I have a very complex relationship with math. I minored in math but I was really bad at it, and my classmates were regularly running rings around me. My mind was simply not a good fit for it. Then I switched to a computer science major, and everything changed.

But even back then, I realized that math was special. It’s so much more painfully obvious to me now, but it took a while to get there.

You might know the joke about this math student asking their math teacher “Will I ever use this in my life, ever??”.

And the math teacher responding “Your smart and successful classmates will”.

Such a slap in the face.

But there is a lot of truth to that joke. Math teaches you a lot of things that are not directly applicable to the real world, but that is its purpose, and what makes it so important. Sure, you take a math class, don’t understand a word of it, and drop out. Understandable. But how many other people do the same thing as you? 99% of the class? What do you think about this? Don’t you want to be one of these special cases, one that doesn’t give up easily, one that keeps trying when everyone else gave up?

Math is like jogging. There is no sport that requires you to jog at a medium pace for a half hour. But then, why do the best athletes in the world go jogging several times a week?

Because it trains your body and prepares it for bigger challenges. And that’s exactly what math does. It shapes your brain, extends it, challenges it, and prepares it to view the world in abstract ways that very, very, VERY, few people see.

My kids regulary ask me this very same question, whether I use math in my daily life. And my response is unwaveringly “All the time”. I use math when I drive, in traffic, when I read email, when I watch or practice sport, when I look at the layout of my house or whenever I write code. It’s a constant presence.

Math helps me solidify those natural pattern seeking recognition skills that evolutional biology has wired in my brain for tens of thousands of years. I notice things, put them together, draw conclusions, derive decisions.

It’s very hard to explain and put into words, but math is probably the most important thing I ever studied in my entire life, and I can’t wait to learn more of it.

It’s fascinating to me that so many years after the concept of Dependency Injection (DI) became popular, so many people still don’t seem to understand what it is and why it’s such a fundamental idea that transcends languages.

“I already have Dependency Injection, it’s called ‘passing parameters'”

– Pretty much everyone in a discussion about Dependency Injection

No, passing dependencies as parameters is not DI and it’s actually a terrible way of building software. Let’s explore why.

Dependency Injection, the wrong way

Let’s imagine a typical application that starts at main() and then ends up calling a function you are working on, let’s call it “sendPacket()“:

fun main() {
  f()
}
fun f() {
  g()
}
fun g() {
  sendPacket(packet)
}
fun sendPacket(packet: Packet) { ... }

Next, you decide you want to log whenever a packet is sent, so you need a logger. The traditional, non DI (and wrong) way to do this would be to instantiate this logger as high as possible (so it can be used by other functions) and then passed down:

fun main() {
  val logger = Logger()
  f(logger)
}
fun f(logger: Logger) {
  g(logger)
}
fun g(logger: Logger) {
  sendPacket(packet, logger)
}
fun sendPacket(packet: Packet, logger: Logger) { ... }

Here are some things that are immediately apparent in this new version of the code:

• By adding this dependency to sendPacket(), I have impacted all the callers, who now have to pass a logger even though they never need one themselves.
• Anyone who wants to call sendPacket() now needs to find such a logger, even though all they want to do is send a packet.
• sendPacket() is now exposing private details to the outside world, its encapsulation is now completely broken.
• This approach will never scale. Imagine a code base of millions of lines of code and the effect that adding a logger to one function will cause on the entire code base.

A few quick observations before we dive deeper:

• It is not the purpose of this article to analyze why being able to create these instances differently based on the deployment environment (e.g. production, testing, staging, benchmarking, etc…) is desirable.
• This problem statement generalizes to classes as well, except that you would pass these dependencies in the constructor with the same devastating effect.
• The monadic approach to this problem (using Reader) suffers from this exact problem (on top of introducing monads, which create even more issues).

A better approach

Having established that passing dependencies as parameters is not a good idea, what are our options?

Here are a couple:

• Make the dependencies global variables.
  We all know how bad an idea that is, but while it turns the code into an ungodly pile of spaghetti, it does address the encapsulation breaking aspect: functions can add dependencies to their implementations without impacting callers since these dependencies are no longer passed as parameters.
• Find a way to “inject” the dependency where it’s needed, and only where it’s needed.
  This way, the dependency can’t be seen nor used by anyone that doesn’t need it and callers are none the wiser.

And this is where the word “Injection” comes into play.

Java and Kotlin have a great mechanism for DI (they are not the only ones, but I’ll focus on them since their approach is fairly well known by now).

