1. 14

    As mentioned earlier, releases was the last planned feature for Elixir. We don’t have any major user-facing feature in the works nor planned. I know for certain some will consider this fact the most excing part of this announcement!

    This is a very important part of the Elixir developer experience. Even though the language is relatively young and we get a new minor version every six months, Elixir doesn’t feel like a moving target. This comes from having extensibility designed in from the start, as well as being built on a very mature platform (Erlang) where most of the new language blues have been worked out.

    I’m still impressed by the confidence it takes to say, “Nope, no plans to add anything else right now.”

    1. 4

      This is the biggest mistake they’ve made, honestly.

      The core team continually shoots down little features and additions to the standard library, with the tired refrain “Don’t worry, the community will offer libraries for it!”.

      This means we are still missing things like:

      • conversion of basic Elixir and Erlang types back and forth (ref <-> string, record <-> map, etc. etc.)
      • strftime
      • timezone/tzdata out of the box
      • various data structure helpers
      • various math routines
      • CSV parsing
      • JSON parsing

      (You can bet that the pet features for developing, say, a compiler or macros were of course included and exposed early.)

      “Batteries included”, even with occasionally corroding batteries, is better for devs everywhere. Other than the fact that we’ve all seen what happens when you have a small standard library and let the community “grow” it (cough npm cough), the fact remains that the only reason Elixir is possible is because of the baroque standard library afforded by Erlang/OTP. They bootstrapped the language using everything the other folks had, and then have the audacity to claim that they want a “small” language.

      This would be maybe acceptable if they, say, wrapped the Erlang stuff with better docs and minor Elixir affordances–instead, the standard answer is to just link against Erlang/OTP directly and provide no support and pat themselves on the backs for a job well done.

      It’s a position that I think is increasingly suggesting that a fork of Elixir is required.

      1. 4

        I’ve never found this to be an impediment. When I needed time functions, I brought in Timex; for JSON, Poison; etc. I’ll admit that I did write a library containing a data structure helper. I don’t have strong opinions whether these features should be part of or separate from the core libraries, but I never found them missing when I needed to use them.

        But that’s opinion. On a more factual level, I don’t know what you’re on about when you say that Elixir didn’t wrap and improve many OTP modules. GenServer, Supervisor, Application, Process, Node, the list goes on. Things like DynamicSupervisor and Registry are Elixir-specific but feel like natural extensions to OTP. There’s always the option to call into Erlang if something is not in Elixir, but that isn’t the default.

        1. 2

          Good point, I should’ve given more credit to GenServer’s wrapper, and some various other ones. Buuuut…

          There’s always the option to call into Erlang if something is not in Elixir, but that isn’t the default.

          That’s the thing, though! Where are the wrappers for the math module (basic trig stuff? For the ETS? DETS? Mnesia? SSL? gen_tcp? Random number generation? Crypto? gen_fsm or gen_statem? timer?

          The blessed answer is: do it in Erlang. For any non-trivial usage you pretty much have to have know the chunks of the Erlang stdlib in addition to Elixir.

          1. 3

            Fair, I should have chosen a word other than “default”. But I have a non-trivial service written in Elixir (15K LOC, 20K lines of tests) and my calls into the Erlang std lib amount to :timer.sleep (which Elixir now provides with Process.sleep), :math.pow, :crypto.strong_rand_bytes, and :erlang.monotonic_time. I’m ok if the Elixir project gets around to wrapping these last.

            1. 2

              What would the “dumb” wrapper over Erlang libraries provide that it would be worth it? Is there anything? Because if not, then I believe that creating such wrapper (especially in stdlib) is pointless.

              1. 3

                The biggest advantages I can think of:

                • Prettier docs, alongside the rest of the Elixir stdlib
                • Changing argument order so that the “subject” of a function comes first, so that the functions compose well in |> pipelines

                Both are “nice to have” as opposed to “essential”, but it adds up.

                1. 1

                  As I said, the first one will change as soon as Erlang will implement EEP 48 (uniform documentation store). The second one is a little bit more problematic, but I do not see it as a big problem as Erlang functions often do not end in long pipelines.

                2. 1

                  Well, first, it would move Elixir to being independent of Erlang. Right now Elixir is basically just the super bonus DLC expansion for the BEAM–you still need Erlang to play. Wrapping those things makes it easier to make a cohesive language that doesn’t have Erlang weirdness just sticking out of it. This in turn makes it easier to add native extensions to make Elixir code more performant and even more of a value-add over Erlang.

                  Second, a lot of the functions (say, :math.exp) have weird failure modes that just aren’t documented. There’s no guard clauses or type information provided to keep them from throwing up. Elixir wrappers could improve error reporting and also documentation about things like valid domains for the functions.

                  Third, you assume “dumb” wrappers–I’m in support of slightly more invasive wrappers that do things like prefer UTF8 binaries to charlists or that are easier to pipeline or offer better options.

                  1. 1

                    Well, first, it would move Elixir to being independent of Erlang

                    I agree, it would be great to have Elixir as a simple Erlang library, just like lfe or luerl.

                    Elixir wrappers could improve error reporting

                    It does:

                    iex> :math.exp(%{})
                    ** (ArgumentError) argument error
                        (stdlib) :math.exp(%{})
                    iex> :math.exp(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111)
                    ** (ArithmeticError) bad argument in arithmetic expression
                        (stdlib) :math.exp(1111111111111111111111111111111111111111111111111111111111111111111111111111111111111)
                    

                    vs:

                    > math:exp(111111111111111111111111111111111111111111111111111111111111111111111111111111111).
                    ** exception error: an error occurred when evaluating an arithmetic expression
                         in function  math:exp/1
                            called as math:exp(111111111111111111111111111111111111111111111111111111111111111111111111111111111)
                    > math:exp([]).
                    ** exception error: bad argument
                         in function  math:exp/1
                            called as math:exp([])
                    

                    So it is transforming all calls to more “Elixirish” exceptions.

                    Yes, the Erlang documentation about types could improve a little, but it is still quite readable now:

                    A collection of mathematical functions that return floats. Arguments are numbers.

                    invasive wrappers that do things like […] offer better options

                    Just for your information, Erlang’s prop list [a, {b, 10}] is exactly the same as [{a, true}, {b, 10}] which makes [:a, b: 10] exactly the same as [a: true, b: 10]. So I do not see much of the problem there.

