Ask General Programming Questions Not Worth Their Own Thread

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread

«‹›671 »

AlphaKeny1: Feb 17, 2006

Yeah I would also suggest just exporting to csv and then using python or something easy to read each line to get the specific output that you need. I know you probably want something already built for you to just plug into but uhh you might need to program or think of some other way for your own specific use case.

# ? Oct 10, 2023 09:11

Adbot: ADBOT LOVES YOU

# ? May 29, 2024 16:40

Computer viking: May 30, 2011; Now with less breakage.

It also looks fairly easy to use the Google drive API to ask for a copy of a file in a given format, as long as the export stays under 10 MB. Possibly useful if you need to automate this on a schedule, though I don't know how often you need to do an interactive OAuth login.

# ? Oct 10, 2023 09:45

DoctorTristan: Mar 11, 2006; I would look up into your lifeless eyes and wave, like this. Can you and your associates arrange that for me, Mr. Morden?

Computer viking posted:

It also looks fairly easy to use the Google drive API to ask for a copy of a file in a given format, as long as the export stays under 10 MB. Possibly useful if you need to automate this on a schedule, though I don't know how often you need to do an interactive OAuth login.

Gonna take a wild guess here that OP does not wish to deal with web apis nor OAuth

# ? Oct 10, 2023 14:54

Volmarias: Dec 31, 2002; EMAIL... THE INTERNET... SEARCH ENGINES...

DoctorTristan posted:

Gonna take a wild guess here that OP does not wish to deal with web apis nor OAuth

Ironically, this is probably a great case for Google Apps Script then, since it does a lot of this for you.

# ? Oct 10, 2023 15:05

ulmont: Sep 15, 2010; IF I EVER MISS VOTING IN AN ELECTION (EVEN AMERICAN IDOL) ,OR HAVE UNPAID PARKING TICKETS, PLEASE TAKE AWAY MY FRANCHISE

Volmarias posted:

Ironically, this is probably a great case for Google Apps Script then, since it does a lot of this for you.

Just to be clear: if Google Apps Scripts works for you, great. If it seems like you've found a bug, you probably have and it will never be fixed (I have 10 year old bugs filed that were recently moved to "obsolete" since Google had ignored them long enough to classify them as irrelevant).

# ? Oct 10, 2023 17:22

huhu: Feb 24, 2006

I've got an electron app I'm running in dev with vite and building for production with electron-builder. If I run the dev environment, things work fine, I get hot reloading and all that. However, if I have the production app open, the dev script runs, focuses the production app, then exits with no error and message " Done in 1.48s." as seen below. I feel like they're maybe sharing an ID or something which is causing the dev mode to point at the production app running. Thoughts?

code:

Forced re-optimization of dependencies

  VITE v4.4.9  ready in 360 ms

  &#10140;  Local:   http://localhost:5173/
  &#10140;  Network: use --host to expose
  &#10140;  press h to show help
vite v4.4.9 building for development...

watching for file changes...
vite v4.4.9 building for development...

watching for file changes...

build started...

build started... (x2)
&#10003; 1 modules transformed.
dist-electron/preload/index.js  7.49 kB &#9474; gzip: 3.30 kB &#9474; map: 3.93 kB
built in 116ms.
&#10003; 48 modules transformed.
dist-electron/main/index.js  50.70 kB &#9474; gzip: 13.00 kB &#9474; map: 97.56 kB
built in 214ms.
11:02:46.443 � backend logs intialized
&#10024;  Done in 1.48s.

Edit - I think I've narrowed it down to the `productName` inside the package.json being the same for both apps.

huhu fucked around with this message at 01:09 on Oct 20, 2023

# ? Oct 19, 2023 18:07

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

Computer viking posted:

It also looks fairly easy to use the Google drive API to ask for a copy of a file in a given format, as long as the export stays under 10 MB. Possibly useful if you need to automate this on a schedule, though I don't know how often you need to do an interactive OAuth login.

FYI for the thread but not for OP who asked about Google Sheets specifically:

You can request file conversions via MS Graph from OneDrive/Sharepoint but downside is you have to use Microsoft Graph APIs which has even more annoying auth procedures. That said its by far the easiest and most reliable docx->pdf "with python" pipeline I've made and I've made ~5 of them at this point.

CarForumPoster fucked around with this message at 22:09 on Oct 19, 2023

# ? Oct 19, 2023 22:07

Tempora Mutantur: Feb 22, 2005

not a programming question per se:

I can no longer find, and failed to bookmark, a site that was I *think* hosted on the .io tld, and it was a site devoted to various career paths, with things like "if you want to work in frontend, learn these things:" "if you want to work in backend, learn these things:" "these are security best practices:" and it was maintained on github with about maybe 6-12 contributors

does anyone know what the hell I'm blabbing about and possibly have the link?

if it helps it used a lot of mermaid.js diagrams (or at least looked like it did because it had lots of flowcharts for the order to learn things in to not overwhelm new people)

Tempora Mutantur fucked around with this message at 00:56 on Oct 21, 2023

# ? Oct 21, 2023 00:53

necrotic: Aug 2, 2005; I owe my brother big time for this!

I don�t know the specific one but there�s a recent-ish trend of �Awesome X� repos with huge lists about topics. May help you at least narrow the search?

# ? Oct 21, 2023 01:15

HexiDave: Mar 20, 2009

Tempora Mutantur posted:

not a programming question per se:

I can no longer find, and failed to bookmark, a site that was I *think* hosted on the .io tld, and it was a site devoted to various career paths, with things like "if you want to work in frontend, learn these things:" "if you want to work in backend, learn these things:" "these are security best practices:" and it was maintained on github with about maybe 6-12 contributors

does anyone know what the hell I'm blabbing about and possibly have the link?

if it helps it used a lot of mermaid.js diagrams (or at least looked like it did because it had lots of flowcharts for the order to learn things in to not overwhelm new people)

Was it Roadmap.sh? https://roadmap.sh

# ? Oct 21, 2023 02:11

Mind_Taker: May 7, 2007

I have an Azure question, but I figure it'd be appropriate to ask here since I didn't see an Azure thread and it's more of a general question than Azure-specific.

My company that I just started working at has various client systems that need to securely access an API we are being tasked to write. One of the first things we want to do is introduce OAuth2 with client credentials flow in order to secure our APIs going forward. Currently our APIs are accessed via API keys, which has been deemed a security risk.

Provided we implement OAuth2 is there any downside to configuring Azure to be the authentication provider with the client credentials flow?

We would register the API and clients in Azure and assign roles/permissions to the clients and generate a secret key for each client. Our clients would then authenticate in Azure with their secret key and use the access tokens provided by Azure to make requests to the API according to their roles as defined in Azure.

My boss is concerned with this approach because "it could introduce a tight coupling between Azure and the client applications" but I don't really know what that means. Especially since the API and the resources/databases will also be deployed to Azure. One alternative he suggested was that we write our own authentication service/API but I really don't want to re-invent the wheel (and do a worse job of it) and I also don't want to waste time since we have a lot of projects we'll be working on in the near future.

Does anyone know what my boss could mean by this "tight coupling phrase? And does the approach I outlined make sense or are there downsides with it (big or small)?

Mind_Taker fucked around with this message at 04:43 on Oct 21, 2023

# ? Oct 21, 2023 04:40

The Fool: Oct 16, 2003

Mind_Taker posted:

I have an Azure question, but I figure it'd be appropriate to ask here since I didn't see an Azure thread and it's more of a general question than Azure-specific.

the cloud giant thread is good too

quote:

My company that I just started working at has various client systems that need to securely access an API we are being tasked to write. One of the first things we want to do is introduce OAuth2 with client credentials flow in order to secure our APIs going forward. Currently our APIs are accessed via API keys, which has been deemed a security risk.

good so far

quote:

Provided we implement OAuth2 is there any downside to configuring Azure to be the authentication provider with the client credentials flow?

