May 7, 2023

Introducing Myco: a secure JS runtime

A few months back I wrote about Log4Shell and its implications for language design. Since then I've worked on a number of language concepts based around these ideas, but always hit a wall. There is so much to build when you're starting a language from scratch, and I never made it…

Effects, Capabilities, and Log4Shell

One year ago, the Log4J logging library, which is widely used in the Java ecosystem, was hit by the Log4Shell vulnerability.1 This bug allowed attackers to execute arbitrary code on a server running Log4J by sending a carefully crafted log message. The vulnerability was caused by…

The Tooling

In this post I'm going to get set up with the playground tooling I'll use to showcase the languages I discuss here. The goal is to have something similar to a Jupyter notebook: a series of executable text-editor fields that share an environment.