Programming concepts: who needs to know about Monads? who doesn’t?

Programming language users don’t need to know about Monads. No I won’t get into explaining what a Monad is or isn’t, instead I will focus on the potential usefulness as an angle to this hot topic.

I drafted this post in February 2015 then forgot about it. I recently stumbled upon it again, so I thought to publish it, after some minor editing.

There is a clear chasm in the way people communicate thoughts and concepts within programming language communities. And this chasm manifest itself in the multiple layers of conversations in the communities, interacting at different levels. In the mix, some are discussing language design issues whereas others are just trying to get started with basic concepts.

Let me paraphrase Martin Odersky – I got the following rough definition from him, though I’ve lost the reference, I can’t provide an exact quote, just the idea. I emphasise the main idea:

There are three categories of people in most programming language communities: language designers, framework or toolkit designers, and language users.

These groups of people have different concerns, although they intermingle on social media they seldom speak the same language. This becomes quite obvious when you read their tweets.

Recent years have seen a significant focus on functional programming, the cool kids can’t rave enough about it. These are typically functional programming advocates. Monad, a word that comes up quite frequently in conversations. Wow, it sounds so cool! Nobody wants to be left out, nobody wants to sound old-fashioned or inferior, so everyone think they too should be involved with this monad stuff. I think it’s misguided to just dive in without clear justification. Most regular developers really belong in the language users group, they need not bother about monads too soon.

A regular developer is someone who’s main job is to write software aimed at end users. The work doesn’t result in programming artefacts for other software writers, instead the software is produced for people will just run them. If this is your main job, then you really don’t need to know about monads. If you’re feeling some kind of peer pressure, a sense of being important, if that’s what’s driving you into this monad business, then you are wasting your time.

Having got that away, let me give a really short take on what Monads are useful for, the one definition for the non-initiated (sorry, this is you, software non-librarian):

In essence, Monad is important because it gives us a principled way to wrap context information around a value, then propagate and evolve that context as the value evolves. Hence, it minimises coupling between the values and contexts while the presence of the Monad wrapper informs the reader of the context’s existence.

Excerpts from the book: Programming Scala, by Dean Wampler & Alex Payne. Any typos or mistakes are mine.

This explanation is really good, easy to understand, no PhD in Math required. The word value might be puzzling if your choice of programming language doesn’t have such concept, you could just substitute it with something. Ultimately, this is about writing a more general solution, that can be trusted for soundness and solidity if its architectural concepts are backed by math theories. The notion is popularised by functional programming theories, concepts, programming languages and tools. Monad is one powerful tool from such a trove. The  programming language, its libraries and the compiler, combine to provide such power.

The discipline emerged from academia, researchers working on formal proof of algorithm correctness started it all. During my studies at the university, we got introductory lectures on language theories and formal proofs, but never went much too deep. At the time I thought it was really for people who wanted a career in academia, I wanted to make software for people. In recent years, functional programming picked up steam and is ever growing in popularity. I won’t dive further into the background here, there is plenty of material on that.

In the early stages, as your solution is only starting to emerge, it doesn’t make sense to try and reason in terms of monads or not. I think it best to simply write something that works, gives the user what they need. Then only after that first goal is achieved, would you take the time to contemplate what you wrote, look for opportunities to remove boilerplates, repetitions, ambiguities, and so on.

As you engage in this type of exercise, that’s when you start to to think: wouldn’t it be handy if a tool existed, or the compiler, to allow me to make my algorithms and recipes more general, without me having to invent something? That is the point where it is good to look at what your language and its compiler offer, the libraries available. Chances are, you could soon be using some monads without even knowing to call them so.

The more you progress in this journey, the more concise your code becomes, fewer components can perform increasingly more work. The process helps you improve quality, reduce maintenance burden, and even save yourself valuable testing time. If your programming language is built for this, like Scala, Haskell, Idris, OCaml, and so on, then you reap much more rewards. In fact you’d be expected to be building on such concepts. These benefits can be discussed and reasoned about without getting lost in strange cabalistic terminology. Cabalistic is as math may sound like to the uninitiated.

The process illustrated in the previous paragraph would probably be trivial for framework designers. Indeed they need to achieve high levels of reusability without sacrificing performance and legibility. Folks engaged in domain specific language (DSL) design would also have similar aims. Math savvy framework designers would probably go a formal way, that’s where category theory comes into play. Unfortunately, math savvy people can behave like doctors, speaking in tongues that only specialists can understand. And this is how, although well meaning, most people get lost when trying to follow conversations or reasoning involving such concepts.

