1. 32

    I’m assuming the NIST guy and Munroe are assuming the passwords are not stored as SHA256 hashes…

    The 4 words from a dictionary provides plenty of entropy (even with your “how long they typed” caveat) to foil any brute force approach with a password hashing algorithm implemented by a responsible engineer (bcrypt, scrypt, pbkdf2, etc).

    1. 10

      The thing that gets overlooked a lot, though, is that mass cracks of things like some website’s breached accounts table almost never use brute force, or even brute-force-with-dictionary, as their first tactic. They try big lists of common passwords and password patterns first, and enjoy a high degree of success from doing so.

      And if you got people to move en masse to the diceware/XKCD-style password scheme, every cracking tool would update to try stuff like

      heres-my-new-password
      this-is-my-password
      my-password-for-2019
      

      etc. because that’s what people would actually choose as their passphrases. The only way to avoid this is to force people to use a tool that selects random passwords for them, and even then they’d fight against having to remember one of these for every site or service they use. At which point you need the tool to remember the passwords for them, and then you’ve arrived at “just use a password manager”.

      1. 7

        That’s not how these passwords work. There’s way too much entropy to pre-calculate tables (and more entropy from the salting). And it’s too much entropy to crack for a reasonable price if any sensible KDF is used.

        4 words randomly selected from a large dictionary, say (200,000 words) yields 70 bits of entropy. That on it’s own is way too costly to precompute tables for, and salting typically adds at least another 32 bits (often lots more than 32 bits).

        See the working in my own password generation script here, which generates passwords with entropy of at least X and has another function for approximating the cost to crack a password:

        https://github.com/cmcaine/cli/blob/master/examples/token

        1. 1

          There’s way too much entropy

          My point is that “entropy” is a red herring.

          If you let the user choose their own diceware-style passphrase, you’re going to get things that are cracked within a fraction of a second, because they’ll be choosing things like “my-password-for-2019”, “my-password-for-ebay”, and so on. The alleged entropy of a passphrase of n dictionary words strung together is pointless in that situation, because nobody will be using a brute-force scan of every combination of n dictionary words as a way to crack these.

          Consider an analogy: it’s like saying you’ve developed a lock that’s unpickable because it has a million pins in it, and look how long it would take to pick a million pins! But somebody comes along with an under-door tool and yanks the handle from the other side without even trying to pick the lock. So sure, that was a million-pin lock, but it’s irrelevant how many pins it had because the door’s still open in a couple seconds via a simpler attack method.

          And since you presumably want to disallow reuse of a password across sites/services, if you’re not letting users choose their own, you haven’t really demonstrated an advantage over a password manager that just generates long random strings, because the only real thing the diceware system has going for it is memorability and users aren’t going to commit that many distinct passwords to memory (or recall them correctly later on even if they do try to memorize).

          1. 2

            Neither XKCD or Diceware recommend creating passphrases like that. Of course if you don’t pick your words randomly then your entropy is lower, that doesn’t make entropy a red herring. Entropy remains the key point.

            XKCD passwords are useful for passwords that you need to remember or transmit to other people. Like the passwords for your password managers or wifi networks or whatever.

      2. 1

        The whole idea behind these password hashers is that you aim to make the work take a fixed amount of time (say 5ms). That leaves 200 verifications a second on a single core. This is more than enough for a legitimate use case for authentication but is completely a showstopper against brute forcing with a good password.

        1. 1

          For scrypt, we only have Litecoin to go by as far as estimates go, and it has a weak choice of parameters. With Litecoin, we have around ~300TH/sec, which means a known 4-word structure password out of XKCD’s 2048 dict is cracked in under 0.05 seconds.

        1. 54

          Ha ha, it’s funny because a white supremacist hid a Nazi joke in a pop culture reference.

          1. 10

            I didn’t see that, was it in the article?

            1. 90

              Early in the article:

              What is an app, anyway? It’s shared computing. Everyone’s data is one data structure, in one program, on one server, owned by one corporation.

              This is a callout to the Nazi slogan Ein Volk, ein Reich, ein Führer.

              And then the only other time “shared computing” appears in the document:

              To paraphrase Walter Sobchak: say what you want about the tenets of shared computing, but at least it’s an ethos.

              In the movie The Big Lebowski, the protagonists are harassed by by nihilists that the sort-of militantly Jewish Walter initially assumes are Nazis. When it finally gets through to him, he says, stunned, “Say what you want about the tenets of National Socialism, at least it’s an ethos.”

              Yarvin is a deliberate, meticulous writer who prides himself on his references. This is not a coincidence, this is a white supremacist laughing at programmers not recognizing that he’s calling competing software Nazis. Well, I happen to be reading up on Yavin’s buddies and I understood that reference.

              He’s laughing at programmers because he knows the technical and political are inseparable, and the longer programmers think so the longer he gets to use them to gain power.

              1. 13

                Fantastic explanation, thank you. I totally understand that the technical and political are inseparable. But one thing still doesn’t make sense to me: Urbit is designed to be “eventually-distributed”, meaning there is no central company (like Facebook or Google) that can control it (ofc Yarvin’s company, Tlon, owns a large part of the Urbit network, but for the sake of argument let’s give the benefit of the doubt and assume Tlon won’t be evil). As such, Yarvin believes he is fighting against technical fascism. And yet he is (or we believe him to be) a white supremacist; white supremacy as an ideology includes the idea of one race “ruling over” or being superior to another race – which is also a form of fascism. So even though Yarvin is building a product to subvert fascism, he also believes in fascist ideals? How do these two things make sense? I figure either

                1. he’s lying about the “eventually-distributed” goal of Urbit, and actually he intends to use Tlon to enact some kind of elitism in the Urbit network. I’m thinking analogously to institutionalized racism, where gerrymandering and obscure laws can be (and have been) enacted to suppress votes from certain demographics.
                2. his ideology is more nuanced than we give him credit for - perhaps what we read as “white supremacy” is something closer to “population genetics”.
                3. he has compartmentalized his white supremacy so as to focus on the less controversial part of his ideology: fighting technical fascism.

                That’s all I can think of. Not sure how much time I want to spend analyzing this stuff. Urbit is technically interesting, but politically confusing, so is it worth investigating? ¯\_(ツ)_/¯

                1. 63

                  He’s not subverting fascism, he’s enacting a fuedalist fascism. The Nazism references are a winking joke.

                  Look back at early docs before he’d invented all the jargon obscuring it. He’s not building a flat, distributed system, he’s building a hierarchy where he and his handpicked buddies literally own the world. Everything else (like the crowdsale) is just a noisy distraction.

                  Yarvin believes that some humans exist to be ruled and that historical racial oppressions should be regarded as the normal, desirable expressions of this state of affairs. He also knows that a lot of this is outside the Overton window, so he dances around how he expresses things, burying it under tens of thousands of words of historical references and smirking “but of course I never actually said that” when someone summarizes it or he accidentally says something a little too on the nose.

                  Urbit’s fundamental technical structure is an expression of Yarvin’s political philosophy. Urbit exists to create a new serfdom.

                  1. 12

                    That’s a pretty solidly damning link to that design doc, and it makes the rest of your argument seem a lot sounder to me.

                    1. 5

                      And yet, from the same doc he goes on to talk about how to avoid monopoly ownership.

                      Therefore, the solution to decentralization is to distribute rootkeys as broadly as possible, in such a way that it is as unlikely as possible that they will coalesce.

                      1. 3

                        I wouldn’t be so quick to condemn a metaphor. Feudalism isn’t necessarily fascist, although certain feudal lords could certainly employ fascist devices like taking people’s wages or limiting speech. The question should be: is specifically Urbit fascist? I’m not convinced either way (yet).

                        1. 21

                          I wouldn’t be so quick to condemn a metaphor.

                          Programming is metaphor reified.

                          1. -5

                            As long as we are condemning metaphors, why are so many OSS projects named after women? Cassandra, MariaDB, Apache Jena. I always thought it was creepy the way we name databases especially - you know that place we inject our data into - after women. Freud would have a heyday with the OSS community.

                          2. 4

                            He’s not building a flat, distributed system, he’s building a hierarchy where he and his handpicked buddies literally own the world. Everything else (like the crowdsale) is just a noisy distraction.

                            That’s the bit I agree with–I’m not fascism is the correct term either. But the feudal aspect is pretty undeniable.

                            Yarvin justifies it as:

                            My answer is simple. The dukes are the developers of Urbit. They created it - they get to own it. This is standard Lockean libertarian homesteading theory. Lend a hand - earn a slice. Thus Urbit, unlike most open-source projects, offers a rational motivation for contribution. For starters, everyone invited to the urbit-dukes mailing list is, if he accepts, a duke. One may decline this honor, of course.

                            1. 39

                              Yarvin on feudalism:

                              Someday I will read all of Froude’s twelve-volume history of England from Henry VIII through Elizabeth I, but I have only read a bit of the first volume. That bit was so impressive and stunning that I thought I might want to wait a year or two before taking in any more.

