Hacker Newsnew | past | comments | ask | show | jobs | submit | apiguy's commentslogin

Not being able to run a 15 year old codebase on a < 1 month old runtime without making some modifications has nothing to do with static or dynamically typed languages.

But first - why don't we point out that the bulk of the issues the author faced had nothing at all to do with types? The issues were primarily with syntax changes.

Regardless - with a statically typed, compiled language, you find these issues at compile time. With any other language you find them at runtime. Either way, you'd have to fix a whole lot before you deploy the code, and just because you prefer to find your exceptions at compile time doesn't mean that it's the best way to find them.


> just because you prefer to find your exceptions at compile time doesn't mean that it's the best way to find them.

It is indeed the best way to find them. At compile time, you get errors for all possible paths a program will take.

For dynamic languages like Ruby you will get an error only if the program takes a path through problematic code and then Ruby will flag the error. This means a runtime error could lie latent in your codebase for many more weeks and months. Only if a rare condition triggers a code path that contains the incompatibility. This is also why refactors in languages like Ruby are more difficult and conservative. As you're never sure you fixed everything.


This seems like a semi-moot point considering that after you've updated something you (presumably) also run an automated test suite and (have someone) test the application manually.

I've also had various occasions where code compiled successfully but no longer worked as intended.


The automated test suite can check many code paths but compilation of a statically typed language checks all possible code paths.

Put another way, automated test suites give you an extremely high level of assurance when using a statically typed language. When your test suite passes in the new version Ruby, you're happy but there still could be cases left that you've not dealt with in rarely triggered code paths/conditions.


The problem with this argument is that you never mention the costs or trade-offs of a statically typed language. You presume that you get the benefits for free and I'm certain that is not the case. The worst systems I've ever worked on were ones with complex and poor types and type hierarchies.


What are the costs of a Ruby incompatibility just waiting to be discovered in production ? You can't assume you wrote tests to exercise every possible branch in every method in every object ?

The costs of static typing are reasonable as long as you're not using a fancy dependently typed language. Ask companies that are maintaining long running software -- types help. The investment is there in the beginning, the payoff is over the lifetime of the project.

If types are complex and poorly defined, you can change them ! The compiler will help you evolve your system through type errors. If you have a poorly structured program in a dynamically type language like Ruby then it becomes more difficult to evolve your system fast and with confidence. You're always asking -- have I missed something out ?


I've been writing software for a long time in many different types of languages. I've led many software teams for a long time that use different languages and tech stacks. I have not seen any measurable difference in productivity or defect rate across different languages. I have also looked at all of the research on this and it is inconclusive at best.

Ultimately, I think that choice of language is one of the least significant predictors of outcomes, yet it's one of the most debated and obsessed over.

Edit: I thought it would be helpful to give examples of what I think is more important. Good CI/CD practives, good observability, robust test and staging environments, etc have been far more important in my experience than static vs dynamic language choice.


Likely low powered computing scenarios. Think set-top boxes, kiosks, cash registers, etc. Anywhere you want to use very cheap hardware basically.


Cheaper then Raspberry Pi? With $15 for Zero variant? How much cheaper then that you can do really?

I'd say RPI it's the best in that regard. Also fully fledged Linux there, not some pet project OS.


Very cheap _x86_ hardware, to be specific.

I'm not sure if it's actually more expensive to find VIA et al based systems for cheaper than NUCs?


I don't know if VIA still does any of that.

But there's Vortex86.


I have the exact same issue. Anything you can do to make it possible to reclaim my account after the yahoo login nonsense would be amazing.


We'd love to help. See: https://news.ycombinator.com/item?id=16889578


I think it's really strange that the headphone jack wasn't mentioned at all in the review. In the one instance he refers to it he says "where the whatchamacalit jack used to be".


He made an entire blog post 110% or more on side about the courage to remove the headphone socket, and how it would make the world a markedly better place and cure world hunger. Of course it's hardly the first time he's had a ridiculously pro-Apple position.

Came up on HN the day of the event I think.


It's a well-covered topic. What new thing could he possibly say?


Not even mentioning it says what I think about it more than anything I could write about it.


After the main body of the text there appears to be some erased text. I can only make out some of the words:

"th... ..... paper jam those ..... ....."


I got this far but I assume there are errors:

"Three rest of 6 paper jam these things copy machine"

The "rest of 6" and "copy machine" came from a friend who claimed to enhance the image. He said the first word was "three" though I thought "their" initially.

Do you think this content is erased or on the next page?


Your steps sound nice but in reality it doesn't work out this way (speaking from multiple experiences with your reputation system).

First of all, EVERY piece of desktop software my company delivers to users is signed via a known and trusted authority. We knew that would be important and took steps before ever releasing our first piece of desktop software.

Secondly, the error message that users are presented with SCARES THEM. It's not clear why the software is being blocked, and in most cases the user just abandons the software instead of calling us to let us know there was an issue.

When we finally did discover the issue, it wasn't clear what to do. It took us quite a while to figure out where that "false positive" link was, and we weren't even sure that it was the right place to send it to. Even worse, you claim that they "should" have the programs whitelisted within a few business days. This is patently false and never happens that quickly. It took a month before the executable we submitted was whitelisted and you know what? It didn't help one bit.

Symantec seems to not take into account the fact that the executable will be updated, so by the time our first submission was whitelisted we had published 2 updates adding features and fixing bugs. Those updates were blocked even after the initial executable was whitelisted.

You may not be "out to squish the little guy" but honestly that doesn't mean you haven't done quite a bit of damage with your lack of clear messages to your users about why a piece of software is being blocked, and not allowing someone to easily choose to ignore your suggestion that something might not be safe just because symantec hasn't seen it before. (By the time our first symantec using user installed our software we had an installed base of over one hundred users)


> Secondly, the error message that users are presented with SCARES THEM.

Antivirus customers are they type of users that are scared, they are typically users that don't know what to trust. I feel you, I really do.

> It took us quite a while to figure out where that "false positive" link was.

This was a huge peeve of mine, the form is pretty impossible to find unless you use a search engine.

> When we finally did discover the issue, it wasn't clear what to do. It took us quite a while to figure out where that "false positive" link was, and we weren't even sure that it was the right place to send it to. Even worse, you claim that they "should" have the programs whitelisted within a few business days. This is patently false and never happens that quickly. It took a month before the executable we submitted was whitelisted and you know what? It didn't help one bit.

Normal turn around time is a few days, it shouldn't take a month. Was this around Christmas? Were the files served via https? Are files unique between downloads? Were the files mirrored to different domains? Did the team have actual executables to vet?

I understand your frustration and I am sorry it feels like Symantec is working against you. Please continue to fill out false positive reports, the team takes those seriously. With false positives, it shows the system is flawed and they'll take a deeper look at fixing the fundamental problems, otherwise they think the system is working perfectly.


We are having the very same experience. We signed our software with a code signing cert from a reputable issuer (DigiCert). We discovered that Norton 360 was automatically quarantining the downloaded installer and most users had no idea how retrieve it from quarantine. We got whitelisted and then released a bug-fix update and voila the our app started getting quarantined again. We are losing potential users and it have been damaging to our company!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: