
Links Programming Language - caustic
http://groups.inf.ed.ac.uk/links/
======
rarestblog
Interesting, but I kind of have the problem with URLs this language produces.

[http://groups.inf.ed.ac.uk/links/examples/citations.links?_k...](http://groups.inf.ed.ac.uk/links/examples/citations.links?_k=BAH7BgH6BgQBzQwBzAwCAgJpZAAAAwYxOTY1OTAFdGl0bGUBJwAAAUkAAAFuAAABZgAAAWwAAAF1AAABZQAAAW4AAAFjAAABZQAAASAAAAFkAAABaQAAAWEAAAFnAAABcgAAAWEAAAFtAAABcwAAASAAAAFvAAABcgAAASAAAAFEAAABZQAAAWMAAAFpAAABcwAAAWkAAAFvAAABbgAAASAAAAFuAAABZQAAAXQAAAF3AAABbwAAAXIAAAFrAAABc80M+wY=)

Namely: 0\. Not readable by any measure and too long 1\. What's encoded there?
2\. Do URLs expire? 3\. Does each link require some amount of memory to save
the state? 4\. Is it possible to construct malicious URLs that call arbitrary
function with arbitrary argument?

~~~
caustic
It seems like they are embedding some state in these URLs. By I am by no means
an expert in this language, so I am only guessing here.

~~~
Yoric
I haven't checked in some time, but they used to embed the complete
continuation (if you don't know what's a continuation, you can just consider
it's the stack) in the URL. It's a very nice and very natural mechanism, which
gives them lots of flexibility in terms of semantics and garbage-collection,
although I suspect it's very bad in terms of both performance and security.

~~~
rarestblog
So basically it's some kind of entry point with arguments? Wouldn't that be a
huge security hole? I mean it's just buffer overflow, without even a need to
overflow, in plain sight...

~~~
Yoric
I'm not exactly sure how they do it in Links these days. If they still take
the naive approach to continuations, yes, that's a huge security hole.
However, there are moderately simple ways to make this security hole magically
disappear. You keep most of the agility and none of this vulnerability.

------
caustic
This is arguably one of the coolest things I have seen. It's web programming
without tiers, as they call it. Just take a look at examples -- there is no
distinction between client and server. Everything is defined in a single
source. Beautiful. I think mainstream should adopt more languages like this.

~~~
Yoric
Getting there: <https://www.mlstate.com/> . Similar language, much more focus
on security, standard library and tools.

~~~
caustic
Do you work there, at mlstate?

This seems to be very cool project too. I will not compare technical merits of
all the mentioned projects, because I am not experienced with any of them.

Do you have any big application developed in OPA? How was the experience
compared to more traditional webdev stack?

~~~
Yoric
Caveat: I do work there, both on OPA and with OPA.

Details are not public, but I can confirm that we have several medium-to-large
applications in OPA (CMS, B2B, B2C, ...) plus a number of smaller ones (games,
productivity tools).

Compared to usual stacks, the development experience is quite different.
Firstly, prototyping is a breeze: write your algorithms, add long-term storage
if you want, spend a few minutes adding a user interface for testing, and
that's it, it just works. Plus, for free, the compiler guarantees plenty of
security properties, so if you're happy with what the features you have, you
may not even have to think about security. Now, for performance reasons, you
may want to lose some "tier-less-ness" by nailing some of the code onto the
client or the server. That's just the matter of a few annotations. Add these
annotations and yes, your application keeps working. Iterate until you're
happy with the speed.

And then, there are a number of other things that are not specifically "tier-
less" but that we're essentially the only ones to have. We have very high-
level database primitives, concurrency primitives, distribution primitives,
cache APIs, but also higher-level user-interface manipulation, etc.

Now, where OPA doesn't really help you is when you have to interact with down-
and-dirty stuff, e.g. some third-party APIs for which we have no bindings in
the standard library. For these things, you still need to handle the nitty-
gritty details the old-fashioned way.

Still, OPA has become my favorite language, so I guess that's a good sign:)

------
kanak
It seems to have some PL heavyweights working on it: Philip Wadler (Haskell,
Java Generics), Shriram Krishnamurthi (Schemer, author of Programming
Languages Application and Interpretation).

------
baltcode
What do people think of HOP hop.inria.fr/