On social media and blogs, software people who regularly talk about monads and various kinds of math infused concepts, are either language designers, or framework designers, or are perhaps aspiring to become one. They seem to be either demonstrating proficiency, or trying to informally engage people they acknowledge as peers.

That’s it. A programming language user doesn’t need to know about monads. It is useful if they do and can actually take advantage of it, but one can be productive with no knowledge of monads. To those wondering what a monad is, whether they need one or not, I would suggest to check out Dean Wampler’s quote above as a way to assess one’s motivation. If that qualifies their quest, then it is worth reading up many different code samples from multiple languages to find out how to take advantage of it. No need to get mystified.

Interesting thoughts: Frameworks are fundamentally broken

I just read this blog post, Frameworks are fundamentally broken. Many of the points highlighted resonated with me. Then I realised that I blogged about an aspect of the problem that can occur with frameworks. It was a few years back, in fact in 2010 as I just verified. I kept my post at a high level, taking the discussion above Rails and other particular paradigms but focusing on the cognitive load aspect alone.

Tim’s article calls for reflexion. My own take on the issue was triggered as I spotted a rant on Rails (of Ruby on Rails). My post is Code frameworks and ghettos, where creativity gets a lock-in

Never mind Oracle’s business as usual, Java EE has run its course anyway

Oracle might not even have to lift a hand, nature will kill Java EE for them. By nature, I mean the numerous thriving communities that keep at improving the developer experience. Developer experience is all that matters now, and Java EE has nothing to offer there.

Java EE was born out of a playbook for big vendors, in a day and age when vendor push was the norm. Java EE was never about developers, it was always about vendors. Once alternative playbooks focusing on developer experience started to thrive, that’s when Java EE started its slow and steady descent into irrelevance. And there is no stopping that trend. Everybody knows this. Oracle is simply acknowledging this fact then trying to figure out how it can remain relevant in the longer run.

Companies large and small have all come to realise that what used to be called enterprise software needs to be rethought and retooled. The most promising programming models favour an approach that gets rid of large initiatives and management units, in favour of ever smaller and more nimble concepts. These are totally antagonistic to what Java EE stands for. Furthermore, the enterprise push model has had its time and the world has moved on from that. Every large vendor is having to rewrite its business model and rethink its technology.

Java EE has perhaps joined the ranks of mainframe technology, it will survive for a long time in one form or another, but will no longer be exciting. Effectively, Java EE is out of date, its future lies in the past (if that makes sense). It has run its course and has fared well. It’s time to leave it alone and move on.

A selected quote from the article:

Oracle’s silence about Java EE has brought developer community distrust to a fever pitch.

Source: How Oracle’s business as usual is threatening to kill Java | Ars Technica

Eclipse Che looks promising, the cheese’s moved around

A very quick look at Eclipse Che shows a promising concept. I thought let’s have a look. When I’m serious about a technology I take the time to read the documentation before diving in. In this case I wanted to follow the typical journey that most folks take, just dive in, never bother with documentation, upon the first hurdle start complaining like a bewitched mad dog with an exaggerated sense of entitlement – ok, minus the last bit of attitude.

I installed Eclipse Che, easy peasy. Then I fired it up. Oops! I can’t connect to it. The first time ever I couldn’t just use an Eclipse release after installing it. It was time to look under the bonnet. So I did. I saw it’s deployed on Docker… What!? Why!? Ahem, ok, move on. I stopped it, also stopped Docker Machine. Then I manually started Docker Machine, readied the environment, then started Che again. This time I tried http://localhost:8080 and I got in. Cool. Everything looks familiar, except it’s all now in one web browser window.

Time to look back and reflect on what I’ve learned here. The fact I couldn’t connect the first time might have to do with RTFM that I didn’t. Anyway, not a big deal, it took me a couple of minutes.

