Here’s weird thing about me: I’m pro-dynamic types. This is weird because I’m also pro-formal methods, in fact teach formal methods as a career, which seems completely antithetical. So on one hand I teach people how to do static analysis, on the other I use languages which make static analysis impossible.

My fondness for dynamic types is ultimately more social than technical:

1. Python helped me escape academia and my first two jobs were in Ruby.
2. I encounter a lot more smug static weenies than smug dynamic weenies, so I defend dynamic typing out of spite. There have been a few cases where I was surrounded by SDWs and I immediately flipped around to being pro-static.
3. The industry is moving towards static typing and I like being weird and contrarian.

But there’s also a technical reason: I think dynamic typing is itself really neat and potentially opens up of really powerful tooling. It’s just … I’m not actually seeing that tooling actually exist, which makes me question if it’s possible in the first place.

Now that Twitter is on a downward spiral I’m rewriting my favorite tweetstorms in a more permanent medium, so here’s the first: why do we have the term “boilerplate code”? It comes from the peculiar interplay of two industrial revolution technologies: steam engines and hot metal typesetting.

So let’s start with the steam engine. Steam engines run on steam, produced by a water boiler. The hotter you can get the steam, the more efficiently you can extract energy from it. Now according to the ideal gas law, if you increase the temperature of a gas while holding the volume constant, you’ll also increase the pressure. If the boiler can’t handle the pressure, it explodes. This is a bad thing.

A lot goes into boiler engineering, but the relevant thing here is that boilers need to be uniformly cylindrical. If the boiler has sharp angles, or if the boiler wall is thinner in one place, then Bad Thing is more likely. Fortunately, there was a well-established method of producing large, flat sheets of metal with uniform thickness: rolling. Boilermakers started buying vast quantities of cast iron from rolling mills, so large rolled sheets came to be called “boiler plate”.

I originally made this newsletter to tell people when I updated my blog. Then it grew into the abomination it is today.

Anyway, I just updated my blog. Here’s a 2000 word writeup on all the strangeloop talks I watched in September.

No newsletter next week

I’m speaking at JAX.

Software Moves

I’m completely braindoggled from the conference prep and forgot how to write newsletters. After three or four attempts of writing about something, getting 300 words in, and hitting a wall, I’m giving up and phoning this one in. Have a brain dump.

Last week Gabriella Gonzalez wrote What does “isomorphic” mean (in Haskell), which covers isomorphism from a first-principles perspective. At the very end she says

In my experience, the more you train your ability to reason formally about isomorphisms the more you broaden your ability to recognize disparate things as equivalent and draw interesting connections between them. [\n] For example, fluency with many common isomorphisms is a useful skill for API design because often there might be a way to take an API which is not very ergonomic and refactor it into an equivalent (isomorphic) API which is more ergonomic to use.

I want to expand a bit more on how they’re useful. I’ll be gleefully butchering rigor here, so if you want a more rigorous treatment I’ll rerecommend Gabriella’s post.

Isomorphisms

So you may know that I’m teaching a 1-day TLA+ workshop in December (just 10 slots left!) This is unlike my normal workshops because it’s only 1 day and for 35 people instead of 3.¹ The two workshops share almost no content between them. To understand why, I need to go into a bit of teaching theory.

For the 700 or so new readers, TLA+ is a form of formal specification language. You can make a design for a system and then directly test the design itself for bugs. It’s an extraordinarily powerful technique but also notoriously difficult to learn. There are two reasons why. First, TLA+ involves a lot of skills and concepts that people aren’t familiar with, like formal logic and model checking. These concepts are all tightly interrelated and you need to understand them all to make TLA+ useful. This is essential difficulty: there’s no easy way to simplify the language while maintaining its power. Second, the tooling is very unforgiving, and there’s lots of unclear error messages and footguns. This is accidental difficulty: there’s only a couple people working on the main tooling and they haven’t had the time or resources to make things better.

I can tailor my workshops to focus on one of these two. To reduce the conceptual difficulty, I can “scaffold” the teaching, or introduce each topic in isolation and gradually build up the whole language. In TLA+, this is done by using a special language, called PlusCal, that compiles to TLA+. PlusCal is much easier for people to grok:

\* TLA+

\E s \in Servers:
  /\ status' = [status EXCEPT ![s] = TRUE]

\* PlusCal
with s \in Servers do
  status[s] := TRUE;
end with;

Sorry this newsletter is late! I was at a wedding on Monday and forgot to say “no newsletter this week”. As penance for my crimes, I’m going to turn my personal life into content.