                              Froude describes a Tudor society which is completely ordered - which consists, from top to bottom, king to knave, of these relationships of mutual obligation. They are relationships of family, of feudalism, of guild traditions such as apprenticeship, of the Church, of political patronage, of commercial patronage and monopoly, and of course of law and government. It was impossible to live a normal human life outside this tapestry, and nor is it at all clear why anyone would have wanted to.

                              This dazzling idea has been seen recently and is why I also use the term “fascist”. To quote from “They Thought They Were Free”, a 1955 book on the lives of the unexceptional civilians who enabled Nazi Germany:

                              Herr Kessler went on after a pause, “it was not just a matter of how it would look for the Party. There was something else. You ask why the hospitals would call the Party office when a soldier died who had left the Church. It was because people called the Party in all difficulties arising from the reconstruction of the country, and the Party always helped. This pattern was established from the first, long before the war. It was what made the Party so strong–it would always help. In religious matters, in domestic problems, in everything. It really watched over the lives of the people, not spying on them, but caring about them.

                              “You know, Herr Professor, we are told that not a sparrow falls without God’s care; I am not being light when I say this– thhat not a person ‘fell,’ fell ill or in need, lost his job or his house, without the Party’s caring. No organization had ever done this before in Germany, maybe nowhere else. Believe me, such an organiztion is irresistible to men. No one in Germany was alone in his troubles–”

                              Yarvin says “feudal” because he expects a multipolar world, but the system he describes is a fascist one. A place for everyone, and everyone in their place. Not a “place”, really, but the lowest-order bits of a variable-length bitfield encoded as syllables to form the address of a node in an internet-overlaying virtual network running code distributed hierarchically and written in a mostly-punctuation programming language compiled down through an intermediate language to an abstract lambda-calculus-like core language with every single thing given a new name and defined only with reference to their own lower-level terminology until you’re so overwhelmed you can’t see the shape of the whole thing is that he gets to be king and you get to be a serf.

                              And then when it’s boiled down, Yarvin smirks “but I never said that” and anyone who skimmed one technical document goes, “well, let’s not be hasty here”.

                              I challenge anyone who thinks I’m mischaracterizing the system to find Yarvin describing what it means for the namespace to be “hierarchical” in standard technical language. What specific power does a “duke” (I think this is “galaxy” in the current branding) have over their vassals? I don’t think you can find such a document. That’s the con. Everything else exists to distract you from the power he wants to wield over you.

                              1. 13

                                Someday I will read all of Froude’s twelve-volume history of England from Henry VIII through Elizabeth I, but I have only read a bit of the first volume.

                                snip

                                It was impossible to live a normal human life outside this tapestry, and nor is it at all clear why anyone would have wanted to.

                                Lord. “I read an overview of the organizational structure of feudal England, skipped all the messy parts where it was an increasingly intolerable mess, and so I have trouble understanding the impulse to reform it”.

                                1. 7

                                  What specific power does a “duke” (I think this is “galaxy” in the current branding) have over their vassals?

                                  It’s an address-space.. The owner of an address-space can grant a piece of it to you, and take it away again. This has been an explicit & core idea of Urbit since the first incomprehensible blog posts.

                                  1. 24

                                    Revocation is not actually listed in this article. I have no charity left for this project or author, so I don’t believe this is the only omission.

                                    1. 6

                                      I oversimplified the rules, but they’re spelled out in detail in the whitepaper that page links to - the deed to a moon belongs to its parent, but planets, stars & galaxies are self-owned and can change parents.

                                      “I haven’t read the documentation but this is definitely a sinister Trojan horse in some way that I can’t specify” is not much of an argument.

                                      1. 18

                                        My actual argument is “I have read way too much of his smirking bullshit and believe the author when he says he wants to recreate feudalism.”

                                        1. 4

                                          I agree! But I also think that Urbit is interesting, and “it’s dangerous, don’t look at it!” is a unsatisfying & ineffective response to it.

                                          1. 11

                                            Then you should keep an eye out for people who have made that claim.

                                2. 0

                                  Well, what is so bad about feudalism? From a historical perspective, feudalism was great at distributing a region’s economic/agricultural risk across smaller fiefdoms. With nation-states and globalism, all the risk is centralized, so one error between e.g. Russia and the US could lead to disastrous consequences for the rest of the world. In feudalism, two fiefs warring will not affect the entire world or even country. (This argument has been made by many historians, I recently found it in DeLanda’s 1000 Years of Nonlinear History, which I highly recommend, it’s an exciting read.)

                                  As for the second block quote, this sounds much like what we have now. For the most part, the people controlling the development of Linux are Linus and his lieutenants, the people that own most of the IPs are some governments and companies that got in when the internet was just starting. Of course new ones come along but they don’t have as large of a slice. But Urbit isn’t competing with Linux, it’s competing with Facebook and Google, which is about as centralized and dictatorial as you get. Feudalism could be an improvement over a Facebook dictatorship.

                                  1. 23

                                    Well, what is so bad about feudalism?

                                    Well, from a historical perspective, it was an absolute dogshit deal for the 99.99999% of humanity who wasn’t king or at best lord. Zero freedom of movement, no possessions, no say in governance, your station in life determined entirely by the accident of your birth, wild inequality in legal treatment, zero freedom of religious belief, etc, etc. It’s rather well documented in all those things societies wrote while they were in the midst of overthrowing these systems. Those French peasants were certainly rather powerfully mad about something.

                                    The “region’s” (aka, the one guy who owns everything) risk is well distributed? Hard to care about that.

                                    In feudalism, two fiefs warring will not affect the entire world or even country.

                                    Because they were fighting with pointy pieces of metal and not nuclear warheads. Feudalism had nothing to do with the limited scope of the conflict. If Russia and the US wanted to go to war with broadswords it would be a lot less dangerous, too.

                                    1. 1

                                      Yes but you’re comparing it with the improvements that came after. Was feudalism not an improvement on what came before it? Anyway, the French peasants revolted against monarchy, not feudalism.

                                      Perhaps it’d be best to avoid the medieval baggage by simple arguing in favor of federalism, something that’s easier to agree with.

                                      1. 17

                                        Yes but you’re comparing it with the improvements that came after. Was feudalism not an improvement on what came before it?

                                        Sure, just like amputating a limb because of a broken bone was better than dying of sepsis. There’s still rather a lot bad about needlessly cutting off limbs, though.

                                        And since we’re discussing Yarvin’s political theories for the modern world it’s also a wee bit important to consider how much worse it is than the current state of affairs.

                                        Anyway, the French peasants revolted against monarchy, not feudalism.

                                        Both, actually. They coexisted in various forms until 1789 when the revolutionary National Assembly passed a set of Manorial reforms that put a final end to vassalage (theoretically the peasants were supposed to pay out the seigneuriage, but they refused, so that theory didn’t last long and by 1800 it was well and truly dead)

                                        1. 5

                                          And since we’re discussing Yarvin’s political theories for the modern world it’s also a wee bit important to consider how much worse it is than the current state of affairs.

                                          The current state of affairs is Google and Facebook own most of the trust w.r.t. user identities and data, thus they own most of the users' computing abilities. This makes a Muslim registry very easy to create, for example. It’s not as easy to do under Urbit’s identity model because its decentralized.

                                          1. 3

                                            Thanks for the history lesson!

                                            Anyway, I was just rereading the Urbit page on address space, and all the references are to republicanism, not feudalism.

                                            In either case, the emphasis is on decentralized federation.

                              2. 6

                                You wanna get even more freaked out? They have custom phonetic representations for all the punctuation (runes) their language uses. This includes ‘~’, pronounced ‘sig’. So what is their logo? A sig rune…!

                                (Personally I don’t give a shit about the politics and find these stupid edgy jokes almost hilarious. I wouldn’t take it too seriously, given that this stuff is probably less likely to help and more likely to harm their prospects in the long run…)

                                1. 22

                                  Personally I don’t give a shit about the politics and find these stupid edgy jokes almost hilarious.

                                  I don’t know you from Adam, but maybe give some thought to the idea that it’s possible to be a little too uncaring about politics when you’ve reached the point where “we need to overthrow democracy and return to the good ol' days of feudalist monarchy” merits just another “yeah whatever politics is politics” shrug.

                                  Some things are legitimately crazy enough that they should cause almost anyone to raise an eyebrow.

                                  1. 6

                                    You’re right, I shouldn’t be so flippant.

                                    I’ve actually thought about Urbit quite a bit. I believe the federated system could potentially offer a lot more freedom than the current web.

                                    A lot of my feminist friends are incensed by the idea that Facebook bans female nipples - they believe they have the right to freedom of expression, but on Facebook, there’s nowhere else to go. We’re all serfs to Facebook.

                                    If these people had, say, planets on a star which started revoking the right to post nipples, everybody would have the freedom to up sticks and move to a star more amenable to freedom of expression.