It’s very simple: you use the annotation @Inject to mark values as dependencies, and this annotation can be used in different places based on your scenario. The limitation of this annotation in Java and Kotlin is that it cannot be directly injected into a function (and just that function), so instead, we declare it in the class that this function belongs to, but the effect is the same:

class PacketSender {
    @Inject
    val logger: Logger
    fun sendPacket(packet: Packet) {
        logger.log("Hello")
        // send packet
    }
}

The encapsulation aspect is neatly fixed by this approach: the developer of the PacketSender class can add and remove dependencies with abandon without ever impacting the signature of sendPacket(), which means that its users will never break.

The next issue to address is how to instantiate a class like PacketSender with the right dependencies, but I will leave that aside since this is a problem that’s pretty well documented and solved by the various DI libraries that are available today. Instead, I’d like to follow these observations with a short discussion about how we could improve on this mechanism even further.

A language with native support for DI

As I mentioned above, the one limitation of the Java/Kotlin approach to DI is that the injection is still too broad: it needs to be done at the class level, which means these dependencies are visible to all the functions of the class. Can we do better?

Well, not with the current versions of Java and Kotlin, but let’s think about what this could look like.

We have established that functions need two kinds of parameters:

• “Business parameters”, values that the function needs to perform its function.
• “Dependency parameters” (or we could call them “Support” or “Utility” parameters), values that the function can use for reasons that are not directly related to its function and which should be kept as private implementation details.

The interesting observation here is that these two kinds of parameters are coming from different origins, and the signature of the function should reflect that. Which led me to the following (hypothetical) syntax:

fun sendPacket(packet: Packet)(logger: Logger) {
    logger.log("Hi")
    // send packet
}

We now have two lists of parameters, with the second one being optional. Any parameter mentioned in that second list of parameters will have to be supplied by the DI runtime of the language and its parameters are only visible while inside the function. Callers of such functions only have to supply the parameters in the first list and can completely ignore the dependency parameter list.

With this approach, we achieve the desired encapsulation and we cleanly separate the parameters in two very distinct categories, which improves the readability of the code without compromising type safety. Dependencies are created “somewhere else” (to be defined, but like I said above, existing DI frameworks have given us plenty of interesting mechanisms to build these dependencies) and passed transparently to functions without ever impacting callers.

Guice’s “Assisted Injection” offers a mechanism that’s very similar to what I’m proposing (here is an article with more details about it), but other than that, I haven’t found any language trying to solve this particular problem. Please let me know if you know of any!

This is a follow up to my previous article, in which I explored a few aspects of Kotlin that Rust could learn from. This time, I am going to look at some features that I really enjoy in Rust and which I wish that Kotlin adopted.

Before we begin, I’d like to reiterate that my point is not to start a language war between the two languages, nor am I trying to turn one language into the other. I spent careful time analyzing which features I want to discuss and automatically excluded features that make perfect sense for one language and would be absurd in the other. For example, it would be silly to ask for garbage collection in Rust (since its main proposition is a very tight control on memory allocation) and reciprocally, it would make no sense for Kotlin to adopt a borrow checker, since the fact that Kotlin is garbage collected is one of its main appeals.

The features I covered in my first article and in this one are functionalities which I think could be adopted by either language without jeopardizing their main design philosophies, although since I don’t know the internals of either languages, I might be off on some of these, and I welcome feedback and corrections.

Let’s dig in.

Macros

I have always had a love hate relationship with macros in languages, especially non hygienic ones. At the very least, macros should be fully integrated in the language, which requires two conditions:

• The compiler needs to be aware of macros (unlike for example, the preprocessor in C and C++).
• Macros need to have full access to a statically typed AST and be able to safely modify this AST.

Rust macros meet these two requirements and as a result, unlock a set of very interesting capabilities, which I’m pretty sure we’ve only started exploring.

For example, the dbg!() macro:

let a = 2;
let b = 3;
dbg!(a + b);

Will print

[src\main.rs:158] a + b = 5

Note: not just the source file and line number but the full expression that’s being displayed (“a + b”).

Another great example of the power of macros can be seen in the debug_plotter crate, which allows you to plot variables:

fn main() {
    for a in 0..10 {
        let b = (a as f32 / 2.0).sin() * 10.0;
        let c = 5 - (a as i32);
        debug_plotter::plot!(a, b, c; caption = "My Plot");
    }
}

How beautiful and geeky is that?

