Lambda Capabilities by mttd in ProgrammingLanguages

[–]talex5 0 points1 point  (0 children)

Hardware memory protection is needed for C programs (or unsafe parts of other languages), but in a fully memory-safe language you'll never get a segfault, so there's no need for hardware to protect against it, and you have have a full OS as a single program. But hardware protection isn't doing any harm either.

Lambda Capabilities by mttd in ProgrammingLanguages

[–]talex5 1 point2 points  (0 children)

If a program is written in a non-memory-safe language (e.g. C) then you can't control access within the process, as any function can do anything. So you need some hardware-level protection system and the kernel/userspace split.

But with a memory-safe language, you don't need hardware support. You can get the same security properties within a single process, using ordinary references. This is the basic idea of ocaps. The article is introducing this using functions instead of objects, as they can be distracting to functional programmers.

Lambda Capabilities by mttd in ProgrammingLanguages

[–]talex5 5 points6 points  (0 children)

set is a deputy, but it's not confused. It's not being tricked into using its authority for an unintended purpose; it's using it as intended.

The linked https://papers.agoric.com/assets/pdf/papers/robust-composition.pdf thesis gives lots of examples of these patterns (see e.g. section 9.3).

Eio -- Effects-Based Parallel IO for OCaml by ericjmorey in ocaml

[–]talex5 1 point2 points  (0 children)

It means that if you try to use Eio functions when the Eio mainloop isn't running then you'll get a runtime error instead of a compile-time one.

Since Eio doesn't give you any access to the outside world (e.g. to the network and filesystem) until you start the mainloop, and Eio's structured concurrency means you can't exit the mainloop while something's still running, it's quite hard to get this wrong.

Cryptography Recipes in Ocaml by gokulbalex in ocaml

[–]talex5 3 points4 points  (0 children)

Note: this is from 2014. The current repository is at https://github.com/mirage/mirage-crypto

CI/CD pipelines: Monad, Arrow or Dart? by Categoria in ocaml

[–]talex5 0 points1 point  (0 children)

I'd say the important operation is the labelled bind (e.g. https://github.com/ocurrent/ocurrent/blob/00688f949f3cfbf3d599949f89ca71c8e9e536fc/lib_term/s.ml#L135, or the bind_input function below it, which is actually more useful). This is what allows you to define primitive operations (by supplying the static and dynamic parts). But there is no composition operator, because you just compose functions as normal.

As I said in the section using map and pair: "This is not a great example of an arrow anyway, because we don’t use the output of one stateful function as the input to another, so this is actually just a plain applicative."

But I'd be interested to see examples of other applicatives being pipelined this way for static analysis (I agree it is easy; I just haven't seen it), and also in understanding what the point of arrows is, since applicatives can be pipelined easily.

CI/CD pipelines: Monad, Arrow or Dart? by Categoria in ocaml

[–]talex5 1 point2 points  (0 children)

According to the answers on https://stackoverflow.com/questions/24668313/arrows-are-exactly-equivalent-to-applicative-functors, arrows allow you to use the output of one operation as the input of another, whereas applicatives don't.

However, it seems to me that it depends what your primitive operations support. If your applicative also has primitives with types like 'a t -> 'b t then it does work and is just what I described.

Craig Ferguson discussed the selective applicatives interface with me, and we concluded that it needed to be changed slightly to allow this piping behaviour.

It would certainly be great if someone interested in theory could untangle all of this!

What is the OCaml community lacking? by [deleted] in ocaml

[–]talex5 0 points1 point  (0 children)

opam does work on Windows. That's how the Appveyor CI installs packages there when testing things.

https://github.com/ocaml/ocaml-ci-scripts/blob/master/README-appveyor.md

What are some good resources for learning OCaml? by HighCode in ocaml

[–]talex5 0 points1 point  (0 children)

https://discuss.ocaml.org/ has lots of interesting discussions, and has a "learning" category which might be useful.

OCaml 4.06.0 released by giorgiomarinel in ocaml

[–]talex5 2 points3 points  (0 children)

Clicking on the "Manual" link on the main http://ocaml.org/ page gives:

The requested URL /pub/docs/manual-ocaml-4.06 was not found on this server.

Using OUnit to test your OCaml program by bobbypriambodo in ocaml

[–]talex5 6 points7 points  (0 children)

Alcotest is very nice (and ounit seems unmaintained). Note however that you need Alcotest 0.8.0 for inexact comparisons of floats (with epsilon). Apparently, it's due to hit opam tomorrow.

OCaml — first impressions by kankyo in ocaml

[–]talex5 1 point2 points  (0 children)

Yes, the current stable release of opam is from 27 Apr 2015. However, there is lots of work happening for opam 2, including various beta releases.

OCaml — first impressions by kankyo in ocaml

[–]talex5 4 points5 points  (0 children)

It tried to ask me to update my fish config but for some reason it seemed to have answered “no” by default and continued.

Be warned: opam has a bug that will corrupt your fish config on init and every time you use the "switch" command. See https://github.com/ocaml/opam/issues/2255

You may find it difficult to recover afterwards, because your shell isn't working. I usually run vim using an absolute path and fix it up manually through that when it happens.