One of the nice things about being in software is I don’t have to dress up much. I still try to look good at conferences and events, but it’s more “shirt jacket over white tee” fashion, not “suit” look-good. This was the second time this year I had to wear a tie and the experience made me wonder: why are fancy clothes so damn uncomfortable?

Lots of reasons, probably, but there’s one abstract reason that applies to a wider range of topics than just fashion. “Fanciness” and “Comfort” are both optimization targets. If you don’t prioritize comfort, your clothes will be more uncomfortable. Now imagine we take some piece of clothing and measure its comfort and fanciness, then look at all variants of that piece. Some of those variants will be fancier and less comfortable. If your only optimization target is fanciness, you should pick a variant to maximize the quality you care about. If you iteratively repeat the process, you’ll eventually end with very fancy and very uncomfortable clothing.¹

In other words, fancy clothing is uncomfortable because if it wasn’t uncomfortable, we could make it more uncomfortable to eke out more fanciness.

Recently I’ve been very interested in “meatspace models”, where you explain a CS concept in terms of the real world. It’s the monad is a burrito gag except you actually pick something where the analogy is helpful. This seems especially effective with concurrency topics. I first saw this in terms of race conditions, my own first attempt was two-phase commit, and the Strangeloop TLA+ workshop was framed in terms of musical chairs.

Are there meatspace models for things besides concurrency? Turns out I’ve already used a meatspace model to explain SQL injection attacks to layfriends (say if it’s on the news). At a very high level, an injection attack is the conflation of syntax and data, which isn’t a difference most people have encountered before. So here’s how I explain it.¹

Hi everyone, I’m back from Strangeloop! As always it was a fantastic conference. I’ve already done a 2000-word writeup on it but I’m waiting for all the videos to be uploaded first.

(As part of SL I taught 7-hour, 30 person TLA+ workshop. Normally my workshops are 3 days and 4 people, so this was a big experiment for me, and it worked pretty well! Students said they really liked it; I’m aiming to run a web version of it in early December. Stay tuned!)

On the train ride back, I wrote a couple of tools I’ve wanted a while. The first is a markdown link adder. I often need to put links in my documents and manually going over to every [empty link]() is really annoying. So this opens a GUI with all the links in place, and then I can add them all in once place. Then it puts all the links in the appropriate places.

Hi everyone!

I know I said there was no newsletter this week, but that doesn’t mean no new content! Last year I was approached by The ReadMe Project, GitHub’s new online zine, to write about formal methods. I decided to focus on decision tables, since they have a great strength-weight ratio and you can learn everything about them in only five minutes.

Hence, The five-minute feedback fix. You can now read it here:

The five-minute feedback fix · GitHub

Got 5 minutes? @hillelogram has a formal feedback method you can learn to deliver high-quality software that’s cheaper and faster:

No Newsletter Next Week

I’m frantically working on next Wednesday’s TLA+ Workshop. I started making it last month and it’s occupied all my time since.

Originally this newsletter was going to be about the essential vs accidental complexity in teaching a topic, but a couple of things intervened to change that. I’ll probably save that one for after Strange Loop.¹

On the benefits of humanities in software engineering

New Post: Safety and Liveness Properties

Just a few useful ideas from the formal methods world. Read it here!

Data Invariants

Let’s stay on theme this week with a quick overview of data invariants. These are statements about the data that determine correctness: an invariant can only be broken if there’s a bug in your program.

First of all, new post: Software Mimicry! It’s about a thing I’ve seen in a lot of software tools and products that I was trying to capture in a single term, so I could share it and explore what it actually means for things. It’s also a rewrite and expansion of one of my very first newsletters: on emulation.

I find myself fascinating with terms. Mimicry is something I see in a lot of different places, and I’ve seen people identify particular instances of it, but not connect the dots and discuss the abstract concept of mimicry. Is “articulating” mimicry into a distinct term useful? I think so! By having a term for something you can discuss it as a thing instead of being forced to gesture vaguely at it through examples.

Take, for example, “side effect”. A side effect is when a function changes the outside world in addition to computing a value. Changing a global value is a side effect. Allocating or freeing memory is a side effect. Updating the cache, advancing the RNG, and making a POST request are all side effects. Side effects are generally something that increases software complexity, so are often implicitly avoided, or explicitly embedded in software constructs like monads and algebraic effects.

