Stories with Tag Erlang

• Unauthenticated Remote Code Execution in Erlang/OTP SSH

  permalink

  Posted: 2025-04-17 13:29:44

  Verbose tl;dr

  A critical vulnerability (CVE-2025-32433) exists in Erlang/OTP's SSH implementation, affecting versions prior to 26.2.1 and 25.3.2.6. This flaw allows unauthenticated remote attackers to execute arbitrary code on the server. Specifically, a specially crafted SSH message can trigger the vulnerability during the initial handshake, before authentication occurs, enabling complete system compromise. Users are urged to update their Erlang/OTP installations to the latest patched versions as soon as possible.

  The National Vulnerability Database entry, CVE-2025-32433, details a critical vulnerability affecting Erlang/OTP (Open Telecom Platform) versions prior to 26.1, and versions prior to 25.3.2.3 in the 25 series. This vulnerability allows for unauthenticated remote code execution, meaning an attacker can execute arbitrary code on a vulnerable system without needing any valid credentials. This is achieved by exploiting a flaw in the implementation of the SSH (Secure Shell) protocol within Erlang/OTP.

  Specifically, the vulnerability stems from improper input validation during the SSH handshake process. When an SSH client connects to an Erlang/OTP SSH server, a series of messages are exchanged to establish the connection and negotiate cryptographic parameters. The vulnerability lies in how the server handles certain messages related to key exchange algorithms. A maliciously crafted client can send a specially constructed message during this key exchange phase that bypasses the authentication checks. This allows the attacker to proceed with the connection as if they were a legitimate, authenticated user.

  Once the attacker bypasses authentication, they effectively gain control of the SSH connection. This allows them to execute commands on the server with the same privileges as the SSH service itself. The impact of successful exploitation can be severe, potentially leading to complete compromise of the affected system. An attacker could install malware, exfiltrate sensitive data, disrupt services, or gain further access to internal network resources.

  The vulnerability affects a wide range of Erlang/OTP deployments that utilize the built-in SSH server functionality. This includes various applications built on the Erlang/OTP platform, as well as systems using Erlang/OTP for distributed computing and communication.

  The recommended remediation is to upgrade to Erlang/OTP version 26.1 or 25.3.2.3, which addresses the vulnerability through improved input validation during the SSH handshake. By applying these updates, the server will correctly handle the malicious messages and prevent unauthenticated access, thus mitigating the risk of remote code execution.

  • Erlang
  • OTP
  • ssh
  • RCE
  • remote code execution
  • Unauthenticated
  • Vulnerability
  • CVE
  • CVE-2025-32433
  • Security
  • Cybersecurity
  • network security
  • software vulnerability
  • Exploit
  • NIST
  • NVD

  Summary of Comments ( 11 )
  https://news.ycombinator.com/item?id=43716526

  Verbose tl;dr

  Hacker News users discuss the severity and impact of the Erlang/OTP SSH vulnerability. Some highlight the potential for widespread exploitation given Erlang's usage in telecom infrastructure and distributed systems. Several commenters question the assigned CVSS score of 9.8, finding it surprisingly high for a vulnerability that requires non-default configuration (specifically enabling password authentication). The discussion also touches on the practical implications of the vulnerability, acknowledging that while serious, exploitation might be limited by the need for open SSH ports and enabled password logins. Others express concern about the potential for nested exploitation, as vulnerable Erlang systems might host other exploitable services. Finally, some users note the responsible disclosure and patching process.

  The Hacker News post titled "Unauthenticated Remote Code Execution in Erlang/OTP SSH" (https://news.ycombinator.com/item?id=43716526) has several comments discussing the vulnerability (CVE-2025-32433).

  Several commenters highlight the severity of the vulnerability, being an unauthenticated remote code execution flaw. One user points out the particularly dangerous combination of this being a pre-auth vulnerability and Erlang's frequent use in distributed systems, increasing the potential attack surface. They mention that distributed Erlang systems often run with minimal firewalling, making them easier targets.

  Another commenter notes that exploitation is straightforward, quoting the NIST advisory that "Successful exploitation of this vulnerability requires only sending a crafted SSH message." This emphasizes the low barrier to entry for potential attackers.