                                    At least, that’s how it should work in theory. I like to believe that despite Yarvin’s political leanings, one can put together a libertarian, or even a progressivist argument for Urbit’s architecture - we all want roughly the same thing, freedom. And this is why I am willing to overlook his politics.

                                    1. 3

                                      If these people had, say, planets on a star which started revoking the right to post nipples, everybody would have the freedom to up sticks and move to a star more amenable to freedom of expression.

                                      Isn’t that like up and leaving Facebook for a social network you control or have influence over - or at least one that’s friendlier to the content you want to express? I’m sure there are examples of websites where the users can post with more autonomy than Facebook without having to invent a new paradigm for computing.

                                      1. 2

                                        You really don’t remember what the web used to be do you? It used to be decentralized. Our ISP uses to be run by some guy down the street with a closet full of computers. Our email was run by that guy or our university, or ourselves. Social networks were links across websites and web rings. It became decentralized when all the corporations decided they wanted to own the internet and the web. The future isn’t decentralized, the past was. We forget what we lost.

                                      2. 3

                                        Eh, they’re just words. Words will never, ever, get more than a shrug from me, no matter what they are (c.f. “sticks and stones…”). I’m willing to at least half entertain almost any notion, and bounce it around in my head for a bit, even if I disagree.

                                        I’ll believe Moldbug wants to “overthrow democracy” when I see him leading a crowd of people with guns.

                                        1. 12

                                          I’ll believe Moldbug wants to overthrow the government when I see him leading a crowd of people with guns.

                                          Do you also turn up your nose at preventative healthcare? Is there no benefit in nipping fascism in the bud, or do people have to die before we take action?

                                    2. 2

                                      He’s not subverting fascism, he’s enacting a feudalist fascism.

                                      I’m not sure whether you can have feudalism (lords controlling independent fiefs) and fascism (authoritarian nationalism) at the same time, since feudalism is federated and fascism is centralized.

                                      I do think you’re on to something with the feudalism label… but that could actually be an improvement for the internet, though it would be a regression in real life.

                                      The internet is currently a wild-west that relies on trust. We’re bumping up against the limits of that now. Spam, sibyl attacks, centralized DNS (which can and does have outages)… Urbit provides a more robust, federated structure.

                                      1. 6

                                        I’m not sure whether you can have feudalism (lords controlling independent fiefs) and fascism (authoritarian nationalism) at the same time, since feudalism is federated and fascism is centralized.

                                        Feudalism was historically widespread because it enabled taxation and control in ways that were otherwise uneconomical. It was created and promulgated to support centralization, and began to fall away once centralization could exist without it.

                                        1. 3

                                          What’s a more decentralized alternative to federation? Other than complete non-communication.

                                          1. 3

                                            Fully automated luxury space communism

                                            1. 1

                                              I wonder what that would look like manifested as internet architecture :) resource-sharing of some kind?

                                            2. 2

                                              polycentric law

                                          2. 4

                                            Urbit provides a more robust, federated structure.

                                            In what meaningful sense of the word “robust” is a niche project dealing with less than one one-millionth (one-billionth, even) of the traffic, issues, or attacks the DNS system currently withstands “more robust”?

                                            1. 9

                                              Architecturally and conceptually robust. Admittedly their system is not under heavy load so I have no idea how much traffic they can actually handle, but that’s not what I was driving at.

                                              Let’s face it, the architecture of the internet is broken. There are so many systems which rely on trust to operate.

                                              • BGP requires a router to trust its neighbors, and is easily spoofed. Accidental spoofing can cause massive outages.
                                              • DNS relies on you to trust your provider, and is trivially middle-manned by any network operator. Public wifi does this all the time in order to force you to accept a EULA. There is a whole host of issues listed on Wikipedia. DnsSec is a band-aid.
                                              • TLS helps solve the problem of cryptographically asserting a website’s identity, but relies on centralized certificate authorities who (until the advent of LetsEncrypt) charged thousands of dollars per year for a certificate. Certificate authorities are open to government subversion.
                                              • TCP’s complete lack of cryptography allows injection/spoofing attacks, replay attacks, SYN flooding, etc.
                                              • Rogue DHCP servers are able to perform man-in-the-middle attacks on the network they are plugged into.

                                              There’s almost no end to the ways in which the current internet is totally busted. We keep trying to paper over the flaws, but the system simply was not designed for security from the beginning.

                                              In contrast, Urbit:

                                              • Uses a functional and minimal base language Nock, which is useful for doing proofs.
                                              • Cryptographic identity means you know you’re communicating with the intended target.
                                              • Scarce identity (32-bit “planets”) helps to prevent sibyl attacks, and reputation helps to prevent spam.
                                              • The address space is an interesting middle-ground between raw IP addresses, which are hard to memorize, and DNS names, which are human readable but require lookup.
                                              1. 1

                                                The Internet is not broken. It worked the day it was turned on an has never been turned off. What’s broken is our governments, economies, and laws.

                                          3. 1

                                            Thank you, great detective work. So many things pissed me off about Unit’s network model. I learned more and decided it was created by fascists. This is the final nail and damning proof for me.

                                        2. 8

                                          great analysis… ugh. deep crap there. Did you see Politico mention that Bannon and Yarvin chat: http://www.politico.com/magazine/story/2017/02/steve-bannon-books-reading-list-214745 followed by this denial: http://www.vox.com/policy-and-politics/2017/2/7/14533876/mencius-moldbug-steve-bannon-neoreactionary-curtis-yarvin I was more afraid that urbit.gov was in the works.

                                          That said technically it’s interesting… kind of like the V2 I suppose.

                                          Not even sure how we got to this point of Godwin’s Law becoming Godwin’s Presidency. The ‘ethos’ of National Socialism was so half baked (and then fully baked in firebombing hue hue hue) that I don’t really understand how people could dig it up when there’s so much new and classical thinking that supports fair and just treatment of all humans. These blips of self imagined superiority always get stomped by unified diversity, yet here we are watching one pop up like a case of idea acne here in 21st century.

                                          1. 4

                                            When I heard about Urbit and learned the network structure, I was like “what is this neo fudalist bullshit. I thought this was p2p”. Then read Yarvins work and was like “oh, how cute, a fascist. That makes sense”. Nope, won’t touch with a ten foot pole.

                                            1. 2

                                              He’s not wrong, though, is he? Some companies are better about exporting data, but everyone’s Facebook emails and messages are in one data structure, shuffled by proprietary source code, in one company’s control, and restricted from access via anything but the interfaces they create & permit. Last I checked, Facebook isn’t run by a democratically elected leader, either…

                                              1. -1

                                                He’s clearly describing the “one"s of apps as undesirable qualities.

                                                That bit from The Big Lebowski is a pretty standard joke.

                                                There’s plenty to object to in his writings, you don’t need to stretch like this.

                                            2. 9

                                              I think this is the first time we’ve had a slayed dragon (see “2017-02-09 19:44:02” entry). Kudos to @pushcx, @angersock, @bsima, @matt, @bsima, @ChadSki and others for pulling it back from the brink :)

                                              1. 3

                                                I have no idea what’s that supposed to mean.

                                                1. 4

                                                  Contentious threads are flagged as “dragons”. This one was briefly a dragon before being unflagged (see the moderation log).

                                              2. 1

                                                Attack the work, not the man. Cmon dude.

                                                1. 41

                                                  It’s totally reasonable to reject someone’s work if they’re using it to propel an agenda of dividing the community. The idea that we should blindly accept contributions independent of social consequences is a bit half baked. It’s one thing if someone is just a dick, it’s another entirely if they are actively trying to divide the community arbitrarily for the sake of personal gain. This is after all what ________ supremacists do, and to overlook it is genuinely harmful to the progress of open source. In short, if someone isn’t willing to listen or respect others, they don’t get to demand respect.

                                                  1. 8

                                                    If we’re willing to abandon tools and techniques because the people who came up with them don’t agree with our ideology, we’re doing ourselves a disservice and we will be surpassed by people who do not use such a subjective metric.

                                                    To bring out some old examples…should we have ignored rocketry because von Braun was an actual Nazi (a Major in the SS)? Should we have given up synthetic fertilizers because Haber basically invented chemical warfare?

                                                    Or on the other side, should Turing’s work been disowned because he was a homosexual and his existence divided the (nominally God-fearing, straight) English community? Should English and German banks have avoided the practice of interest-bearing loans pioneered by the Jews that they viewed as an other (which is actually a fascinating bit of history into itself)?

                                                    Only somebody who lives with either extreme luxury or extreme fundamentalism that can afford the position you’re advocating.

                                                    1. 5

                                                      It depends how much of the repellent ideology is encoded into the tools, and how much ‘not giving it up’ helps the repellent causes.

                                                      Also, your counterfactual is kind of weird, as through various points in history English and German financial instruments did (and many Islamic financial instruments still do) avoid interest as a mechanism for deriving profit, and Turing’s work was stopped (through the mechanism of Turing dying) due to the state disliking his sexuality, and I would argue that operation paperclip (and other similar efforts) were disastrous for the world - we should have executed all the Nazis, and just potentially taken longer to build rockets.