That all makes sense, right? But that only makes sense because I have the term “side effect”. Without it, can I really convincingly explain that “generating random numbers” shares a fundamental essence with deleting a reference or logging to a file? We can vaguely wave at it and maybe point out things like idempotetncy. But it’d be a major uphill battle because people don’t conceptually relate HTTP requests to playing a sound. Articulating the concept of “side effects”, then, creates a new category which all these belong to, making us see them as similar. Once we see them as similar, we can elaborate those similarities / find other examples / find synonyms / all the things we do with new knowledge.

I was at my wits end for this newsletter after my first two ideas hit research barriers. Then someone linked me this story about why arrays start at 0 and bam I had my topic. Specifically, arguing that said link is wrong and does not, in fact, fully explain why arrays start at 0.

You should read it for full context, but the gist of Hoye’s argument is this:

1. Back in the old days, all languages were either 1-indexed or “arbitrarily-indexed”, meaning you could pick an “index range” like 0:10 or -1:25.
2. Dr. Martin Richards was tasked to write a language for the IBM 7094. That computer had a special job deck to calculate yacht handicaps for the president of IBM, which took priority over all other jobs.
3. To keep people from having their jobs cut short by yacht-racing, Richards designed the language to compile as fast as possible. One optimization was setting arrays to start at 0.
4. The language, BCPL, went on to inspire B, which went on to inspire C. C was so popular it made everybody switch from 1-indexing to 0-indexing.

I have a lot of problems with this article, like the author quoting Richards and then immediately turning around and claiming he said the opposite, as well as mocking anybody who thinks that 0-indexing could possibly be good:

There were a couple of threads this week on why Test Driven Development, or TDD, isn’t more widely used by programmers.

That thread (it’s a good one) argues that the problem was an organization failure by TDD proponents, pushing too hard and letting memetic decay transmute “TDD” into “tests r gud”. I have a different explanation: TDD isn’t as valuable as its strongest proponents believe. Most of them are basing TDD’s value on their experience, so I’ll base it on mine.

Surprise newsletter! I said there was none this week due to vacation, but that ended Monday and I’m forever cursed by a witch, so

People might remember this quote from last month’s newsletter:

Interactive computation is a common enough activity for me that I’d put a lot of time into learning something like this. …Maybe I should just get real good with Excel.

Did I? Did I! Here’s some of the fun stuff I discovered:

New Blog Post: Crimes with Python Pattern Matching

First technical blog post since 2021 and it’s all about how to break the Python type system over your knee. I have a lot of fun figuring this one out. Read it here!

No newsletter next week

Vacation weekend!

I do a lot of research for my job and over time built a vocabulary for researching concepts. This one comes up a lot so I figured I’d get it written down.

Information camouflage is when piece of information A has a name similar to another, very different, much more popular piece B. This makes searching for A difficult because you always get results for B instead.

A metafile is a file that represents multiple possible files. The most common type of metafile in use is the template file:

<p>I passed in {number}</p>

Templates are usually filled out at runtime, so it “looks like” one file, but you can take a script that takes the template and produces a bunch of output files. That’s what makes it a metafile.

I first got interested in metafiles while working on learntla. I wanted to present specifications as a sequence of iterations but keep them all in sync, so that changing a name in the first one automatically propagated through the rest. My solution was put them all in a single XML file:

I got 1,000 words into “what, exactly, is software complexity” before remembering that this is supposed to be less effort than the blog. So instead I’m going to list some ideas I had for programming languages. I think all of these are technically doable, so it’s more a “nobody else wants this badly enough” thing. Also caveat these might all already exist; I just know the languages I know!

A serious take on a contract-based language

Contracts are predicates on the code, usually attached to functions and treated like assertion statements. The canonical example is withdrawing from a bank account:

method withdraw(amnt: int)
requires amnt <= self.balance
ensures self.balance >= 0
{
  self.balance -= amnt;
}

Been a while! Now that learntla is out, I can get back to life. Exercising, eating, sleeping, and most importantly, updating this newsletter. Word of warning, though: all the stuff I want to talk about is inspired by things I did with learntla. Like, for example, limitations of the four-document model.

The four document model, aka The Grand Unified Theory of Documentation, states that there are four types of documentation:

• Tutorials: A step-by-step lesson that gets a beginner doing something with your project. In TLA+, this would be setting up and running a simple spec.
• How-to guides: A guide on how to solve a specific problem. In TLA+, this could be how to model a state machine.
• Explanations: deep dives into a particular topic. For example, auxiliary variables.
• Reference: clear, dry technical descriptions. Toolbox model configuration options.

