On Friday, 30 December 2022 at 02:17:58 UTC, Walter Bright wrote:
> The idea that a program should soldier on once it is in an invalid state is very bad system design.

There are definitely cases where it is desirable. In games, especially competitive real time games, the show must go on. If you are in a high adrenalin match and your game crashes at the worst time because some animation system got into an invalid state, you will be very mad.

also this thread makes me sad reading thru it... :(

Oh, I see you talk about Simpsons game and sort of made that point already.

Reading through this thread was a slog. Not sure why I did it but it definitely convinced me that non nullable types are cool and rad.

Also somehow nothing ever seems to change over here in D land... bikeshedding, people asking for d3, weird meandering progress with seemingly no end goal. Classic Dlang forums thread.

On Monday, 9 January 2023 at 21:38:34 UTC, Walter Bright wrote:
> On 1/9/2023 7:12 AM, Don Allen wrote:
>> So is an airplane (despite the internal redundancies, the whole system can fail, e.g., the 737 rudder actuator failures), and yet we fly. That something is a single point of failure is, considered alone, not an argument against its use. The decision to use or not should be based on a weighing of the benefits vs the risk/cost (probability of failure and its cost).
>
> The rudder failure was a very baffling problem, and it wasn't even clear it *was* a rudder failure for years.
>
>
>> As for LastPass, I was a user, with a long-enough random password drawn from a large enough character set resulting in
>> > 10^15 possibilities. A key that hard to find by brute force
>> gets the risk low enough for me so I can enjoy the benefit of having access to my passwords from all my devices and share them with my wife and vice-versa. What's the alternative? An encrypted spreadsheet? Unworkable.
>
> A strong password isn't good enough. There are other ways in. A key logger may record your password.

I'm well aware of key loggers. It's pretty unlikely that a key logger going to get installed on my FreeBSD or Linux systems that are sitting behind a firewall with the sshd port blocked? In addition, I never type my 1Password password. I keep it on a USB key that gets inserted and mounted when I need it and a script prints the password and umounts the key. I then copy-paste the password.

I'm not looking for zero risk, which is impossible. I'm looking for the most reasonable operating point. Again, cost/risk vs. benefit.

On 1/10/2023 7:39 PM, Don Allen wrote:
> I'm not looking for zero risk, which is impossible. I'm looking for the most reasonable operating point. Again, cost/risk vs. benefit.

I don't know your situation, but losing all my passwords would be a disaster for me. I've had my checking account compromised, credit cards compromised several times. Multiply that by a hundred.

I've seen sob stories on HackerNews were some victim had has Mac compromised, and the hacker then took over all his accounts, changed the passwords, and started impersonating the victim.

Apple won't fix it for you, Google won't fix it for you, Amazon won't fix it for you.

You're borked.

No thanks.

On Wednesday, 11 January 2023 at 04:03:02 UTC, Walter Bright wrote:
> On 1/10/2023 7:39 PM, Don Allen wrote:
>> I'm not looking for zero risk, which is impossible. I'm looking for the most reasonable operating point. Again, cost/risk vs. benefit.
>
> I don't know your situation, but losing all my passwords would be a disaster for me. I've had my checking account compromised, credit cards compromised several times. Multiply that by a hundred.
>
> I've seen sob stories on HackerNews were some victim had has Mac compromised, and the hacker then took over all his accounts, changed the passwords, and started impersonating the victim.

I think it's a pretty safe bet that the "victim" did something dumb. If you use your wife's maiden name as the password of your Google account, don't enable 2FA, and your account gets hacked, are you a victim? I don't think so. Information for how to protect yourself online is everywhere. People ignore it, just as they ignore warnings about smoking.

>
> Apple won't fix it for you, Google won't fix it for you, Amazon won't fix it for you.
>
> You're borked.
>
> No thanks.

Well, you and I just have a different set of weighting factors.

Do you carry a cellphone? There are risks, as I'm sure you well know. I have friends at MIT who won't use them who, I'm quite sure, would agree with you about password managers. Use credit cards? See what Richard Stallman has to say about that. Write checks? Risks.

I think this is just like getting on an airplane or driving a car. Most of us accept the risks in return for the benefits. But not all.

On 1/10/2023 8:32 PM, Don Allen wrote:
> Do you carry a cellphone? There are risks, as I'm sure you well know.

Yeah, I do. But I don't build my life around the phone, because I'm aware of what happens when it gets hacked, stolen, lost, etc. Pegasus can remotely read everything you do on your phone. You can catch Pegasus by clicking on a link. A password manager is useless when faced by that.


> I have friends at MIT who won't use them who, I'm quite sure, would agree with you about password managers. Use credit cards? See what Richard Stallman has to say about that. Write checks? Risks.

I've had my credit cards stolen, and my checking account compromised. Both were a fair amount of work to fix. But it's not *ALL* of my online accounts.