                    1. 1

                      You’re missing the obvious: why is that number invalid as an argument? Elixir could give that information in the error, or even better restore proper IEEE754 support.

                      1. 1

                        Or, you know, you could port that to the Erlang and return proper error message from there. It is not that hard. Why Elixir should fix Erlang issues while you can fix them in Erlang?

            2. 3
              • conversion of basic Elixir and Erlang types back and forth (ref <-> string, record <-> map, etc. etc.)

              You have ref_to_list/1 in :erlang module or you can use inspect/1 from Elixir Kernel. But why anyone would like to call that function in situation other than inspecting the value? For record <-> map you have Record module. What other types you would like to convert? Especially as Erlang and Elixir uses exactly the same types.

              • timezone/tzdata out of the box

              As this require HTTP requests and other stuff to keep it in sync with tzdb I think the current approach with allowing external libraries to register themselves as tzdb providers is the best one. This allows enough flexibility without requiring wrapping or incompatible date time types.

              • various data structure helpers
              • various math routines

              Which one? What is missing from :math?

              • CSV parsing
              • JSON parsing

              Please no, there is no need for such cruft in the stdlib and external libraries have hell lot of advantages over built-ins.

              Erlang stuff with better docs

              Erlang docs are pretty good, but require some time to get used to it. Maybe ti will improve in near future when Erlang implement EEP 48.

              1. 1

                But why anyone would like to call that function in situation other than inspecting the value?

                Let’s say you are using refs as a performant key for nodes in a scene graph, and you also want clients on other platforms to be able to interact with them.

                This allows enough flexibility without requiring wrapping or incompatible date time types.

                Everybody just uses Lau’s tzdata. This flexibility is just overengineering. In 2019, there is no reason to treat downloading tzdata as beyond the ken of a stdlib.

                Please no, there is no need for such cruft in the stdlib and external libraries have hell lot of advantages over built-ins.

                There’s nothing more annoying than using modules that have identical support for JSON but decide to use their own Super Extra Special representation that is mutually unintelligible. Further, both Ruby and Python have supported CSVs and JSON out of the box for a while now.

                Speaking of “cruft”, how about that asn1 support in core erlang?

                ~

                Most people using Erlang in the next 5 years will be doing Elixir. Of those, 90% or more are probably doing webshit. As it stands, Elixir is not good at that use case.

                1. 1

                  Let’s say you are using refs as a performant key for nodes in a scene graph, and you also want clients on other platforms to be able to interact with them.

                  Then use :erlang.term_to_binary/1 instead. It will be faster and IMHO easier.

                  In 2019, there is no reason to treat downloading tzdata as beyond the ken of a stdlib.

                  Unless you need to update tzdata without updating whole runtime.

                  decide to use their own Super Extra Special representation that is mutually unintelligible

                  That is why Jason for example is tested against JSON Test Suite to match RFC in 100%.

                  Further, both Ruby and Python have supported CSVs and JSON out of the box for a while now.

                  And most of the people are using external libraries anyway as default implementations are known to be slow and sometimes buggy. So why implement something that will not be used anyway?

                  Speaking of “cruft”, how about that asn1 support in core erlang?

                  This is needed for crypto and snmp applications as Erlang do not use OpenSSL ASN.1 implementation. In fact Erlang use OpenSSL only for ciphers, nothing else. Also AFAIK there is now trend to remove things from the “core” Erlang in favour of external libraries.

                  1. 1

                    You and I clearly want different things from our programming languages. This is why a fork is needed–folks like us aren’t going to reach a compromise.

                    1. 1

                      You are free to go. I like languages with minimal, yet useful, standard library. Throwing everything in just for sake of “convenience” isn’t the best way, especially when you accidentally make wrong decisions or inefficient implementations (ex. WEBrick or Python HTTP server).

          1. 4

            And in the Linux world, we also have ways to remediate and prevent these types of attacks.

            Cgroups (0) are one such technique.

            We can also use /etc/security/limits.conf as well, but these can be more all-encompassing than cgroups.

            Of course, if you run a rabbit/forkbomb as root, you’ll still hose your system until you reboot.

            (0) https://unix.stackexchange.com/questions/85411/how-to-prevent-fork-bomb

            1. 1

              I remember trying to use a mac in a shop as a teenager once, and the first thing I of course tried was a fork bomb in a terminal, but was surprised to see that they had some detection mechanism against it. Do you think it would be something along these lines, or does the BSD-sphere have some clever heuristics to detect these specific attacks?

              1. 9

                I’m guessing what you encountered was a default ulimit (which is rather conservative). I’m not aware of any special BSD juice where fork bomb mitigation is concerned (I’m a BSD user since 1996, but also pig-ignorant).

                1. 2

                  OpenBSD in particular is (in)famous for extremely tight ulimits out of the box. IIRC they used to give users 512mb of memory per application out of the box or something, but had to raise to 1024 because of gnome-shell and such??

            1. 7

              There’s no shortage of Takes on this, but here’s why I think this proposal/implementation sucks.

              I write a lot of Elixir, having come from writing a good deal of Ruby and JS. Unlike many of the non-OO languages that came before, these languages support method chaining, e.g., foo().bar(22).baz("your name here"), and it’s a natural way to express a sequence of operations in the order those operations are applied, instead of having to write that sequence basically in reverse (baz(bar(foo(), 22), "your name here")). Let’s agree to agree that there’s value in this style.

              However, the constraint in this approach is that the functions you call must be instance methods, and these methods must be associated with the primary piece of data you’re calling the function on. In Ruby, this is done with class inheritance, in JS it’s prototypal inheritance, but the effect is the same: there is a finite number of functions you can call on any given object when method-chaining, unless you explicitly add new functions to the class or prototype. That’s a limitation.

              The |> operator in Elixir is not equivalent to method chaining; it’s much more powerful. Rather than forcing datatypes to be formally associated with every function you might want to call on them, Elixir takes the approach that functions should live outside these datatypes, organized into modules for convenience rather than necessity. By convention in Elixir, every function takes the “subject” of the computation as its first argument. (This is actually similar to how Perl 5 does OO.)

              This frees the developer by making it possible to define functions that operate on data, organize these functions however it makes sense, and use these functions on equal footing with the rest of the built-in functions. There’s no awkward interruptions in a method chain like my_homegrown_function(foo("asdf").bar()).baz().