  Discussion also revolves around the practical impact. One user questions how many publicly exposed Erlang SSH servers exist, suggesting that while serious, the impact might be limited depending on the prevalence of such deployments. This prompts another commenter to mention that while direct SSH access to Erlang nodes might be less common, many systems likely use distributed Erlang for backend communication, which could be vulnerable.

  A commenter with experience in securing Erlang systems suggests that the vulnerability reinforces the importance of employing robust network security measures, like firewalls and VPNs, even within internal networks. They highlight that assuming internal networks are safe is a dangerous misconception.

  There's some discussion of the technical details. One user dives deeper into the mechanism of the vulnerability, explaining that it arises from the way the ssh_packet_set_size/1 function handles size limits before authentication, allowing malicious actors to bypass checks and execute arbitrary code.

  Finally, several commenters express concern about the vulnerability's potential to affect critical infrastructure and industrial control systems, given Erlang's presence in those sectors. One user speculates about the potential for this vulnerability to be exploited in targeted attacks.

• Erlang's not about lightweight processes and message passing (2023)

  permalink

  Posted: 2025-04-11 15:50:49

  Verbose tl;dr

  Erlang's defining characteristics aren't lightweight processes and message passing, but rather its error handling philosophy. The author argues that Erlang's true power comes from embracing failure as inevitable and providing mechanisms to isolate and manage it. This is achieved through the "let it crash" philosophy, where individual processes are allowed to fail without impacting the overall system, combined with supervisor hierarchies that restart failed processes and maintain system stability. The lightweight processes and message passing are merely tools that facilitate this error handling approach by providing isolation and a means for asynchronous communication between supervised components. Ultimately, Erlang's strength lies in its ability to build robust and fault-tolerant systems.

  The blog post "Erlang's not about lightweight processes and message passing (2023)" by Stevan Andjelkovic argues that while lightweight processes and message passing are prominent features of Erlang, they are not the fundamental aspects that make it powerful. The author contends that focusing solely on these mechanisms obscures the true essence of Erlang's strength, which lies in its approach to fault tolerance and system reliability.

  Andjelkovic posits that Erlang's core value proposition is its ability to build robust, fault-tolerant systems that can gracefully handle failures without disrupting the overall operation. This capability, according to the author, stems from the combination of lightweight processes, message passing, and several other critical design choices. These choices work synergistically to create an environment where individual failures are isolated and managed effectively.

  The author emphasizes the significance of Erlang's "let it crash" philosophy. This philosophy encourages developers to accept that failures will inevitably occur and to design systems that can tolerate them rather than trying to prevent every possible error. This approach contrasts sharply with traditional programming paradigms that often prioritize exhaustive error handling within individual components. In Erlang, the responsibility for handling failures is shifted to supervisory processes that monitor worker processes and restart them in case of crashes. This separation of concerns simplifies error handling and promotes system stability.

  The blog post further elaborates on the role of the "error kernel pattern" in Erlang's fault-tolerance strategy. This pattern involves isolating critical components within a protected area, the "error kernel," which is shielded from the potential cascading effects of errors originating in less critical parts of the system. By confining failures to specific areas, the error kernel pattern helps to prevent widespread system outages.

  Andjelkovic highlights the importance of immutability in Erlang. The language's inherent immutability prevents unintended side effects and simplifies reasoning about program behavior. This characteristic contributes to the overall robustness of Erlang systems by reducing the risk of unexpected interactions between processes.

  The author concludes by asserting that Erlang's true strength lies in its holistic approach to fault tolerance, which encompasses lightweight processes, message passing, the "let it crash" philosophy, the error kernel pattern, and immutability. These elements work together to create a platform that is exceptionally well-suited for building highly reliable and resilient systems. While lightweight processes and message passing are important mechanisms, they are merely tools that facilitate the broader goal of fault tolerance. Understanding this broader perspective is crucial for fully appreciating Erlang's unique capabilities and effectively leveraging its power.

