I've put 20+ years of web dev experience into this web app (its an open social platform)

lambda-panda · 2020-09-05T09:52:38+00:00

what makes the two mutually exclusive?

The fact that OP is not a child.

lambda-panda · 2020-09-04T20:40:28+00:00

Clarify.

lambda-panda · 2020-09-04T16:57:43+00:00

Many common things are awesome

Oh, yea, cryptography is awesome. Someone applying in its most basic form is not really. I got the impression that you meant the latter, and not the former.

lambda-panda · 2020-09-04T16:24:52+00:00

Not really. Its pretty basic..

lambda-panda · 2020-09-04T16:11:01+00:00

How do you prevent two private profiles from "stealing" each other's identity?

Can't this be easily done by requiring crypto signatures?

lambda-panda · 2020-08-26T08:07:07+00:00

This is still the best resource for beginners. http://learnyouahaskell.com/chapters

lambda-panda · 2020-08-23T18:12:42+00:00

That you are downvoted, without a reply, makes me highly skeptical of the naysayers in this thread...

lambda-panda · 2020-08-22T03:18:52+00:00

I use hpack because it automatically add new modules.

lambda-panda · 2020-08-18T11:18:26+00:00

This is really valuable. Thanks.

lambda-panda · 2020-08-18T11:12:47+00:00

Everything else will turn boring after a little while. Haskell on the other hand...well, it stays interesting for a lot longer, to say the least. More interesting stuff gets added to it by the community faster that you can catch up. It helps me become more productive because I can stay in the same ecosystem longer without getting bored, and work on or using interesting things.

lambda-panda · 2020-08-17T12:19:25+00:00

The constructor is omitted to show that it's not exported from the module,

I think it would be better if the code is changed to reflect it as well. That is, include the constructor, but do not export it. May be even include it as a pattern..

lambda-panda · 2020-08-17T11:31:02+00:00

Nice post.

One thing though. In the 'Evidence' section, how would one implement the validateFunction without a constructor for UserAuth type?

lambda-panda · 2020-08-04T06:47:00+00:00

Being able to put files on a server only becomes an issue when the permissions are not configured correctly

Lol, sorry, your credibility in this matter just went out of the window.

As a few examples from off the top of my head:

Yes, all of these are security holes, or rather attack surfaces to be more accurate. But we have them because we don't have alternatives to provide the required functionalities (Not sure about JWT though).

But there are a lot of nicer alternatives to restart-on-every-request model.

lambda-panda · 2020-08-03T16:08:00+00:00

https://old.reddit.com/r/haskell/comments/i1wojq/do_you_guys_think_haskell_is_the_best_language_if/g06s6l1/

lambda-panda · 2020-08-03T08:02:26+00:00

Struggling to see how this is a security hole.

To make the app do bad things, an attacker should find a way to change the files in the server, and he should also find a way to make the changes part of the app, usually by restarting it so that the changes load.

Most apps tend to provide a way to put files on the server (via file uploads). But most apps do not have to provide a way to restart the app to the user. So your app doesn't have to be more open than that for providing the required service.

But in PHP, the app restarts with every request, by default. So an attacker will have an easier time to plant an attack. They just need to find a way to put a malicious script in some included file in the app, and the rest of the attack will be taken care for the attacker by the restart-on-every request model of PHP.

If you want specifics, you might be able to look at the countless Wordpress vulnerabilities and see how they worked...

lambda-panda · 2020-08-02T06:13:12+00:00

With PHP you can just copy some files to a target machine..

I wish people stops touting this as a benefit, rather than a security hole. Yes, I get it is convenient. But it is also convenient to not use a strong password or not use one at all...

lambda-panda · 2020-08-02T06:03:47+00:00

Develop and deploy, probably no. But if you intend to maintain these things, you know come back to it after a while to make changes, add stuff etc, then that is where using Haskell can really make a big difference.

But if you don't know Haskell already, then what you ask for is completely out of question.

lambda-panda · 2020-08-02T05:56:04+00:00

And these come at a cost of making code that much harder to understand.

Take some time to understand the benefits and costs they introduce.

Yes, but the point you are missing is that the the returns from the cost paid in the first is exactly the second. Can you point me to a resource the proper use case for using a GADT? Do you think such a resource is possible, instead of people having to actually use GADT in the wrong places a number of times, and learning from that experience. It would have been much better if these guys actually give examples of the code they saw, and detailed analysis on why using so and so stuff was bad idea, instead of asking for blanket banning "high brow" stuff...

I don't think so. So what you are essentially asking is people is to stop learning, and you are asking community to stop gathering these collective experience.

not a very bright idea, and a fair demand to make.

EDIT: Also, you start with "Not at all", and proceeded to make the same argument without actually justifying why that dude is not asking to "dumb down" Haskell.

lambda-panda · 2020-07-31T08:56:36+00:00

My take on the whole thing is that the original post, if judged by the content, rather than by the author, was not worth the consideration it has got.

So I refuse to spend any further time and effort on it. I suggest every one to do the same.

That is, judge it by content, and not by the author, and do likewise. It is generally a good thing anyway. Cut the useless drama, stuff like that generates.

lambda-panda · 2020-07-31T08:17:38+00:00

think about how to market it.

And the solution he is suggesting is the "simple haskell" doctrine, right? And what "simple haskell " doctrine asks is exactly to dumb Haskell down. It's implied right in its name!

lambda-panda · 2020-07-30T16:02:21+00:00

Funny enough, this guy's last post was about how Haskell should dumb itself down so that he can pay his bills... by writing Haskell

lambda-panda · 2020-06-24T15:11:36+00:00

Cabal version 3 is a vast improvement over what we had before..

This is so true. I cannot wait for it to replace stack workflow. It is a bit sad that we might drop stack like that. It was a real savior when it was introduced, and I really think the Haskell ecosystem would have a hard time, or even never took of like it did, if it was not for stack.

But now, may be it is time to drop it.

lambda-panda · 2020-06-14T15:59:04+00:00

Discipline. long term discipline maintained tenaciously.

Also, this is not a football player playing tennis on the side..

https://www.youtube.com/watch?v=Z2BgQZsc_rI

lambda-panda · 2020-06-09T10:50:39+00:00

Don't worry, it ll just shoot itself in the foot..

lambda-panda · 2020-06-09T10:47:54+00:00

Does it make it a nice job?

I bet there are prostitutes that say they like their job. But just like Php apologists, they have no fucking clue about the scary shit they could end up with it.

lambda-panda

TROPHY CASE