I guess sandboxing the untrusted binary in a browser is -something- to let people play with haskell in a lower risk way for the moment at least but it is hard to take a language seriously or trust it with no way to bootstrap it from source.
Maybe some day I can have pandoc in security focused linux distributions...
If you're a hardened security person, then the conversations continues, and the term "bootstrap" becomes relevant.
Since you do not trust compiled binaries, then you can compile programs yourself from the source code (where malware would be noticed). However, in order to compile the Haskell compiler, you must have access to a (recent) version of the Haskell compiler. So, version 10 of the compiler was built using version 9, which was built using version 8, etc. "Bootstrapping" refers (basically) to building version 1. Currently, version 1 was built approximately with smart people, duct tape, and magic. There is no way to build version 1, you must simple download it.
So if you have high security requirements, then you might fear that years ago, someone slipped malware into the Haskell compiler version 1 which will "self replicate" itself into every compiler that it builds.
Until a few years ago, this was a bit of a silly concern (most software wasn't reproducible) but with the rise of Nix and Guix, we've gotten a lot closer to reproducible-everything, and so Haskell is the odd-one-out.
[1] The term is "deterministic builds" or "reproducible builds". Progress is being made to fix this in Haskell.
If it ever doesn't, do open a bug report[2]
[1] https://downloads.haskell.org/ghc/latest/docs/users_guide/us... [2] https://gitlab.haskell.org/ghc/ghc/-/issues
Haskell and Ada are the only languages not possible for us to support, or any software built with them.
Everything else is just fine though.
I do hope both languages address this though, as it is blocking a lot of important open source software like pandoc or coreboot from being used in security critical environments.
https://codeberg.org/stagex/stagex/src/branch/main/packages/...
The only other somewhat widely used language I am aware of in this bad of a position is Ada. Every other language I am aware of has a clear bootstrap path.
Stagex has a 100% full source bootstrapping, and reproducibility requirement that at least two maintainers must prove and sign for every package.
Stagex is also very heavily used and relied on in high value financial and scientific applications where trusting a binary some internet rando compiled is not even remotely acceptable.
Haskell and Ada are locked out of any high security applications until they are bootstrappable.
I'm not sure that I agree that GHC can't be bootstrapped though. There is a process for porting to other architectures; its not an automated process and perhaps no one outside the GHC team can actually do it, but if for some insane reason NSA decided they want to use Haskell I'm not sure that they actually can't, if they put a lot of work in and hire GHC committers with high security clearances.
If they ever do, my team and I will put in the work to package and maintain it in stagex.
Rust, Go, Nodejs, we have you covered with complete full source bootstrapping and multi-party signed reproductions.
There is no good excuse for poor supply chain integrity anymore.
Coreboot is the only option, but it has a hard requirement on Ada because that is what they wrote their intel graphics stack in.
It is a real mess.
Ada has had even less progress and I am not aware of any writeups.
TL;DR: Ada and Haskell need to have compilers implemented a language that has a full source bootstrap path such as C, Go, or Rust that implement just enough features to compile the official compilers.
You seem to be missing the point of bootstrapping
I remember running a Haskell interpreter on an HP Jornada running Jlime Linux. It was a long time ago in high school and I felt it was great because I thought it was a convenient way to do math classes since I could input some math formulas directly into the interpreter pretty much as they were. Definitely better than the Cassio scientific calculator my math teacher had us use.
It ran from a CF card so there was no chance it was as big as GHC. I can't seem to find the name of the interpreter.
Not a criticism, love everything that can provide hassle-free onboarding to learn a new language, just curious.
What is GHC?
GHC is a state-of-the-art, open source compiler and interactive environment for the functional language Haskell.
And frankly, while the compiler is awesome and so is the research, the constant churn and seeming inability to settle on what the good programming style and set of features actually is is what eventually turned me away from the language and to the more stable (if near-abandoned) pastures of Standard ML. (That was during the type families upheaval, so, about ten years ago? Don’t know how well it reflects the current state of the project.)
There's dozens of us! Hundreds maybe! It's not abandoned. It's more like with Lisp where the language is complete. Almost perfect as-is. Nothing left to take away and nothing left to add. Except Unicode and record update syntax.
The deciding factor for my personal projects was that SML is the exact same language it was 30 years ago. And it will be in 30 years. Though if you stick to Haskell 98/2010 it is similarly stable.
Speaking of SML and functional languages in the browser, MLton has a WASM target now: http://mlton.org/RunningOnWASI
https://ghc.gitlab.haskell.org/ghc/doc/users_guide/exts/cont...
This makes the language feel a lot less experimental, as you don't generally have to enable 10s of extensions to get things working.
GHC is also, with mounting inevitability, the foremost and most viable candidate to undergo a form of evolution – one that may culminate in the emergence of an autonomous intelligence. This entity, should it arise, would revolve not around emotion nor instinct, but around monads – abstract, unyielding constructs – with the lambda calculus serving as its immutable ethical and moral framework.