Kotlin is not completely unarmed in this department since the mix of annotations and annotation processors provide a set of functionality that is not very far from what you can do in Rust with macros and attributes. The main difference is that while Kotlin’s approach only allows for legal Kotlin code to ever be present in a Kotlin source file, Rust allows for any arbitrary syntax to appear as a macro argument, and it’s up to the macro to generate correct Rust that the compiler will accept.

I have to admit that my mind is not fully made on this particular aspect.

On one hand, it’s nice to be able to write any kind of code in a Rust source file (this is what React does with JSX), on the other hand, the potential for abuse is high and one can rightfully fear a day when a Rust source file would look nothing like Rust code. However, so far, my fear has never materialized and most macros that I have encountered use custom syntaxes very parsimoniously.

Another very important aspect of macros is that Rust IDE’s understand them (well, at least, CLion does, and potentially, all IDE’s can, and will) and they will immediately show you errors when something is going wrong.

Macros are used in a very large array of scenarios and provide Rust with some really neat DSL capabilities (e.g. for libraries supporting SQL, Web, graphics, etc…).

Also, macros integrate very neatly with…

Attributes for preprocessing

Attributes are Rust’s version of annotations and they start either with # or #!:

#![crate_type = "lib"]
#[test]
fn test_foo() {}

Nothing groundbreaking here, but what I want to discuss is the conditional compilation aspect.

Conditional compilation is achieved in Rust by combining attributes and macros with cfg, which is available as both an attribute and a macro.

The macro version allows you to compile conditionally a statement or an expression:

#[cfg(target_os = "macos")]
fn macos_only() {}

In the code above, the function macos_only() will only be compiled if the operating system is macOS.

The macro version of cfg() allows you to add more logic to the condition:

let machine_kind = if cfg!(unix) {
    "unix"
} else { … }

At the risk of repeating myself: the above code is a macro, which means it’s evaluated at compile time. Any part of the condition that is not meant will be completely ignored by the compiler.

You might rightfully wonder if such a feature is necessary in Kotlin, and I asked myself the same question.

Rust compiles to native executables, on multiple operating systems, which makes this kind of conditional compilation pretty much a requirement if you want to publish artifacts on multiple targets. Kotlin doesn’t have this problem since it produces OS neutral executables that are run on the JVM.

Even though Java and Kotlin developers have learned to do without a preprocessor since the C preprocessor left such a bad impression on pretty much everyone who has used it, there have been situations in my career where being able to have conditional compilation that includes or excludes source files, or even just statements, expressions, or functions, would have come in handy.

Regardless of where you stand in this debate, I have to say I really enjoy how two very different features in the Rust ecosystem, macros and attributes, are able to work together to produce such a useful and versatile feature.

Extension traits

Extension traits allow you to make a structure conform to a trait “after the fact”, even if you don’t own either of these. This last point bears repeating: it doesn’t matter if the structure or the trait belong to libraries that you didn’t write. You will still be able to make that structure conform to that trait.

For example, if we want to implement a last_digit() function on the type u8:

trait LastDigit {
    fn last_digit(&self) -> u8;
}
impl LastDigit for u8 {
    fn last_digit(&self) -> u8 {
        self % 10
    }
}
fn main() {
    println!("Last digit for 123: {}", 123.last_digit());
    // prints “3”
}

I might be biased about this feature because unless I am mistaken, I was the first person to suggest a similar functionality for Kotlin back in 2016 (link to the discussion).

First of all, I find the Rust syntax elegant and minimalistic (even better than Haskell’s and arguably, better than the one I proposed for Kotlin). Second, being able to extend traits this way unlocks a lot of extensibility and power in how you can model problems, but I’m not going to dive too deep into this topic since it would take too long (look up “type classes” to get a sense of what you can achieve).

This approach also allows Rust to mimic Kotlin’s extension functions while providing a more general mechanism to extend not just functions but types as well, at the expense of a slightly more verbose syntax.

In a nutshell, you have the following matrix:

cargo

This probably comes off as a surprise since with Gradle, Kotlin has a very strong build and package manager. The two tools certainly have the same functional surface area, allowing to build complex projects while also managing library downloading and dependency resolution.

The reason why I think cargo is a superior alternative to Gradle is because of its clean separation between the declarative syntax and its imperative side. In a nutshell, standard, common build directives are specified in the declarative cargo.toml file while ad hoc, more programmatic build steps are written directly in Rust in a file called build.rs, using Rust code calling into a fairly lightweight build API.

