DeVault: Announcing the Hare programming language [LWN.net]

DeVault: Announcing the Hare programming language

Posted May 3, 2022 12:05 UTC (Tue) by nix (subscriber, #2304)
In reply to: DeVault: Announcing the Hare programming language by JMB
Parent article: DeVault: Announcing the Hare programming language

> the reaction is a big wave of hate

I read a lot of people commenting on why various design decisions seemed poor, followed by, variously, defensiveness, attacking the critic rather than the point they made or declaring they will simply not interact with them at all, declaring the point to be "out of scope" (even when it was *explicitly required* for the design goals of the language: UAF protection or decent data structures are obviously needed in order to be able to actually trust your tools, but I guess it's not obvious after all)... or simply ignoring the entire comment thread (e.g. the rather devastating points about its character/unicode handling, which would seem germane to the string handling stuff Drew *was* responding to).

My immediate impression from this thread is that this is a new language where design or implementation criticisms or even suggestions for tiny changes to the documentation are ignored unless they're really easy to fix *and* you're someone in the designer's good books, which might well mean never having mentioned a competing language in his hearing. You'll pardon me if I think that this sounds a bit excessive. "Tidal wave of hate" or no, walking on eggshells in order to not offend the language designer or having suggested improvements disregarded because of who I am seems like a bad fork to be stuck in if I want to use a nascent language.

FYI: I saw no hate, although I did gasp in shock at several of Drew's comments. I saw one comment that designing new languages which intentionally avoid trying to protect against UAF should lead to legal liability for the language designer. I'm not so sure about that, but it is clearly seriously *unwise* to choose to use this language, however pretty it might be, for anything remotely important or which processes hostile input or which processes not-perfectly-controlled input which might not all be perfectly formed UTF-8 or which requires complex datastructures or which might need nontrivial memory management... which rules out just about everything other than hobbies you're sure nobody else is going to use. It probably should expose people who choose to use it for safety-critical or security-exposed stuff to legal liability, but this should be true whatever language they choose to use. If people do use it for critical stuff and its manifold obvious faults cause problems I can easily see the language designers getting exposed to significant opprobrium for encouraging people to use it without prominent warnings about this stuff, all while having an announcement that said "Provide tools the programmer may use when they don’t trust themselves" while leaving huge mantraps like manual memory management and no decent datastructures in place which obviously force the programmer to be perfect a huge proportion of the time, just like C does.

I like C. I use it all the time: even though it is obviously a stone-age tool, it is a good one as such things go, and you can prepare food perfectly well and also cut yourself really badly with an Acheulean hand axe. I still think this language is obviously aiming at the wrong goals, and that this comment thread is an example of self-destructiveness on Drew's part the like of which I haven't seen on LWN since the Apache OpenOffice fiasco. Drew hasn't *actually* insulted or driven off most of the C++ committee or Rust language designers yet, but that's seemingly only because most of them don't post here. It is obvious from this thread alone that he considers that disagreeing with him is a cardinal sin and that there is no need to justify even the most bizarre and retro language design decisions beyond saying "out of scope" or using plural pronouns like a monarch to make it seem as if lots of really important unnamed people already thought this through, though you don't get to see their reasoning and no precis nor even a link to a rationale is provided.

I used to more or less trust what Drew wrote. He seemed to think things through. That's gone.

to post comments

DeVault: Announcing the Hare programming language

Posted May 3, 2022 12:45 UTC (Tue) by mads (subscriber, #55377) [Link] (2 responses)

I think your comment is a perfect example of the "tidal wave of hate" the parent was referring to.

DeVault: Announcing the Hare programming language

Posted May 3, 2022 17:43 UTC (Tue) by nix (subscriber, #2304) [Link] (1 responses)

I don't hate it. I don't know enough about it to hate it. Some parts of it seem very nice, but to me those parts are outnumbered by the parts I think are not. It seems to go to great lengths to not improve the areas where I think C-like languages need most improvement, and at least one of its designers lauds this as apparently being beneficial (though I have no idea why).

It seems like an unwise direction for programming language development to go in, and anybody pointing this out seems to be treated unpleasantly at best, judging by this thread. Is that hatred? If so, hatred is a whole lot weaker than I thought it was. Mild disapproval and a recommendation (again, based on very little more than this thread and a cursory read of the docs) that something is best avoided unless apparently baked-in faults are fixed first is not "hatred".

DeVault: Announcing the Hare programming language

Posted May 4, 2022 16:56 UTC (Wed) by khim (subscriber, #9252) [Link]

This whole things remids me about Hans Reiser (except, hopefully, without murder).

As in: both Reiser and SirCmpwn understand many things much deeper than many of us (including me, obviously), yet they are wrong about certain things, too… and they categorically refuse to even consider the possibility that they can be in the wrong.

This means that they can do really impressive things, yet they can't be trusted. A pity, really.

DeVault: Announcing the Hare programming language

Posted May 3, 2022 14:57 UTC (Tue) by rsidd (subscriber, #2582) [Link] (1 responses)

I use Sway, which Drew originated. I probably use lots of other software he wrote. I think the questions in this thread are fair and I'm really staggered at his responses. Maybe it's adrenalin or something.

Example of overreaction: he interpreted "liable" as "criminally responsible" (for bugs downstream from his design decisions). It doesn't mean that, it technically means "legally answerable" but OP probably didn't mean even that, it was figurative. He includes that claim in his blog post on Hare's scope (promising another on the main question here, memory safety)

DeVault: Announcing the Hare programming language

Posted May 3, 2022 15:55 UTC (Tue) by mads (subscriber, #55377) [Link]

What's your point here?