We would register the API and clients in Azure and assign roles/permissions to the clients and generate a secret key for each client. Our clients would then authenticate in Azure with their secret key and use the access tokens provided by Azure to make requests to the API according to their roles as defined in Azure.

This approach is fine if your clients are also members of your aad tenant. For this to work right both the api and the client need to be registered applications. aad b2c is kinda garbage

quote:

My boss is concerned with this approach because "it could introduce a tight coupling between Azure and the client applications" but I don't really know what that means. Especially since the API and the resources/databases will also be deployed to Azure. One alternative he suggested was that we write our own authentication service/API but I really don't want to re-invent the wheel (and do a worse job of it) and I also don't want to waste time since we have a lot of projects we'll be working on in the near future.

Does anyone know what my boss could mean by this "tight coupling phrase? And does the approach I outlined make sense or are there downsides with it (big or small)?

I assume he is has reservations about vendor lock-in but tbh that ship has already sailed

I would look in to using either azure apim or apigee (google)

# ? Oct 21, 2023 05:04

redleader: Aug 18, 2005; Engage according to operational parameters

oauth for server-to-server has always felt like overkill to me, but i accept that i am an idiot

# ? Oct 21, 2023 06:32

Obfuscation: Jan 1, 2008; Good luck to you, I know you believe in hell

Yeah I'd like to hear more about why api keys are bad

# ? Oct 21, 2023 09:18

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

redleader posted:

oauth for server-to-server has always felt like overkill to me, but i accept that i am an idiot

Obfuscation posted:

Yeah I'd like to hear more about why api keys are bad

Seriously. The API keys ~just work~ IDK why that has to be so thoroughly hosed with. It seems like theres better ways to determine whether a key leaked than making the "keys" extremely short lived.

# ? Oct 21, 2023 13:14

Mind_Taker: May 7, 2007

Obfuscation posted:

Yeah I'd like to hear more about why api keys are bad

The reason given to us was that API keys are passed with every call and while the keys are still encrypted our security team would prefer us to adopt OAuth2 because the tokens expire after a short duration while API keys are valid indefinitely.

I'm no security expert but it sounded reasonable enough to me at the time, however I'd like to hear why OAuth2 wouldn't be necessary in our case.

# ? Oct 21, 2023 13:20

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

Mind_Taker posted:

I'm no security expert but it sounded reasonable enough to me at the time, however I'd like to hear why OAuth2 wouldn't be necessary in our case.

Because it hampers adoption of your new API as your customers need to do more work to use your API. Meanwhile if you rely on a 3rd party auth provider, if any chain in that auth link gets broken, which literally happened to me yesterday with a thing talking to the MS Graph API, the client secret for the application expired after 2 years so we couldnt get new tokens, then your whole poo poo gets hosed up. Also if they go down, your whole poo poo gets hosed up.

Security is super important, but API keys versus a more complicated auth system is one of those things that directly trades something for something else, whether the balance of that trade is worth it depends on your application. If I made a product a lot of junior developers would be accessing (anything that isnt exclusively sold to enterprises) I'd stick with API keys.

That said, if a company gets thoroughly databreached, the API keys might never get rotated and that has whatever negative effects that might have.

CarForumPoster fucked around with this message at 13:29 on Oct 21, 2023

# ? Oct 21, 2023 13:25

Mind_Taker: May 7, 2007

CarForumPoster posted:

Because it hampers adoption of your new API as your customers need to do more work to use your API. Meanwhile if you rely on a 3rd party auth provider, if any chain in that auth link gets broken, which literally happened to me yesterday with a thing talking to the MS Graph API, the client secret for the application expired after 2 years so we couldnt get new tokens, then your whole poo poo gets hosed up. Also if they go down, your whole poo poo gets hosed up.

