Resident hypertext crank utilise eldritch.cafe. Vous pouvez læ suivre et interagir si vous possédez un compte quelque part dans le "fediverse". Si ce n’est pas le cas, vous pouvez en créer un ici.
Resident hypertext crank @enkiv2
Suivre

hot take:
documents should never have an embedded turing-complete language that runs automatically or without the informed consent of the user.

@enkiv2 like I know you're probably talking about Javascript in HTML or maybe Word macros, but Truetype also has a turing-complete hinting system, Postscript is a whole scripting language, Excel and PowerPoint have ways without macros or VB, apparently templates in MediaWiki qualify, and at some level instructions in your computer are translated to something opaque anyway… What I'm saying is, there's precedent.

@impiaaa
Yeah. This was specifically in reference to @natecull's post about excel macros, but with an obvious side-eye to javascript.

@impiaaa @natecull
It's also, however, related to "weird machines", which I feel like don't get enough press.

Accidental turing completeness in any format is literally a vulnerability, and happens all the time.

@enkiv2 @impiaaa

I suspect there's a link between chaos in hydrodynamics and Turing-completeness.

Anytime we get a small equation whose results we can't easily predict without iterating it? It's probably a physical Weird Machine.

This idea of "accidental Turing Completeness" reminds me of "Wang's Carpets", a short story by Greg Egan:

timeteam.github.io/fiction/201

His fiction trades somewhat crappy characterisations (but to be fair, mostly of post-humans) for mind-blowing SF ideas.

The only online version I can find is probably illegal:

bunny.xeny.net/life/Egan-Carpe

@natecull @impiaaa @enkiv2

@wu_lee @enkiv2 @impiaaa

I always think of Greg Egan's fiction as:

"Here's this cool comp-sci/physics idea!"
"Neat, what does it imply?"
"... I dunno. But probably soul-crushing depression and paranoia."
"Ah yes, the two great forces of the universe."

I reckon there's an whole subculture of Goth right there, @natecull ...

@impiaaa @enkiv2

@natecull @wu_lee @impiaaa
Greg Egan & Peter Watts clearly need to collaborate on something.

@impiaaa @enkiv2

from the number of security exploits in it, yeah, maybe not a bad idea

8x8 pixels are enough for anyone (except China, Japan and Korea)

@natecull @impiaaa
At the very least, I think "monospace is enough or anyone".

Kerning hinting can make things look pretty, but it trades accessibility, implementation complexity, and a literal vulnerability to do it.

Your webfonts could be mining bitcoins.

@enkiv2 @natecull "look pretty" means better legibility, which means better accessibility. and I didn't think it was just kerning hinting, I thought it was all hinting (in which case monospace would still need it).

@impiaaa @natecull
People make claims about the legibility of dynamically spaced vs monospace typefaces, but I've never been able to see it. Maybe I've just used well-designed monospace typefaces. (I've seen poorly-kerned barely-legible dynamically spaced types, of course. We all have.)

Monospace means words are visually consistent, at least.

@enkiv2 @natecull I'm not talking about the legibility of monospace vs. not. I mean, a poorly hinted typeface, monospace or not, will look bad at small sizes, which means it will be harder to read. I'm sure there are ways to do hinting that don't need to be Turing complete, but you don't need to jump to conclusions and say that we need to ban all typefaces you don't like.

@impiaaa @natecull
I'm having a hard time figuring out what hinting would be used for that could conceivably require a turing-complete language other than kerning.

Scaling is a difficult problem, but it's not typically done fully procedurally for all sizes, is it?

@impiaaa @enkiv2

It seems to me that 'Turing-complete' shouldn't be a HUGE problem if we can ALSO enforce resource usage limits on any jumping-type construct.

So we can know right from the start 'this can't take more than X cycles to run or use more than Y memory cells'.

Are there languages which do that?

@natecull @impiaaa
Yeah. Javascript in the browser.

Hence, when the javascript in our pages is slow and takes too many cycles, we get a slow laggy pop-up window too, asking if we want to try to kill a thread (with a 2% success rate).

Obviously, it could be done not-stupidly. Not aware of anybody who does.