The tone is disappointing

Posted May 3, 2022 18:17 UTC (Tue) by tbird20d (subscriber, #1901) [Link] (7 responses)

I have a hobby project I've worked on for a long time. It has security problems I'm aware of, so I've never published it as open source, though I think some of its features and their implementation (unrelated to its security) might be of interest to others. The negative tone of some of the people in this crowd makes this a place I wouldn't want to introduce it, if I ever changed my mind.

The tone is disappointing

Posted May 3, 2022 20:56 UTC (Tue) by roc (subscriber, #30627) [Link] (5 responses)

Speaking for myself, but I suspect also a lot of other people in this comments section, what bothers me most about Hare is this claim:

> It is well-suited to writing operating systems, system tools, compilers, networking software, and other low-level, high performance tasks.

I strongly believe that at this point in time, it is irresponsible to trade away security to the extent Hare does, when adopting a new language in any operating system, system tools, or networking software that you expect other people might use, and therefore it is irresponsible to make the above claim.

So if you avoid claims like that, and just publish your work with a disclaimer that it has security problems and is not suitable for production use, I think you'd be fine.

The tone is disappointing

Posted May 4, 2022 9:21 UTC (Wed) by Wol (subscriber, #4433) [Link]

> So if you avoid claims like that, and just publish your work with a disclaimer that it has security problems and is not suitable for production use, I think you'd be fine.

Eggsackerly. Do a Unix Man Page impression and prominently point out the faults - who knows - you might even get a bunch of fixes :-)

Cheers,
Wol

The tone is disappointing

Posted May 4, 2022 14:21 UTC (Wed) by nix (subscriber, #2304) [Link] (3 responses)

Quite. The specific choice of examples rubbed me up the wrong way too. Operating systems? Assuming this means kernels, they run at maximum privilege level and absolutely need both tools to help you write complex data structures with fine control (since they usually have to reimplement most of them) and tools to avoid memory problems (since they are extra-disastrous). Meanwhile, performance is usually not an issue for 95% of the code in a kernel, and the remaining 5% attracts a lot of thought (and what matters there is usually better algorithms rather than the language it's written in).

System tools? Performance almost never an issue at all, need data structures already there because they are not going to want to reimplement them. Needs to avoid overruns and memory problems because often run as root.

Compilers? They *eat* data structures and very complex allocation patterns for breakfast. I don't know of any large compiler that doesn't have at the very least its own allocator, often several: they usually end up with full-blown garbage collection because the data structures just get so knotty that doing it by hand is utterly impractical. Rust-style ownership tracking usually ends up crudely bodged in :P so it would be helpful to have some of that already there.

Networking software? Exposed to, well, the network. Absolutely must be robust against attackers. I'd prefer it if the things were formally proven correct, but in the absence of actual living flying unicorns at least using heavily-tested datastructures and a memory model that makes common classes of fault next to impossible (like, say, Rust's, or almost any managed language's) is better than nothing. Speed is of marginal interest except for the sort of thing that ends up on network backbones and the occasional thing like the heart of a file transfer system that might find itself at the wrong end of a domestic or datacentre multi-GbE cable, where suddenly every single CPU cycle counts and you'll probably be either bottlenecked in the kernel or using direct-to-userspace stuff and writing core loops in asm to wring *everything* out, with a relatively unimportant and untested fallback in some other language for slower systems. (Almost no applications fall into this category.)

I think I figured it out!

Posted May 10, 2022 20:29 UTC (Tue) by cbushey (guest, #142134) [Link] (2 responses)

>with a relatively unimportant and untested fallback in some other language for slower systems. (Almost no applications fall into this category.)

That sounds like a perfect problem for a programming language to solve. Not some newfangled fresh language where you need to solve a lot of problems and people need to learn new semantics, tooling, and libraries of course! No, it should be lua or javascript (or is that typescript or ecmascript), hmmm. Oh, I've got it! Use GralVM. Then you can aot compile all the code that can run on a jvm. Oh, plus it's designed to be a polyglot compiler so you should be able to mix and match languages you're using with it's help. Maybe even one language per module. Oh, and you've got that Truffle Language Implementation Framework with some more polyglot programing. Now you have a much better solution than making your own language. You can use everybody else's well tested and supported programming languages. Well, you end up learning half a dozen or so unfamiliar syntax but that is clearly better then figuring out something simpler in a single language that can easily solve the problem for a relatively unimportant and untested fallback for slower systems. Sorry. I just wanted to ramble some on lwn and this page has so many comments that my comment is guaranteed to get lost in the noise. I hope you have a nice day.

And almost a week late!

Posted May 10, 2022 20:32 UTC (Tue) by cbushey (guest, #142134) [Link] (1 responses)

This is so not going to be read by anyone. Hey, I'm like that backup language!

Last comment, I promise.

Posted May 10, 2022 20:41 UTC (Tue) by cbushey (guest, #142134) [Link]

oh, and I have absolutely no clue how polyglot programming works using GralVM. At least the last two comments are pretty short.

The tone is disappointing

Posted May 4, 2022 14:00 UTC (Wed) by nix (subscriber, #2304) [Link]

I think Hare makes a fine hobby or experimental language. It's got some very interesting decisions in its design -- but the days are gone when that makes something a good replacement for a major systems language. The state of the art has, slowly and painfully, improved enough for that by now, I think.