
Mathematical Reasoning and Distributed Systems by Erik Meijer and Leslie Lamport - adamnemecek
https://www.youtube.com/watch?v=3krXn4NsCNI
======
jasode
Fyi... the original video released in 2010 is at channel9 and that website
also has download options for offline viewing:

[https://channel9.msdn.com/Shows/Going+Deep/E2E-Erik-
Meijer-a...](https://channel9.msdn.com/Shows/Going+Deep/E2E-Erik-Meijer-and-
Leslie-Lamport-Mathematical-Reasoning-and-Distributed-Systems)

------
jzelinskie
Interesting to see a Channel9 video on YouTube.

Erik Meijer's genuine interest in the subjects in his videos make them a
pleasure to watch.

------
senderista
Re: Lamport clocks and special relativity: I don't think Lamport makes it
sufficiently clear that the SR analogy is just an analogy and is not
physically relevant. It is perfectly valid to treat the computers in a
datacenter as a single inertial reference frame, with a natural notion of
simultaneity. (Geo-distributed clocks can still be synchronized, since the
Schwarzschild solution defines spacelike hypersurfaces with constant time
coordinate.) Logical clocks (which totally order events consistent with their
causal relations) are useful (because synchronization is hard), but not
physically necessary (because synchronization is possible).

------
js8
I really like his point(s) about mathematics and programming, as he talks
about functional programming, especially at 47:20.

~~~
zzzcpan
Well, his points about necessary hard math and proving correctness resemble
those of many in academia, I can understand your bias. But it is a bias and
there isn't even a good argument to support it. Proofs never actually cover
absolutely every possible case and we also can have as reliable software
without the hard math whatsoever. But going into psychology and thinking about
making things easy for humans goes against what is generally accepted in CS
research.

~~~
KirinDave
> Proofs never actually cover absolutely every possible case

That's precisely what you need to do in order to have a valid proof. I'm not
sure why you'd say this?

~~~
SomeStupidPoint
Most proofs have assumptions about the system which can be
(occasionally/rarely) violated, but which make the proof tractable, or simply
don't model features of the real system.

I think the point is that you can have a proof of correctness in a crypto
package that doesnt account for power-usage side-channel attacks, for example.

This is true, but beside the point: a library with no proofs about it doesn't
solve that problem, and the library with proofs tells me I don't have certain
problems for sure.

The question is then: is it worth the proof development effort to only get
those partial guarantees? I would argue yes, for a lot of reasons (and high
EAL levels tend to agree that it is for high-assurance stuff), but it's a
matter of some debate.

~~~
KirinDave
I am fairly sure, upon reading this thread, that this is not zzzcpan's point.
His point is to denigrate the entire practice if providing proofs. I think
he's referring to fields which, given their critical and highly difficult
nature, should in fact start with the proofs and work to invalidate the system
over increasingly more total domains of implemention.

You're right that you can take a mathematical proof out of the realm of
abstract math and it's new domain may not have all the guarantees we need, but
this means we need to extend the system to account for the new domain (and
within this domain, the proof is not valid).

But the poster doubled down on this idea that "there are constraints proofs
ignore" within the existing domain. Outside of convenient proofs that upper
division students provide, this is not true.

A good example of this process and the nature of "pure" CS interacting with
the real world is the field of distributed databases. As the field has grown,
proofs are expected to aggressively model real world conditions and in fact go
further, modeling outright adversarial conditions unlikely to occur in the
real world.

~~~
SomeStupidPoint
Oh, that's quite possible.

I was merely reiterating a common (and I think sensible) point that we can't
write proofs about things we don't have the computational resources to address
or just plain don't realize are an issue. Both are very real challenges to
using proofs about our software, and should be kept in mind when talking about
the field.

The said, Im a proponent of everything from proofs about abstract algorithm
properties to basic model checking on a spec to using formal methods to
extract a program with guaranteed propertied from a formal spec we've written
proofs about in something like Coq.

DARPA funding HoTT research should clue anyone in that this stuff is useful.

~~~
KirinDave
I think we should work to prove software and that's an ongoing process, but
it's hard to imagine using an algorithm without a proof of at least
correctness and convergence.

I just see people talking about domains and saying, "We don't need proofs for
software" like they learned literally nothing from OpenSSL last year. And
perhaps they did not, but I think we all should recognize that the stakes are
getting pretty high and it's time to stop pretending we're all supervillan-
level software designers.

------
nickpsecurity
It was an interesting article. Neat how one scheme was inspired by a bakery.
The concern with the red light happened to me. Its timing was odd where I
wasn't sure if I'd make it or not but on a road with a high speed limit. I
decided to brake at the last moment. Should've worked but tires were bald. I
landed in the middle of the intersection with a police officer to my right.
So, the "hypothetical" example of Lamport cost me money in the real world. ;)

However, I reject his notion that computation is basically digital, step-by-
step process. There's actually at least two models of computation where one is
continuous. I gave a lot of detail in the link below:

[https://lobste.rs/c/zyj5e1](https://lobste.rs/c/zyj5e1)

------
chadcmulligan
That's a very disappointing shirt Erik is wearing

~~~
tomonl
It's just his style, if you look him up on Google Images you'll see he always
wears shirts like that.

~~~
chadcmulligan
thats what I meant - it's not as bright as his usual style