Security is super important, but API keys versus a more complicated auth system is one of those things that directly trades something for something else, whether the balance of that trade is worth it depends on your application. If I made a product a lot of junior developers would be accessing (anything that isnt exclusively sold to enterprises) I'd stick with API keys.

That said, if a company gets thoroughly databreached, the API keys might never get rotated and that has whatever negative effects that might have.

Yeah this all makes sense. I think the decision has already been made to move to OAuth2 before I started my position but I'll at least convey some of the downsides.

# ? Oct 21, 2023 15:44

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

Mind_Taker posted:

Yeah this all makes sense. I think the decision has already been made to move to OAuth2 before I started my position but I'll at least convey some of the downsides.

Fun to imagine but don't do scenario: Ask the decision makers to sit in on an interview with a newgrad python programmer. Ask the interviewee to live code two things: Describe the process then code making a simple request to an API using an API key. Describe the process then code the auth system for oauth2. Since they'll most likely have not figured out how you can gently caress up the timing with renewing tokens, how to deal with request limits of renewing tokens, and plenty of the other illities of oauth, it would probably demonstrate why this is an annoying thing to do to your customers if you don't need it.

Dont do this because hotseat livecoding to prove a point to other in the company when youre not paying them is a decidedly bastard thing to do.

EDIT: Because I am fascinated by how simply ChatGPT makes coding and what it can reason I asked it to do this.

Prompt posted:

Using python, do two things: Describe the process then code making a simple request GET to an API using an API key. Describe the process then code the auth system for oauth2. Ask for any information missing to complete this assignment then complete the assignment.

The API key is x-123123, the API URL is https://example.com/api/endpoint1.

The Oauth endpoint is https://example.com/api/auth, clientID is clientxyz and client secret is abcsecret

[Explanation omitted, but was good.]

Python code:

import requests

url = 'https://example.com/api/endpoint1'
headers = {'Authorization': 'x-123123'}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    print(response.json())
else:
    print(f'Error: {response.status_code}')

and

Python code:

import requests
import json

# OAuth2 endpoints and credentials
token_url = 'https://example.com/api/auth'
client_id = 'clientxyz'
client_secret = 'abcsecret'

# Request token
payload = {'client_id': client_id, 'client_secret': client_secret, 'grant_type': 'client_credentials'}
response = requests.post(token_url, data=payload)

if response.status_code == 200:
    access_token = response.json().get('access_token')
    headers = {'Authorization': f'Bearer {access_token}'}
    
    # Make authorized API call
    api_url = 'https://example.com/api/endpoint1'
    response = requests.get(api_url, headers=headers)
    
    if response.status_code == 200:
        print(response.json())
    else:
        print(f'API Error: {response.status_code}')
else:
    print(f'Token Error: {response.status_code}')

EDIT: The code has several things that could be improved, and highlights some obvious potential failure spots like: what happens when the auth server has a 50 request per minute rate limit but you need to make 100 requests per minute from three different microservices? Well if you're caching tokens youre basically back where you started with the api keys.

CarForumPoster fucked around with this message at 16:13 on Oct 21, 2023

# ? Oct 21, 2023 15:53

The Fool: Oct 16, 2003

wtf guys oauth is not that hard

# ? Oct 21, 2023 16:11

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

The Fool posted:

wtf guys oauth is not that hard

The base process isnt hard, but depending on requirements it can add failure cases, complexity, and cost for very little extra security.