              Instead you have "asdf" |> SomeModule.foo |> OtherModule.bar |> my_homegrown_function |> WhateverModule.baz. The code “reads” in the right order, but more importantly, there is no longer a distinction between functions in the language core and those that you defined yourself two lines of code earlier. I’ve been pleasantly surprised with the power in this approach. The Ruby implementation here completely misses that. That sucks.

              1. 1

                I think that’s just part of Ruby’s design as an OO language. It just won’t be as elegant as it is in Elixir, because Ruby makes different trade-offs for different benefits than Elixir does.

              1. 11

                It’s been over 20 years and I still can’t follow which Debian release has which name. What a persistently dumb convention. Pure downside.

                1. 8

                  I’ve always found it difficult to remember the name to release number mapping, but I’ve also frequently seen people mix up release names, e.g. there was squeeze, wheezy, jessie, and at some point after wheezy or jessie I kept hearing people refer to “squeezy” :-)

                  I find the Ubuntu release names much worse. I usually refer to it by number because their names are just so stupid.

                  1. 2

                    Oh, I suppose this has merit but I still love the playfulness of naming them after Toy Story characters

                    1. 1

                      Yep. If they had to use names at least use some that are guessable - like Alpha Beta Gamma Delta Epsilon

                    1. 1

                      On first glance, as a Common Lisp outsider, I could not tell if this library was a joke. It seems not! It’s always interesting to hear about blind spots in the X3J13 spec.

                      1. 8

                        Specs are always hilarious in their blind spots. POSIX’s rationale document states that an implementation of the db(3) routines would still be conforming even if it only was able to store one data item (because the hash function is implementation-defined and they can’t guarantee that it wouldn’t hash every key to the same value). ANSI REXX’s rationale states that an implementation that does nothing but report “SYSTEM RESOURCES EXHAUSTED” for every input would still be conforming (but they do state that it would somewhat violate the “spirit” of the specification).

                        1. 4

                          The implementation of choice when X3J13 was written was Symbolics Lisp machine. You can’t really quit from Lisp to the system there, because Lisp is the system.

                        1. 4

                          The syntax looks like it’s inherited from Perl’s POD format.

                          1. 6

                            Sort of. They call it RD aka Ruby Document, and the syntax is inspired by but not a superset or subset of POD. It’s been out of fashion (in favor of RDoc) since the early 2000s.

                            1. 1

                              Good to know! Seems I’ve completely missed the RD era. :-) I’ve updated the article to mention it.

                          1. 1

                            I don’t think this will be a hurdle for the groups of people being discussed in this thread…

                            1. No developer uses system python/perl/ruby.
                            2. This is a complete nonissue for schools. Every school that I know of that teaches Python needs to install a Python IDE or some kind of text editor anyway, so adding on one more Python installer .pkg makes no difference in the authorization process.

                            The real issue comes with people writing scripts that rely on a Python / Ruby / Perl interpreter being present. That might be hard to work around, but the people using those types of random scripts are developers and can probably figure out how to install the interpreter.

                            I guess the kids all think this is a good change, because now no one will have an old version of Python or Perl. Instead, they’ll have ten of them, and you’ll have to play with paths to pick the right one, like Windows.

                            This is already an issue. I welcome turning my N Python installs into N - 1 Python installs.

                            1. 1

                              No developer uses system python/perl/ruby.

                              Quite false. When I am writing tools for a wide audience, I avoid forcing version issues on my users. When it is practical to write a script without requiring anything other than the current major version of the language – i.e., Perl 5, or Ruby 2 – I do so.

                              (Let’s not discuss Python 2 vs 3.)

                              1. 1

                                You have the newer versions installed surely? Removing the older ones by default probably won’t affect you.

                                1. 1

                                  It’s not my machine that is the problem, it’s the dozens of machines I don’t control!

                            1. 27

                              At this point I found out this man is an internationally renowned information security specialist.

                              This whole incident made more sense to me once I saw that the malicious actor is a shining star in the bad-boy security community. Sorry you are left to deal with this, @unbalancedparentheses!

                              1. 3

                                I’m itching to know who this bad actor is. Can’t find any traces.

                                1. 7

                                  There are traces that are not particularly hard to find. I am not posting them here out of respect for the author.

                                2. 2

                                  A few things happened since this was posted. I can’t still publish it, but I am amazed by the energy this person has.

                                  Meanwhile I can show some of the things this person does: @InjusticeWall. He has some real mental issue with women.

                                1. -8

                                  My team and I were contacted by different people to warn us that they were uncomfortable with the participation of a speaker and her boyfriend in our conference.

                                  We also talked with the organizers of other conferences and with dev that are part of gender groups focalized in technology and all of them recommended us to take distance from them.

                                  So, you asked the church if someone they disagreed with was a heretic.

                                  At this point I found out this man is an internationally renowned information security specialist.

                                  That seems like something you should’ve already known.

                                  I had to leave the conference, depressed by the whole situation. Luckily, my girlfriend and other friends were there to help me. I was just attending a conference and was subjected, along with my acquaintances, to a very unpleasant moment by being unfairly accused by a person I didn’t know.

                                  You never at any point in this article consider this is how the speaker rejected by a mob you listened to had felt.

                                  Some people consider that software conferences are focusing too much on inclusion and diversity. What they want is for conferences to be exclusively technical. This makes sense only in abstract.

                                  I vehemently disagree with you here. The entire point of a technical conference is the technical matters and not the race or sex of those attending or presenting. I’m reminded of that conference that was cancelled because a blind selection process only chose white men anyway and this was considered unacceptable.

                                  The problem with this is that they aren’t taking into account that many people can’t partake in the way they could and would like to. There is no way of making a technical conference if some people feel insecure or uncomfortable.

                                  You can’t help people feel insecure or uncomfortable if such people insist on feeling this way.

                                  This is why inclusion and diversity are essential in these kinds of events, as well as the participation of the groups that promote these values.

                                  The latter half of this sentence is telling. Those are lobbying organizations, effectively. You’re naive if you believe they have anything but their own interests in mind. They want power.

                                  It is important to generate a space where everybody, no matter what gender, ethnicity, religion or ideology, is able to share knowledge in a friendly, pleasant environment with a collaboration spirit.