                                                      So, this is more akin to rejecting (say) credit default obligations - an invention that encoded the repellent idea of the traders call and byzantification, while claiming to produce miraculous wealth decoupled from the underlying economy.

                                                      1. 8

                                                        This is a ridiculous mischaracterization. Try to engage in good faith here.

                                                        should we have ignored rocketry because von Braun was an actual Nazi

                                                        He didn’t have a monopoly on the idea of rocketry. We could have courtmartialed him for war crimes instead of celebrating him.

                                                        Should we have given up synthetic fertilizers because Haber basically invented chemical warfare?

                                                        Haber didn’t have a monopoly on fertilizer ideas. We should give up chemical warfare, and refuse to support Haber personally for his crimes.

                                                        Urbit is owned by moldbug and his mates. Contributing to it is contributing to his prosperity.

                                                        1. 4

                                                          We could have courtmartialed him for war crimes […]

                                                          I don’t these some of those words mean what you think they mean.

                                                          We should give up chemical warfare, and refuse to support Haber personally for his crimes.

                                                          If you’re replying to @angersock, I think you need to engage in good faith. We aren’t going to give up chemical warfare because other groups who want power aren’t going to give it up.

                                                          And your revisionist history isn’t helpful. Other people were working on rockets, chemical warfare, nukes, cryptography, modern financial instruments, and hell probably agriculture; but, when the race is on for power, societies back winning teams. Operation Paperclip wasn’t a one-time thing, it’s happened numerous times throughout history.

                                                          “Bad” people have, time and time again, made “bad” things for “good” people.

                                                          (I note that you didn’t even touch @angersocks' “on the other side” examples. Goddamn, have I been trolled?)

                                                          1. 1

                                                            I don’t these some of those words mean what you think they mean.

                                                            Good spot - tried would be more appropriate (and very kind of you to soften the blow by reordering your words)

                                                            We aren’t going to give up chemical warfare because other groups who want power aren’t going to give it up.

                                                            Most major powers have agreed to give up the proliferation of weapons that cause excessive collateral damage.

                                                            “Bad” people have, time and time again, made “bad” things for “good” people.

                                                            Yep - and I don’t have a problem with using the things - but I do have a problem with supporting their creators.

                                                            (I note that you didn’t even touch @angersocks' “on the other side” examples. Goddamn, have I been trolled?)

                                                            My time isn’t unlimited; the principles in my response extend just fine to the rest of his examples.

                                                            If you have a moral problem with homosexuality it’s follows naturally that you would not want to support Turing.

                                                          2. 4

                                                            Haber didn’t have a monopoly on fertilizer ideas.

                                                            Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process. It was fucking huge.

                                                            We could have courtmartialed him for war crimes instead of celebrating him.

                                                            And then the Apollo program never would’ve happened, because he and the rest of the Operation Paperclip scientists were instrumental in the United States being able to catch up with the Soviets who had both the German rockets and tooling and the engineering talent to reverse and improve them.

                                                            You know, this in turn resulting in the free world losing to a USSR with functional theater and ballistic missles.

                                                            Urbit is owned by moldbug and his mates. Contributing to it is contributing to his prosperity.

                                                            But the architecture and source is open-source, and so anybody is free to improve on it and use it for their own gain. Yarvin himself even says as much.

                                                            ~

                                                            To quote a certain movie:

                                                            Forget it, Donny, you’re out of your element!

                                                            1. 2

                                                              Haber didn’t have a monopoly on fertilizer ideas.

                                                              Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process.

                                                              That is just one of many processes. In fact, it’s predated by the Ostwald Process. The Haber Process was a great idea, but it wasn’t the only idea.

                                                              1. 4

                                                                You’ve mixed up the two processes as interchangable–they’re not.

                                                                The Ostwald produces nitric acid from ammonia–the ammonia is made by the Haber process.

                                                                From your link:

                                                                Frank-Caro process and Ostwald process dominated the industrial fixation of nitrogen until the discovery of the Haber process in 1909.

                                                                The Haber process was markedly more efficient than the Frank-Caro process.You probably mean to compare it with the Frank-Caro or similar cyanamide methods for producing ammonia. All those methods are not similar at all in yield to the Haber process, and require a lot more energy and, I believe, material.

                                                              2. 1

                                                                Yes, some free world we seem to have here. I bet we can do better

                                                                1. 1

                                                                  Yeah he actually kinda did. There’s a reason it’s referred to as the Haber Process. It was fucking huge.

                                                                  He also invented it before doing any work at all on chemical weapons.

                                                                  And then the Apollo program never would’ve happened, because he and the rest of the Operation Paperclip scientists were instrumental in the United States being able to catch up with the Soviets who had both the German rockets and tooling and the engineering talent to reverse and improve them.

                                                                  Just so I’m clear here: is your argument that the US should pardon anyone who is likely to prove useful to national security, regardless of their crimes? (I don’t think they should, but that’s at least a coherent, self-consistent argument).

                                                                  But the architecture and source is open-source, and so anybody is free to improve on it and use it for their own gain. Yarvin himself even says as much.

                                                                  I have no problem with a forked universe. I’m calling on you not to support Yarvin.

                                                                  To quote a certain movie:

                                                                  I am indeed - ad hominem attacks have never been my strong suit.

                                                              3. 2

                                                                That’s not what I said, but cool argument against whatever ghost it is you’re fighting.

                                                              4. 3

                                                                I am unable to find any indication anywhere that Urbit is being used to propel an agenda of dividing the community. There are indeed things he says that I find disagreeable but Urbit has nothing nothing to do with any of them.

                                                              5. 21

                                                                Clever Nazi references are now part of the work.

                                                            1. 1

                                                              Very interesting! I can’t help notice the parallels with rust regarding aliasing, whether something can be sent to another thread, ownership of pointers, etc. But as far as I know rust doesn’t do this with “capabilities” but its affine type system. How similar / different are the approaches? Are they the same thing with different names?

                                                              1. 1

                                                                They are moderately similar – both have the same intent of allowing proven-safe reference passing between concurrent/parallel threads, although the approach is different. https://blog.acolyer.org/2016/02/17/deny-capabilities/ is a great discussion/explanation of the underlying paper which describes the pony theory and implementation.

                                                                Personally I find the pony approach cleaner and more orthogonal than rust’s, but both of them are incredibly rich and you have a lot to learn in either case anyway.

                                                                The open question for me is whether the sweet spot of explicit reference passing is big enough to warrant all the gymnastics, and whether a sufficiently smart compiler ™ might be able to perform that as an optimization on an existing immutable value-passing language. I go back and forth. The compiler doesn’t exist yet, and pony and rust do. On the other hand, erlang exists and doesn’t have those languages' sometimes-impenetrable thicket of required type annotations, and is significantly richer in its concurrency model at the moment.

                                                              1. 7

                                                                Ugh, I can’t believe this conspiracy theory nonsense is on lobsters. I maxed out my contribution to Bernie Sanders and will probably be voting for Gary Johnson, so I’m not a Hillary shill or anything. Everyone who is moved by this video needs to try the guess the NY Times number sequence experiment.

                                                                The number in the video $100k or whatever is so inconsequential when talking about Google, Alphabet, Schmidt, and the Clintons I laughed out loud when they mentioned it. In addition, that data analytics company hardly even sounds relevant.

                                                                Lastly, it seems to me that Google just won’t immediately suggest extremely negative things about full names. I couldn’t get it to autosuggest stuff for Martha Stewart or Bill Cosby.

                                                                If I were developing the algorithm I would absolutely “whitewash” the suggestions. The danger of omitting something like “criminal” after someone’s name when it could be true is far less than that of including it when it’s false.

                                                                1. 1

                                                                  Lastly, it seems to me that Google just won’t immediately suggest extremely negative things about full names.

                                                                  Not true.

                                                                  1. 5

                                                                    This just shows that “racist” is not on their list of negative things that they refrain from suggesting after full names. “Indictment” and “crimes” seem to be, as illustrated with searches like “bernie madoff cri” or “bill cosby ind” (compared to the same searches with the first name omitted).

                                                                    1. 1

                                                                      Yeah, it “just shows” that they’re full of it.

                                                                      Honestly, sometimes Google fanboism is astonishing. I see all those free cafeteria lunches and massages paid off.

                                                                      1. 3

                                                                        As your tweet says, “donald trump rac” brings up the suggestion “donald trump racist.” And “hillary clinton raci” includes “hillary clinton racist kkk” in the suggestions. What’s your point?

                                                                1. 2

                                                                  I think sandstorm is incredible software and kentonv (primary author) is a really smart guy, so this does assuage my concerns. For those who still think it’s a bad idea, can you link to the reasons why and suggest what realistically should be done instead? At this point, the kneejerk negative response to curl | bash feels a little cargo culty to me.