If you want to learn more about the 4doc model, divio has a good page. I want to be clear that overall, I think the 4doc model is a great starting point that helped a lot of people write better documentation. Also, as learntla is teaching a language and not documenting a library, the 4doc model doesn’t map well.

tl;dr: online TLA+ manual/advanced techniques/examples here.

TLA+ is a tool for testing abstract software designs. I first stumbled on it in 2016 and found it so useful I wrote a free online guide to help others learn it. Then I decided the guide wasn’t good enough and wrote Practical TLA+ in 2018. Then I decided the book wasn’t good enough and needed a second edition.

Just kidding! Book’s never getting a second edition, because it costs $26 and no matter how good I make it, it’s never going to have the reach of a free resource. So instead I took all the teaching lessons I learned over the past four years and turned them on rewriting the online guide from scratch.

Six months and 40,000 words later, the Learn TLA+ rewrite is now online! While I’m nowhere near done writing, the guide’s now complete enough to be a useful TLA+ resource, for beginners and experts alike.

Fifteen days left

Hi everyone! Been a couple of weeks since the last email. As mentioned, I took June off from weekly newsletter to work on the new version of the learntla web site. I have a requirement to have a version I’m happy uploading by the end of June, or else I owe a random one of you a thousand dollars. That’s just two weeks away, and I figure I should update everyone on how that’s coming so far.

Currently I’ve written about 28,000 words. That’s about twice the current version of learntla and about half the length of Practical TLA+. With the exception of the sections on Action Properties and pure TLA+, all of the core learning material is in “polish mode”. Action Props are about 60% done, pure TLA+ is maybe 30% done. I also need to take a lot more screenshots and make a lot more diagrams— dreary work, but easy enough to do.

In addition to core material, I’m writing a bunch of special topic essays. Here’s the stuff I want in the MVP:

Hey everyone!

We gotta start with some housekeeping. First, you might have noticed that the newsletter email’s changed. Several people informed me that Gmail was sending the newsletter to spam and Buttondown suggested I send from a custom domain to fix it. There shouldn’t be any changes needed on your end, though if you have message filters you might need to update them. And you can still email support@buttondown.email if you see any issues.

Second, registration for the TLA+ conference is now available! Register here. I’m teaching this year’s TLA+ preconf workshop with an attendee cap of thirty. For the record, my usual cap is four. God help me.

Finally, this is the last weekly newsletter until July. I’m teaching a TLA+ workshop next week, and after that I’ve got to go all in on the learntla June deadline. I might do an off-the-cuff newsletter if something’s really stuck in my head but don’t expect anything. By July we’ll be back to at-least weekly as per usual.

Conventionally we communicate programming ideas with talks, papers, and blog posts. But we can also communicate ideas with entire codebases. If someone finds a security exploit, she’ll sometimes publish a proof of concept to prove the exploit isn’t just theoretical.

Now let’s say the exploit PoC comes with a ton of command-line flags: verbose mode, configuration options, output formats, the whole works. Now the writer is communicating something subtly different: not just that the exploit exists, but she wants you to experiment with it. She’s making it as easy as possible for you to play with the exploit yourself and come up with variations and consequences.

This makes codebases like any other kind of communication medium. There are different styles you can use to say subtly different things. There are also different “genres”, or overt things you use the codebase to say. Some examples:

Of Genres

This one’s going to be a bit off topic. I have a long piece on the history of pattern matching I want to do but this week is really tight work-wise and this one’s less time-intensive to write.

I’m very interested in “knacks”, or mental tricks that help out in day-to-day life. For example, being able to count quickly and having good memory palaces. Last year I thought I’d memorize a larger multiplication table. Sounds a bit silly, but I come across multiplications a lot, and knowing a large table makes it faster. Like what is 8 feet in inches? Most Americans are only taught the 9x9 table, so they’d have to do 8×10 + 8×2. But some kids are taught the 12x12 table, so they just know that 8×12 = 96.

So there’s clearly some value to knowing a larger table, as it means you can do more stuff in your head, instead of needing a calculator. The only reason we stop at 9x9 (or 12x12) is because you can only do so much with kids before they lose interest. But as an adult I’m willing to put the time in to multiply better. Why not memorize the 99x99 table? Then I can see, say, 14×87 and instantly know it’s 1218.¹

One teensy tiny problem: multiplication tables scale quadratically. The 9x9 multiplication table has 45 terms.² The 99x99 table has 4950. I’m willing to put time into this project, but not that much time.