# ? Oct 21, 2023 16:16

The Fool: Oct 16, 2003

CarForumPoster posted:

<snipped ai nonsense>

the chatgpt oauth example would result in the token getting refreshed on every call which is incredibly dumb

oauth tokens usually have a lifetime measured in hours or days and you can refresh them on demand or on a schedule in a separate process

# ? Oct 21, 2023 16:17

The Fool: Oct 16, 2003

CarForumPoster posted:

The base process isnt hard, but depending on requirements it can add failure cases, complexity, and cost for very little extra security.

minimal additional complexity for an objectively better security profile

# ? Oct 21, 2023 16:19

CarForumPoster: Jun 26, 2013; â¡POWERâ¡

The Fool posted:

minimal additional complexity for an objectively better security profile

It may or may not be minimal complexity, adding a third party that could fail and additional requests that could fail and a way to manage the lifecycle of tokens is not hard, but it takes far more time than an api key. It takes thought and resources and discourages simply signing up and playing with the service for some services.

OAuth with cached tokens is not objectively better unless your system has requirements that demand it. If youre giving effectively the same access via the oauth token as you would for an API key, what is the security benefit? If you're proving more fine grained controls such as limited access to a third party, thats a use case for oAuth. For MS Graph, which could read my fukken emails with full access, oAuth makes sense. For letting users query my microservice of pokemon info, an API key to track request rate and bill appropriately makes sense and oAuth likely has no benefit.

# ? Oct 21, 2023 16:29

Macichne Leainig: Jul 26, 2012; by VG

Yeah we have a platform built on top of OAuth that is specifically for user licensing and specific permissions in applications. One user might pay and see a different landing screen than the other based on their package. OAuth has been really great and seamless for that

But also on the other hand the user licensing and permissions is kind of independent of OAuth itself

# ? Oct 21, 2023 16:36

Hammerite: Mar 9, 2007; And you don't remember what I said here, either, but it was pompous and stupid.; Jade Ear Joe

Having had to implement an OAuth flow for something at work 3-4 years ago I would not describe it as "minimal complexity".

No part of it individually is difficult, but there's a lot there to understand, and everything that's written about it is written by people who live and breathe all that sort of stuff, so they use a lot of jargon and they do a very bad job of explaining it to the rest of us dummies who just want to be able to set something up and then stop worrying about it.

Like it was years ago I touched it and I can't really remember anything about it except for all the reading things and figuring out what they were talking about that I had to do.

# ? Oct 21, 2023 16:36

MrMoo: Sep 14, 2000

The Fool posted:

the chatgpt oauth example would result in the token getting refreshed on every call which is incredibly dumb

oauth tokens usually have a lifetime measured in hours or days and you can refresh them on demand or on a schedule in a separate process

Token rotation is a thing for additional security, but for front ends BFF is the current hotness: �backend for frontend�. Token rotation pretty common for CSRF protection too.

If you can MITM someone, and thus force refresh token usage, even just a basic replay attack would work you end up with the simple token passing.

# ? Oct 21, 2023 18:40

huhu: Feb 24, 2006

What�s everyone�s favorite tool for creating docs? I�m looking to create a basic a basic site that has autogenerated docs from the code as well as tutorials and other help articles.

Edit - Might be sold on Docusaurus. Is built on React, supports MDX and TS. :rocket:

huhu fucked around with this message at 19:33 on Oct 22, 2023

# ? Oct 22, 2023 19:11

Dijkstracula: Mar 18, 2003; You can't spell 'vector field' without me, Professor!

huhu posted:

What�s everyone�s favorite tool for creating docs? I�m looking to create a basic a basic site that has autogenerated docs from the code as well as tutorials and other help articles.

mdBook works well and, even though it's developed by the Rust community, isn't tied specifically to that language.

# ? Oct 22, 2023 21:40

Tempora Mutantur: Feb 22, 2005

HexiDave posted:

Was it Roadmap.sh? https://roadmap.sh

That's the one, thank you!