                                                                  1. 1

                                                                    Remember that very smart people can occasionally do very dumb things.

                                                                  1. 4

                                                                    One thing that surprised me at first but now I’m used to after living in Singapore for a year is that there’s not often paper towels OR a hand dryer here! But after realizing that my hands have air dried a minute later anyway, the fanatical devotion in the U.S. to making sure there’s no water on your hands the instant you leave the bathroom seems a little silly.

                                                                    1. 4

                                                                      Horn toot: In about an hour I’m launching the Concise Guide to Substitutability, a short ebook that explains what’s at work in several seemingly-unrelated topics in real-world Ruby code.

                                                                      This week I am attending MicroConf, a small conference for self-funded techie businesses. I’m here for the hallway track, to get advice from experienced devs about marketing and running a small businesses that’s starting with the above ebook and hopefully growing to be a full-time job helping devs write better code.

                                                                      1. 2

                                                                        @puschcx The book topic looks great, but I don’t write much Ruby. (Mostly JavaScript/TypeScript, though I can read Ruby.) How applicable would you say the book is to non-Ruby developers?

                                                                        1. 2

                                                                          It’s relevant to dynamic languages that make use of duck typing (JavaScript, Python, PHP off the top of my head). Almost all the example code is in Ruby, but I think only the mention of mixin modules like Enumerable is the only thing someone might not understand right away.

                                                                        2. 2

                                                                          Looks great! I’m a rails dev so right up my alley. Just purchased it.

                                                                          1. 2

                                                                            Congratulations on the launch!

                                                                          1. 20

                                                                            Let’s be clear: the message here is “don’t innovate too much, and aim for the 50th percentile programmer for the best chances of success, so everyone can feel included?” We’re to coddle programmers their whole career? Little wonder we re-write the world every five years with varying degrees of quality! I go through stages of deep disappointment with the intellectual laziness of the industry. I don’t know how people stay in. People become proud of what they don’t know.

                                                                            I have no beef with Go. If you like it, cool. But I very much despise this sort of populist pandering in the name of adoption, rather than genuine advancement.

                                                                            1. 12

                                                                              You work in an industry that prides itself on become-a-programmer-in-two-weeks courses. Of course people are going to cater to the minimum.

                                                                              (Not that I think Go does this.)

                                                                              1. 13

                                                                                An extremely innovative programming language, only understood by a few programmers, and very difficult to learn, would be useless to the industry.

                                                                                I agree that we need innovation in programming languages, but I also think that a new programming language must fit in a “complexity budget”. It’s okay for a programming language to innovate a lot, if it fits in this “complexity budget”, which makes the language learnable in a short amount of time.

                                                                                A language learnable in a few weeks can be used by almost any programmer. A language learnable in a few months will exclude programmers that are unable or unwilling to dedicate evenings or week-ends to this learning. A language learnable in a few years would require a sabbatical (but I’m unaware of any existing programming language requiring such an investment).

                                                                                My point is innovation in programming languages too often comes with an increase in complexity budget. And the more we increase the complexity budget, the more we limit the audience.

                                                                                Rob Pike wrote “The need to get programmers productive quickly in a new language means that the language cannot be too radical”. I would add that a new language can be radical only if the increased learning time is compensated by an increased productivity and quality in the future.

                                                                                By the way, if you compare Go to mainstream languages like C/C++/Java/PHP/Perl/Python/Ruby/JavaScript, it’s not that uninteresting. It brings thinks like CSP concurrency, structural typing with interfaces, composition over inheritance with embedded structs. Of course, if you compare it to OCaml/Haskell/Rust/Scala/F#, there is no question that Go is less innovative and radical (as a language – I’m not talking about the runtime, the tooling and the library). But the truth is that OCaml/Haskell/Rust/Scala/F# have not been designed to be mainstream languages. Go was.

                                                                                Maybe what you/we need is a successor to OCaml or Haskell, but with the design goal of becoming mainstream, at every level of the language (language itself, compiler, runtime, tools, libraries, ecosystem, etc.). What would be the equivalent of Go at Google: Language Design in the Service of Software Engineering for this new language?

                                                                                PS: One example of a programming language that I found quite radical and innovative for its time, and still easy to learn, would be Erlang.

                                                                                1. 5

                                                                                  Maybe what you/we need is a successor to OCaml or Haskell, but with the design goal of becoming mainstream

                                                                                  I think we might have something similar to that in Elixir. Elixir is unabashedly populist. I have shipped production Erlang apps and been badly burned trying to hire around it – so I am a bit gun-shy, but slowly warming to Elixir. It might end up being DSL soup (like Ruby), but maybe not… I will continue watching… with slow growing excitement.

                                                                                  1. 2

                                                                                    That’s funny because I had a very constructive discussion with Saša Jurić, the author of Elixir in Action, a few days ago, on similarities and differences between Go and Erlang. I agree that Elixir is an interesting option for the same reasons and with the same reservations as you.

                                                                                    1. 1

                                                                                      It might end up being DSL soup (like Ruby), but maybe not…

                                                                                      That’s definitely a concern since it’s drawing lots of ruby developers, but in many ways the design of Elixir seems to be a reaction to a lot of ruby practices. Jose Valim (the creator) has counseled contributors that a DSL, if created, must exist on top of a well thought out API.

                                                                                      He also has this great talk DSL or No-DSL from 4 years ago.

                                                                                      1. 2

                                                                                        Yeah, I have yet to see a meta-programming system survive in an organization for too long. Generally initial coders love it and are very effective inside it – then under success conditions, it all falls apart…

                                                                                        1. 1

                                                                                          Why does it fall apart?

                                                                                          1. 4

                                                                                            Hiring and growth… which implies training and turnover. Finding people with a good mind for meta-programming is very challenging. Additionally, meta-programming is often not used with the level of restraint required to make it a good long term system (for examples: see Ruby). Beyond all that, when you are doing major meta-programming/DSL work – you have to document it as you would document a brand new language, the documentation / training overhead is brutal. Without documentation and without training, you are basically guessing how to use an undocumented programming language… fun.

                                                                                            In theory of course, you could overcome all these weaknesses, with “perfect” programmers – but in reality, it becomes a bloody mess and at some point – even those who initial wrote it and argued for it as like “Screw it, yeah, this is nonsense, lets port it to X” – X often being a very simple language like C or Java or in my very favorite example – it remained in Lisp – but anything but straightforward procedural programming was banned at the commit level (and scanned for with a nasty massive perl file)… Lisp - most of the Lisp things about Lisp.

                                                                                            1. 2

                                                                                              Yea, you see a lot of magic DSLs out there that grow organically under one person. As soon as they try (or have to) pass on that knowledge it falls. Here’s one I see in the making, but I doubt anyone outside of the prestigious original author are using this: https://github.com/nathanmarz/specter

                                                                                      2. 1

                                                                                        Out of curiosity, why Erlang made the hiring more difficult?

                                                                                        1. 1

                                                                                          Small talent pool, high pay requirements, decently hard to do in house training on unless they came from another functional language… it was a nightmare.

                                                                                        2. 1

                                                                                          If I’m not mistaken, I think that Elixir doesn’t let the programmer “reopen” a module and define or redefine functions, which should limit the kind of rogue monkey patching you find too often in Ruby.

                                                                                        3. 4

                                                                                          Maybe what you/we need is a successor to OCaml or Haskell, but with the design goal of becoming mainstream

                                                                                          IMO, the problem with this is that mainstream and good languages are more or less mutually exclusive. What I love and enjoy about Ocaml is what makes it unpopular.

                                                                                          1. 2

                                                                                            That’s a great point! Honestly, I hope you’re wrong, because if you’re right, then we’re doomed to either 1) program alone in a good language or 2) program as a team in a mediocre language.

                                                                                            Maybe we could draw inspiration from human languages here: Some people have a limited use of their mother tongue (limited vocabulary, limited understanding of grammar), others have a deep knowledge and mastery. Even the same person can use a different level of language, depending on the circumstances.

                                                                                            1. 2

                                                                                              The other alternative is to get a small group rallied around a core idea, like how suckless.org works. The upside to being into Haskell or Ocaml is that they are very expressive, meaning you can accomplish a lot with very little code. The lack of standard libraries hasn’t been a big issue for me in Ocaml because I can generally rewrite the portions I need pretty quickly.

                                                                                          2. 4

                                                                                            Haskell, as a language, is usable for mainstream purposes right now. OCaml is too. Haskell is 100% of our backend at my company.

                                                                                            You wouldn’t profit from making a more mainstream Haskell right now. Developments beyond Haskell are still being hammered out and researched.

                                                                                            1. 6

                                                                                              In fact, now would be a bad time to try to make a “mainstream” Haskell as we’re in the middle of figuring out some research and implementation at a couple different levels

                                                                                              I know what you mean, but don’t you think it is always a “bad time”? :-) This is the crux of the issue. One of the explicit goals of Haskell was to “serve as a basis for future research in language design” [1]. One the explicit goals of Go was to “address the problems faced in software development at Google, which led to a language that is not a breakthrough research language” [2]. It’s very difficult to innovate on on all fronts at the same time.