As a teen I regularly read The Daily WTF, a comedy site about bad programming and bad software jobs. Two articles have stuck with me. The first is this fantastic article about an incredibly wtf radio jammer. The second is No, We Need a Neural Network, which opens with this:

M.A. is one of the world’s foremost experts on neural networks. His undergraduate specialty was artificial intelligence, his master’s thesis was about genetic algorithms, and his doctoral dissertation covered evolutionary programming. Such an extensive computer science education opened up a wide range of career options, ranging from a professor at a university to … a professor at another university.

The article was published in December 2006. Within six months NVIDIA released CUDA, by 2009 Raina et al were training neural networks on GPUs, and in 2012 the GPU-trained AlexNet crushed every single image recognition benchmark. It took just over five years for neural networks to go from punchline to multibillion dollar industry.

I think about that a lot.

Hey everyone!

I realize I should give you all an update on the current learntla progress! So first of all, I’ve been continuously pushing my work to the learntla-v2 repo. Every push also builds the virtualenv as the artifact, so if you want to see the current state of the documentation, you can clone the repo, download the venv, and then run venv/bin/sphinx-build to get a local copy.

Currently I’m 15,000 words in and expect to have the first public version ready by the end of June. To keep myself to that schedule I set up a toxx clause: If I miss the deadline I’ll pay $1000 to a random newsletter subscriber. That public version won’t be the intended final version, just the minimal content I’d be happy with. In particular, to cut scope I’m leaving out all exercises.

v2 is organized slightly differently from v1 and Practical TLA+. In addition to reordering the content (constants now come much earlier, and nondeterminism comes after functions), I’m splitting examples up into simple “in-band” ones that are inline with the teaching material and complex “out-of-band” ones that are on separate (linked) pages. That way I can separate “examples for showing the concepts in use” from “examples for learning how to specify better”. Also, I reuse the same problem for the in-band examples. Currently, the two main in-band examples are “checking if a string contains duplicates” and “threads incrementing a counter”, though there are a couple others, too. The out-of-band examples are going to be more diverse. None of those are written yet, but the ones I plan to do are (at the very least):

I am really, really into cooking. In the heady days of 2016 I regularly threw dinner parties for 30+ people. These days I don’t hate myself that much, but it’s still a big part of my life. I know more about my city’s best grocery stores than its best restaurants and regularly bring homemade candy to conferences. I really like cooking.

In order to cook well, you need to practice mise en place: prepping all your ingredients before you start cooking. If you have to chop and sear three types of vegetables, first you get them all out and washed, then you chop them all, then you sear them. You don’t start prepping one vegetable while another is already cooking.

You can think of it as organizing your cooking workflow so that tasks are separated into “low-intensity” preparation and “high-intensity” work, where you’re bound by focus and tight timing. Without mise en place you’re doing the easy prep at the same time as the hard work, which makes everything more stressful and mistakes more likely.

How can we apply mise en place to programming? The most straightforward translation is doing all the project infra work before writing the code, but I don’t think that’s always appropriate. Software is different from cooking; the task is unbound and your requirements change. It doesn’t make sense to do a lot of prep that may be unnecessary.

(Sorry this is late! Dealing with COVID.)

I have mild ADHD. I can focus on strenuous mental tasks, but I can’t handle boring or repetitive work. Even something like “manually navigating to a folder” is enough to make procrastinate. I’m always looking for ways to aggressively optimize my workflow.

For example, one thing I have to do a lot is type my address into emails and chats and the like. For most people that isn’t a big deal, but for me it’s disruptive. One tool I use, AutoHotKey,¹ has “hotstrings”: if you type a hotstring, it replaces the text with a substitute.

::;adr::{My address}

I work with a lot of really esoteric technologies, like TLA+, Alloy, J, MiniZinc, and PRISM. Pretty much every non-mainstream technology has a “literature gap” between beginner and expert work.