I keep things compartmentalized, like how airplanes are designed. Airplanes are deliberately designed to withstand any single failure and land safely. They can lose an engine, a pilot, a wing spar, a hydraulic system, a bird strike, a hole in the cabin, jammed actuators, etc. The incredible safety record of airliners shows this works.

I take my cues from that.

On Wednesday, 11 January 2023 at 00:02:30 UTC, A moo person wrote:
>
> There are definitely cases where it is desirable. In games, especially competitive real time games, the show must go on. If you are in a high adrenalin match and your game crashes at the worst time because some animation system got into an invalid state, you will be very mad.

We need to caracterize where it's ok to go on, typically it's cases where showing errors in would be worse for the user, and the user is creating some "content".

- Markdown has a design where it always compile. No errors because erros have a visual impact, and in content creation if it has no visual impact it's not a real error.

- typically a game engine: if a file failed to load

- HTML and CSS are famously lenient

But all those cases are "input errors", not "invalid state".

On Wednesday, 11 January 2023 at 08:57:25 UTC, Guillaume Piolat wrote:
> On Wednesday, 11 January 2023 at 00:02:30 UTC, A moo person wrote:
>>
>> There are definitely cases where it is desirable. In games, especially competitive real time games, the show must go on. If you are in a high adrenalin match and your game crashes at the worst time because some animation system got into an invalid state, you will be very mad.
>
> We need to caracterize where it's ok to go on, typically it's cases where showing errors in would be worse for the user, and the user is creating some "content".
>
> - Markdown has a design where it always compile. No errors because erros have a visual impact, and in content creation if it has no visual impact it's not a real error.
>
> - typically a game engine: if a file failed to load
>
> - HTML and CSS are famously lenient
>
> But all those cases are "input errors", not "invalid state".

I used to buy into the propaganda of the distinction between "input" and "logic" errors. Now I beleive the distinction is moslty useless. "Invalid state" becomes "input error" depending on how you modularize the system.

On Wednesday, 11 January 2023 at 04:32:41 UTC, Don Allen wrote:
> On Wednesday, 11 January 2023 at 04:03:02 UTC, Walter Bright wrote:
>> On 1/10/2023 7:39 PM, Don Allen wrote:
>>> I'm not looking for zero risk, which is impossible. I'm looking for the most reasonable operating point. Again, cost/risk vs. benefit.
>>
>> I don't know your situation, but losing all my passwords would be a disaster for me. I've had my checking account compromised, credit cards compromised several times. Multiply that by a hundred.
>>
>> I've seen sob stories on HackerNews were some victim had has Mac compromised, and the hacker then took over all his accounts, changed the passwords, and started impersonating the victim.
>
> I think it's a pretty safe bet that the "victim" did something dumb. If you use your wife's maiden name as the password of your Google account, don't enable 2FA, and your account gets hacked, are you a victim? I don't think so. Information for how to protect yourself online is everywhere. People ignore it, just as they ignore warnings about smoking.
>
>>
>> Apple won't fix it for you, Google won't fix it for you, Amazon won't fix it for you.
>>
>> You're borked.
>>
>> No thanks.
>
> Well, you and I just have a different set of weighting factors.
>
> Do you carry a cellphone? There are risks, as I'm sure you well know. I have friends at MIT who won't use them who, I'm quite sure, would agree with you about password managers. Use credit cards? See what Richard Stallman has to say about that. Write checks? Risks.
>
> I think this is just like getting on an airplane or driving a car. Most of us accept the risks in return for the benefits. But not all.

I forgot to mention a couple of things about password managers. I won't convince you, but for the benefit of anyone reading this who may be considering their use:

1. Any password manager worth using provides 2FA for the main password. So in the very unlikely event that a hacker got your password (key logger or whatever), they are not going to get past the need for a time-dependent code. 1Password has this, of course, and requires codes generated by a phone-based authenticator.

2. 1Password gives you a long "secret key", which you must produce to set up 1Password on a new device. They provide that key in a .pdf file, which you can store offline, or encrypted (I encrypt sensitive files with AES256 using a 32-character key that is stored offline).

So for someone to get into your 1Password account from a device other than yours, they need to

1. Steal your password
2. Produce the "secret key", which they won't be able to
3. Get past 2FA, which they won't be able to

On Wednesday, 11 January 2023 at 10:57:18 UTC, Max Samukha wrote:
>
> I used to buy into the propaganda of the distinction between "input" and "logic" errors. Now I beleive the distinction is moslty useless. "Invalid state" becomes "input error" depending on how you modularize the system.

Your observation does not contradict the original idea. An unrecoverable assertion failure is a recoverable input error from perspective of the operating system or a separate watchdog process - recoverable by restarting the crashed program. The point is, Each program needs to distinguish what it can handle by itself, and where it must consider itself out of control and leave it up to others to restart (or ditch) it.