# ? Oct 22, 2023 22:43

KillHour: Oct 28, 2007

A more academic question:

Are there any languages that make a strong distinction between value and reference types in the language syntax? Most languages treat them almost the same in 90% of situations. For instance, I would be interested in learning about a language that uses different assignment operators for value/reference types. I know that functional programming tries to sidestep this by making everything immutable and essentially a value type. That's not really what I'm looking for because I'm not trying to only have value types or reference types. Instead, I'm trying to look at prior art for how a language might make those two more distinct.

The best example I'm aware of is SPARQL, which is a query language for RDF graphs: https://www.w3.org/TR/sparql11-query/

# ? Oct 24, 2023 17:14

mystes: May 31, 2006

KillHour posted:

A more academic question:

Are there any languages that make a strong distinction between value and reference types in the language syntax? Most languages treat them almost the same in 90% of situations. For instance, I would be interested in learning about a language that uses different assignment operators for value/reference types. I know that functional programming tries to sidestep this by making everything immutable and essentially a value type. That's not really what I'm looking for because I'm not trying to only have value types or reference types. Instead, I'm trying to look at prior art for how a language might make those two more distinct.

The best example I'm aware of is SPARQL, which is a query language for RDF graphs: https://www.w3.org/TR/sparql11-query/

Isn't rust pretty close to this?

# ? Oct 24, 2023 17:21

KillHour: Oct 28, 2007

mystes posted:

Isn't rust pretty close to this?

Good question. I actually don't have any practical Rust experience and have only a passing familiarity with it. Looking at some examples quickly though, it appears that the focus of Rust is more on memory management in the sense of making sure that reference types are properly handled for memory safety as opposed to setting up a different set of syntax rules for each.

Maybe it will help if I talk a little bit more about why I'm interested in this. I work with databases (which is why SPARQL came to mind), and one of the things that has been coming up a lot in recent years is properties getting reified into objects. So instead of this:

code:

"foo" : {
  "bar": "baz";
}

You end up with this:

code:

"foo" : {
  "hasProperties": [ "foobar" ]
},
"foobar": {
  "isType": "string",
  "hasValue": "baz"
}

I've even heard customers propose things like "Instead of having the value be the number 5, let's make an object called 'int_five' and have every property with a value of 5 reference that same object." Which is... absurd, to say the least (and yet a serious suggestion by people who are seen as thought leaders at a billion dollar company). So I'm interested in learning more about languages that take a stricter approach to the separation of things that are individual tracked objects and things that are fungible concepts.

# ? Oct 24, 2023 18:15

rjmccall: Sep 7, 2007; no worries friend; Fun Shoe

Creating a singleton object to hold a non-reference value is something you can do in any language with a concept of objects. I don�t know why you�d ever want to do it �just because�, but there�s no reasonable way to design a language that would make it impossible.

Usually that sort of idea comes up because the language (or the way people think about it) privileges objects / de-privileges non-reference values in some way that makes a real difference. As a language designer, I would say that that�s the right thing to attack, not making artificial differences in syntax.

# ? Oct 24, 2023 18:28

nielsm: Jun 1, 2009

It's not an answer at all, but "making primitive values a reference" is something that happens in Python in an odd way:
All integers between 0...256 are singleton objects, but larger integers are created as individual objects.
>>> a = 34 >>> b = 34 >>> c = 834 >>> d = 834 >>> a == b, a is b, c == d, c is d (True, True, True, False)
Where the == operator does a value comparison, and the 'is' operator does a reference equality comparison.

# ? Oct 24, 2023 18:31

mystes: May 31, 2006

KillHour posted:

Good question. I actually don't have any practical Rust experience and have only a passing familiarity with it. Looking at some examples quickly though, it appears that the focus of Rust is more on memory management in the sense of making sure that reference types are properly handled for memory safety as opposed to setting up a different set of syntax rules for each.

