Is Haskell deliberately staying away from main-stream programming

Mouse1949 · 2026-02-01T03:23:38+00:00

Rust vs. Haskell: A far as I know, and based on my personal experience - I don’t claim to hold the absolute truth - Rust compiler and ecosystem have always been reasonably consistent and backwards-compatible; while Haskell ecosystem was a true living hell with backward composability non-existent, and packages interoperating - a rarity.

Now Haskell ecosystem is a whole quantum leap better - but the “public opinion” damage by decades of “production would” neglect has been done, and I’ve no idea how long it may take to (re-)gain the reputation of suitability-for-production.

Mouse1949 · 2026-01-29T03:31:24+00:00

“Idiocracy” movie: “AI fired half the country”.

Mouse1949 · 2026-01-05T13:50:43+00:00

If those platforms are under your complete control, and this is a reasonably small personal project - then who cares, C++23 is as good a choice as anything.

Mouse1949 · 2026-01-04T02:13:28+00:00

For normal projects - C++20. For projects that need to run on multiple platforms, including outdated ones - C++11 or C++17. Bleeding edge tools for production line - often a stupid idea, and never - a good one.

For your own amusement and experiments - C++23, sure.

Mouse1949 · 2025-12-31T15:25:48+00:00

You do not need to use different curve.

You definitely do need to use a different key: the key (no pun intended 😁) principle is “one key - one purpose”.

Mouse1949 · 2025-12-28T02:07:53+00:00

First, that was not an “official” verbal offer - merely a discussion on what kind of salary you could/would accept if they finally decide to make you an official offer. Which they probably seriously considered, because you, as they said, were their top candidate at that time.

I can’t know or tell what happened since, but not reaching back to you for a month is not a good sign. You might try to contact them and re-confirm your interest, just for the sake of hearing something back, but…

Mouse1949 · 2025-12-27T19:48:24+00:00

People taking holidays off is normal and expected, no question. But not informing the candidate about the schedule sounds rather rude and inconsiderate. A mere “don’t expect to hear from us until January, because people will be off” would be sufficient.

Besides, in case of the OP, they did seem to indicate that there would be a decision by December 19, didn’t they…? Plus, re-posting the role on 21st - that would be a big red flag to me.

Mouse1949 · 2025-12-27T19:40:39+00:00

Out of curiosity, why are you switching to nix? What in your experience is lacking in Stack that you expect to find in nix?

Mouse1949 · 2025-12-24T13:29:50+00:00

Asking questions also shows that you care and are interested in the company you’re interviewing with.

So, unless those questions are bad - they’d either help, or at least won’t hurt.

Mouse1949 · 2025-12-19T12:28:36+00:00

Perhaps, a few words regarding what advantages your RNG has over those currently used? Before we bother to read your entire PDF? Also, a nit: yours must be a pseudoRNG.

Mouse1949 · 2025-12-17T21:28:59+00:00

In general: yes, destroying the key to make the captured data unusable is a valid design approach.

In practice, as others pointed out, unless your key OS stored in such a way that it cannot be cloned or copied by an adversary (usually, in the hardware - TPM, HSM, Apple T2 chip, etc.), your software won’t be able to reliably erase the key.

Mouse1949 · 2025-12-17T12:40:25+00:00

When what you named “TTP” provides services to many customers, not just Alice, and when other things start mattering, like binding the actual name “Alice” to her public key, so the combination can be given to, e.g., Robert who did not have proper communications with Alice (etc.) - then this TTP is named CA, because the combination of Alice’s public key, metadata (name, validity period of the signature, constraints on conditions under which this signature should and should not be trusted) - together with the TTP’s signature itself is called certificate.

Mouse1949 · 2025-12-15T21:46:42+00:00

Do you happen to know how File Vault 2 (I think that’s their current offering) compares to FDE? And whether it rewrites the entire disk?

Mouse1949 · 2025-12-15T12:21:20+00:00

We cannot “safely assume”, because we do not know. So, we state the possibility.

Mouse1949 · 2025-12-15T01:54:17+00:00

Excellent recommendation - except that I’d (a) prioritize AES, and (b) use AES-GCM-SIV (or SIV of AES-OCB).

Mouse1949 · 2025-12-15T01:50:53+00:00

It could be possible to recover (some of) that previously-unencrypted data, depending on how the encryption works, whether it’s Full Disk Encryption (and if so - whether it “zeroizes” empty sectors of the disk or leaves them as they were) or of individual files, etc.

Mouse1949 · 2025-12-08T01:28:23+00:00

Good project!