Take J. If you go around the internet, you’ll find lots of articles extolling the virtue of array-based programming and a lot of experts showcasing the cool things you can do with J mastery.¹ Here’s what you won’t find:

• The best way to structure your code
• Common troubleshooting issues and how to get around them
• Common antipatterns
• Program dissections
• A well-organized documentation of the standard library with examples²
• Blog posts of people discussing techniques without needing to introduce basic concepts first

In other words, there’s material to get you started, and material for experts to share with other experts, but nothing for people to go from knowing the language to being a competent practitioner (CP). I’m using J as an example here, but almost all esoteric technology I know about has the same problem. This points to a user gap, where most of the users are beginners or experts. Experts don’t need to talk about this stuff because they already know it, so it’s not interesting to them. And beginners don’t know enough to talk about it usefully.

Hello everyone!

So first of all, new post. It’s about how I got into microscopy and a bunch of pictures I took that I like. It has nothing to do with tech at all!

…Some explanation is in order.

So, it’s also April 1st today, and that means the internet has to deal with the dreaded “April Fools” plague. The one day it’s socially acceptable for Serious People to do something silly, but Seriously. So you get one of two things:

The “iron triangle” of project management is “Cheap, fast, good: choose two”. This works on the assumption that quality is a metric while time and money are fungible constraints. We can exchange between time and money, and also lower our quality goals to require less of both. Then by LeMond’s law¹, if you aren’t using much of your resources, you can afford to be more ambitious and put yourself in a place that does demand more from your resources.

It occurs to me that we can flip “quality” around into a constraint by saying is a “shoddiness” is a quantity we can spend to make the product worse. Then time, money, and shoddiness become our three budgets that all work against each other— we can pay shoddiness and time to save money, etc. The three resources are also conceptually independent: most other resources we can think of (favors, scope) fall clearly into one bucket.

That got me wondering what the software iron triangle would look like. Not the development of software, which falls under project management, but the software itself. Are there fundamental constraints that act as universal conflicting budgets? I’m pretty sure I know what two of them are, but the third I’m more uncertain about. They are performance, complexity, and (possibly?) correctness.

Performance also includes other resources like memory or power-use, but the dominant resource in this budget is wall time. Most problems are solveable by brute force; we don’t do that because that’s an unacceptable performance cost. Over time computers become faster and we get more of this budget to work with, which leads to adages like “developer time is more important than CPU time”. But we don’t have an infinite budget, and it’s easy to waste too much of this resource if you’re not paying to it as a constraint.

The Problem

When teaching things I like to break code up into a set of small changes, showing the differences between each change. So if I start with

// version 1

boilerplate
more boilerplate
some code
more boilerplate

I’d show the next small change as a diff, like this:

Happy Pi Day!¹ To celebrate I want to get away from software for a bit and talk about something special. You may have heard the story that the Indiana legislature tried to change the value of π, to something like 3 or 4 or 3.15 or something like that. This is usually shared as evidence that Indianans are dumb hicks, but I don’t like leaving things at that. Why did they try to change π and what did they expect to happen?

I did the research, and now you get to hear the whole story. But to fully understand the context, I’ll need to explain math.

I’ll need to explain a lot of math.

Straightedge is for Squares

Hey y’all! Still hard at work on the new learntla version. It’s currently about a third of the length of original learntla, which is pretty impressive, given I’m estimating I’m like… 10% done with the first draft? At most. I’ve also written many of the tools I’ll need to manage the complexity of the larger docs, and specced out many of the examples and exercises I want to do.

By the way, we now have a TLA+ survey available! Please fill out the survey if you can, we really want to understand the community better, and this is a great way to give back! Click me click me click me

This is the third time I’m writing a TLA+ resource: the original learntla, Practical TLA+, and now this. Plus I’ve also done Alloy documentation and several workshops, so in all I’ve spent a lot of time in the past five years thinking about how to explain shit better. There’s a lot of stuff I didn’t know before that now feels so obvious! So obvious that it almost feels not worth talking about, but then again I didn’t know it before, so I’m guessing some of you don’t know it now. So I wanna share a short education concept I call “The Parable of the Crow”.

Specifically, this crow!

Last week I read Software I’m Thankful For and it inspired me to do a similar piece. I use a lot of different exotic tools, too, so I think it’s a good way to share some stuff most people haven’t seen. At least mainstream programmers, if you’ve been following me for a while a lot of this will be familiar.

TLA+ and Alloy

So let’s start with the big, obvious ones. TLA+ and Alloy are both formal methods languages for finding problems in designs. It’s something so outside the norm that many programmers don’t even know that directly testing designs is a thing that exists, much less that it’s economical and effective. I’ve met plenty of people who say FM couldn’t possibly work, and then after a five minute demo switch to “I need to learn this right goddamn now.”