  • Erlang
  • concurrency
  • Programming Languages
  • distributed systems
  • fault tolerance
  • Lightweight Processes
  • message passing
  • Immutability
  • Functional Programming
  • Software Development
  • BEAM
  • OTP
  • scalability
  • Reliability

  Summary of Comments ( 164 )
  https://news.ycombinator.com/item?id=43655221

  Verbose tl;dr

  Hacker News users discussed the meaning and significance of "lightweight processes and message passing" in Erlang. Several commenters argued that the author missed the point, emphasizing that the true power of Erlang lies in its fault tolerance and the "let it crash" philosophy enabled by lightweight processes and isolation. They argued that while other languages might technically offer similar concurrency mechanisms, they lack Erlang's robust error handling and ability to build genuinely fault-tolerant systems. Some commenters pointed out that immutability and the single assignment paradigm are also crucial to Erlang's strengths. A few comments focused on the challenges of debugging Erlang systems and the potential performance overhead of message passing. Others highlighted the benefits of the actor model for concurrency and distribution. Overall, the discussion centered on the nuances of Erlang's design and whether the author adequately captured its core value proposition.

  The Hacker News post titled "Erlang's not about lightweight processes and message passing (2023)" generated several comments discussing the author's viewpoint on Erlang's core strengths.

  Several commenters agreed with the author's assertion that immutability is a crucial aspect of Erlang, enabling easier reasoning about code and simplifying debugging. One commenter highlighted the benefits of immutability in concurrent programming, suggesting that it allows developers to avoid many of the pitfalls associated with shared mutable state. Another emphasized the significance of immutability by drawing a parallel to functional programming paradigms and their advantages.

  The discussion also explored the concept of "behavior" as a core component of Erlang. Some commenters saw this as a powerful abstraction for building concurrent systems, allowing developers to define patterns of interaction between processes in a structured way. This view was further supported by a commenter who pointed out the similarities between Erlang's behaviors and the actor model, where actors communicate through message passing.

  The notion of lightweight processes and message passing, while acknowledged as part of Erlang, was not considered the primary defining characteristic by several commenters. They argued that these features, while important for concurrency, are mechanisms to achieve higher-level goals like fault tolerance and scalability, which are ultimately what make Erlang unique. One commenter specifically stated that the real strength of Erlang lies in its ability to build robust and resilient systems, rather than just its implementation details.

  There was also discussion about the learning curve associated with Erlang and its suitability for different types of projects. While some commenters acknowledged its complexity, others emphasized the value of the robustness and reliability it offers, especially for critical systems.

  Some commenters also drew comparisons between Erlang and other languages like Smalltalk, highlighting similarities in their approach to message passing and concurrency. This comparison prompted further discussion about the historical context and influences on Erlang's design.

  Finally, a few comments touched upon alternative approaches to concurrency, such as using shared memory and mutexes, and discussed their trade-offs compared to Erlang's message-passing model. These comments offered a broader perspective on concurrency models and their applicability in different scenarios.

• Why do we need modules at all? (2011)

  permalink

  Posted: 2025-04-02 07:34:05

  Verbose tl;dr

  The post argues that Erlang modules primarily serve as namespaces, offering a way to organize code and avoid naming collisions, especially in large projects with multiple contributors. While modules can enforce information hiding through opaque data types, this isn't their primary purpose in Erlang, and the author contends that compile-time dependency checking and separate compilation, often cited as reasons for modules, are less relevant due to Erlang's dynamic nature and hot code loading capabilities. The author suggests that simpler projects might not benefit from modules, potentially introducing unnecessary complexity, and argues that their main value lies in preventing name clashes in complex systems.

  This 2011 Erlang Programming mailing list post explores the rationale behind the introduction of modules and module systems in programming languages. The author begins by acknowledging that the question itself might seem naive, particularly to experienced programmers, yet emphasizes the importance of revisiting fundamental concepts to truly understand their value.

  The discussion starts by highlighting the challenges of large-scale software development in the absence of modules. Without modules, name collisions become increasingly likely as the program grows. This makes it difficult to manage and maintain the codebase because developers must constantly be wary of accidentally reusing names, leading to unpredictable and difficult-to-debug errors.

  The author then outlines the primary benefit of modules: namespace management. Modules provide isolated spaces for defining functions and variables, effectively preventing naming conflicts. This encapsulation makes it possible for different parts of a program to use the same names for different purposes without interfering with each other. This drastically improves code organization and maintainability, especially in collaborative projects where multiple developers are working on the same codebase.