Maybe it will help if I talk a little bit more about why I'm interested in this. I work with databases (which is why SPARQL came to mind), and one of the things that has been coming up a lot in recent years is properties getting reified into objects. So instead of this:
code:
"foo" : {
  "bar": "baz";
}
You end up with this:
code:
"foo" : {
  "hasProperties": [ "foobar" ]
},
"foobar": {
  "isType": "string",
  "hasValue": "baz"
}
I've even heard customers propose things like "Instead of having the value be the number 5, let's make an object called 'int_five' and have every property with a value of 5 reference that same object." Which is... absurd, to say the least (and yet a serious suggestion by people who are seen as thought leaders at a billion dollar company). So I'm interested in learning more about languages that take a stricter approach to the separation of things that are individual tracked objects and things that are fungible concepts.

I'm not sure I totally understand what you are trying to achieve

The fact that you aren't satisfied with functional programming and are talking about reference/value types sounds like your concern is ensuring that things with the same value point to the same object at runtime.

However since you say that the issue isn't memory management, and based on the example you give, it seems maybe this is more about compile time type safety or something like that?

Can you give an example of something you're trying to ensure or prevent by distinguishing the syntax?

# ? Oct 24, 2023 18:34

Tempora Mutantur: Feb 22, 2005

KillHour posted:

Good question. I actually don't have any practical Rust experience and have only a passing familiarity with it. Looking at some examples quickly though, it appears that the focus of Rust is more on memory management in the sense of making sure that reference types are properly handled for memory safety as opposed to setting up a different set of syntax rules for each.

Maybe it will help if I talk a little bit more about why I'm interested in this. I work with databases (which is why SPARQL came to mind), and one of the things that has been coming up a lot in recent years is properties getting reified into objects. So instead of this:
code:
"foo" : {
  "bar": "baz";
}
You end up with this:
code:
"foo" : {
  "hasProperties": [ "foobar" ]
},
"foobar": {
  "isType": "string",
  "hasValue": "baz"
}
I've even heard customers propose things like "Instead of having the value be the number 5, let's make an object called 'int_five' and have every property with a value of 5 reference that same object." Which is... absurd, to say the least (and yet a serious suggestion by people who are seen as thought leaders at a billion dollar company). So I'm interested in learning more about languages that take a stricter approach to the separation of things that are individual tracked objects and things that are fungible concepts.

...so you want first-class support for schemas or something? like the second example reminds me of avro schema except that it's presumably including the schema on EVERY instance which is baffling to me, just have a schema and then reference it as needed in your data model (same concept as e.g. XML schema definitions, except here we're using json or yaml or whatever)

(and if that's an actual example of your patterning, like including both isType and hasValue, please just switch to something like avro because there's absolutely no reason to include the schema on EVERY object, it's a colossal waste and defeats the purpose of schemas)

that all said I'm probably not understanding the use case here (and I cannot see a scenario where I'd ever agree with the int_five poo poo) but I don't understand why you need language-level support for just having schemas defining objects and actual instances of objects that rely on that schema, even when they're both just frozen data

like, I'm not even sure how we're getting to the examples I quoted from you above, from what you clarified below:

quote:

For instance, I would be interested in learning about a language that uses different assignment operators for value/reference types.

the examples above (the foo object and foo/foobar schemas-with-values) can each be manipulated in applications as value OR reference types (depending on the language but you seem to be talking about ones where you can do both) so what is the meaningful difference that you'd want wholly separate operators when the data would behave the same way?

mystes posted:

Can you give an example of something you're trying to ensure or prevent by distinguishing the syntax?

yeah this

# ? Oct 24, 2023 18:45

ultrafilter: Aug 23, 2007; It's okay if you have any questions.

nielsm posted:

It's not an answer at all, but "making primitive values a reference" is something that happens in Python in an odd way:
All integers between 0...256 are singleton objects, but larger integers are created as individual objects.
>>> a = 34 >>> b = 34 >>> c = 834 >>> d = 834 >>> a == b, a is b, c == d, c is d (True, True, True, False)
Where the == operator does a value comparison, and the 'is' operator does a reference equality comparison.

jfc go post that in coding horrors.

