• 8 Posts
  • 91 Comments
Joined 1 year ago
cake
Cake day: July 17th, 2023

help-circle
  • Far as Swift’s syntax goes, I really like argument labels too, but it’s just that there’s SO. MUCH. SYNTAX. Lots of sugar, yes, but sometimes that’s part of the problem in my opinion, because it often adds to the syntactic and semantic “noise.” Also, there’s 98 keywords (more if you count eg. try, try! and try? as different keywords, and this count is missing eg. sending and other new keywords) – compare this to say Rust’s or or Python’s 35. Java’s got 68, while C++ also has 98 and it’s notorious for having way too many of them. And then there’s all the symbols – some of which have different meanings in different contexts.

    It’s true that ARC only applies to reference types, but even with value types you can often get some fairly surprising performance problems due to implicit copies, for example in getters and setters – and the _read and _modify accessors that can sometimes help with that due to returning (well, yielding) a borrowed value instead of a copy aren’t meant for “public” use (which doesn’t mean many libraries etc. don’t use them, much to the consternation of core devs).


  • Swift is… not a great language. It’s got some promise but goddamn does it have a “designed by committee” feel to it; they just keep throwing on features like they’re going out of fashion and it’s getting ridiculously complex. Just the syntax alone is a bit of a nightmare – soooo many keywords and symbols. It’s also extremely hard to predict how well Swift code will perform, in large part due to ARC (automatic reference counting) memory management, which is a huge downside for game development. And don’t even get me started on the new concurrency stuff…

    Just as a side note, it’s not purely an Apple project nowadays. They’re still the “project lead” but it’s not exclusively theirs anymore. Still, regardless of that, at least personally I really couldn’t recommend it especially to someone looking to get into game development.


  • That’s known as a ligature and they’re pretty common in many programming-oriented fonts, which usually have stylistic sets with different ligatures for different programming languages that you can optionally enable in your editor’s configuration. For example, here’s the stylistic sets the Monaspace font offers:

    Personally I’m not too fond of ligatures so I never enable any, but many folks do like them.

    Edit: and just as a side note, ligatures are super common in many fonts, you just might not notice them. Here’s some classic examples from the DejaVu Serif font, with and without a ligature:









  • I dint know many OO languages that don’t have a useless toString on string types.

    Well, that’s just going to be one of those “it is what it is” things in an OO language if your base class has a toString()-equivalent. Sure, it’s probably useless for a string, but if everything’s an object and inherits from some top-level Object class with a toString() method, then you’re going to get a toString() method in strings too. You’re going to get a toString() in everything; in JS even functions have a toString() (the output of which depends on the implementation):

    In a dynamically typed language, if you know that everything can be turned into a string with toString() (or the like), then you can just call that method on any value you have and not have to worry about whether it’ll hurl at runtime because eg. Strings don’t have a toString because it’d technically be useless.


  • Everything that’s an Object is going to either inherit Object.prototype.toString() (mdn) or provide its own implementation. Like I said in another comment, even functions have a toString() because they’re also objects.

    A String is an Object, so it’s going to have a toString() method. It doesn’t inherit Object’s implementation, but provides one that’s sort of a no-op / identity function but not quite.

    So, the thing is that when you say const someString = "test string", you’re not actually creating a new String object instance and assigning it to someString, you’re creating a string (lowercase s!) primitive and assigning it to someString:

    Compare this with creating a new String("bla"):

    In Javascript, primitives don’t actually have any properties or methods, so when you call someString.toString() (or call any other method or access any property on someString), what happens is that someString is coerced into a String instance, and then toString() is called on that. Essentially it’s like going new String(someString).toString().

    Now, what String.prototype.toString() (mdn) does is it returns the underlying string primitive and not the String instance itself:

    Why? Fuckin beats me, I honestly can’t remember what the point of returning the primitive instead of the String instance is because I haven’t been elbow-deep in Javascript in years, but regardless this is what String’s toString() does. Probably has something to do with coercion logic.


  • This is absolutely true, but it still seems to me that we’re throwing the baby out with the bath water when we just stick to extremely terse symbols for everything regardless of context.

    Reading articles would be so much easier if they used even slightly longer names – thankfully more and more computer science articles do tend to use more human readable naming nowadays, at least.

    Sure, longer names make manipulation harder a bit more annoying if you’re doing it by hand, but if you do need to manipulate something you can then abbreviate the terms (and I’m 60% sure I’ve seen some papers that had both a longer form and a shorter form for terms, so one for explaining shit and one for the fiddly formal stuff)

    Of course using terse terms is totally fine when it’s clear from the context what eg. ∆x means.






  • With “guarantees” I meant things like whether you want to have perfect forward secrecy, or whether you want to provide some degree of deniability, and so on, not so much what kinds of guarantees you’re relying on although they’re definitely also good to keep in mind.

    “As secure as possible” is a very all-encompassing goal which doesn’t really say much – what I was trying to get at with my point about the guarantees you want to make is that you’ll want to have a clear idea of what you actually mean with “as secure as possible” so you’ll know what sort of eg. architectural decisions to make before you do a lot of work and paint yourself into a corner.

    It’s a very ambitious project, but I can guarantee it’ll probably be very interesting to work on and you’ll learn a lot regardless of the outcome, and I’m definitely rooting for you.


  • I have a background in distributed systems and some background in security (I’m by no means a cryptography expert but I do know more about the subject than average developers), and I’d say that at this stage you shouldn’t worry too much about meeting all parts of some guideline or another; they’re often geared more towards bigger teams and slightly more established projects. What I think could benefit you would be first of all to have a clear idea of what exactly you want to accomplish (from a security standpoint, not necessarily so much from a functionality standpoint) if you don’t already have have one, ie. what sort of guarantees do you want to be able to make. Doesn’t have to even be a public document at first, just some notes and sketches for yourself. Then you’d want to find other projects with similar guarantees and aims and see how they did things, find research papers on the subjects and so on. Security guidelines can be useful, but generally it’s more useful to understand why something is in a guideline in the first place. For a project such as yourst I would personally really emphasize design documents and research over code at an early stage, because you need to have a clear goal in mind before you start cranking out code which might turn out to be worthless (at least to some degree) after you run into problems with your approach. Not saying that the documentation has to be public, just that you / the team know exactly what the goal is.

    “Encrypted P2P chat” can mean vastly different kinds of projects, with very different aims. For example, do you want perfect forward secrecy? If so, you’d want to find out the challenges associated with it, especially in relation to interactivity since you’re building a P2P architecture, etc. etc. Same with anonymity / user “traceability” like I mentioned earlier; you need to have a clear picture of what kinds of guarantees do you want the users to have to be even able to say what kinds of best practices you’d have to follow.

    Sorry, that turned into a bit of a ramble and might be completely obvious to you already, since I have no idea about your background and the level of research you’ve already done.



  • Right that makes sense.

    But yeah, after glancing through the links you provided, I’d agree that you’ll definitely need to pay someone for an audit / review, there are so many pitfalls and gotchas when it comes to encryption alone, and depending on the guarantees you want to be able to make you’ll find even more pitfalls and gotchas – especially if you want to make even relatively light guarantees about anonymity. The classic problem is that even with encrypted payloads the metadata / protocol itself leaks information, which might or might not be a problem depending on what your guarantees are.