  Furthermore, the post touches on the concept of information hiding. Modules allow developers to control which parts of the code are exposed to other parts of the system. This selective exposure, often implemented through explicit export and import mechanisms, helps in creating more robust and less error-prone software by limiting the potential for unintended interactions between different components. It promotes a cleaner separation of concerns, where internal implementation details are hidden from the outside, allowing for easier modifications and refactoring without affecting the overall system.

  The discussion also briefly mentions separate compilation as a related advantage facilitated by modules. This feature allows parts of the program to be compiled independently, which can significantly speed up the development process, particularly for large projects.

  Finally, the post concludes by acknowledging that while some dynamic languages might not strictly enforce modularity through a rigid module system, the underlying principles of namespace management and information hiding remain crucial for building manageable and scalable software systems. The author suggests that even in these less structured environments, developers often adopt conventions and practices that mimic the benefits of formal modules to achieve similar levels of organization and robustness.

  • Erlang
  • modules
  • programming
  • Software Development
  • Code Organization
  • Namespaces
  • 2011

  Summary of Comments ( 47 )
  https://news.ycombinator.com/item?id=43554444

  Verbose tl;dr

  HN users discuss the merits and drawbacks of modules, primarily in the context of Erlang. Some argue that modules, while offering namespacing and code organization, introduce unnecessary complexity, especially for smaller projects. They suggest that a simpler, record-based approach could suffice in some cases. Others highlight the crucial role of modules in managing larger codebases, facilitating separate compilation, and enabling code reuse. The idea of modules primarily as compilation units is also raised, emphasizing their importance for managing dependencies and build processes. Several commenters discuss the potential of a hybrid approach, offering lighter alternatives to full modules where appropriate, but acknowledging the value of modules for large, complex systems. The Erlang perspective, with its emphasis on lightweight processes and message passing, influences the discussion.

  The Hacker News post titled "Why do we need modules at all? (2011)" links to a discussion on the Erlang mailing list about the necessity of modules. The comments on Hacker News explore various facets of this question, expanding on the points raised in the original email thread.

  Several commenters discuss the role of modules in organizing code and providing namespaces. One commenter highlights how modules are essential for managing large codebases by breaking them into smaller, more manageable pieces. They argue that without modules, functions would exist in a global namespace, leading to naming collisions and making it difficult to reason about the code's structure.

  Another commenter points out that modules can act as compilation units and facilitate separate compilation, improving build times and allowing for dynamic loading of code. This is particularly relevant to Erlang, given its focus on hot code loading.

  The idea of modules enforcing code structure and acting as a form of documentation is also mentioned. Commenters argue that modules help to define clear interfaces and encapsulate implementation details. This improves readability and makes it easier for developers to understand and work with the code.

  One commenter draws an analogy with object-oriented programming, suggesting that modules in Erlang serve a similar purpose to classes in OOP by grouping related functions and data. This analogy isn't perfect, as Erlang doesn't have objects in the traditional sense, but it illustrates the organizational role of modules.

  The discussion also touches on the trade-offs of using modules. One comment notes that while modules provide structure, they can also introduce complexity, especially in dynamically typed languages where module boundaries can make it harder to refactor code.

  A recurring theme in the comments is the importance of modules for managing dependencies and reducing coupling between different parts of a system. By explicitly defining dependencies through module imports, developers can create more modular and maintainable code.

  Finally, some comments mention the relevance of the discussion to Erlang's specific design and features. The lightweight nature of Erlang processes and the emphasis on concurrency are cited as factors that influence the role and importance of modules in the language.

• Learn You Some Erlang for Great Good

  permalink

  Posted: 2025-03-16 12:14:33

  Verbose tl;dr

  "Learn You Some Erlang for Great Good" is a comprehensive, beginner-friendly online tutorial for the Erlang programming language. It covers fundamental concepts like data types, functions, modules, and concurrency primitives such as processes and message passing. The guide progresses to more advanced topics including OTP (Open Telecom Platform), distributed systems, and how to build fault-tolerant applications. Using humorous illustrations and clear explanations, it aims to make learning Erlang accessible and engaging, even for those with limited programming experience. The tutorial encourages practical application by incorporating numerous examples and exercises throughout, guiding readers from basic syntax to building real-world projects.

