I've been spending a ton of time with the language and its implementation through my day job, and I recently spoke about its use as a DSL for embedded knowledge bases: https://www.youtube.com/watch?v=lYLkaOq7WbU

Prolog III is considered the origin of constraint logic programming: http://www.prolog-heritage.org/en/ph30.html

Comments URL: https://news.ycombinator.com/item?id=28875263

Points: 2

# Comments: 0

Fortunately it's something that I've seen improve over time, but it's a pain-point I've run into with a lot of dependencies, so I try to call it out when I see it.

A lot of what I'm talking about has to do with configuration, but reuse is another big element. Your example has no configuration, and so is good in that regard, however your example is not reusable, in the sense that it's only possible for a single counter to exist.

I realize this is a contrived example, because you were trying to keep things simple, but if I needed two distinct atomic counters in my app, then I wouldn't be able to use Ergo, as it's currently implemented, because the application only starts a single counter, and doesn't provide any capabilities for starting additional counters.

You could change Ergo to get around this, possibly by instead running a dynamic supervisor that can start named counters under it, using something like `Ergo.create_counter/1`, but this would only address this specific use case.

To go back to my last comment, if you instead exposed, for example, a `__using__` macro that modules could use to define new counters, then callers would be able to integrate as many counters as they needed, whenever or however into their supervision tree as they required.

This ties back to the testing point too: if the process is a singleton, managed by the application, then you can only run one test against that process at a time in order to isolate the state for this tests, and you need to ensure you properly clean up that state between tests. Instead though, if the library allows you to start the processes yourself, then each test can use `start_supervised!` to start it's own isolated copy of the process, which will be linked to the test's process, and automatically cleaned up once the test finishes.

I want to be clear though: my issue isn't with applications -- the functionality you're talking about is powerful and useful -- it's purely with the tendency of starting a static and global supervision tree as part of a dependency: see some of the other comments in this thread for some neat examples of how applications like ssh and pg2 handle supervision.

When libraries are written like this, they usually start everything up automatically, and pull from their application environment in order to configure everything. This means that this configuration is global and shared amongst all consumers of the library.

Imagine an HTTP client, for example, that provides a config key for setting the default timeout. This key would be shared among all callers, and so if multiple libraries depended on this client, their configurations would override each other.

Fortunately, Elixir now recommends against libraries setting app config, so this problem is partially mitigated, but it's still a concern within your app: if I'm calling two different services, I want to use different timeouts for each, based on their SLA, so having a global timeout isn't helpful.

Instead, in this situation, I'd prefer something like what Finch provides, where I'm able to start different HTTP pools within my supervision tree, for different use-cases, and each can be configured independently: https://github.com/keathley/finch#usage

Another approach would be to do something like what ssh does, and have the Finch application start a pool supervisor automatically, but then provide functions for creating new pools against that supervisor, and linking or monitoring them from the caller.

There's a few other techniques you can use too, with different tradeoffs and benefits: like Ecto's approach of requiring that you define your own repo and add that to your tree. Chris Keathley describes some of those ideas here: https://keathley.io/blog/reusable-libraries.html

Global trees like this are also harder to test, especially if they rely on hardcoded unique names, and usually restrict you to synchronous tests, since you can't duplicate the tree for every test and run them independently of each other.

Again though, I want to stress that running processes in the library's application is not my problem: it's just not having any control over when or how those processes are started.

I'm just responding on my phone, and I need to run for a few hours, but feel free to ask for more info or reach out. I'm always happy to talk about this stuff! I enjoyed your article, and I apologize if my initial comment came across as an attack on your core points.

I was a little bit flippant in my initial comment, but my main criticism was of libraries that don't support any sort of hooks like this into their supervision strategy, and instead rely entirely on a global and static supervision tree, usually configured using app config.

I think Phoenix PubSub is a perfect example of how libraries should be structured, in that you just need to drop the module + options into your supervision tree, and you have the freedom of starting multiple independent copies of the tree, in different contexts, and with their own configurations: https://hexdocs.pm/phoenix_pubsub/Phoenix.PubSub.html#module...

It's also worth pointing out that these events occurred at Black Hat, in Las Vegas: what passes as acceptable business attire there is not the same as what would fly in an office, and I guarantee there were plenty of people wearing far more risqué shirts without facing any harassment.

It's easy to try to pin some responsibility on the woman here, but that ignores the fact that this sort of language and culture is extremely common at Black Hat and DEFCON, and a shirt like she was wearing would not have been out of place at the conference. Hell, I wouldn't be surprised if she won the shirt at the conference.

From the year before, here [0] is a sign from the vendor area at Black Hat, featuring an underwear clad model with the caption: "You know you're not the first... but do you really care?"

Similarly, to this day, DEFCON, held one week after Black Hat, and likely the largest security conference in the world, still holds a "Hacker Jeopardy" competition, featuring strippers who remove their clothing as contestants answer questions correctly.

I only say all of this because I think a lot of context is being lost in this article, by people who haven't been to these conferences: the women's shirt wouldn't have been what singled her out here, her gender was, and for the recruiters to harass her for that is unacceptable.

[0] https://twitter.com/secitup/status/497140864708116481

If someone is incapable of managing their feelings in a workplace then maybe they don't belong in one, and their colleagues should not be the ones who are punished for that.

I don't expect you to agree with me here.

This is very clearly a case of the professor being unprofessional and exploitative of his position of power.

I think that what you're looking for is already possible today, and that things only get easier over time.

They also used a surveillance system called LanSchool, which sent out all of its commands entirely unencrypted and unauthenticated, so people would spoof the remote takeover command and steal exams from teachers' accounts. It ended up being a whole thing my senior year.

Some people would just bring their own mouse in to get past the defences.

Comments URL: https://news.ycombinator.com/item?id=26972209

Points: 1

# Comments: 0

That being said, for most purposes, you can do worse than using either mutual TLS or Macaroons [0]. As always with cryptography though, the devil is in the details, so for a more thorough discussion, check out @tptacek's "A Child's Garden of Inter-Service Authentication Schemes" [1]. It's one of my favourite treatments of the topic, and discusses the tradeoffs of a few different techniques for different use-cases.

[0] https://en.wikipedia.org/wiki/Macaroons_(computer_science)

[1] https://latacora.micro.blog/a-childs-garden/