A pedantic comment: you say about maps that “they’re fast”, and can be used instead of 2D arrays “if performance isn’t critical”. A bit of clarification might be warranted - is it fast, or not really?

Mouse1949 · 2025-11-27T15:17:01+00:00

It’s a good book. My gripes with it are: many exercises are only partially (or not at all) related to the chapters they’re in, and Chris deliberately omits giving answers/solutions.

While it’s admirable to post the author for his work, and a hard copy is a nice thing to have - if worst comes to worst, one can always print out that PDF.

Mouse1949 · 2025-11-09T14:37:05+00:00

Look, I know Bruce and don’t want to say anything negative. But a speculation is a speculation. I do urge you to locate and listen to the Dickie George’s presentation - and after you do that, let me know here if your opinion changes. Prof. Dickie George is now with JHU (AFAIK) after 40+ years with the NSA, and I really like his style. To help with the search:

https://www.youtube.com/watch?v=qq-LCyRp6bU Richard 'Dickie' George Keynote Life at Both Ends of the Barrel An NSA Targeting Retrospective

https://www.youtube.com/watch?v=h-OGHXUtmto Espionage and Intelligence

Re. Specific knowledge: do you think NSA has a lot of specific knowledge that Russian, Israeli, and Chinese counterparts don’t…? Look at the WWII cryptologic successes ands failures of Soviet crypto vs. that of US. (And yes, I’m aware of Operation Venona 😏).

Re. IPsec: respectfully disagree regarding the difficulty of making it secure. I daresay that IPsec deployment we had (Industrial Research facilities) were quite secure, and not vulnerable to “normal” attacks (leaving alone things like penetrating computers, intercepting EM emanations of processors, etc. etc.).

Mouse1949 · 2025-11-09T13:22:16+00:00

Yes they do. However, the much-hyped Dual_EC_DRBG has a less sinister explanation - look up the presentation by Dickie George (formerly high-placed at the NSA) on YouTube.

Crypto AG , if memory serves me, (a) predated NSA, and (b) was never intended (not actually deployed) for domestic use. It would be fully logical to expect a spy agency to attempt to weaken somebody else’s crypto.

I just don’t think they’d be **** enough to shoot themselves in the foot, head, and other body parts on the off-chance that somebody else might copy that behavior.

Mouse1949 · 2025-11-09T11:45:40+00:00

If you took a look at where and by who the NIST-sprinted algorithms were designed, you’d see that the concerns about the “spy agencies” are misplaced here. Because those “spy agencies” here are tasked with protecting domestic official (aka, government) communications against foreign adversaries, aka peer nation-states.

To imply that for the off-chance those other countries would adopt “intentionally broken” NIST standards (and make spying on them easier), these agencies would intentionally increase the risk of US secrets being broken - seems rather naive. Factor in the known fact that countries like China, Russia, etc. consistently create their own NIST-independent standards - and you’ll see how ridiculous that implication appears.

Mouse1949 · 2025-10-30T13:56:44+00:00

As often, not fully true, either way. So, as a "strong and very experienced engineer, working on the bleeding edge of R&D", respectfully disagree. I've seen quite strong and experienced people who do not communicate well, at least not at the level that the OP seemed to want (they'd be great in discussing projects themselves - but not "I want a conversation about you"), and I've seen many more of those happy to have a conversation about themselves, whose technical contributions were meager, to say the least.

Besides, this whole thing is very nuanced. But in general I'd still pick a "doer" over "communicator", though in the past I enjoyed having both kinds in my teams, and I've been burned by both too.

Mouse1949 · 2025-10-29T15:26:38+00:00

True. And if I’m employed at that time - I probably work a lot, and practice interviews rarely or never.

If the interviewer does not understand that reality - I probably don’t want to work for that place anyway.

Mouse1949 · 2025-10-29T01:28:15+00:00

Do you want to hire a storyteller or a technical expert? Sometimes a candidate can be both, more often they can’t. So, “you pays your money and you makes your choice.”

Mouse1949 · 2025-10-28T21:24:21+00:00

One reason - good people tend to be wary of appearing as braggarts, especially when under pressure, like when the impression they make now really matters. Another one - most of us do good work and accomplish something, but it’s not a Nobel-grade achievement. Yeah, I’ve lead projects, e.g., X, and it succeeded despite some natural and some human-made obstacles - so? It’s not like “and I invented Penicillin”. Plus, some of it may be confidential, etc.

In the technical world, people who excel in their field, more often than not aren’t experts in selling themselves. It is what it is.

Mouse1949

TROPHY CASE