Random numbers (18 vs Python's 3 or Java's 8) don't mean anything without comparing the release cycles and version numbering schemes as well.
I could make small incremental updates to a toy language and release them every week to get to FooBarLang 200.0.0, that doesn't mean it's progressing faster than a language at release 2 or 10.
That's not what I meant! It's that I've witnessed Erlang releases for quite a long time (as everyone), but the coming of Elixir (and me starting using it) made me care about them.
I think a patch for this would be welcomed. Usually there are some subtle complications from such ports which tend to also affect other systems. So fixing it in one place often helps other porting efforts as well.
For the first time Erlang 18 shipped under Apache License 2.0, it will likely have a meaning for Erlang's future development. The Industrial Erlang User Group has spent quite some effort on that.
Can you explain why, or link to a summary of the history? Wasn't it a license specific to erlang in the past? If so that's great as Apache is standard. But if it went from another common license I'm curious to know why.
It didn't come from another common license. It came from the EPL (Erlang Public License http://www.erlang.org/EPLICENSE). Erlang users have been asking for the change for years and OTP 18 finally delivered on the promise.
Something you may find interesting is that the new faster maps are loosely based on Rich Hickey's HAMT implementation that is used in Clojure. Jose and co. in Elixir adapted/is-adapting their internals to use maps as well, as they were faster than any implementation they had.
In addition, I wrote a full QuickCheck model for the new maps. That is, we randomly generate unit test cases for the maps and verify them. We have generated several millions of those test cases, including variants which heavily collides on the hash. This weeded out at least 10 grave bugs from the implementation, which in turn means this release is probably very stable with respect to maps.
No surprise there, Rich's code is pretty solid. I really like this sort of co-operation between languages.
Out of curiosity: QuickCheck is a property based test library? I know of test.check in Clojure and they mention QuickCheck as the inspiration, so I guess they re similar in this regard.
Yes. QuickCheck the original property-based test library, initially for Haskell then commercially ported by the original author to Erlang (as Quviq QuickCheck)
The base is the same, but Quviq QuickCheck for Erlang provides some libraries which are far more developed than most QuickCheck implementations out there. On the other hand, it is not a free tool if you want the full version.
Since you are searching randomly, you need good heuristics that skews the distribution toward where "errors often occurs". This means errors are uncovered in fewer test cases. Also, you need good heuristics for minimizing/shrinking a known failing error. Some of the error cases shrank from 80 commands down to 5, and furthermore simplified the input so it was easier to see what stood out.
Are the quickcheck tests in the otp repo? Cannot find them, but I guess it makes some sense to leave them out since not all have the full quickcheck installed.
It is different from an end-user application in the sense that you can configure this in a safe way, and that has indeed been the typical workaround.
Now we just make it impossible for people to misconfigure this in any way.
The fix was also backported to 17.5 w.r.t the padding for TLS-1.0.
Another point worth mentioning is that Erlang/OTP uses OpenSSL, but only for the cryptographic ciphers. `ssl` is a complete standalone implementation of TLS in Erlang and this automatically avoids a lot of trouble. The common case is that an attack on OpenSSL leaves the `ssl` application unaffected by the error.
Yes and no. Erlang/OTP has a pretty extensive test suite which takes several hours to run. There is a nightly test run on a multitide of architectures. So it is some times the case that a fault is caught at night and fixed the following day.
The Erlang/OTP team runs a mantra where everything is covered by tests and they are doing a really good job at what they are doing. So I would not be surprised to see this having been caught by a test.
Exactly, because if it was a purely functional language, they would have started the project, worked on it for a week, blog about it and said purely functional language for a year, then throw it away.
I love Erlang releases and am very happy about the improvements to maps. I have to admit the OTP motto of "move slow and never break anything" always leaves me wanting more (though).
41 comments
[ 3.1 ms ] story [ 107 ms ] threadI could make small incremental updates to a toy language and release them every week to get to FooBarLang 200.0.0, that doesn't mean it's progressing faster than a language at release 2 or 10.
It's amazing how many people actually confuse version numbers this way, including on HN (check any discussion about semver).
Also switching to the Apache license will make adoption of Erlang/Elixir more possible for certain organizations.
Elixir also gets to reap any performance improvements at runtime and compilation.
https://www.youtube.com/watch?v=xrIjfIjssLE
In addition, I wrote a full QuickCheck model for the new maps. That is, we randomly generate unit test cases for the maps and verify them. We have generated several millions of those test cases, including variants which heavily collides on the hash. This weeded out at least 10 grave bugs from the implementation, which in turn means this release is probably very stable with respect to maps.
Out of curiosity: QuickCheck is a property based test library? I know of test.check in Clojure and they mention QuickCheck as the inspiration, so I guess they re similar in this regard.
http://www.cse.chalmers.se/~rjmh/QuickCheck/
http://www.quviq.com/products/erlang-quickcheck/
Since you are searching randomly, you need good heuristics that skews the distribution toward where "errors often occurs". This means errors are uncovered in fewer test cases. Also, you need good heuristics for minimizing/shrinking a known failing error. Some of the error cases shrank from 80 commands down to 5, and furthermore simplified the input so it was easier to see what stood out.
https://github.com/jlouis/maps_eqc
There is also an accompanying series of blog posts:
https://medium.com/@jlouis666/breaking-erlang-maps-4-4ebc3c6...
(Part 4 here links to the other 3 parts in the beginning for interested readers).
1: https://medium.com/@jlouis666/breaking-erlang-maps-1-31952b8...
2: https://medium.com/@jlouis666/breaking-erlang-maps-2-362730a...
http://www.erlang.org/doc/apps/erts/time_correction.html
http://learnyousomeerlang.com/time
(BTW, there's also a talk from Erlang Factory by Lukas Larsson on the subject:
https://www.youtube.com/watch?v=gfsc2MyP8p8&list=PLWbHc_FXPo... )
> ssl: Remove default support for RC4 cipher suites, as they are consider too weak.
I'm not following Erlang news but was just wondering, aren't these fixes coming out way too late?
https://www.rabbitmq.com/ssl.html
It is different from an end-user application in the sense that you can configure this in a safe way, and that has indeed been the typical workaround.
Now we just make it impossible for people to misconfigure this in any way.
The fix was also backported to 17.5 w.r.t the padding for TLS-1.0.
Another point worth mentioning is that Erlang/OTP uses OpenSSL, but only for the cryptographic ciphers. `ssl` is a complete standalone implementation of TLS in Erlang and this automatically avoids a lot of trouble. The common case is that an attack on OpenSSL leaves the `ssl` application unaffected by the error.
https://github.com/erlang/otp/commit/37f143e9e16e89d753b0e5e...
The Erlang/OTP team runs a mantra where everything is covered by tests and they are doing a really good job at what they are doing. So I would not be surprised to see this having been caught by a test.