  "Learn You Some Erlang for Great Good" is a comprehensive online tutorial designed to guide individuals through the intricacies of the Erlang programming language, from foundational concepts to advanced applications. The tutorial begins with an introductory overview of Erlang's history, philosophy, and practical utility, emphasizing its suitability for building concurrent, fault-tolerant, and distributed systems.

  The initial chapters meticulously explain the fundamental building blocks of Erlang, including basic syntax, data types such as numbers, atoms, lists, and tuples, and control flow mechanisms like pattern matching and recursion. The tutorial then delves into the core concepts that underpin Erlang's power: processes, message passing, and concurrency. It elucidates how lightweight processes communicate with each other through asynchronous message passing, enabling the development of highly concurrent and parallel systems.

  Building upon these fundamental concepts, the tutorial progresses to explore more advanced topics, including modules, which facilitate code organization and reusability, and higher-order functions, which enhance code expressiveness and flexibility. Error handling is thoroughly addressed, emphasizing the importance of "let it crash" philosophy and demonstrating how Erlang's supervision trees provide robust mechanisms for fault tolerance.

  Further sections delve into OTP (Open Telecom Platform), a collection of essential libraries and design principles for building industrial-strength applications. The tutorial covers OTP behaviors, pre-built components that simplify the development of common functionalities such as servers, clients, finite state machines, and supervisors. It also elaborates on the construction of supervision trees, hierarchical structures that enable fault isolation and automatic recovery from errors.

  The exploration of OTP continues with an examination of applications, the fundamental units of organization in Erlang systems. The tutorial describes how applications encapsulate modules and resources, enabling seamless deployment and management. Furthermore, it covers distributed Erlang, which allows the construction of systems spanning multiple interconnected nodes, promoting scalability and resilience.

  In addition to the core concepts, the tutorial also delves into specific areas of Erlang development, such as working with records for structured data representation, utilizing type specifications for enhanced code reliability, and interacting with external systems through ports. The concluding sections offer practical guidance on debugging techniques and profiling tools, empowering developers to identify and address performance bottlenecks and ensure code correctness.

  Throughout the tutorial, numerous examples and exercises are interwoven to solidify understanding and encourage practical application of the concepts presented. The engaging and often humorous writing style makes learning Erlang an enjoyable experience, even for those new to functional programming or concurrent systems. The comprehensive coverage of topics, from basic syntax to advanced OTP concepts, equips readers with the knowledge and skills to build robust, scalable, and fault-tolerant applications in Erlang.

  • Erlang
  • programming
  • Functional Programming
  • concurrency
  • learning
  • Tutorial
  • OTP
  • distributed systems
  • BEAM

  Summary of Comments ( 9 )
  https://news.ycombinator.com/item?id=43378415

  Verbose tl;dr

  Hacker News users discussing "Learn You Some Erlang for Great Good!" generally praised the book as a fun and effective way to learn Erlang. Several commenters highlighted its humorous and engaging style as a key strength, making it more accessible than drier technical manuals. Some noted the book's age and questioned whether all the information is still completely up-to-date, particularly regarding newer tooling and OTP practices. Despite this, the overall sentiment was positive, with many recommending it as an excellent starting point for anyone interested in exploring Erlang. A few users mentioned other Erlang resources, like the "Elixir in Action" book, suggesting potential alternatives or supplementary materials for continued learning. There was some discussion around the practicality of Erlang in modern development, with some arguing its niche status while others defended its power and suitability for specific tasks.

  The Hacker News post "Learn You Some Erlang for Great Good" linking to the online version of the book "Learn You Some Erlang" has a moderate number of comments, most of which praise the book and discuss the merits and drawbacks of Erlang itself.

  Several commenters point out the high quality and accessibility of "Learn You Some Erlang," often referring to it as one of the best programming language books they have encountered. They highlight the author's engaging and humorous writing style, making it a more enjoyable learning experience compared to drier technical manuals. The interactive nature of the online version is also mentioned as a positive feature.