# ? Oct 24, 2023 18:48

KillHour: Oct 28, 2007

rjmccall posted:

Creating a singleton object to hold a non-reference value is something you can do in any language with a concept of objects. I don�t know why you�d ever want to do it �just because�, but there�s no reasonable way to design a language that would make it impossible.

Usually that sort of idea comes up because the language (or the way people think about it) privileges objects / de-privileges non-reference values in some way that makes a real difference. As a language designer, I would say that that�s the right thing to attack, not making artificial differences in syntax.

It's not so much that I want to make it impossible to do (since what does that even mean), but more that I want to see if there are languages that have a stronger syntactical distinction to make the fundamental difference more clear to a less technical person. In the database world, there has been a movement away from developers making schemas towards business users making ontologies. The line between data structure and business concept model is becoming blurry. This means that the people coming up with these things don't understand (or want to understand) how the underlying queries function. I'm not planning on adopting some esoteric language. I just want some studying material on how you might design a model framework that has a clear separation of concerns between "this is a specific thing" and "this is an abstract idea."

Maybe a more concrete example would be good. Let's say I have a database of houses for sale. Some properties of those houses are just values - square footage, number of bathrooms, etc. Some properties could be references to other things - school district, previous owner, etc. Now pretend I have executive "Moron A" who declares that they want to do a feature on houses owned by famous people, so they have their pet data scientist pull down the DBpedia graph for famous people and run some cursed SPARQL query to match the previous owner field to the graph and grab a report for their feature. That's great. I want them to be able to do that - it's a useful application that drives business value, whatever. But next week, Moron A gets it in their head that they want to add "owned by famous person" as a permanent filter on their real estate website. That cursed SPARQL took like 40 minutes to run, so that's not happening in real time, and when they go to their DBA to add an "owned by famous person" column to the table, they're told to get hosed. So one thing leads to another, and it's decided that schemas are stupid and everything needs to be an ontology to "enable the business." Before you know it, you have "0 sqft" as a node in a graph with about 10 million relationships and the database backing the website shits itself whenever anyone sorts by square footage.

Really, I'm just looking for interesting examples of where a programming language has a strong separation of property vs related object. This might not actually exist - I don't know - but I thought with all the weird languages out there, someone might have come up with something interesting I can crib from, even for just a logical framework.

Edit: I'm not trying to prevent someone from doing anything with technical means - I know that's impossible. Instead, I'm looking for prior art on conceptual approaches that I can use to build recommendations.

Tempora Mutantur posted:

the examples above (the foo object and foo/foobar schemas-with-values) can each be manipulated in applications as value OR reference types (depending on the language but you seem to be talking about ones where you can do both) so what is the meaningful difference that you'd want wholly separate operators when the data would behave the same way?

That's exactly the issue - that the data behaves the same way in both situations with the same operators. But from a conceptual perspective, different things are happening. Languages abstract this away from you and expect you, as the programmer, to know the difference. But from an outcome perspective, I generally want to do different kinds of things with objects vs values. Comparison is a good example. Comparisons like < or > only generally make sense between values (ignoring overloading or lambda functions). This is really hard to explain if you're not used to it, so I'm trying to find a language that makes it explicit that a reference to an object and a value are fundamentally different things.

KillHour fucked around with this message at 19:29 on Oct 24, 2023

# ? Oct 24, 2023 19:18

Adbot: ADBOT LOVES YOU

# ? May 29, 2024 16:40

RPATDO_LAMD: Mar 22, 2013; 🐘🪠🍆

If you just wanna look at langs that clearly differentiate values and references, C is your friend.
If you wanna actually program in it... maybe not so much

# ? Oct 24, 2023 19:24

The Something Awful Forums > Discussion > Serious Hardware/Software Crap > The Cavern of COBOL > Ask General Programming Questions Not Worth Their Own Thread

«‹›671 »