                                  Giving discounts to those minorities that have less resources is another way.

                                  The tried-and-true method of not discriminating works well for many. Discriminating against groups you deem privileged is in opposition to these goals.

                                  The best way to face this type of situation is to always be faithful to the code of conduct, not give in to undue pressure and consult groups dedicated to ethics, gender and minorities in technology because they know the most about these issues.

                                  That is giving power to those groups that generally have nothing to do with technology, programming, etc., but still want in. This sentence reminds me of ’‘developer advocates’’, which are cretins who can’t program, but still want the attention associated with it.

                                  I can’t claim to know about this situation and I haven’t looked at the other side of it, but these are my thoughts, in any case.

                                  1. 16

                                    I can’t claim to know about this situation and I haven’t looked at the other side of it

                                    Thank you for adding to the sum of all human knowledge despite these setbacks.

                                    1. 9

                                      You never at any point in this article consider this is how the speaker rejected by a mob you listened to had felt.

                                      Was the speakers rejection and its cause publicly announced?

                                      1. 7

                                        We also talked with the organizers of other conferences and with dev that are part of gender groups focalized in technology and all of them recommended us to take distance from them.

                                        So, you asked the church if someone they disagreed with was a heretic.

                                        If you want to phrase it that way: no, they verified with the church that someone who they didn’t yet have sufficient knowledge about was indeed a known heretic according to various groups within the church, who could have easily disagreed with each other or who could have reported not having any knowledge of previous heretic behaviour.

                                        Or, if you want to state it without using a loaded analogy and without assuming things: they asked various communities about someone’s history.

                                        But as you phrased it it disqualifies your response as possibly interesting, because it demonstrates a clear presumption of negligence, wrong behaviour and guilt.

                                      1. 10

                                        I don’t trust any of Purism’s products since my laptop screen shattered and they weren’t able to replace it. That’s a pretty basic support request IMO - “please provide a new part for a laptop model which you are also currently selling (i.e. is current-generation)”. This was particularly frustrating because while I (an existing customer) was trying to get my existing product repaired, they were writing all about how they were progressing on their project to make a phone. Even though organizations way larger than them (specifically, Mozilla and Canonical) tried to take on iOS and Android and failed. I mean, come on. Focus on the customers you already have instead of pouring all your resources into a moonshot project.

                                        And now they’re launching a suite of webapps? How are they going to maintain everything with their resources? Do they just have way more money than I think they do, that is, enough money to hire a couple full-time ops people? My experience with operations is admittedly largely limited to the self-hosting I do at home, but if you’re going to manage a service this ambitious and charge money for it, I’m pretty sure you’ll need at least a couple ops people in order to make it acceptably reliable. Without a solid investment the service will work fine until it doesn’t, and then it will really not work fine and there will be extended outages or, worse, user data loss. (If someone with experience will more large-scale ops than me wants to correct me then please go ahead; I could certainly be wrong.)

                                        Don’t get me wrong, I think their hearts are in the right place and I’d be thrilled if they succeed (not just with Librem One, but with all their products and as a company as a whole). Butt I’m having a very very hard time believing that will happen.

                                        1. 1

                                          I don’t trust any of Purism’s products since my laptop screen shattered and they weren’t able to replace it. That’s a pretty basic support request IMO - “please provide a new part for a laptop model which you are also currently selling (i.e. is current-generation)”.

                                          Asking as a thought experiment, not to excuse Purism’s apparently crappy customer service:

                                          Since the hardware is open-source, would it be possible to replace it yourself?

                                          1. 4

                                            This is one reason why I don’t like it when hardware is called “open source”. What does that mean, exactly? Did it come with schematics, circuit diagrams, and a set of tools like replacement chipsets and soldering irons? Is there a file you can 3d print to create more of it? Can you redistribute this to everyone and try to make your own LibreM laptop business, even competing with LibreM themselves?

                                            “Open source” is really about software because software has source code, is infinitely copyable, and easily modifiable. Hardware has none of those things unless you want to say documentation is the hardware’s source code.

                                            While I understand that hardware can come with a range of legal restrictions and permissions, I think we should be calling it something else other than “open source” if there isn’t even any source code to speak of.

                                            1. 1

                                              Open source PCBs can be repurchased years later if its source is available. Price can be reduced by group-buying them with other people who also need it, or you could keep stock of all the open-source PCBs available on a market and open your own web store.

                                              If the case designs are open source, you can 3d-print them pretty easily now, see thingiverse.

                                              Hopefully the proprietary hardware bits, like the CPU and display screen, are used in enough other devices that they will be available for years.

                                            2. 2

                                              I asked, and customer support provided a link to a screen they thought possibly might be compatible, but they didn’t know. The link was for me to buy directly from the original manufacturer.

                                              Also, Purism hardware isn’t actually open hardware - or at least it wasn’t when I owned that laptop. It works well with Linux and they put in a lot of effort to free the firmware, which is super nice and why I bought from them in the first place. But the hardware itself isn’t open.

                                              1. 2

                                                That is depressing customer service. Makes me think a lot harder about getting the Purism 5.

                                            1. 5

                                              The most confusing thing about Prolog is that, whatever algorithm you implement with it must be on top of the built-in ones, namely depth-first search, and unification (and only using recursion rather than iteration).

                                              But really you are not supposed to implement algorithms in Prolog. You are supposed to state truths and ask questions about them.

                                              1. 6

                                                That’s a tidy philosophy, but (in my very, very limited experience) if you want your nontrivial Prolog program to terminate before your body does, you need to do a little more algorithm-shaping, generally in terms of telling the interpreter when to stop searching a particular subtree.

                                                1. 3

                                                  “A tidy philosophy” is a very nice way of saying that. You are right, but for what fits in the model, given enough smarts about constraints, you can do some impressive stuff that is not very algorithmic. At least that’s what I saw.

                                              1. 1

                                                I have never done much Perl, but I enjoyed playing with it one spring at university. Who here is using Perl regularly?

                                                1. 7

                                                  I used to work at Booking.com, which has about a million lines of Perl in production. It was good times, I quite enjoyed working with it.

                                                  1. 6

                                                    It was my main language from about 1998-2008. I don’t write programs in Perl anymore, but I regularly use perl -ne, perl -pe, and perl -i -p -e on the command line and in scripts.