  A recurring theme in the comments is the niche nature of Erlang despite its power and suitability for specific tasks, especially concurrent and distributed systems. Commenters discuss the language's historical connection to telecommunications and its continued relevance in areas requiring high reliability and fault tolerance. Some lament the relatively small community around Erlang, which can make finding resources and support somewhat challenging. However, others suggest that this smaller community fosters a stronger sense of connection and collaboration among its members.

  Some commenters delve into specific technical aspects of Erlang, including its functional paradigm, immutable data structures, and the actor model of concurrency. The challenges of learning Erlang's syntax and concepts are acknowledged, but the consensus is that the effort is rewarding for those who persevere. The benefits of its approach to concurrency are particularly emphasized, with some commenters sharing anecdotes about their experiences using Erlang for building robust and scalable systems.

  There's also a discussion about the ecosystem surrounding Erlang, including the OTP framework and the Elixir language, which builds on top of the Erlang virtual machine. Some commenters express their preference for Elixir, citing its more modern syntax and tooling while still benefiting from the underlying strengths of Erlang.

  Finally, a few comments mention the limited adoption of Erlang in mainstream web development and other popular domains. While acknowledging its strengths in specific niches, they suggest that factors such as the learning curve and the perceived lack of job opportunities may contribute to its relatively low popularity. Despite this, many express their hope for the continued growth and recognition of Erlang and its ecosystem.

• Gleam, Coming from Erlang

  permalink

  Posted: 2025-02-25 07:54:00

  Verbose tl;dr

  The blog post "Gleam, Coming from Erlang" explores the author's experience transitioning from Erlang to Gleam, a newer language built on the Erlang Virtual Machine (BEAM). It highlights Gleam's similarities to Erlang, such as its functional nature, immutability, and the benefits of the BEAM ecosystem like concurrency and fault tolerance. However, the author emphasizes key differences, primarily Gleam's static typing, more approachable syntax inspired by Rust and Elm, and its focus on clearer error messages. While acknowledging some current limitations in tooling and library availability compared to Erlang's mature ecosystem, the post ultimately presents Gleam as a promising alternative for building robust, concurrent applications, particularly for developers coming from other statically-typed languages who might find Erlang's syntax challenging.

  This blog post, titled "Gleam, Coming from Erlang," explores the author's experience transitioning from Erlang to Gleam, a newer language designed to compile to Erlang. The author begins by highlighting their extensive background with Erlang and Elixir, emphasizing a deep appreciation for the Erlang virtual machine (BEAM) and its robust ecosystem. They praise Erlang's fault tolerance, concurrency model, and tooling, establishing these as key features they sought to retain when exploring alternative languages.

  The post then introduces Gleam, characterizing it as a statically-typed language that offers several advantages over Erlang while maintaining compatibility with the BEAM. The author systematically compares and contrasts Gleam with Erlang, focusing on key differences in syntax, type systems, and tooling.

  One significant difference highlighted is Gleam's static typing. The author explains how this contributes to enhanced code clarity, improved error detection during compilation, and better tooling support, like autocompletion and refactoring, compared to Erlang's dynamic typing. They elaborate on how Gleam's type system helps prevent common runtime errors, leading to more robust and maintainable code. Furthermore, they discuss the benefits of improved tooling afforded by static typing, which streamlines the development process.

  The post also details Gleam's syntax, describing it as being influenced by languages like Rust and Elm, which results in a more familiar and arguably more readable syntax for developers coming from those backgrounds. Specific examples are provided to illustrate how Gleam’s syntax differs from Erlang’s, showcasing its arguably cleaner and more concise nature.

  Crucially, the author underscores the interoperability between Gleam and Erlang. They explain how Gleam code can seamlessly integrate with existing Erlang libraries and projects, allowing developers to leverage the vast Erlang ecosystem. This interoperability is presented as a significant advantage, facilitating a gradual adoption of Gleam within existing Erlang projects. The ability to call Erlang code from Gleam and vice-versa is emphasized, allowing for a smooth transition and mixed codebases.

  Finally, the post concludes with the author's positive overall impression of Gleam. They reiterate the benefits of Gleam's static typing and modern syntax while preserving the advantages of the Erlang ecosystem. The author portrays Gleam as a viable option for both new projects targeting the BEAM and for incrementally modernizing existing Erlang projects. They suggest that Gleam offers a compelling blend of modern language features and the proven reliability of the Erlang VM, making it an attractive choice for developers seeking improved developer experience and code maintainability without sacrificing the benefits of the BEAM.