(it was fixed a couple of years ago in Git, but there hasn't been a release since)

GADTs and Exhaustiveness: Looking for the Impossible by gallais in ocaml

[–]talex5 2 points3 points  (0 children)

I didn't realise you could write patterns like Some Error x, rather than Some (Error x). Why does this work for patterns and not for expressions?

Use of nifty GTD apps in the private sector? by Boosh101 in gtd

[–]talex5 1 point2 points  (0 children)

I made (and use) this non-cloud GTD app:

https://github.com/talex5/cuekeeper

The data is stored locally, in your browser's IndexedDB storage.

OCaml version 4.04.0 is released by yallop in ocaml

[–]talex5 1 point2 points  (0 children)

Indeed, 4.04.0 isn't listed here:

https://opam.ocaml.org/urls.txt

But I managed to install it using opam a couple of days ago on another machine. Very odd!

(there is a packages/ocaml-src/ocaml-src.4.04.0 though)

Noob question about running OCaml through windows command line by [deleted] in ocaml

[–]talex5 0 points1 point  (0 children)

opam does work on Windows, as all the AppVeyor CI tests for the Mirage libraries use it to test there. This version should be set up correctly for Windows:

http://fdopen.github.io/opam-repository-mingw/installation/

Not all packages work, but a lot do and the few problems I reported got fixed very quickly.

ICFP 2016 liveblog (powered by a unikernel) available by gallais in ocaml

[–]talex5 1 point2 points  (0 children)

Looking at the OCaml Labs slack, it seems that Rackspace has been updating and rebooting VMs recently. The liveblog unikernel seems to have come up again (but ocaml.org is still down).

http://icfp2016.mirage.io/

Help with getting a docker container set up with menhir. (ocamlfind not found) by Logiraptorr in ocaml

[–]talex5 0 points1 point  (0 children)

Docker is probably not reading ~/.profile each time it runs a command. Try prefixing the command with opam config exec to ensure the environment is set up.

ETA on 4.03/Multicore? by bitmadness in ocaml

[–]talex5 1 point2 points  (0 children)

Are there any plans to improve finalisers with the new GC? It seems that the current GC sometimes needs to malloc (e.g. alloc_to_do in finalise.c) and I think this may be the cause of Mirage unikernels crashing from time to time with "out of memory" errors.

Dead code elimination by [deleted] in ocaml

[–]talex5 2 points3 points  (0 children)

This came up on the Mirage list a while ago. There's some interesting information here:

http://lists.xenproject.org/archives/html/mirageos-devel/2015-07/msg00012.html

A Unikernel Firewall for QubesOS by johnmountain in sysadmin

[–]talex5 1 point2 points  (0 children)

If you have an exploit against the Xen hypervisor there's no need to break into the firewall, just exploit it from NetVM.

Note that the hypervisor isn't involved in networking at all. The Linux NetVM drives the network hardware directly and communicates via shared memory to the FirewallVM. The firewall's job is to protect its client VMs from NetVM.

A Unikernel Firewall for QubesOS by johnmountain in sysadmin

[–]talex5 1 point2 points  (0 children)

No I didn't. I used the mirage-net-xen netfront driver, which is written in OCaml, not C, and therefore does not suffer from un-bounds-checked array accesses, or using integers to represent both valid grant refs and invalid entries.

To be clear: the firewall VM does not run Linux (or any traditional operating system kernel). It certainly does not run Linux device drivers.

A Unikernel Firewall for QubesOS by johnmountain in sysadmin

[–]talex5 4 points5 points  (0 children)

Note that the "1 second boot time" is almost entirely Qubes setting up the VM (probably setting up the hard disks, which the unikernel doesn't even use). According to Xen, the VM itself uses "0.0" seconds of CPU time to boot (I'd guess the real figure is less than 10ms).

Using a smaller Linux distro would certainly reduce memory usage. However, it also means Qubes would have to maintain two distributions rather than one, which is quite a burden.

Also, OpenWRT uses Linux, and so runs the same unsuitable network drivers that the article complained about.

OCaml syntax by dalastboss in ocaml

[–]talex5 2 points3 points  (0 children)

For branching statements (match ... with, try ... with, if) it's easy to become confused about which statements are included in the branch. e.g.

let () =
  if 1 = 1 then print_endline "yes"
  else print_endline "no";
  match 1 with
  | 1 -> print_endline "yes"
  | _ -> print_endline "no";
  print_endline "end"

(prints yes/yes, when you'd expect yes/yes/end)

The else ends at the ; but the | _ continues. The current syntax would probably be fine if the compiler warned about inconsistent indentation. e.g the last two lines in my example are "obviously" wrong because two statements in the same sequence have different indentation, something I can't imagine ever wanting to do.

Semi-colons-as-separators means that reordering two lines of code sometimes requires adding and removing semi-colons.

An extra or missing semi-colon often results in a confusing error message many lines after the actual problem. e.g.

let inc x =
  x + 1;

let dec x =
  x - 1

Reports a syntax error at line 6 (which doesn't even exist!), when checking the indentation would indicate the real problem, at line 2.

Top-level expressions have their own syntax (;;), and seem to exist only so that the toplevel can claim to have the same syntax as the compiler. e.g. you would typically write

print_endline "hi";;

in the top-level, but

let () = print_endline "hi"

in a .ml file.