                                                    1. 9

                                                      Same here. Back in the days of “traditional sysadmin” I used Perl for most tasks, be it small processing scripts or CGI web apps. These days Perl has fallen out of fashion and as much as I still like writing things in Perl 5, none of my colleagues wants to touch Perl code, so I end up doing much more Go, or sometimes Python (but I’m not a huge fan of Python).

                                                      That said, I did manage to semi-sneak some Perl 5 into production a while back, and recently replaced a complicated shell script which was doing all sorts of echo | grep | sed | xargs etc. - I put the Perl replacement up for review and most people said it was “surprisingly readable” and that no other language could have done it as well.

                                                      Perl definitely still has its place, but there’s too much stigma around it now.

                                                      1. 6

                                                        It’s possible to write reasonable Perl, but it’s very easy to make unreadable Perl if one isn’t careful. Unfortunately, sysadmins under duress was the most significant Perl userbase, while not one known for taking time on scripts. (Not helping Perl’s reputation for readability also: JAPH)

                                                        1. 7

                                                          Agreed, TMTOWTDI is both good and bad. Perl lets you take shortcuts, so people take them. PHP is arguably just as bad for this (I guess because it evolved from Perl).

                                                    2. 5

                                                      Never tried perl5, but I’ve been using perl6 quite a bit lately and I really enjoy it.

                                                      1. 5

                                                        I use Perl regularly, as my “secret weapon” when consulting and/or writing API backends.

                                                        1. 4

                                                          I used perl from 2005-2010 on closed source code (a fastcgi ad-server, of all things). I remember going through the camel book(s) at the same time, and quite enjoy it. I’ll miss the Perl conferences more than the language though. :p I never got to an expert level though, so it can be that.

                                                          1. 4

                                                            I don’t use much Perl anymore but I really miss how well regular expressions were integrated into the language.

                                                            1. 4

                                                              2/3 of my regular clients are Perl shops (the third is teaching, and that’s mostly Python), so Perl is basically my dayjob :)

                                                              1. 3

                                                                I use Perl(5) for fun (personal projects, coding challenges etc).

                                                                I’ve broken it out in anger at work for some ad-hoc log parsing stuff too .

                                                                1. 2

                                                                  Not only is it the scripting language I usually reach for, and have since 4.036, but most of the externally facing services on Floodgap.com are written in Perl including the HTTP and gopher servers.

                                                                  1. 2

                                                                    I’d just like to take the opportunity to thank you for making TTYtter back in the day!

                                                                    I still use Oysttyer daily. Best Twitter client bar none.

                                                                    1. 2

                                                                      Hey, thanks! :)

                                                                  2. 2

                                                                    I believe The Register is still a perl shop :~)

                                                                  1. 10

                                                                    He’s got a lot of good stuff on here. I want to warn about this:

                                                                    “If my machine was stolen I would like it to be totally unusable after a short time - so nobody would bother to steal it.”

                                                                    That part I emphasized will have no effect on most thieves. The kind that snatch laptops include (a) dumb criminals without much better criminal opportunities, (b) smarter criminals who won’t recognize at a glance which laptops will be remotely disabled, and (c) good cons that will somehow sell those that won’t work. I saw each type when I was living in places with lots of thieves.

                                                                    At best, you get personal satisfaction of your data probably being safe with the thief and/or recipient getting less value out of stolen device. Of course, the recipient themselves might be decent person if it’s sold before the wipe happens where it appears to be working (“it boots!”) or a con about a device that can easily be fixed. Decent but not bright. One of the victims of that con tried to resell a system to me. He was shocked when I told him how broke and worthless it was. (shakes head)

                                                                    1. 12

                                                                      I assumed he was talking about his desires for the landscape of computers itself, not just a hot rod for him to play with. In that case, his comment becomes correct.

                                                                      1. 2

                                                                        That part I emphasized will have no effect on most thieves.

                                                                        Not at first, but if everyone knew that a stolen phone/laptop was an unsellable brick, then yes, it absolutely would reduce theft: Australia has a curious law that bricks your phone if it’s stolen making it ineligible for any kind of factory reset and repairing with a mobile network, and when it was introduced, mobile phone theft dropped by about 30% in the first year.

                                                                        I saw each type when I was living in places with lots of thieves.

                                                                        Get out more: A narrow view of the world will make you think problems aren’t solvable.

                                                                        1. 2

                                                                          Even in your ideal case, they kept stealing phones 70% of the time in the first year. We don’t have an ideal case. And…

                                                                          “Get out more: A narrow view of the world will make you think problems aren’t solvable.”

                                                                          That’s a strawman combined with ad hominem. My data came from a mix of several states, rural areas, suburbs, and dense city with a mix of economic backgrounds. What I described happened in all of them. Except the cons which were mostly impoverished areas. You have one, data point. That’s narrow.

                                                                          1. -1

                                                                            Even in your ideal case, they kept stealing phones 70% of the time in the first year.

                                                                            Nonsense. 2003 reported 638k thefts versus 100k “total mobile phones stolen or lost”. Mobile phones absolutely do not make up 70% of the theft.

                                                                            That’s one in three thefts simply not occurring, all because of a simple (technological) change, and exactly the change that Joe was suggesting. Since this change, the AU has something like 100k phones stolen a year (on a 24m population) while the US loses 3m phones a year (out of 327m population); the UK loses 400k (on a 66m population) – it’s quite obvious this is significant.

                                                                            That’s a strawman combined with ad hominem. My data came from a mix of several states, rural areas, suburbs..

                                                                            Your data came out of your ass.

                                                                            And just because I call you narrow-minded doesn’t mean you’re right “by default”: Yes it’s ad hominem, because you literally sound like a gun nutter who thinks taking away peoples guns and access to guns can’t possibly make a reduction in gun crime, and “just because that worked for the UK, well it’s just one data point: That’s narrow.

                                                                            1. 11

                                                                              Could we have this discussion with a less aggressive tone, please?

                                                                              1. 2

                                                                                “That’s one in three thefts simply not occurring,”

                                                                                You’re reframing the discussion to merely reducing laptop theft. Joe’s comment and my top-level was originally that “nobody would want to” steal a laptop. That had certain assumptions about thief psychology that I countered. Namely, that they’d all be rational actors who would identify the security measure or find no value in a partly or totally disabled device. I identified several types of thief who would still steal it. That should refute that nobody would want to steal it whether taking that literally or figuratively in that the problem would be virtually eliminated. This is corroborated by the numbers you just gave me where a country-wide mitigation still left around a hundred thousand thefts.

