Their content-addressing hash would seem critical, but the "combineUnordered" hash they use just adds each byte. The API is clear that this is only as good as possible, and I'm not sure I would rely on it for data used for security investigations. I suspect they'll come up with something like an arbitrary but fixed order over keys that would improve hash quality.
More generally, while I can maybe understand what they're doing, it's hard to imagine how to QA it in a way that's convincing to customers without a lot of data/compute/coverage analysis.
I suspect you're right and was already having similar thoughts regarding the hashing scheme. I put a patch together and am going to supplement with some additional tests of the collision space.
Unordered hashes made more sense for arbitrary Clojure data structures where the keys might be complex compound objects, but once we're in the land of datoms with finite value data types it's pretty easy to enforce a consistent ordering.
(disclaimer: I wrote much of the feature and post)
Re: hashing: Yes, but I'll leave that one to Paul who is a lot smarter than I am :)
Re: QA: can you say a bit more about the type of coverage you're worried about? Is your concern that we'd be missing APIs, or that the storage format itself breaks, resulting in fact elision? payne (the underlying project) has a borderline obnoxious amount of tests, but that doesn't mean we didn't miss anything :)
Customers of this sort of security consulting are largely uninterested in the security as much as the audit report that allows them to say to their customers and incestors “we had these security professionals look at our stuff and this is what they said”.
Yes, in fact there is also a good number of conferences, for instance in less than two days https://2024.heartofclojure.eu/ starts in Belgium for instance (meet me there ;-) ).
We are writing a trading system for a small broker company in Clojure/ ClojureScript with a Datomic centered backend. The previous company some of us on the team worked at had the code-base also in Clojure/ ClojureScript.
The annual Clojure/conj conference is coming up next month in Alexandria, VA (https://2024.clojure-conj.org) and there will be talks from a variety of companies, both big and small.
We (https://basil.net) are not new and not a startup, but our main language is Clojure and each new project is written in it. Very satisfied with our choice.
It’s cool to see these ideas that you first conceptualized back at Couch, now becoming reality! I’m familiar with the high level, but not all the details. What lessons from Clojure and IPFS is Fireproof applying to the browser?
FYI: we're planning a followup post for people who are less interested in the Datomic mechanics and more interested in the usefulness to investigations and other security functions. Informally, I think of it this way: your SIEM has the deltas, but often you want the contextual states in between the deltas (and a lot of investigation is about trying to reason about that state). We built this tool originally to support that, and it turned out that approach was also super useful for things like compliance, CSPM...
w10-1|1 year ago
More generally, while I can maybe understand what they're doing, it's hard to imagine how to QA it in a way that's convincing to customers without a lot of data/compute/coverage analysis.
paulvrutledge|1 year ago
Unordered hashes made more sense for arbitrary Clojure data structures where the keys might be complex compound objects, but once we're in the land of datoms with finite value data types it's pretty easy to enforce a consistent ordering.
(disclaimer: I wrote much of the feature and post)
lvh|1 year ago
Re: QA: can you say a bit more about the type of coverage you're worried about? Is your concern that we'd be missing APIs, or that the storage format itself breaks, resulting in fact elision? payne (the underlying project) has a borderline obnoxious amount of tests, but that doesn't mean we didn't miss anything :)
juoitre|1 year ago
Customers of this sort of security consulting are largely uninterested in the security as much as the audit report that allows them to say to their customers and incestors “we had these security professionals look at our stuff and this is what they said”.
linotype|1 year ago
kaliszad|1 year ago
We are writing a trading system for a small broker company in Clojure/ ClojureScript with a Datomic centered backend. The previous company some of us on the team worked at had the code-base also in Clojure/ ClojureScript.
puredanger|1 year ago
refset|1 year ago
packetlost|1 year ago
vincentdm|1 year ago
thenonameguy|1 year ago
Schemamap.io has a declarative SQL compiler and backend implemented in it, solving Postgres database syncing.
drikerf|1 year ago
Extremely happy going with Clojure!
[1] https://wobaka.com/blog/building-a-startup-on-clojure/
ekzy|1 year ago
jwr|1 year ago
tvaughan|1 year ago
jchanimal|1 year ago
As cofounder of Couchbase I got to meet Rich Hickey, whose work was a big inspiration to Fireproof.
Content addressing makes causal consistency easy to implement. We are fast approaching readiness for consistency checks and ACID characterization.
3jnsn|1 year ago
lvh|1 year ago
We already wrote a high level blog post here: https://www.latacora.com/blog/2023/11/01/our-approach-to-bui... -- but the one I'm hoping to write is more of a case study.
unknown|1 year ago
[deleted]