Nothing much to it, just an IDE inside a web browser. It’s the same old thing, in a new cloak. The most obvious/visible differences I spotted can be depicted in a simple diagram, BEFORE and AFTER.

before_reinvention_classic_eclipse_ide

With Eclipse Che,

after_reinvention_eclipse_che

I’m oversimplifying, but highlighting the most visible changes. It seems that when we get to modernising our software stack, adding Docker and JavaScript are passage-obligé. So, somehow people think that deploying a Java app on Docker is a better architectural choice than only targeting the JVM? In my case, since I’m using a Mac, which runs OSX, hence requires an extra VM (VirtualBox in my case) in order to run Docker containers, I actually end up with a more complicated stack for just an IDE. I don’t know where this is going. Now trying the IDE.

eclise_che_ide_in_action

 

I haven’t gone further than this. The concept of Developer WorkStation Server can be interesting for pair programming. The Server option is perhaps more appealing. I just wonder why this couldn’t be just a Java App and why Docker was actually necessary.

A brave, new post open source world, or Fly-by Software License pollution

I just read an interesting article with the title We’re in a brave, new post open source world. The article goes into the evolution of Open Source movement and the numerous licensing policies. On particularly notable phrase I saw read as follows:

…if you use someone else’s code revision from Stack Overflow, you would have to add a comment in your code that attributes the code to them.

What this means is that, if a developer uses a snippet of code taken from StackOverflow, and fail to add such an attribution, then technically the project might be in breach of StackOverflow license. I am curious how many organisations actually check this.

The whole article is a good read.

Original Article: We’re in a brave, new post open source world — Medium

Open source is a development methodology; free software is a social movement. by Richard Stallman

I just read a nice essay by Richard Stallman with the title Why Open Source Misses the Point of Free Software – GNU Project – Free Software Foundation. A chosen quote from this essay poses perfectly the problem

Open source is a development methodology; free software is a social movement.

Most people probably aren’t even aware of this difference. I never understood why and how the term open source came to be applied to hardware, government and many other areas when in fact even the English language doesn’t see any notion of source in such contexts.

The article I refer to is concerned about correct definitions, I want to look at some  of the misunderstandings.

There is an angle to this discussion, a lot of people and organisations look to Open Source Software (OSS) in search for cheap (but not cheerful) opportunities to solve their problems.  You can’t blame them for it, but this can raise several issues. I will ignore any moral aspects for now, and focus on a few practical implications.

  • Some individuals or organisations release their work as Open Source with the explicit intention to invite others to contribute to it. This is often an acknowledgement that one’s work can be bettered and perfected if others would gain access and be allowed to contribute.
  • By releasing a work as open source, there is no implicit or explicit guarantee of quality or defect. It just means use it at your own risks, your contribution would be appreciated if only in terms of signalling any defects found, or improvements that you might have been able to add to it.
  • FOSS doesn’t  opposed nor condone gainful use. Statistically however, there exist far fewer people and organisations able to contribute than those who actually use OSS. This is well understood and accepted by most. However, it is astonishing to see some people throwing a tantrum and launching on diatribes when they get frustrated by some open source software. This is just plain crazy behaviour, they not only miss the point and are showing preposterous entitlement that deserves to be frowned at.
  • Increasingly, many organisations are using OSS as a mean for attracting and retaining talent. This is an instance that stretches the notions of free and open in an interesting way, a subtle form of free promotion and marketing.

Article: Why Open Source Misses the Point of Free Software – GNU Project – Free Software Foundation

Qubes OS Project, a secure desktop computing platform

Given that the majority of security annoyances stem from antiquated design considerations, considering the progress made in computing, affordable computing power, this is probably how Operating Systems should now be built and delivered.

Qubes is a security-oriented, open-source operating system for personal computers.

Source: Qubes OS Project

Martin Fowler’s article is barely a year old, folks have exceeded my expectations

When I first I saw a blog post by Martin Fowler’s on the micro-services, I immediately thought that the developer community was going to go crazy about the concept. I wasn’t disappointed. But thankfully, many people caught on the mania before it got totally out of hand. Martin, in his latest blog post, is among those calling for some sanity. Read Martin’s blog post here: Monolith First, by Fowler

Martin Fowler is a brilliant technologist. Needless to say. This post is going to be a recap of some of my tweets on the subject of micro-services (or “microservices” as I see commonly being written). I would have quoted a bunch of other people instead, had I seen many. But that wasn’t the case, so I’ve got to quote myself then.

The first article I read about micro-services was on InfoQ.

Some time later, I saw a blog post by Martin Fowler’s article on the same subject. Then I immediately thought, as is typically the case, that the developer community was going to go crazy about the concept. I had the following reaction.