                                                                                You are arguing about a different topic/goal, dragging my comment into it, and countering that. That’s the straw man. If just about reducing theft, your counterpoints would definitely support mitigations being helpful. This discussion, esp my comment, was about whether nobody or hardly anybody who is a thief would want to steal something if mitigations existed. A different discussion that focuses on thieves’ motivations and psychology in many or all contexts. Your counterpoints didn’t fit that discussion since they were about security economics of common thieves (a subset).

                                                                                “ because you literally sound like a gun nutter who thinks taking away peoples guns and access to guns can’t possibly make a reduction in gun crime”

                                                                                Since you brought it up, I’m a pro-gun person who thinks a nation-wide ban of guns could dramatically reduce gun deaths with numbers in gun control countries being my main evidence. One of the reasons I opposed partial bans was that I figured criminals in areas with gun control would go to neighboring areas with less restrictions, buy guns, bring them back, and kill defenseless folks in gun control area. There could still be reductions but a partial ban seemed like tying hands of innocent people. Chicago proved that out with high rate of murder due to (IIRC) criminals getting guns from surrounding areas. One other issue is the massive stockpiles of guns people have in the U.S. might keep guns in play for some period of time after a national ban if the seizures don’t get most of them. The ban’s benefits would play out in stages.

                                                                                All I’ll say on that since it’s really off topic. Actually, stepping out of the discussion entirely since you’re not arguing in good faith as proven by that gun quote. Have a good day.

                                                                                1. 1

                                                                                  Joe’s comment and my top-level was originally that “nobody would want to” steal a laptop.

                                                                                  That part I emphasized will have no effect on most thieves.

                                                                                  Nah, you said most, and I think you meant “most”. And it clearly has an effect on most thieves. First year: One in three, ten years on: greater than fifty percent difference compared to other countries that have no similar legislation.

                                                                                  You can try to say you are smarter than Joe because he said “nobody would want to” when he meant “most thieves wouldn’t bother”, but I’m not sure it would be kinder for me to interpret you that way: It just makes you look like a knob. But take your pick, were you simply wrong about human behaviour in a fundamental way? Or are you grammar naziing a dead guy?

                                                                                2. 1

                                                                                  And just because I call you narrow-minded doesn’t mean you’re right “by default”: Yes it’s ad hominem, because you literally sound like a gun nutter who thinks taking away peoples guns and access to guns can’t possibly make a reduction in gun crime, and “just because that worked for the UK, well it’s just one data point: That’s narrow.

                                                                                  I’m not familiar with the Australian mobile phone crime statistics you and nickpsecurity are arguing about, but I am familiar with the debate over how firearms should be regulated in the US. Without getting into a complicated and unrelated political debate here, there are good reasons to think that taking away peoples’ legal guns will not actually significantly reduce gun crime, or other types of crime that people should care about.

                                                                                  Certainly, the fact that nickpsecurity’s argument about an unrelated topic “sounds like” something that a gun nut might argue in the US political debate over firearm rights has no relationship to whether he’s correct about mobile phone theft or not - and doesn’t even have a relationship to what nickpsecurity himself might argue about the issue of firearm rights in the US, which isn’t the topic of discussion anyway.

                                                                                  1. 0

                                                                                    I’m not familiar with the Australian mobile phone crime statistics

                                                                                    Neither is nickpsecurity. It’s proper-famous, and it’s why we’re starting to get similar blacklists in Europe. They work. Given another 10-20 years, I imagine you’ll have a secondhand lobby financed by Verizon still keeping it out of America though…

                                                                                    the fact that nickpsecurity’s argument about an unrelated topic “sounds like” something that a gun nut might argue in the US political debate over firearm rights has no relationship to whether he’s correct about mobile phone theft or not

                                                                                    This is a false equivalence.

                                                                                    If someone takes a big steaming shit in the middle of the room, you’re crazy if you don’t go “why the fuck did you take a shit in the room?” Ah, nonono, no profanity here please.

                                                                                    You think someone’s a nutter? You treat them like a nutter.

                                                                                    there are good reasons to think that taking away peoples’ legal guns will not actually significantly reduce gun crime

                                                                                    If we’re going to have a conversation about whether it’s practical or realistic, it’s not going to start with “ah, the UK is just one data point”… That goes beyond intellectually dishonest.

                                                                                  2. 0

                                                                                    can’t possibly make a reduction in gun crime

                                                                                    Just noting that your arguments A) prop up a straw man here, and B) ignores lots of other possible demographic and societal causes of crime. Countries are not simply comparable per capita, because people act for any number of reasons.

                                                                                    1. 1

                                                                                      ignores lots of other possible demographic and societal causes of crime. Countries are not simply comparable per capita, because people act for any number of reasons.

                                                                                      That’s just handwaving, and it’s ugly. So easy to do that from your armchair, but you’re not going to learn anything that way because it’s a poor substitute for real critical analysis.

                                                                                      prop up a straw man here

                                                                                      I don’t think you know what a strawman argument is: I haven’t misrepresented nickpsecurity’s position at all.

                                                                                      1. 0

                                                                                        I’ll reply to the strawman: gun nutters say that banning guns will obviously reduce gun crime, but that other forms of crime will rise. Gun crime may go down but other forms of crime would increase. And that’s how we get the UK taking the points off kitchen knives.

                                                                                        And it may be handwavy to suggest people in different areas may not be directly comparable, but that’s a job for your statisticians to begin ruling out Urban vs. Rural and the numbers of young males compared to the rest of the population, etcetera.

                                                                                3. 0

                                                                                  in the first year.

                                                                                  The first year makes for a poor long term understanding. How much did it drop the year before, and then the second year after?

                                                                                    1. 0

                                                                                      I rarely enjoy fighting over statistics. They are always lies, and I invariably end up invalidating numbers due to one factor or another, and it’s terribly uninteresting. I prefer arguing on the basis of “is it the right thing to do,” going back to principles like that, and avoiding all statistics entirely.

                                                                              1. 3

                                                                                I’ve been hacking on an Elixir HTTP client. I call it Mojito.

