Backdoor discovered in Ruby "strong password" library, takes your "strong passwords" and uploads them into a pastebin https://nakedsecurity.sophos.com/2019/07/09/backdoor-discovered-in-ruby-strong_password-library/
Hi, do you believe me when I say we need ocap security yet
@cwebber I think this problem could have been solved with a purely functional programming language. Although the compiler would need an option to disable any unsafe* functions (like the ones in haskell).
Side-effects are really dangerous, this proves it.
@jorge_jbs Even purely functional programs *do* get access to side effects though, because you need to do do anything useful. They do it through a monad.
The question is: who gets access to that monad?
You're right that functional programming can help, but it isn't that the language is functional itself that does it, it's that it supports higher-order functions and the ability to pass around references.
@cwebber If the library's interface doesn't return any monad (for example, isPasswordStrong has type String -> Bool) then there is no need to give access to any monad, everything is pure.
This library seems like a good fit for a pure library. If it needed some types of side-effects (but not all) you could return the FileAccess monad, or something similar.
All the code has access to all the monads. Executing them is another story.
@jorge_jbs I suspect you would enjoy reading http://mumble.net/~jar/pubs/secureos/secureos.html :)
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!