                                                                                              [1] https://www.haskell.org/onlinereport/haskell2010/haskellli2.html [2] https://talks.golang.org/2012/splash.article

                                                                                              1. 5

                                                                                                Haskell is still pushing things forward at the level it currently works for - example: https://www.cis.upenn.edu/~eir/papers/2012/singletons/paper.pdf

                                                                                                I don’t think you grokked my point. Haskell is ready for mainstream use, modulo libraries (not language), now. The library coverage has been plenty good for the work I do and I’m much happier using libraries written by Haskell users in Haskell than I am what’s available for JVM languages.

                                                                                                The DTPL stuff isn’t ready for wider use - yet. Churning what already works for mainstream use (Haskell) seems deeply wasteful. The GHC runtime system works a freakin' mint for the latency/throughput sensitive work I do with considerably less fuss (not zero) than the JVM.

                                                                                                To the extent that I can, I am trying to make Haskell more accessible.

                                                                                                My co-author is somebody that had never programmed before I taught her Haskell and started less than a year ago. How much easier does a mainstream programming language need to be for a total beginner? She still finds JS & Java difficult in ways that do not happen for her in Haskell.

                                                                                                There’s a lot of undiscovered value here, I think. But I believe it was shrouded in part by learning materials that weren’t sufficiently usable or accessible by non-CS people. That wasn’t an issue with the language, it was an issue with the approachability of how people taught the language.

                                                                                                I think my points here are why @mattgreenrocks sounds frustrated.

                                                                                                1. 5

                                                                                                  Let’s consider a young professional programmer, gone through a computer science cursus, where he/she was taught C, Java and a bit of Lisp. Are you saying that learning Haskell would require a similar effort to learning Go?

                                                                                                  1. 1

                                                                                                    You know this unanswerable and involves a lot of variables. Any assertions in either direction would be nonsense. Mu.

                                                                                                    Instead, let me say what I know.

                                                                                                    I know I’ve taught total beginners to programming the basics of programming in Haskell in a matter of months. I know I’ve taught people that already programmed for a living with FP experience to use Haskell in days.

                                                                                                    I know companies that train people with zero FP experience to write Haskell in 1-2 weeks of pair programming – then they’re on their own. One thing that helps with the latter is having a codebase already in place for them to learn from.

                                                                                                    I’ve taught many people over the internet as well. I don’t just use Haskell – teaching it is what I’m primarily known for. I know what’s possible.

                                                                                                    I also know it took me five years to learn Haskell, yet I’m able to get others going in a much shorter period of time. I believe this is because of the learning resources, not the language.

                                                                                                    1. 10

                                                                                                      Unfortunately, I have to discount everything else you have said because of such brazen intellectual dishonesty. If you are so deep in your own BS you can’t even admit that Go is easier to learn the Haskell, I simply can’t take anything else you have said seriously. Reeks of zealotry and fanaticism over pragmatism and honesty. This is a net-negative for the Haskell community, being honest about negatives of the language is a part of being a good steward of it.

                                                                                                      I love Haskell, so far no other language I have ever used has tickled my brain the way it does, it makes me happy and makes me feel good. I think it is a superior language to Go. That said, it has a steep learning curve and being in denial of that does a disservice to new users, because it makes them feel dumb rather than acknowledging “Yeah, this is harder than most languages to pick up, but it pays you back for it, keep striving, you will get over the hump!”

                                                                                                      I have gotten people up to speed in professional environments on Lisp, Erlang, Haskell, Go, and dozens of other languages over the past couple decades. Go’s simplicity and consistency is a killer feature when it comes to teaching people. You can hire people with no Go experience to be Go developers, and that is reasonable and sane, the overhead of learning Go is trivial. A professional developer can attain a mastery of Go in a week. Not bumbling “it mostly works” but actually understanding, because there simply isn’t that much there to know. I have literally gotten people up and running with NO programming experience writing complex selenium tests (using the Go driver) in a week – using basically every feature Go has to offer except for channels and channel select… and they often find some problem best solved by channels and concurrency within a few weeks and implement it without assistance.

                                                                                                      Over the past 3-4 years, I have seen a sad bend towards intellectual dishonesty in the Haskell community and it is depressing. Selling it as a magic bullet constantly, and it belittles the language, community and newcomers.

                                                                                                      1. 6

                                                                                                        Selling it as a magic bullet constantly

                                                                                                        As someone that keeps a close eye on Haskell, and keep reading about it (documentation, blogs, papers, code, etc.), but has not jumped into the bandwagon, I noticed this tendency too. Some people tend to present it as “magic bullet”, of course without saying anything about the remaining theoretical or practical issues (space leaks for example, to take a “classic”). Haskell is a really great technology, but I agree this attitude is a disservice to the language.

                                                                                                        1. 3

                                                                                                          It doesn’t take much reading on harder projects in Haskell (aka Warp from the Performance of Open Source Applications or Yesod from the earlier AOSA) http://www.aosabook.org/en/posa/warp.html to see that the really neato frito features of the language fall into a miasma of directives and special imports. Even though the code is short and I’m sure people are successful with it, it’s not straightforward enough for me to grok without learning a lot of syntax (beyond learn you a haskell stuff) just to get involved, then a lot of “what does this import do?” etc etc.

                                                                                                        2. 2

                                                                                                          I love Haskell, so far no other language I have ever used has tickled my brain the way it does, it makes me happy and makes me feel good. I think it is a superior language to Go. That said, it has a steep learning curve and being in denial of that does a disservice to new users, because it makes them feel dumb rather than acknowledging “Yeah, this is harder than most languages to pick up, but it pays you back for it, keep striving, you will get over the hump!”

                                                                                                          “Steep learning curve” is an interesting expression, because what it actually means is that one is learning quickly. Haskell does have a steep learning curve: you learn a lot, quickly. It also has a high learning curve. There’s a lot to learn. One can probably be as productive, as a writer of code, as an average employed Java programmer after 3-5 weeks of serious Haskell study (i.e. you can do whatever a junior programmer needs to do). As a reader, it depends highly on the specific code and the quality of documentation (as a community, Haskell isn’t great at documentation, although it’s getting a lot better) but there’s a lot of code that you won’t be able to read until you’ve been doing Haskell for months, if not years, and that’s not because the code is bad but because it’s a deep language. It also hurts our argument for the effectiveness and power of type signatures when we present lenses to new programmers and have to say, “don’t look at the types yet; they’ll hurt your eyes”.

                                                                                                          Over the past 3-4 years, I have seen a sad bend towards intellectual dishonesty in the Haskell community and it is depressing. Selling it as a magic bullet constantly, and it belittles the language, community and newcomers.

                                                                                                          I haven’t seen what I would call “intellectual dishonesty”, but there is a bit of counterproductive zealotry (I may be guilty of that as well). The truth is that Haskell is way farther along than 5-10 years ago. It’s far past being ready to tackle what most professional programmers do. Business people tend to write it off because it’s a 26-year-old language that (from their perspective) just now seems to be taking off, and they ask, “If it’s been around for so long and it’s so great, why isn’t it popular?” That leads to a tendency (in us) to overcompensate by presenting it as the absolute best choice for nearly all problems, when the reality is that it’s a very good choice for quite a large number of problems but (as you and I would agree) no “magic bullet”.

                                                                                                          On a side note, I think Haskell needs to work hard at building its community. Clojure has Cognitect and Conj and Clojure/West; as far as I know, Haskell doesn’t have any U.S. conferences. Clojure’s community leadership has been actively seeking to improve not only its age and gender diversity, but that of tech. It also has an aesthetic sense that is unmatched; {"one" 1} is just more attractive than fromList [("one", 1)]. Haskell’s great and I’m thrilled to be using it, but there’s a lot that we can learn from Clojure’s community.

                                                                                                          1. 6

                                                                                                            “Steep learning curve”…

                                                                                                            For the record, I was using the more conventional understanding of the phrase as “hard to learn”.

                                                                                                            One can probably be as productive, as a writer of code, as an average employed Java programmer after 3-5 weeks of serious Haskell study

                                                                                                            I have my doubts about this – but not sure it is worth arguing over. We can agree to disagree on this point without any confusion bleeding into future points.

                                                                                                            but there’s a lot of code that you won’t be able to read until you’ve been doing Haskell for months, if not years..

                                                                                                            I agree, and this is a noteworthy difference between Haskell and Go. Go you can jump into any code imaginable your second week and feel fairly comfortable… it is just Go. Even in some of the uglier OS specific pieces (syscalls, etc) – it is still very easy to read and understand, even for neophytes.

                                                                                                            Additionally, regardless of if it is because Haskell is a “deep language” or “hot garbage” – it really doesn’t matter from a business perspective, having code that will take someone years to be able to READ is terror inducing.

                                                                                                            I haven’t seen what I would call “intellectual dishonesty”, but there is a bit of counterproductive zealotry

                                                                                                            I flatly disagree with you on this point. Zealotry is obnoxious but often forgivable because it is done in a haze of ignorance. Excited children make bold claims, and generally you can smile and forgive them, because you remember when you were that young and that dumb. You can grow out of zealotry, you grow into intellectual dishonesty.

                                                                                                            Intellectual dishonesty is done by people who know better, who know they are lying. Those who actively omit and distort the truth while being absolutely aware of what they are doing, and are experts in the field. In a very real way, intellectual dishonesty is far more poisonous because it is done by those who you would depend on, those you would look to in order to assist you, those who are the elders of a community. They are where the misinformation the armies of zealots spout come from, they are original sources.

                                                                                                            It’s far past being ready to tackle what most professional programmers do. Business people tend to write it off because …

                                                                                                            I have reviewed Haskell 4 times for production use – and not once was its age brought up as a negative, or even brought up at all. The questions are simple: (1) How quickly can someone learn it and be able to read all the existing code? How long after that until they can ship production changes on top of that code? (2) How big is the market of developers? Growing or shrinking? (3) Will this be a liability or a asset going forward for the company.. IE: If we are given an outside audit / review for financing or are being purchased how will the outside investor or company look at that codebase?

                                                                                                            Generally speaking the answers where (1) Months, small patches in weeks maybe, probably months… (2) Tiny, slow growth… (3) Liability – and that is the end of the conversation. The upsides are complex and hard to explain and involve correctness, long term soundness and other things that are very challenging to get across in a useful way in a meeting.

                                                                                                            On a side note, I think Haskell needs to work hard at building its community. Clojure has

                                                                                                            Clojure has some very loud, bright voices at its core. It (the community around Clojure) has done stuff like associate bravery and joy with the language. Additionally, Clojure talks have taken place at lots of cons not directly related to Clojure, to spread Clojure. Java conferences were the primary thing – but they also did stuff for Ruby developers, Python developers, etc.

                                                                                                            It would be interesting to see what a talk about Haskell at a Ruby conference would look like… How would you spend an hour to convince people Haskell is worth using at a Ruby conference or a Python conference?

                                                                                                            Rust seems to have some bright lights as well – Specifically Yehuda Katz and his push for “You too can be a systems programmer!” is absolutely brilliant stuff – and he keeps doing talks on it – at places like Golden Gate Ruby Conference. His talk is amazing in that it makes Rust feel very accessible and shows off a lot of things that Ruby users care about.

                                                                                                            Elixir is doing amazing outreach to Ruby developers, and naturally picking up a lot of Erlang developers. It is unabashedly populist while remaining very honest about downsides and risks. This honesty that seems to be somewhat baked into this community is a huge asset to it – and IMHO, one of the reasons it might end up being a massive success. I suspect some of this honesty came as a response to intellectual dishonesty among Ruby evangelists (who directly profited off of promises that where never fulfilled).

                                                                                                            1. 1

                                                                                                              “Steep learning curve” is an interesting expression, because what it actually means is that one is learning quickly. Haskell does have a steep learning curve: you learn a lot, quickly.

                                                                                                              When you climb a “steep” path, you progress slowly, not “quickly”. Similarly, a “steep learning curve” implies you learn slowly, not quickly. But I’m nitpicking :)

                                                                                                              1. 1

                                                                                                                It is sloppy language at best. In physical terms, climbing a steep path obviously conjures the memory of the physicality of climbing a hill.

                                                                                                                But in more mathy terms, if the Y axis was “knowledge” (IE: learned) and the X was time. A steep learning curve would mean a rapid increase in knowledge. If the Y axis represents difficulty, then the a steep learning curve means increasing difficulty… I think different people think of different things on the Y axis.

                                                                                                                1. 2

                                                                                                                  I think many people use an X axis of “what I can do” and Y of “what I must learn”. This may not be the one true definition of learning curve, but it allows “steep learning curve” and “You can’t do anything until you learn everything” to align.

                                                                                                                  1. 1

                                                                                                                    Honestly, the never occurred to me, but probably fits most graphs more sanely.

                                                                                                                  2. 1

                                                                                                                    You’re nitpicking even more than me, but it’s useful because your comment is completely true. Thanks!

                                                                                                                    1. 3

                                                                                                                      If you can’t be a pendant on lobste.rs where can you?! :)

                                                                                                                      1. 2

                                                                                                                        there are lots of places you can hang out!

                                                                                                                        1. 1

                                                                                                                          Haha, never thought about this before! :)

                                                                                                                          1. 1

                                                                                                                            If you can’t be a pendant on lobste.rs where can you?! :)

                                                                                                                            s/pendant/pedant/

                                                                                                                            (Normally, I wouldn’t do this; but with “meta” in your name, I assume you don’t mind the meta-ness of my doing so.)

                                                                                                                            1. 1

                                                                                                                              No, I am a gorgeous pendant. Who would want to be a pedant?

                                                                                                                              ducks

                                                                                                                    2. -2

                                                                                                                      as an average employed Java programmer after 3-5 weeks of serious Haskell study

                                                                                                                      These assertions are pretty dodgy when you haven’t taught anybody Haskell and have no practical experience.

                                                                                                                      I would urge you to be more epistemically cautious in how you present your case. It just gives people more surface area with which to undermine your points and it makes you look very unreasonable.

                                                                                                                      Your overreach has been noticed and is making reasonable people grumble.

                                                                                                                      Hard sales does not have a constructive role to play among otherwise serious professionals.

                                                                                                                      On a side note, I think Haskell needs to work hard at building its community.

                                                                                                                      I agree.

                                                                                                                      Haskell doesn’t have any U.S. conferences

                                                                                                                      What?

                                                                                                                      The Haskell hackathons have been going strong for a long time around the world, especially BayHac, NYC, and Zurich ones.

                                                                                                                      CUFP always has a lot of Haskellers/DTPLers, LambdaConf was like 50% Haskell, LambdaJam is predominantly Haskell.

                                                                                                                      And that’s just off the top of my head.

                                                                                                                      1. 1

                                                                                                                        Haskell doesn’t have any U.S. conferences … What?

                                                                                                                        I suspect the implication was “brand name” conferences. IE: GopherCon and GothamGo.

                                                                                                                    3. -1

                                                                                                                      You know this unanswerable and involves a lot of variables.

                                                                                                                      so deep in your own BS you can’t even admit that Go is easier to learn the Haskell,

                                                                                                                      I don’t think I said anything of the sort. I explicitly made the point that making such claims didn’t make sense. Your rudeness is not welcome or constructive.

                                                                                                                      they often find some problem best solved by channels and concurrency within a few weeks and implement it without assistance.

                                                                                                                      MVars (channel, of a sort) and channels are the most popular methods for handling concurrency in Haskell.

                                                                                                                      I’ll leave it at that. Ego is getting in the way of what could’ve been good conversation. Please do not reply.

                                                                                                                2. 7

                                                                                                                  I read “modulo libraries (not language)” as “Not ready for mainstream use”.

                                                                                                                  Surely if you want to build things you’re not well served by a language with poor libraries, no matter what else it offers.

                                                                                                                  1. 2

                                                                                                                    I read “modulo libraries (not language)” as “Not ready for mainstream use”.

                                                                                                                    If the library situation with Golang satisfies you, then Haskell will be even better. It only compares disfavorably if you find writing a quick wrapper binding for the sort of thing Java/Python already have to be unacceptable.

                                                                                                                    At work we use libraries for Boilerpipe, beanstalkd, Riak, Percona MySQL, Redis, and dclass browser classification. And a lot more.

                                                                                                                    Full listing of what’s on Hackage: http://hackage.haskell.org/packages/

                                                                                                                  2. 1

                                                                                                                    My co-author is somebody that had never programmed before I taught her Haskell and started less than a year ago. How much easier does a mainstream programming language need to be for a total beginner? She still finds JS & Java difficult in ways that do not happen for her in Haskell.

                                                                                                                    Maybe there are no easy or hard languages. Just more or less enthusiastic teachers. :)

                                                                                                                    1. 2

                                                                                                                      Static learning resources can make a huge difference as well. I wrote my guide for learning Haskell and the resources recommended there work considerably better than what people had usually used before.

                                                                                                              2. 2

                                                                                                                I think Haskell offers a great RIO of long term productivity for the cost to learn, but the sad truth is that it’s still an unknowable metric. As an industry we take for granted that whatever we use is more productive than assemby, but other than that we are all fumbling around in the dark. There’s no proof that this is more productive than that, only anecdotia.

                                                                                                                Languages that have a high cost to learn are often disregarded, because there is no way to prove it is better. All proof is effectively: I learned it, and it seemed better to me that what I was using before.

                                                                                                                This is why I think it’s my duty to learn a number of tools, then I’ll my own personal experience and judgement to apply to my own analysis.