                                                                                I wrote the first version of Mojito around a year ago, when I was desperate for a stable and performant HTTP client for Elixir/Erlang. I know, right?! Hackney and IBrowse pools would stop working after a while, and most of the other clients we tried were slow. Mojito took a prerelease client called XHTTP (now called Mint) and wrapped it in Poolboy, and that performed well.

                                                                                But it has two problems. One, using raw Poolboy requires the user to plan ahead for their HTTP request workload, and start a pool for each host+port they plan to connect to. Two, each pool is a bottleneck because an GenServer needs to coordinate checkins/checkouts, and as we moved to servers with more cores, we started to notice that upping the number of connections in each pool didn’t result in a linear performance increase.

                                                                                So this week I am adding a pool manager to Mojito. It will handle the launching of Poolboy pools for each host+port the user wants to contact, and will automatically assign a request to an appropriate pool rather than requiring the user to specify a pool manually with each request. And to combat the bottleneck problem, the pool manager will also be able to spawn N pools to the same host+port, and will choose any appropriate pool at random when the user tries to make a request.

                                                                                I believe this may be a novel approach, at least in Erlang/Elixir – at least I haven’t heard of it before. I know the Buoy HTTP client for Erlang handles host+port affinity by forcing the user to handle it up front, whereas Mojito intends to handle this for the user. But the fact is we’re all going to deal with more cores as time goes on, so I think the next generation of Erlang and Elixir libraries is likely to begin offering strategies against bottlenecks like this one.

                                                                                1. 0

                                                                                  This solves the easy, already-solved part: sending and receiving email with friendly hosts. Now make it so my open-source mail server’s messages arrive in Hotmail mailboxes 100% of the time, and we’ll have something to talk about.

                                                                                  1. 3

                                                                                    Are you genuinely suggesting that Hotmail discriminates against open source mail servers?

                                                                                    Running email server is hard, especially at the scale of Hotmail (and gmail). This is because email sucks and assumes everyone is well-intentioned. Turns out not everyone is, hence the need for many anti-fraud/spam measures. Do you think Hotmail somehow benefits by people losing their legitimate emails? Of course not.

                                                                                    There was another thread about that a few days ago as well, and I was really taken aback by the lack of understanding about how hard this problem is. I’m not saying that Hotmail always makes the right choices, but they need to walk a pretty tight ropeto balance all interest.

                                                                                    1. 11

                                                                                      I am genuinely suggesting that the email cartel – mainly Google and Microsoft at this point – has made it between very difficult or impossible to participate in the SMTP network. The goalposts change constantly, and even when everything is set up by the book (rDNS, SPF, DKIM, etc etc), emails get blackholed.

                                                                                      I make no assertion that MS cares about the “open source” part. I’m just saying for the people running their own mail servers, which I did from 1998 to 2016, server software is not the pressing issue.

                                                                                      1. 2

                                                                                        Could you please share what are you using now instead of running your own? Currently I’m evaluating moving to my own mail servers (seems quite a large hassle).

                                                                                        I’m in a search (very low effort) since a while to replace my current provider (microsoft), because I’m not happy with the service I’m getting (not primarily the email part, which also has its flaws, but the whole package).

                                                                                        1. 2

                                                                                          I signed up for pobox.com. I think I pay $50/year and they handle my five or six small personal domains. I just forward it to gmail, but you could of course handle the destination side yourself (since sending mail is the hard part). I haven’t had a single problem with deliverability since signing up. They have this wacky business model where they charge a reasonable yet small amount for a valuable service. I recommend them.

                                                                                  1. 1

                                                                                    Yeah. I have an Ello account too.

                                                                                    1. 1

                                                                                      If autovivification is what you want, and you want it bad, there’s always Perl…

                                                                                      my $a;
                                                                                      $a->[9]{foo}{bar}[22]{quux} = "tmtowtdi";
                                                                                      
                                                                                      1. 1

                                                                                        Perl autovivification partly fascinated me, partly horrified me.

                                                                                        It’s absolutely lovely for code golfing.

                                                                                        It’s a wondrous source of arcane gotchas if you mistype…

                                                                                        I like the degree of control ruby autovivification gives me.

                                                                                        1. 4

                                                                                          Agreed. I’m very up on the idea of getting more languages to run on the BEAM. I miss static types and, frankly, I wish that Rust could compile down to run on the BEAM!

                                                                                          1. 5

                                                                                            Yeah, I love Elixir to death, but sometimes I find myself wishing for a real type system. Some folks swear by Dialyzer, but it feels a bit like a cludgy piece of typing duct tape.

                                                                                            1. 12

                                                                                              The dynamically-typed nature of Erlang and Elixir and BEAM comes from a design requirement: that the systems built in Erlang can be upgraded at runtime. Strong typing gets quite a bit more complicated when you need to be able to have multiple versions of a type coexist at runtime.

                                                                                              Side note, this took me a while to absorb when beginning to write Elixir. My instinct was to use structs instead of generic maps for GenServer state, since better-defined types are better, right? But that imposes hard requirements on hot upgrades that wouldn’t have been there if I’d used untyped maps from the start; removing fields from a struct breaks upgrades. This knowledge was somewhere between “esoteric” and “esoteric to Ruby assholes who just showed up, well-known to wonks”. The Erlang Way is a lot more than “let it crash”. :)

                                                                                              1. 3

                                                                                                The dynamically-typed nature of Erlang and Elixir and BEAM comes from a design requirement: that the systems built in Erlang can be upgraded at runtime. Strong typing gets quite a bit more complicated when you need to be able to have multiple versions of a type coexist at runtime

                                                                                                Yeah, I really wish there was more type system research going into figuring out how to use them effectively in upgradable, always-on systems, where you might have heterogeneous versions across a cluster. I actually think static types could be super helpful here, but as far as I’m aware there doesn’t seem to be much work put into it.

                                                                                                1. 4

                                                                                                  It’s very difficult. It’s not like nobody tried — https://homepages.inf.ed.ac.uk/wadler/papers/erlang/erlang.pdf

                                                                                                  And when people talk about “I wish there was a type system” they probably don’t realise that Erlang is very different animal (that can do things other animals have no concepts for). Just bolting on types is not an option (if you want to know what happens if you do so, look at CloudHaskell — you have to have a exact binary for every node in the entire cluster, or else).

