You probably wouldn't see it in "natural" use but it's a potential attack vector if you ever deserialize arbitrary JSON (e.g. JSON bodies in API requests). Of course you should have general limits that would catch these things anyway...
General limits for what? If you can segfault a program with 28kb of JSON, that's far below the maximum many APIs will return, so you'd need to do some sort of pre-parsing of the JSON to determine the nesting level before parsing it...
For example Java won't segfault. It'll throw stackoverflow exception which will be caught and served with some standard error like HTTP 500. It shouldn't affect other queries.
Well, recursion tests would be more for input... I usually limit all POST data to 5-10k and don't like to go over that. I also tend to use chunked uploads, that are a little slower, but serve to limit the size and time of any inbound work.
Me too. I can't imagine trying to maintain a project written like this so I'd still consider you a member of the "clever programmer club" in good standing. Ideas like this make sense when the language gives you good support for them like Haskell does:
I remember working in a Go codebase and that was littered with functions that take functions returning funtions that take functions, etc. I couldn't imagine what compelled them to write this way. Now I can see that they just realized first-class functions, dependency injection, and maybe an article about currying. There was almost no way to follow the problem decomposition nor execution path as each aspect rather than being dealt with as encountered just got pushed into a more and more complicated function that eventually executed everything when given the input, an http request!
You see this a lot with HTTP requests. People realize they're often writing the same code over and over and so they pull it out into a middleware of some kind. It's trading off a little readability in exchange for DRYness.
I think even in Haskell, function composition is a bit of second class citizen compared to function application, e.g. "foo (bar value)" has fewer tokens than "(foo . bar) value". There are languages based on composition (concatenative) but few people use them.
Probably a rewrite – HNers always seem to have stories about being brought in to work on companies with incomprehensible rats nests of code that are impossible to extend any further. I bet that's pretty common, more common than technical debt actually forcing the company under.
Still if you really want to take the analogy further declaring technical bankruptcy could cause business bankruptcy (see Joel Spolsky). You probably want to refinance your debt and get onto a repayment plan (an incremental rewrite) instead.
I really enjoyed the story... but find myself wondering what was the specific “magic” that made it work.
Nowadays everything is “setup” for the cooperation of public and private, but what are the key “ingredients” to make it happen?
The fact that this worked out, is it something unique to that situation, or cannot be duplicated?
The part I find most enticing is this idea of the government shouldering 50% of the risk, and industry only having to do 15%. If anyone could expand on this, I would appreciate it.
> Nowadays everything is “setup” for the cooperation of public and private, but what are the key “ingredients” to make it happen?
Norweigans trust their government, corruption is low, there's strong institutions already in place (a point specifically mentioned by al-Kasim in the Planet Money podcast) to ensure a competent and transparent execution of the plan. There's not many places in the world where all those factors exist sadly.
Holy moly, what a story. I remember reading it a few years ago, and what a crazy example of butterfly effect. The one Norwegian girl who decided she wanted to be an au-pair in London, and met an Iraqi boy there, changed the whole country.
Your code is doing something pretty different from the examples above. You're just calculating the nth fibonacci number, not creating an infinite fibonacci _sequence_. Eliding the explicit recursive structure is the point of the exercise!
Admittedly Python's facilities for doing that with some mutable state are pretty nice:
from itertools import islice
def fib():
a, b = 0, 1
while True:
yield a
a, b = b, a + b
list(islice(fib(), 10)) == [0, 1, 1, 2, 3, 5, 8, 13, 21, 34]
Scott Alexander at SlateStarCodex makes some good points about this effect here[1]. The problem isn't the lack of moderation per se but the dynamics of starting an unmoderated alternative to an existing service. The kinds of people that would switch are only occasionally principled advocates of free speech. Most of the time, they're the people whose communities were banned on the moderated platform -- everyone else ignores your new, smaller entrant and continues on the moderated platform where their friends are. You end up with a just the hateful people. A decentralized platform would probably be better and have better social dynamics if it were the default and _everyone_ used it, but I don't know how you'd get there.
That essay is one of my favourites from Slate Star Codex, and it has been a source of inspiration for my current approach.
There is one way around this: to actually not care about user growth. I don’t have any pressure to make this a big thing. I’ve received a very small amount of VC funding to make a private, business version of this, and that (Aether Business Edition) considers this community version effectively a goodwill exercise / marketing expense.
If it doesn’t get users because it doesn’t serve fringe people, great! Fewer headaches for me. I would rather have the community version a small group of nice people. That, to me, is success.
If you use this one, and if you like it, and want to have it as a Slack-like organic knowledge base / productivity tool for your company, that’s already a win for me.
(If you want to pilot the business version, hit me up at the email in my profile - I’m building it as we speak. It’s on a SaaS / on-prem backend, not P2P.)
Scott's inference about the million scoundrels/witches at Voat was a bit off, here's an alternate observation of the same place:
> "You know what we found out during the temporary Voat exodus of r/Gundeals? As famously "toxic" as it is claimed the denizens of Voat are, they were completely drowned out once we hit ~1000 active users."
Building a new community only from rejects of a moderated one is probably still a dumb idea, and it's a great slatestarcodex article, but the popular notion that unmoderated communities will be necessarily overrun with undesirables is wrong - they're so few in number that "even" Voat could be saved.
What we need is better frameworks (both legal and technological) for building decentralized platforms, so that it would have been just as easy for the Reddit founders, way back in the day, to build Reddit as decentralized from day one. Of course, that's really tough. Simply designing the right policies for decentralized platforms is tough, much less implementing them and figuring out how to keep your users compliant with the law in the face of trolls and illegal content. But I'm hopeful we'll move in that direction.
Yes. Lambdas in Python are awkward, but you can definitely use either a lambda or a named function.
In fact, you could define a number of useful precondition functions in a single module and use them throughout a project. A couple of higher-order functions could make the post's examples safer and nicer-looking too. For example:
@precondition(starts_with('The year is '))
where the starts_with precondition is:
def starts_with(param):
def test(s):
return s.startswith(param)
return test
