The Security Struggle with Lisp
Recently I read the transcript of Rich Hickey's 2017 talk on Effective Programs. He made several points that resonated with me, including:
- Type systems are partial, incomplete specifications of program semantics, and so time invested in using complex type systems are at most a partial solution, one that can have a high cost.
- Strict type systems can cause problems when trying to express communication in heterogeneous, distributed systems.
- Programmers can be sucked in to solving puzzles that don't actually help address the problem at hand.
But what struck me about this essay was that he discussed communication and distributed systems without making a single reference to security or trust. And this got me thinking.