tag:blogger.com,1999:blog-1777990983847811806.post3367018514902929143..comments2024-03-16T16:29:29.582-07:00Comments on Haskell for all: Why do our programs need to read input and write output?Gabriella Gonzalezhttp://www.blogger.com/profile/01917800488530923694noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-1777990983847811806.post-89421945566643923962017-10-09T11:03:55.037-07:002017-10-09T11:03:55.037-07:00No disagreement here, except for the part about th...No disagreement here, except for the part about the JS snippet. Presumably a Dhall-centric web paradigm wouldn't need JavaScript (if you could encode the dynamic behavior of the page post-load in Dhall)<br /><br />There are actually are security concerns with Dhall that I didn't mention which are a concern. For example, Dhall supports fetching URL imports with custom headers that can depend on Dhall values, which provides a very potent side channel for communication<br /><br />However, other features of the import system are designed for safety, such as (A) paths/URLs cannot be computed, (B) multiple references to the same import are deduplicated into a single fetch, and (C) all imports within an expression are resolved regardless of whether they were actually needed (i.e. Dhall's import system is "strict", so you can't conditionally import something based on whether or not it was evaluated). That makes it hard to use the set of imports that a program fetches as a communication mechanism because it never changes from run to run.<br /><br />There are also other obvious side channels (like how long it takes to run, memory profile, etc.), but the main point was to communicate the idea that we don't need effects as much as we thought we did, which I think you got :)Gabriella Gonzalezhttps://www.blogger.com/profile/01917800488530923694noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-20946779815346473772017-10-09T10:54:38.174-07:002017-10-09T10:54:38.174-07:00That's not a coincidence because Dhall is a pr...That's not a coincidence because Dhall is a programmable configuration language, so I do want to blur the difference between the two. I think the division between programming and configuration is somewhat arbitraryGabriella Gonzalezhttps://www.blogger.com/profile/01917800488530923694noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-2433946091202421472017-10-09T10:52:41.341-07:002017-10-09T10:52:41.341-07:00You could imagine that the interpreter could trans...You could imagine that the interpreter could transparently cache the result as an optimization. There's nothing that requires the programmer to do soGabriella Gonzalezhttps://www.blogger.com/profile/01917800488530923694noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-74493794136311993092017-10-09T06:46:58.428-07:002017-10-09T06:46:58.428-07:00I take issue with the idea that there are no secur...I take issue with the idea that there are no security concerns because there are no side effects. This may be true in some cases, but certainly not in others. One example would be in generating content for a web page that will be viewed by users. If I can get a snippet of JS into the page because you remotely executed an API that I compromised, then there is a very real security issue there.<br /><br />Not to mention, spinning CPUs => DoS => Security issues as well.<br /><br />I'm not saying these issues don't have solutions. I'm just saying that there are problems with remote code execution that you can't skirt around by saying "No side effects!". Conceptually, I like the idea, though!Nathanhttps://www.blogger.com/profile/13819669774476491803noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-90507372467652370832017-10-09T06:06:13.266-07:002017-10-09T06:06:13.266-07:00Writing file is necessary to avoid recomputing its...Writing file is necessary to avoid recomputing its content each time when it is needed.libeakohttps://www.blogger.com/profile/01584915094701732892noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-10230601320519622692017-10-09T06:05:36.640-07:002017-10-09T06:05:36.640-07:00The post blurs the difference between (programming...The post blurs the difference between (programming generally) and configuration. Its title is about "programming", begins with "complexity of programming" but then founds the correctness of the idea in the topic of configuration only.libeakohttps://www.blogger.com/profile/01584915094701732892noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-39087748792172610872017-10-08T20:08:42.630-07:002017-10-08T20:08:42.630-07:00How its not necessaryHow its not necessaryAnonymoushttps://www.blogger.com/profile/04600643393478036729noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-55841798146634933282017-10-08T17:22:16.425-07:002017-10-08T17:22:16.425-07:00You're welcome!You're welcome!Gabriella Gonzalezhttps://www.blogger.com/profile/01917800488530923694noreply@blogger.comtag:blogger.com,1999:blog-1777990983847811806.post-50578416226374489332017-10-08T10:31:16.778-07:002017-10-08T10:31:16.778-07:00This is a smart idea - thanks for the link to Cona...This is a smart idea - thanks for the link to Conal Elliot's blog post also.Anonymoushttps://www.blogger.com/profile/03523641844919145486noreply@blogger.com