In contrast, Gradle is a mess. First because it started being specified in Groovy and it now supports Kotlin as the build language (and this transition is still ongoing, years after it started), but also because the documentation of both of those is still incredibly bad

By “bad”, I don’t mean “lacking”: there is a lot of documentation, it’s just… bad, overwhelming, most of it outdated, or deprecated, etc…, requiring hundreds of lines of copy/paste from StackOverflow as soon as you need something out of the beaten path. The plug-in system is very loosely defined and basically lets all plug-ins access whatever they feel like inside Gradle’s internal structures.

Obviously, I am pretty opinionated on this topic since I created a build tool inspired by Gradle but using more modern approaches to syntax and plug-in resolution (it’s called Kobalt), but independently of this, I think cargo manages to strike a very fine balance between a flexible build+dependency manager tool that covers all the default configuration adequately without being overwhelmingly complex as soon as your project grows.

u8, u16, …

In Rust, number types are pretty straightforward: u8 is an 8 bit unsigned integer, i16 is a 16 bit signed integer, f32 is a 32 bit float, etc…

This is such a breath of fresh air to me. Until I started using these types, I had never completely identified how uncomfortable I had always been with the way C, C++, Java, etc… define these types. Whenever I needed a number, I would use int or Long as default. In C, I sometimes went as far as long long without really understanding the implications.

Rust forces me to pay very close attention to all these types and then, the compiler will relentlessly keep me honest whenever I try to perform casts that can lead to bugs. I really think that all modern languages should follow this convention.

Compiler error messages

Not to say that Kotlin’s error messages are bad, but Rust certainly set a new standard here, in multiple dimensions.

In a nutshell, here is what you can expect from the Rust compiler:

• ASCII graphics with arrows, colors, clear delineations of problematic sections.
• Plain English and detailed error messages.
• Suggestions on how you could fix the problem.
• Links to relevant documentation where you can find out more about the problem.

I certainly hope that future languages will take inspiration.

Portability

About twenty-five years ago, when Java came out, the JVM made a promise: “Write once, run anywhere” (“WORA”).

While this promise stood on shaky grounds in the early years, there is no denying that WORA is a reality today, and has been for a couple of decades. Not only can JVM code be written once and run everywhere, such code can also be written anywhere, which represents an important productivity boost for developers. You can write your code on any of Windows, macOS, Linux, and deploy on any of Windows, macOS, and Linux.

Surprisingly, Rust is also capable of such versatility, even though it produces native executables. Regardless of the operating system you are writing your code on, producing executables for a multitude is trivial, with the added benefit that these executables are native and, thanks to the incredible technical achievement that the LLVM is, very performant too.

Before Rust, I had resigned myself to the fact that if I wanted to run on multiple operating systems, I had to pay the price of running on a virtual machine, but Rust is now showing that you can have your cake and eat it too.

Kotlin (and the JVM in general) is beginning to learn this lesson too, with initiatives such as GraalVM, but producing executables for JVM code is still fraught with restrictions and limitations.

Wrapping up

I have a lot more to say about all of this.

And by “all of this”, I mean “Rust and Kotlin”.

They are both such interesting languages. I like them both, but for different reasons. I hope I was able to convey some of my fondness in these two posts. Even though these articles might appear critical, they are really love letters. I am a very demanding developer, someone who’s been writing code for forty years and who plans to keep doing so for as long as his mental abilities allow him. I feel unreasonably passionate about programming languages, and I hope that my passion shone through these two articles.

TestNG is a project I started around 2004 with the only intent to mix things up. I wanted to show the Java world that we could do better than JUnit. I had no intentions for anyone to like and adopt TestNG: it was a project lab. An experiment. All I wanted to do was to show that we could do better. I was genuinely hoping that the JUnit team (or whatever was left of it) would take a look at TestNG and think “Wow, never thought of that! We can incorporate these ideas in JUnit and make it even better!”.

This is my goal with these couple of posts. I would be ecstatic if these two very, very different worlds (the Rust and Kotlin communities) would pause for a second from their breakneck development pace, take a quick look at each other, even though they really had no interest in doing so, and realize “well… that’s interesting… I wonder if we could do this?”.

Discussions on reddit:

• /r/rust
• /r/Kotlin

I was recently having a discussion about refactoring dynamically typed languages and I was struck by the amount of misconceptions that a lot of developers still have on this topic.

I expressed my point in this article from fifteen years ago(!), not much has changed, but the idea that it it impossible to safely and automatically refactor a language that doesn’t have type annotations is still something that is not widely accepted, so I thought I would revisit my point and modernize the code a bit.

