Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin https://nakedsecurity.sophos.com/2019/07/09/backdoor-discovered-in-ruby-strong_password-library/
Hi, do you believe me when I say we need ocap security yet
@cwebber I think this problem could have been solved with a purely functional programming language. Although the compiler would need an option to disable any unsafe* functions (like the ones in haskell).
Side-effects are really dangerous, this proves it.
@jorge_jbs Even purely functional programs *do* get access to side effects though, because you need to do do anything useful. They do it through a monad.
The question is: who gets access to that monad?
You're right that functional programming can help, but it isn't that the language is functional itself that does it, it's that it supports higher-order functions and the ability to pass around references.
@jorge_jbs @scolobb @cwebber
I could imagine pure functions leaking information about passwords via timing channels, CPU heat, fan rates, EMF levels related to frequency of RAM accesses, etc. Functional code eliminates state from the perspective of the programmer but in some respects only hides state that still exists from the perspective of physics.
@enkiv2 @scolobb @cwebber Well, you could make a functional language that abstracts over all the implementation details, so you couldn't rely on them. For example, the implementation could add noise so that it really is pure. But, in practice that sounds to be terribly slow xD. But, also in practice, you wouldn't leak side-effects that way.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!