@enkiv2 @impiaaa

Well, I mean at the LANGUAGE level, not the USER INTERFACE level.

Thinking something like Margaret Hamilton's Universal Systems Language, which seems to basically just put resource bounds on all recursion-type constructions. Any function call is a process and has a finite resource pool that its subfunctions inherit, etc.

Her stuff is probably optimised for missiles, not web browsers, and also maybe we did manual RAM allocation in the Mac/Amiga/DOS days and it was terrible.

@enkiv2 @impiaaa

and then we get:

user wants to pump 100 gigabytes through one browser pane because it's a streaming ultra high-def TV series they're binge-watching

ad company wants to pump 100 gigabytes through the same browser pane but user considers this malware

ad company considers the user's ad blocker to be malware...

@natecull @impiaaa
Yeah, I think we could do that too.

(The javascript thing is basically a UI manifestation of an underlying attempt at user time limits.)

Unix also natively supports this kind of quota. Processes are killed when they overstep some bounds.

@enkiv2 @impiaaa

It's like we need quotas at a finer level of granularity than 'process', though.

Erlang in the Browser, maybe?

@natecull @enkiv2 @impiaaa I would make the argument that any running code that you didn't bless should run in its own process. Isolation within a process has proven to be monstrously difficult because hardware is only designed to isolate code at the process level.

@enkiv2 OK, I'm gonna go the other direction with this hot take, than I usually do, given the context.

(Usually I make the argument that HTML is a document format and therefore shouldn't have JavaScript.)

I'm going to argue that Excel is a radically different form of IDE, not a mere document editor, and therefore a degree of Turing-completeness is expected.

@enkiv2 That said, there needs to be heavy restrictions on what can run without consent (and, it's worth noting that by default, VBA macros are disabled, and these JavaScript add-ins need to be manually installed (as do COM add-ins)).

It's still not a great situation, though...

@bhtooefr
You make a good point: formulas are a fundamental selling point of spreadsheet programs.

I still think they probably shouldn't be turing complete.

@enkiv2 Basically where I'm going with this is that Excel - not Visual Basic, not JavaScript in a browser, not some scripting language on the local machine - is the 2018 equivalent to BASIC on an 80s home computer.

Granted, Excel isn't on every machine, but it's something that lets users, not just programmers, develop task-specific software relatively easily.

@bhtooefr
I've seen this take before. I'm not 100% sure I buy it. Spreadsheet formulae are both more technical and more limited than BASIC. Something like Twine is a better match (though again most people don't have a copy).

Non-technical users can and do create incredible things in spreadsheets, but I think you'll probably find that nearly all of them went to company-sponsored seminars on spreadsheet formulae to gain those skills.

@enkiv2 @bhtooefr Excel already contains a specialised dialect of BASIC called VBA (Visual Basic for Applications), its had it for about 20 odd years.

I've used it in the past in a previous job to parse raw text files containing financial data from Oracle systems into spreadsheets than could be further analysed.

Word and other MS office apps have the same functionality (which can and indeed has been misused by malware already, hence the security settings needed to turn on macros on documents)

@vfrmedia @enkiv2 @bhtooefr VBA seems like a perversion of the spreadsheet model to me though. All you need to express yourself is functions and cells.

@calvin @enkiv2 @bhtooefr

Although AFAIK (thinking back 25 years) even Lotus 1-2-3 had macros, in a really clunky way that emulated keypresses (and was even harder to debug than VBA), so this functionality has been around (and of at least some value to "power" end users) for a few decades now..

@vfrmedia @calvin @enkiv2 Action-repetition macros are still a thing in Excel, too, IIRC.

@bhtooefr @calvin @enkiv2 I've seen mixtures of these *and* "proper" VBA functions in some code (especially when put together by accountants rather than those who have even basic knowledge of coding).

To be fair, it often works a fair bit of the time until its fed with data containing some odd edge case like a control character in a text file and the whole thing chokes.

I remember explaining to colleagues the innocent lookng "square box" in that text file is *not* always the same thing 😉

@bhtooefr @vfrmedia @calvin
I don't think so either. Even if it was, nobody would have used it to write anything elaborate, on 8 bit micros.