                                                                                                                1. 5

                                                                                                                  As an industry we take for granted that whatever we use is more productive than assemby, but other than that we are all fumbling around in the dark. There’s no proof that this is more productive than that, only anecdotia.

                                                                                                                  Additionally, depends what you measure. Things the are wonderful for the productivity of individuals (rich DSLs, macros galore, terse syntax) are often horrible for the productivity of teams with turnover and hundreds or thousands of developers. It all depends what you are trying to optimize around.

                                                                                                                  1. 2

                                                                                                                    I cannot agree more.

                                                                                                                    Things like operator overloading or macros are very tempting when I write code, because they strengthen the feeling that I have written smart, dense, beautiful code. But they are too often an obstacle when I read code, especially a new code base written by others.

                                                                                                                  2. 2

                                                                                                                    Languages that have a high cost to learn are often disregarded, because there is no way to prove it is better. All proof is effectively: I learned it, and it seemed better to me that what I was using before.

                                                                                                                    We could replace Haskell with vim in this discussion :-) “Big learning curve, but it’s worth it!” Some agree, some disagree. Alas, it’s difficult to prove, so all we have is trying it for ourselves, or collecting and aggregating the opinions of our peers.

                                                                                                                    1. 1

                                                                                                                      Yeah, but choosing the wrong editor is an annoyance. Choosing the wrong language for your startup could literally kill your business when you can’t hire and grow.

                                                                                                                      1. 1

                                                                                                                        I agree, of course. This specific comment I posted was not meant to be really serious :)

                                                                                                                2. 4

                                                                                                                  Others have said much the same, but if new languages shouldn’t aim for the 50th percentile, which percentile should they aim for? Honest question: of what use is the genuine advancement of a language designed for 90th percentile programmers?

                                                                                                                  1. 8

                                                                                                                    Honest question: of what use is the genuine advancement of a language designed for 90th percentile programmers?

                                                                                                                    How about languages that turn 50th-percentile programmers into 90th-percentile programmers? I’d argue that Haskell fits the bill. You don’t have to be a 90th-percentile programmer to be more productive in it than you’d be in Java. In fact, if your knowledge of each is equal, you’d be more productive in Haskell pretty quickly. I really think that anyone who can learn to program Java well can do even better in Haskell.

                                                                                                                    I wasn’t born a 9xth-percentile programmer. My first words weren’t “functional programming”, and I wasn’t 10x-ing it in grade school with the Haskell skillz. I don’t buy the argument that most programmers are immutably mediocre, either. The mediocrity exists because we’ve done, as a professional group, an absolutely terrible job of managing our social status and have let ourselves be shoved into the role of business subordinates, which inflicts mediocrity upon us. It can be changed.

                                                                                                                    1. 2

                                                                                                                      How about languages that turn 50th-percentile programmers into 90th-percentile programmers?

                                                                                                                      Is go one of those languages? From what I’ve read, it seems pretty successful at improving the productivity of decent but not great Python and c++ devs.

                                                                                                                      1. 1

                                                                                                                        It can be changed.

                                                                                                                        How? Michael, I agree with you on this. If you have any “strategy” or any link on how to change this, then I’m interested.

                                                                                                                    2. 6

                                                                                                                      I think that the worst thing about the pandering is that it comes with a certain essentialism. People aren’t just catering to the 50th-percentile programmer, but also assuming that he can’t improve, and that our industry is just doomed to be staffed by mediocrities. They tend to assume that the Java mines are full of idiots who will never be able to understand Haskell. In reality, they’re smart enough. They’re just disengaged because decades of working for idiots (let’s be honest; most programmers work for non-technical jokers driven by emotion rather than reason) have left them seeing no better possibility than business-oriented Java. They have the intellectual horsepower needed to improve. What they don’t have is encouragement or a sense of purpose. Working on user stories shoveled to them by a 27-year-old “product owner” or “scrotum master” pays the bills.

                                                                                                                      This industry is overloaded with mediocre people (and, largely, because there’s so goddamn much money in software that it tolerates a lot of worthless upper management) but that’s because corporate development environments make people mediocre. This is good news, because it means that there’s hope of fixing it.

                                                                                                                      1. 2

                                                                                                                        This industry is overloaded with mediocre people (and, largely, because there’s so goddamn much money in software that it tolerates a lot of worthless upper management) but that’s because corporate development environments make people mediocre.

                                                                                                                        Alas, I don’t think this is really specific to our industry, don’t you?

                                                                                                                        I wrote “alas”, because if it was specific to our industry, then I think it would be easier to fix.

                                                                                                                    1. 0

                                                                                                                      I cannot resist guys: “Can I haz errorz monadz?” :)

                                                                                                                      1. 0

                                                                                                                        I seriously do not understand the downvote here, since this is neither trolling nor off-topic. I think that the “off-topic” and “troll” downvotes are simply from people ignoring computer science theory of the last 2 decades (to say the least). And you can do things like this in Rust by the way. So this is just seriously rude for the sake of being so. If you do not understand error and exception handling using monads it is your problem.

                                                                                                                        1. 2

                                                                                                                          I didn’t downvote you but I can’t say I’m a fan of the way you contributed. Seriously, let’s try to keep this meme shit off lobsters. (Also, it should be “I can has”).

                                                                                                                          I highly doubt anyone down voted you because they don’t understand error monads, which is obviously a relevant an interesting thing to bring up on this article.

                                                                                                                          1. 3

                                                                                                                            I still find it uncalled for because I do not perceive it as trolling nor is there a netiquette on lobste.rs regarding what can one use humorously or not, given that no abusive language is used nor demeaning content is implied. Even my explanation gets a downvote. The “z” was deliberate.

                                                                                                                            Regardless, I’ll move on with simply not saying much anymore. This was supposed to not be Reddit but I guess disillusionment is important.

                                                                                                                      1. 5

                                                                                                                        Also works analogously in git: git checkout - checks out the last branch you were on.

                                                                                                                        1. 2

                                                                                                                          cd -” has been in my toolbox for a decade, but that is news to me—thank you very much!

                                                                                                                        1. 8

                                                                                                                          I’ve been playing with Haskell lately and I must say the types, while super constricting and frustrating at times, are revolutionizing how I think about programming.

                                                                                                                          • The lack of “nil” as a valid value of any type, and having to explicitly handle that case with something like Maybe, is very powerful.

                                                                                                                          • Blaze’s HTML combinator to keep all HTML generation strongly typed as HTML, makes it a breeze to deal with entity encoding and the like.

                                                                                                                          • The explicitness and rigidity of going to/from JSON via something like aeson feels nicer and less prone to introducing bugs than what I’ve done before in ruby.

                                                                                                                          Lastly, and offtopic I realize, but I just recognized the submitter’s username as the author of bloodhound for elasticsearch. Quick question: It looks like it doesn’t support aggregations (previously: “facets”), is that right? Is it on the roadmap at all? Do any other ES libraries support that? And I guess to bring it back on topic, how has haskell’s type system affected your use of elasticsearch? I’ve only used ES in the context of ruby/javascript, so I can’t quite wrap my head around how it will help just yet.

                                                                                                                          1. 3

                                                                                                                            It’s “tomorrow”! Where’s my post!? :)

                                                                                                                            Looking forward to following this journey.

                                                                                                                            1. 1

                                                                                                                              Your post has arrived.

                                                                                                                            1. 1

                                                                                                                              Ha, didn’t expect to see this here! Thanks for posting this. CoachUp dev here, happy to answer any questions about our approach.

                                                                                                                              1. 1

                                                                                                                                Great to see security implementations moving along in Go. But the main question, as with any implementation, is… can we trust it? Has anyone reviewed it yet? Who is this “kyle” guy?

                                                                                                                                1. 4

                                                                                                                                  That’s why I’ve submitted it here. The implementation is straightforward:

                                                                                                                                  1. Generate ephemeral keypair, R
                                                                                                                                  2. Generate keying data with ECDH(R, pub)
                                                                                                                                  3. Generate symmetric encryption keys and HMAC key with NIST SP 800-56a concatenation KDF.
                                                                                                                                  4. Encrypt the message with the selected symmetric algorithm (I’ve chosen to only support AES in CTR mode as per the suite B guide).
                                                                                                                                  5. Tag the message with an HMAC.
                                                                                                                                  6. Roll all this together.

                                                                                                                                  The references section of the README contains everything you need to know to check and verify it.

                                                                                                                                  1. 2

                                                                                                                                    Oh, I didn’t realize you were both the submitter and author! Yeah, I glanced through the code, and it looked like you were more composing cryptographic primitives than writing stuff from scratch, which is a good sign, but I’m not confident enough in my abilities to trust any evaluation beyond that.

                                                                                                                                    I also checked out your website to get a feel for your credentials, and it looks like you have a pretty nice looking cryptography/Go book coming out, which was positive, but of course not anything to base a serious decision on.

                                                                                                                                    Thanks for your work!