forced to explicitly use a constant-time equality predicate

👍 8
8
fellshard17:12:03

I did something exactly like that for a project that was working with ccs!

vemv19:12:32

🙂 what's ccs?

danielneal20:12:14

carbon capture and storage?

fellshard04:12:23

Yep, credit cards, sorry. Typing while heading to the airport made for brevity over clarity :)

dominicm18:12:25

@danieleneal sensitive information aside, do you think it would be okay to start returning, eg age or favourite colour from a function in addition?

Nick Vargish19:12:02

I like the concept of SecureString but worry that people will expect more security from it than it actually delivers. The expectation of magical protection is a real risk, even for security professionals.

👍 4
scriptor19:12:24

especially when it’s just a wrapper

vemv20:12:04

then OpaqueString it is 🙂

Nick Vargish20:12:23

Yay! That fixes it!

Nick Vargish20:12:44

Actually, it really does. Names matter.

Alex Miller (Clojure team)20:12:29

Isn’t this why many places use char[] rather than Strings?

dadair21:12:41

Anyone have experience with Akka from Scala-land? I’m debugging a legacy app and have some noob questions

gleisonsilva21:12:40

hello guys! what's the options to go mobile with Clojure, besides React Native via re-natal?

danielneal21:12:15

react-native is the best bet imo. There's a few options within that - @bhauman has a brand new hot off the press thing which might be worth a look if you're starting fresh https://github.com/bhauman/react-native-figwheel-bridge. I use expo which means I can avoid the xcode/android studio setup

👍 4
emccue21:12:42

I'm having a good amount of fun with fennel, but my inability to write decent macros is annoying

emccue21:12:27

(Partially (mostly) my stupidity probably, but also maybe because the docs are eh on that)