That more than anything else is what makes me so optimistic about FM’s long term future. Most developers have a well-founded skepticism of new or exotic technology. So to see people get excited so quickly? There’s something really precious here.

First a term: by “treatise”, I’m not saying this newsletter is comprehensive, persuasive, or even correct. I’m using it to mean a very specific type of writing, one that presents an idea and its consequences without trying to convince people of that idea. I don’t even know if I’m convinced by the idea. I just want to see if I can communicate a specific idea, and if people understand it but reject it, I’m happy.¹

Consider we have a rectangle object:

class Rect():
    def __init__(self, l, w):
        self.l = l
        self.w = w

    @property
    def l(self):
        return self._l

    @property
    def w(self):
        return self._w

    @l.setter
    def l(self, _l):
        self._l = _l

    @w.setter
    def w(self, _w):
        self._w = _w

Website Haitus

Fortunately not depression this time, just a responsibility thing. From the announcement:

I’m not letting myself work on software content for the website until I finish both the Alloydocs update and the learntla rewrite.

(I’ll still be writing the weekly newsletter.)

Yeah, I’m incentivizing myself to write by rewarding myself with more writing. Hey if it works it works.

Once more: we are not modeling reality, but the way information about reality is processed, by people. — Bill Kent

I’ve got this working theory that you can tell how enthusiastic someone is about a subject by how obscure their favorite book is. It’s just a simple numbers game: there are more obscure books than popular books, so there are more obscure good books than popular good books, so the more books you read the more likely your favorite is an obscure one. In other words, if someone says they love fantasy novels and also their favorite novel is Harry Potter, odds are they don’t actually read that much fantasy.

I’m saying this because my favorite book on software is incredibly obscure, which must mean I’m a super cool software dude. That’s how logic works, right?

It’s Data and Reality, by Bill Kent. Unlike most books on data modeling, Data and Reality doesn’t tell you how to do anything, or give you advice on the best way to model. Instead, it’s a philosophical book on the nature of information and how we represent it. Kent doesn’t want you to follow his advice, he wants you to ask questions, to understand just what it is we’re trying to do. He opens the book with a whirlwind of examples where our intuition of meaning breaks down:

Some people, when confronted with a problem, think “I know, I’ll use regular expressions.” Then they solve their problem, hooray!

Regexes are great! I use them all the time! For some reason, though, people seem to hate them. And those “some reasons” are

1. They’re very hard to read, so you have no idea what a given regex you see does.
2. They’re fragile, so slight changes to the input can break your regex. Making them more robust also makes problem (1) worse.

This is usually in the context of putting a regex in your code, where it’s used to pull semantic information out of arbitrary texts. In that context, readability and robustness are really important. Simple regexes can work but for anything complicated you probably want to use a parser.

Hiya everyone! Workshop is all done and I’m alive again. For those of you just joining us, I teach formal methods workshops to companies. Working on a piece about my pedagogy now, actually; for such a large industry there’s surprisingly little shop-talk out there.

-

Okay so the last two newsletters were about research and the workshop was all formal methods, so let’s take a break from “stuff that pays the bills” and chat software philosophy for a bit. I recently read Improving end-to-end tests reliability. In order to make better E2E tests, they recommend building a lot of infrastructure to support the tests: high-level interfaces, automatic bisection, stuff like that.

This reminded me of a concept I’ve mentioned a few times before: software as an artifact. One of the fundamental differences between “programming” and “software engineering” is that engineering treats the software as an entity distinct from the thing it’s doing— as something that exists in its own right. The software has presence and needs to be supported as much as the client domain.

I’m a pretty gullible person.

When I was a kid, my sister told me that there was a monster inside the toilet. For years after I’d flush and then run out of the bathroom in panic. As a teen, I discovered the James Randi forums and immediately became a true believer in the power of skepticism.¹ Skepticism is great! It’ll keep me from falling for flimflam anymore. If I follow the principles of skepticism then people will stop thinking I’m gullible. Hooray!

In other words, I was gullible enough to believe in the skepticism ideal instead of the Skepticism identity. You’re only supposed to be skeptical of what the community considered valid targets. Like if somebody pulls out a paper disproving astrology, you shouldn’t then point out that the researcher screwed up their χ² test and also was later caught fabricating data. Stuff that debunked pseudoscience was allowed to be “sloppier” because it served the Skeptic mission.