Naturally I value the thoughts and the content of the article. But I was merely concerned that many would jump straight in and make a total mess of a rather valuable insight. The topic gained popularity quite quickly, faster than I had expected though I couldn’t say I was surprised either. Reputed analysts picked up on this.

Time going by didn’t assuage my concerns, rather, I was only getting more and more confirmations. I thought that perhaps nobody is going to adjust perceptions and expectations until disaster stories would abound. I tweeted my thought on that.

Soon enough, people started posting thoughts on what was going on.

And, to keep this relatively short, here we are, somewhat full circle, with Martin Fowler inviting for some sanity. Martin opens his latest blog post

As I hear stories about teams using a microservices architecture, I’ve noticed a common pattern.

Almost all the successful microservice stories have started with a monolith that got too big and was broken up
Almost all the cases where I’ve heard of a system that was built as a microservice system from scratch, it has ended up in serious trouble.

Read Martin’s blog post here: Monolith First, by Fowler

An open source port scanner that is helping some bad guys

An open source port scanning tool, masscan, is being used to repeatedly attack my web sites. There are certainly lots of such tools widely available that even criminals with no skills can get their hands on and randomly try to break sites. IT security is a never ending quest that is best left to dedicated professionals.

Port scanning is one of those annoying activities that the bad guys may use while attempting to try and find back doors on systems. The principle is simple, find out what ports a system has left open, if you recognise any, try a dictionary like attack on these ports. All it takes is a simple bot.

Last few months, I have noticed multiple port scan attacks at my web sites from a user agent “masscan/1.0”. I dug a little and found this to be coming from an open source tool, the project on Github:

robertdavidgraham/masscan

So, it seems that some people have found this tool, and are now randomly targeting web sites with it. To what aim, I can’t tell for sure. It is certainly reprehensible to be poking at someone’s doors without their consent, everybody knows this.

I’ve also noticed lots of attempts to run PHP scripts, they seem to be looking for PhpMyAdmin. Fortunately I don’t run anything with PHP. If I did, I would harden it significantly and have it permanently monitored for possible attacks.

Most of the attacks on my web sites originate from, in this order: China, Ukraine, Russia, Poland, Romania, and occasionally, the US.

You don’t need anything sophisticated to detect these kind of attacks, your web server log is an obvious place. Putting a firewall in place is a no-brainer, just block everything except normal web site http and https traffics. You can invest also more in tools, then the question is if you’re not better off just hosting at a well known provider.

This is just one instance, and there are infinitely many, where even the dumbest criminals are getting their hands on tools to try and break into systems. Cloud hosting are getting cheaper all the time, soon it will cost nothing to host some program that can wander about the Internet unfettered. Proportionally, it is getting exponentially easier to attack web sites, while at the same time, it is getting an order of magnitude higher to keep sites secure.

I do see a shimmering light, container technologies provide for a perfect throwable computing experience. Just start a container, keep it stateless, carry out some tasks, when done, throw it away. Just like that. This may reduce the exposure in some cases, it won’t be sustainable for providing an on-going long-running service.

IT security is a never ending quest that is best left to dedicated professionals. I am just casually checking these web sites that I run. At the moment, I haven’t deployed any sensitive data on these sites yet. When I do, I will make sure they are super hardened and manned properly, likely a SaaS provider rather than spending my time dealing with this.

Programming language, one man’s cornucopia is another one’s air horn

A lot of people don’t know the background or origin of the programming language that they are using. Fair enough. If frustrations become frequent however, it might be best to go back and find out the initial motivation of the programming language creators.

Whenever I read a rant about a programming language, I try to see if the author actually knew the background of that programming language. In the vast majority of cases, people don’t know the origin of the language they are programming in. One can argue that this may not be necessary, but to me, it often would save time and frustration. To illustrate the topic, I made a little diagram.

programming language design in context
programming language design in context

The situation is this, unless your needs fit more closely to the range of light red and green in the diagram, you are bound to be disappointed with the language that you are dealing with. If you find that many of your concerns are in the brown colour, you really ought to carefully look at what you can trade-off before going further. If the important concerns of your challenge fit more in the blue shapes, you might be better off considering an alternative language altogether.

This is just a quick summary of some simple but often overlooked aspects of programming language selection.