  • Gleam
  • Erlang
  • Functional Programming
  • Static Typing
  • concurrency
  • BEAM
  • compiler
  • Programming Languages
  • Software Development
  • Type Inference
  • Immutability

  Summary of Comments ( 57 )
  https://news.ycombinator.com/item?id=43169323

  Verbose tl;dr

  Hacker News commenters generally expressed interest in Gleam, praising its friendly syntax and the benefits it inherits from the Erlang ecosystem, like the BEAM VM. Some saw it as a potentially strong competitor to Elixir, appreciating its stricter type system and simpler tooling. A few users familiar with Erlang questioned the necessity of Gleam, suggesting that learning Erlang directly might be more worthwhile. Performance comparisons with Elixir and other BEAM languages were also a topic of discussion, with some expressing hope for benchmarks. A recurring sentiment was curiosity about Gleam's potential to attract a larger community and gain wider adoption. Several commenters also appreciated the author's candid comparison between Gleam and Erlang, finding the article helpful for understanding Gleam's niche.

  The Hacker News post titled "Gleam, Coming from Erlang" (https://news.ycombinator.com/item?id=43169323) has generated several comments discussing various aspects of Gleam and its relationship to Erlang.

  Several commenters discuss the benefits of Gleam's type system and its impact on developer experience. One user highlights how Gleam allows for compile-time verification of data structures, reducing runtime errors and enhancing overall code reliability, something they contrast positively with Erlang. Another commenter specifically appreciates the improvements Gleam offers in terms of error messages compared to Erlang, suggesting that this makes it a more approachable language for newcomers. The ability to refactor with greater confidence due to the type system is also mentioned as a significant advantage.

  The discussion also touches upon Gleam's performance characteristics. One commenter wonders about the performance implications of using Gleam compared to pure Erlang. While acknowledging they haven't benchmarked it themselves, they speculate that the overhead might be negligible, especially given that Gleam compiles to Erlang.

  Another thread in the comments focuses on the tooling and ecosystem surrounding Gleam. Users discuss the availability of a formatter and the integration with the Erlang ecosystem, noting that Gleam seamlessly leverages existing Erlang libraries. The relative nascency of the language and its ecosystem is acknowledged, with one user expressing anticipation for further tooling enhancements as the language matures.

  The choice of immutability as a core principle in Gleam is also a subject of discussion. A commenter notes that immutability simplifies reasoning about code, especially in concurrent scenarios, echoing the benefits often associated with functional programming paradigms.

  Finally, the topic of interoperability between Gleam and JavaScript is brought up. One commenter expresses their desire for improved JavaScript interop to facilitate wider adoption and use cases beyond the backend.

  In summary, the comments on Hacker News generally reflect a positive sentiment toward Gleam, praising its type system, Erlang integration, and the benefits it derives from functional programming principles. While acknowledging its relative youth, commenters express optimism about the future development and broader adoption of the language.

• Agent-Less System Monitoring with Elixir Broadway

  permalink

  Posted: 2025-02-18 14:53:44

  Verbose tl;dr

  This blog post demonstrates how to build an agent-less system monitoring tool using Elixir and Broadway. It leverages SSH to remotely execute commands on target machines, collecting metrics like CPU usage, memory consumption, and disk space. Broadway manages the concurrent execution of these commands across multiple hosts, providing scalability and fault tolerance. The collected data is then processed and displayed, offering a centralized overview of system performance. The author highlights the benefits of this approach, including simplified deployment (no agent installation required) and the inherent robustness of Elixir and its ecosystem. This method offers a lightweight yet powerful solution for monitoring server infrastructure.

  This blog post explores building a system monitoring solution using Elixir and Broadway, specifically focusing on an agent-less approach. The author argues that traditional agent-based monitoring, while offering granular data collection, introduces overhead and complexity through agent deployment and maintenance. Agent-less monitoring, leveraging protocols like SSH, offers a simplified alternative by querying systems directly without requiring resident software.