It was only years later that I realized I was doing skepticism wrong, but by that point the damage had been done. I fell for the ideals so wholeheartedly they became principles: spreading misinformation is wrong and debunking it is virtuous, regardless of what the misinfo is. Turns out this is really hard to do! We’re much better at seeing flaws in positions we disagree with than positions we like. It’s just part of human nature to be easier on “our side”.

In Superintelligence: The Idea That Eats Smart People, Maciej Pinboard nee Cegłowski talks about analyzing AI risk with the perspective of the “outside view”:

Say that some people show up at your front door one day wearing funny robes, asking you if you will join their movement. They believe that a UFO is going to visit Earth two years from now, and it is our task to prepare humanity for the Great Upbeaming. […] The outside view tells you something different. These people are wearing funny robes and beads, they live in a remote compound, and they speak in unison in a really creepy way. Even though their arguments are irrefutable, everything in your experience tells you you’re dealing with a cult.

Of course, they have a brilliant argument for why you should ignore those instincts, but that’s the inside view talking. […] The outside view doesn’t care about content, it sees the form and the context, and it doesn’t look good.

This is one of the most powerful tools in doing research. Analyzing the technical merits of a practice, or technology, or $THING is really hard. Ideally we’d give everything we explore a fair shake, but we have limited time and need heuristics to decide what to spend time on. If something fails the outside view, then we can probably skip it without investigating it further.

What does the outside view look like in software? In my experience, here are a few red flags:

Last year I rolled up the newsletter into an ebook and gave my thoughts on every published blogpost. I haven’t gotten around to making the 2021 Computer Things volume, so we’ll just run through the blog posts this time.

I wrote about 39,000 words for the blog, which is about 8,000 less than last year. But I also released a 20 minute video, and was horrifically depressed for half the year, so I’m not too broken-up over it. Here are my thoughts on every blog post:

The Crossover Project

Hoo boy, lots of thoughts. This was a set of three essays, based on two years of interviewing crossover engineers:

First some good personal news: I did a hiatus over the summer due to severe depression issues. Well, I finally got into an intensive outpatient program, which so far seems to be helping, and I’m optimistic it’ll leave me in a better place longterm.

Now some bad professional news: IOPs are both really time-consuming and mentally exhausting, which makes it hard to do more than my core client work. Don’t get me wrong, I want to write and I have the capacity to write, but there’s also a ton of research, synthesis, and editing that goes into the usual blogposts and newsletters. That’s why the last newsletter was pretty off-the-cuff opinions— it’s a lot less mental overhead.

So this week I’ll do another low-stress thing and provide short answers to several topics. Specifically, these topics:

New Post: ADTs in TLA+

Using Abstract Data Types in TLA+. It’s an adaptation of part of my TLAConf talk. It’s also a lot more advanced than most of the material I put online, and I expect it to only be useful to experienced TLA+ users. But that stuff is important, too. The community has made a lot of improvements in beginner-level instruction, so now there’s more of an audience for advanced techniques. I want those people to keep learning, too.

I don’t really have a formalized theory of the impact of “skill ceilings”, but I want to think they’re bad. In particular I’m pretty jealous of the Haskell community, which is really good at forever raising the skill ceiling. You can argue they don’t give enough priority to beginners and intermediates, and I think that’s a fair critique, but I also believe they do a much better job of pushing the boundaries of their world than other language commuities do. And I want that in formal methods, too.

See also: Blub Studies.

I know I said no newsletter this week but this just hit me and it’s small enough to write up so I’m fitting it in. The Monty Hall problem is a famous probability puzzle. From Wikipedia:

Suppose you’re on a game show, and you’re given the choice of three doors: Behind one door is a car; behind the others, goats. You pick a door, say No. 1, and the host, who knows what’s behind the doors, opens another door, say No. 2, which has a goat. He then says to you, “Do you want to pick door No. 3?” Is it to your advantage to switch your choice?

Most people say it doesn’t matter, that regardless of if you switch or not you have a 50% chance of getting the car. But switching actually wins 2/3rds of the time!

I’ve never been satisfied with the many, many explanations I’ve read. I get the math, but every explanation feels like a sleight-of-mind, where if you poke just a little bit it’ll all fall apart. The other day I came up with a variation:

Read it here! https://www.hillelwayne.com/post/alloy6/

Features my first attempts at using vector graphic diagrams to explain things better, like this:

Reminder, no newsletter next week due to workshop. See you all December 13!