[HN Gopher] Elixir is still safe
___________________________________________________________________
Elixir is still safe
Author : manusachi
Score : 139 points
Date : 2023-07-24 18:22 UTC (4 hours ago)
(HTM) web link (paraxial.io)
(TXT) w3m dump (paraxial.io)
| [deleted]
| e-dant wrote:
| Without stepping on anyone's toes, I think we can agree that
| "safety" could be broken down a bit. Memory safety, thread
| safety, fine... but there's a whole forest past those trees.
|
| Is it a safety feature to type-check regular expressions using
| dependent types? Is Python a security vulnerability because the
| performance can be unpredictable?
|
| I don't know.
|
| Rust, for that matter, doesn't protect you from running out of
| memory from leaking data on the heap -- or from running out of
| stack space because your infinitely recursive function doesn't
| halt. Maybe that's not part of memory safety -- but that's my
| point.
|
| There's a whole safety forest out there. Whenever I read an
| article about safety in software, it seems like a comfy blanket
| statement. "This is a nice definition which I will live in."
|
| I just don't see how it's so flat.
| rozap wrote:
| > I just don't see how it's so flat.
|
| Because people like making wild and provocative claims to
| motivate writing a paper for which the conclusion was already
| decided.
|
| Anyone who has used, I dunno, any of programming languages that
| are being discussed has a more nuanced take, and isn't spending
| time trying to force all things into Box A or Box B.
|
| Elixir/Erlang has a pleasant concurrency model. It does some
| things well, it does other things less well. It eliminates a
| big class of bugs, and yet you can still write bugs in Elixir.
|
| These sorts of papers are a waste of space on the internet imo.
| greatfilter251 wrote:
| > Practitioner perceptions are formed through personal
| experience, and not based on empirical evidence
|
| The disagreement here is rooted in the empirical worldview.
| Empirically, "rarely" and "never" cannot be (reliably)
| distinguished, and so adherents of this worldview fail to
| distinguish claims which are meant to distinguish them.
| alex_lav wrote:
| Disproving a report's findings is not the same as disproving the
| existence of vulnerabilities universally.
| Xeamek wrote:
| Well duh, that's what the OG article is about, why the author
| of this one would need to repeat himself
| alex_lav wrote:
| The original article didn't disprove the existence of
| vulnerabilities though. Is "Concurrency is hard and I think
| this concurrency model is easier" "proof"? Did you read
| either article?
| csoups14 wrote:
| From the original "Elixir is Safe" article:
|
| > 3. "Shared nothing" concurrency
|
| > Item 3 is the killer one for safety. Like two people, two
| processes cannot share memory; they can only communicate by
| sending each other messages.
|
| This makes impossible an entire class of thread safety
| issues. "Elixir is Safer" might have been a better
| phrasing, but you're misrepresenting the contents of the
| article if you're claiming that it is limited to expounding
| "concurrency is hard and I think this concurrency model is
| easier".
| aeurielesn wrote:
| What would normally be the process to debunk a published paper?
| Simply publishing another paper debunking it in the same journal?
| Fomite wrote:
| Often journals will accept "letters" in some form or another if
| the criticism is brief, and do on occasion publish full papers
| addressing the shortcomings of another.
|
| When that fails, usually one would try another journal or two,
| and after that it's usually some manner of blog posting and
| social media.
___________________________________________________________________
(page generated 2023-07-24 23:00 UTC)