                                                                                                  1. 1

                                                                                                    Just bolting on types is not an option (if you want to know what happens if you do so, look at CloudHaskell — you have to have a exact binary for every node in the entire cluster, or else).

                                                                                                    That’s what I mean. I see Cloud Haskell as interesting, but really not the distributed type system I want. It would be super cool to see more new ideas here (or rediscovery of old ones, if they’re around). Eg. you may need some kind of runtime verification step to ensure that a deployment is valid based on the current state of the world. Perhaps some stuff from databases and consensus would help here. Doing that efficiently could be… interesting. But that’s why research is important!

                                                                                                  2. 3

                                                                                                    I think protocol buffers (and similar systems like Thrift / Avro) are pretty close to the state of the art (in terms of many large and widely deployed systems using them). When you write distributed systems using those technologies, you’re really using the protobuf type system and not the C++ / Java / Python type system. [1] It works well but it’s not perfect of course.

                                                                                                    I also would make a big distinction between distributed systems where you own both sides of the wire (e.g. Google’s), and distributed systems that have competing parties involved (e.g. HTTP, e-mail, IRC, DNS, etc.). The latter case is all untyped because there is a “meta problem” of agreeing on which type system to use, let alone the types :) This problem is REALLY hard, and I think it’s more of a social/technological issue than one that can be addressed by research.

                                                                                                    [1] This is a tangent, but I think it’s also useful to think of many programs as using the SQL type system. ORMs are a kludge to bridge SQL’s type system with that of many other languages. When the two type systems conflict, the SQL one is right, because it controls “reality” – what’s stored on disk.

                                                                                                    1. 2

                                                                                                      I think protocol buffers ⟨…⟩ are pretty close to the state of the art

                                                                                                      Seriously? PB, where you can’t even distinguish between (int)-1 and (uint)2 is state of the art?

                                                                                                    2. 2

                                                                                                      Alice ML is a typed programming language designed to enable open extensions of systems. Objects can be serialized/deserialized and retain their types and it’s possible to dynamically load new code.

                                                                                                    3. 2

                                                                                                      The Erlang Way is a lot more than “let it crash”. :)

                                                                                                      I am so with you on this one, and I’ve got so much to learn!

                                                                                                      1. 6

                                                                                                        You might find ferd’s intro helpful. For historical perspective with some depth, you might like Armstrong’s thesis from 2003 that describes everything in deep detail.

                                                                                                      2. 2

                                                                                                        Yup, this is related to the point I was making about protobufs and static “maybe” vs. dynamic maps here. In non-trivial distributed systems, the presence of fields in message has to be be checked at RUNTIME, not compile-time (if there’s a type system at all).

                                                                                                        https://lobste.rs/s/zdvg9y/maybe_not_rich_hickey#c_povjwe

                                                                                                        I think of protobufs/thrift as trying to “extend your type system over the network”. It works pretty well, but it’s also significantly different from a type system you would design when you “own the world”. Type systems inherently want a global view of your program and that conflicts with the nature of distributed systems.

                                                                                                        edit: this followup comment was more precise: https://lobste.rs/s/zdvg9y/maybe_not_rich_hickey#c_jc0hxo

                                                                                                      3. 2

                                                                                                        So this is really interesting. I read the paper on success typing and it seems pretty cool. It still, however, doesn’t guarantee soundness. Then on the other hand, neither does TypeScript, so it’s hard for me to make up my mind about what I want.

                                                                                                      4. 4

                                                                                                        That would be cool. There’s at least Rustler.

                                                                                                        1. 4

                                                                                                          Static types per se — that’s easy. But think about the distributed system with different versions of VMs. Think about live upgrades.

                                                                                                      1. 5
                                                                                                        • Bike work. I just built an e-bike (AMA) and tomorrow I’m putting on a suspension fork and upgrading the motor mount. And replacing the chain it ate two nights ago.
                                                                                                        • Attempting to buy a pickup truck.
                                                                                                        • Oh yeah I have a six-month old
                                                                                                        1. 1

                                                                                                          Do you have any details written up about your experience building an e-bike? I ride an h-bike (human powered bike), and love wrenching on bikes, so I’m intrigued by what you did and your experience since it seems like you would have to modify quite a lot to make it work.

                                                                                                          1. 2

                                                                                                            I don’t have anything written up, but basically I added a Cyclone 3000W mid-drive motor ordered direct from Taiwan to a Surly Karate Monkey I already had. I got this battery sold by Luna Cycle, added some waterproofing and padding around the edges, and installed it in the main triangle of the bike.

                                                                                                            Today I’m putting on a suspension fork to replace the stock rigid fork, swapping out the crap mounts that came with the motor in favor of this motor mount also sold by Luna Cycle, and replacing the chain it ripped apart a few nights ago. :)

                                                                                                            1. 1

                                                                                                              I suspect you need a special chain for that since it ate one a few nights ago? This sounds like a very fun project, one day I would like to build a bike!

                                                                                                              1. 1

                                                                                                                Well, my chain selection is limited because I have a 9-speed gear cluster in the rear, so I can only use a nice, heavy, wide BMX chain for the motor-to-chainring drive. The chain it ate was a few years old, I’m hoping that had something to do with it.

                                                                                                                The work today went well, except that I cut and yanked the throttle cable apart, so I ordered a new one of those. I’m certain the new motor mount will perform a lot better than the old one.

                                                                                                          2. 1

                                                                                                            I just built an e-bike (AMA)

                                                                                                            Any things you wish you’d know before on building one up? (I keep debating retrofitting the other half’s bike with ebike gubbins. Can’t decide if that’s worth it or if I’m better just selling the current one and getting her one that’s already put together.)

                                                                                                            1. 2

                                                                                                              I did a fair bit of research, so I’d say: not really. I used to have a Very Loud bike stereo setup for a few years, so I was prepared for the chore of running DIY, high-current electronics on an all-weather bicycle. I am having fun so far!

                                                                                                              1. 1

                                                                                                                Footnote: looks like I will have a bike stereo again. Just found and ordered this very inexpensive 2x150W board based on the Texas Instruments TPA3255 class D amp-on-a-chip. It’ll run right off my 52V battery. I’ll have to figure out speakers and mounting, which is easier on my other bike because it has a front rack, but that’s not too hard.