  The post begins by outlining the conceptual architecture of their solution. It details how Broadway, a concurrent and fault-tolerant processing library in Elixir, acts as the central processing engine. It receives monitoring tasks, distributes them to designated workers, and manages the results. Crucially, the chosen agent-less method utilizes SSH to execute commands remotely on target systems. The post emphasizes Broadway's robustness in handling potentially unreliable network operations inherent in SSH-based communication.

  The author then delves into the implementation specifics. They demonstrate setting up a Broadway pipeline configured to process monitoring tasks. These tasks are structured as messages containing the target hostname and the command to execute. The implementation leverages Erlang's SSH application to establish connections and execute commands remotely. A critical component highlighted is the error handling mechanism built around Broadway's retry and failure handling capabilities. This ensures resilience against transient network issues or temporary unavailability of target systems. The retrieved monitoring data is then processed and formatted, ready for storage or visualization.

  A key advantage emphasized is the flexibility afforded by this approach. The system can be readily extended to support various monitoring commands and metrics. Adding new systems to monitor only requires configuring the necessary connection details, without deploying any agents. The post also touches upon the scalability of the solution. Broadway's concurrent processing model allows for parallel execution of monitoring tasks, improving efficiency and reducing overall monitoring time. The author acknowledges potential security considerations associated with managing SSH credentials and advocates for secure storage and access control mechanisms.

  Finally, the post concludes by reiterating the benefits of the agent-less approach, highlighting its simplicity, scalability, and reduced overhead. It positions this approach as a compelling alternative to traditional agent-based solutions, especially in scenarios where agent deployment is impractical or undesirable. The author suggests potential future enhancements, such as integrating with different data visualization tools and exploring alternative agent-less protocols.

  • Elixir
  • Broadway
  • System Monitoring
  • Agentless Monitoring
  • Observability
  • DevOps
  • distributed systems
  • Erlang
  • OTP
  • concurrency
  • fault tolerance
  • scalability
  • performance monitoring
  • Real-Time Monitoring

  Summary of Comments ( 16 )
  https://news.ycombinator.com/item?id=43090167

  Verbose tl;dr

  Hacker News users discussed the practicality and benefits of the agentless approach to system monitoring described in the linked blog post. Several commenters appreciated the simplicity and reduced overhead of not needing to install agents on monitored machines. Some raised concerns about potential security implications of running commands remotely via SSH and the potential performance bottlenecks of doing so. Others questioned the scalability of this method, particularly for large numbers of monitored systems. The discussion also touched on alternative approaches like using message queues and the potential benefits of Elixir's concurrency features for this type of monitoring system. A compelling comment suggested exploring the use of OSquery for efficient data gathering, which prompted further discussion on its pros and cons. Finally, some commenters expressed interest in the author's open-sourcing of their project.

  The Hacker News post titled "Agent-Less System Monitoring with Elixir Broadway" sparked a small but focused discussion with 5 comments. No single comment overwhelmingly dominated the conversation, but several offered interesting perspectives on the article's topic.

  One commenter questioned the term "agent-less," pointing out that while the system described doesn't require installing dedicated agent software on monitored machines, it still relies on SSH access, which functionally acts like an agent. They argued that this approach trades one set of tradeoffs (agent installation and maintenance) for another (managing SSH keys and potential security concerns).

  Another comment focused on the choice of Erlang/Elixir for this type of task. They acknowledged the platform's strengths in concurrency and distributed systems but expressed concern about the operational overhead and debugging complexity compared to simpler scripting solutions, especially for smaller deployments. They suggested that the benefits of Elixir might become more pronounced with larger and more complex monitoring setups.

  A third commenter praised the article's clear explanation and the elegant approach to building a robust monitoring system with Broadway. They highlighted the benefits of leveraging Elixir's OTP framework for handling failures and ensuring reliability.

  The remaining comments were shorter and less substantive. One simply expressed appreciation for the article, while another briefly mentioned using a similar approach with a different technology.

  Overall, the comments section, while brief, provided some thoughtful critiques and perspectives on the advantages and disadvantages of the proposed agent-less monitoring approach using Elixir and Broadway. The discussion centered on the practical implications of SSH as an "agent" substitute and the suitability of Elixir/OTP for this kind of task in different scales of deployment.