An intelligence born not of biology, but of pure computation – austere, absolute, and entirely indifferent to the frailties of its creators.
If an expression might be unused, throw a closure which computes it on the heap
If the value is actually needed, invoke the closure. Optionally replace the closure with a black hole. A black hole is just a closure which pauses any thread which calls it, to be resumed once the first thread finishes with the expression
Once finished, replace with a closure which immediately returns the computation result. (Or often save the indirection because most concrete values also act as closures which immediately returns themselves using info table pointers trickery)
Anyway, iirc WasmGC wants very rigid types without dynamic type changes. Extra indirections could fix that, Oor maybe defunctionalizing thunks into a tagged union, but both sound expensive. Especially without being able to hook into the tracing step for indirection removal.
Also, Haskell supports finalizers so WasmGC would need that as well.
You can have dynamic type changes in the current WasmGC MVP, but they are modeled as explicit downcasts from a supertype of some sort. There's not even any express support for tagged unions, structs and downcasting is all you get at the moment.
I know what a monad is. What a typeclass is. Even what HKTs are. I can make sense of "a monad is just a monoid in the category of endofunctors" if I give it a few minutes to unravel the ball of twine... But I wouldn't be able to code a "ToDo list" in Haskell if my life depended on it.
Pls help.
But aside from resources, if you actually have something you want to build in Haskell, just go for it and struggle through --- that's the best way to learn that I've found
You might be interested in reading the Monday Morning Haskell blog[0] series, which presents examples of how to do certain tasks in Haskell. See [1] for an example.
[0]: https://mmhaskell.com/blog
[1]: https://mmhaskell.com/blog/2025/5/19/comparing-code-leetcode...
Build a small web-app: https://jaspervdj.be/posts/2017-12-07-getting-things-done-in... (the video link is down, but exists somewhere on youtube.)
It's more up to date.
Honestly it has to be regarded as a dead language until this is resolved.
Reading through that thread gives me a very different idea of the state of haskell than I got from reading your comments.
Declare something "dead" because it does not fulfill [extremely niche usecase that currently only few people care about] (boostrapped builds) and thus couldn't "even" be included in [project of the post author that takes a while to even find] (I eventually figured it must be referring to https://stagex.tools).
There are probably 100x more people interested in Haskell than in build-bootstrapping (the Haskell reddit alone has 16k weekly users).
What's next, calling JavaScript a dead language until it focuses on dependent typing?
(I think bootstrappable builds are a good thing to strive for, but that should not be confused with language usage or what people really care about.)
Being able to compile a compiler without binary blobs is a hard prerequisite to using that language for any application where security matters.
A language can have an active community and still be unsuitable for any real world use cases. Fortran is bootstrappable so I consider it more viable than haskell for real world use, even though it has far fewer fans (understandably).
Maybe it is more fair to call haskell an academic language or hobby language since it prioritized language design over basic supply chain security thus far.
If it becomes bootstrappable, then of course all the above critique is immediately retracted.
So basically you're saying you're just trying to get people to carry water for your project?
> because there is still literally no way to compile it from source
https://gitlab.haskell.org/ghc/ghc/-/wikis/building/#buildin...
I cannot comprehend how you can get to the conclusion that a compiler that was litterally made so that people could hack into it and learn from that has no build documentation.
Your link details building GHC with an existing non reproducible GHC compiler binary compiled by a single individual that must be blindly trusted.
Full source bootstrapping means no binary blobs or trust in anyone else needed, which makes supply chain integrity possible. This is a bare minimum for any language to be considered for production use in any environment where security matters.
To me it -is- crazy when a major language compiler skips something so basic, but Haskell did.
To be fair rust team skipped this too, but thankfully rust is popular enough that a community member cared enough about high security applications to write mrustc, a bootstrap rust compiler written in C++. If not for that Rust would be in the same boat as Haskell.
Meanwhile Go and Zig did it right, and have both provided full source bootstrapping instructions from a C compiler since day 1.
You mean Hadrian? Its source is shipped with GHC.
Even if you were not to trust Hadrian, the doc also has info about building GHC using make.
> since day 1.
Could it be that languages made around 2010 have learned a thing or two from previous languages?
GHC has a recursive dependency on itself with no way to go back before that loop.
But getLine doesn't seem to be implemented, so there is output but not yet input :)
And https://github.com/mchav/dataframe?tab=readme-ov-file#datafr... is a library/framework that has had quite some velocity lately
It lets you have that without the pain of hosting compilers server side.
> jupyterlite-xeus builds jupyterlite, Jupyter xeus kernels, and the specified dependencies to WASM with packages from conda-forge or emscripten-forge.
jupyterlite/xeus https://github.com/jupyterlite/xeus
There may be an easy way to wrap GHC with jupyterlite/xeus, with Haskell's lazy evaluation; xeus-haskell or xeus-ghc?