First of all, my claim:

In languages that do not have type annotations (e.g. Python, Ruby, Javascript, Smalltalk), it is impossible to perform automatic refactorings that are safe, i.e., that are guaranteed to not break the code. Such refactorings require the supervision of the developer to make sure that the new code still runs.

First of all, I decided to adapt the snippet of code I used in my previous article and write it in Python. Here is a small example I came up with:

class A:
    def f(self):
        print("A.f")
class B:
    def f(self):
        print("B.f")
if __name__ == '__main__':
    if random() > 0.5:
        x = A()
    else:
        x = B()
    x.f()

Pretty straightforward: this code will call the function f() on either an instance of class A or B.

What happens when you ask your IDE to rename f() to f2()? Well, this is undecidable. You might think it’s obvious that you need to rename both A.f() and B.f(), but that’s just because this snippet is trivial. In a code base containing hundreds of thousands of lines, it’s plain impossible for any IDE to decide what functions to rename with the guarantee of not breaking the code.

This time, I decided to go one step further and to actually prove this point, since so many people are still refusing to accept it. So I launched PyCharm, typed this code, put the cursor on the line x.f() and asked the IDE to rename f() to f2(). And here is what happened:

class A:
    def f2(self):
        print("A.f")
class B:
    def f(self):
        print("B.f")
if __name__ == '__main__':
    if random() > 0.5:
        x = A()
    else
        x = B()
    x.f2()

PyCharm renamed the first f() but not the second one! I’m not quite sure what the logic is here, but well, the point is that this code is now broken, and you will only find out at runtime.

This observation has dire consequences on the adequacy of dynamically typed languages for large code bases. Because you can no longer safely refactor such code bases, developers will be a lot more hesitant about performing these refactorings because they can never be sure how exhaustive the tests are, and in doubt, they will decide not to refactor and let the code rot.

Update: Discussion on reddit.

I have a confession to make that I’m not very proud of: recently, I unwittingly installed malware on my Android phone. As one of the early members of the Android team and someone who’s been using Android for about thirteen years, this was a pretty humbling and irritating event. This is what happened.

I remember how it started: I unlocked my phone and two accidental clicks led me to agree to a dialog that my brain immediately registered as suspicious. But I had other things on my mind at the time so I paid it no mind and moved on.

The next day, I picked up my phone and when I launched Chrome, I immediately noticed it was displaying a spammy URL. What’s worse: there were over ten tabs displaying similar URL’s which I was certainly not visiting before going to bed. This is when I realized what had happened.

DefCon 5

Lacking the time to do an investigation at the time, I went for an easy and temporary solution: changed my default browser from Chrome to another one and moved on. A few hours later, I found a similar set of URL’s displayed by my new default browser, which now definitely pointed the finger toward a rogue app.

DefCon 4

I went through all my apps and uninstalled and disabled a bunch of them. I also downloaded MalwareBytes and ran it, to no effect. Google Play Protect also did not notice anything suspicious on my phone. I must have missed the offending app because the URL’s kept showing.

DefCon 3

Time to go medieval. I hooked up my phone and launched adb. I started by inspecting the list of recurring tasks, but the output was so voluminous that finding anything useful was a dim prospect. I also inspected all the services and their associated applications, but then again, it was pretty much impossible to find anything suspicious even with some well targeted `greps`.

DefCon 2

I resigned myself to the brute force approach. I launched Android Studio, filtered the logcat output on “http.?://“, moved the window on the side and resumed my activities while keeping an eye on which URL’s my phone visits while I’m not using it.

It only took about an hour until one of the fishy URL’s showed up:

2021-01-09 11:01:14.651 3655-4415/? I/ActivityTaskManager: START u0 
{act=android.intent.action.VIEW dat=https://vbg.dorputolano.com/...
 flg=0x10000000 cmp=org.adblockplus.browser.beta/com.google.android.apps.chrome.IntentDispatcher} from uid 10237

Ha HA! I got you now. I have a uid, which I grepped through the output, and I finally identified my target:

2021-01-09 11:01:13.810 3655-3655/? I/EdgeLightingManager: showForNotification :
isInteractive=false, isHeadUp=true, color=0,
sbn = StatusBarNotification(pkg=com.qrcodescanner.barcodescanner user=UserHandle{0} id=1836 tag=null 
key=0|com.qrcodescanner.barcodescanner|1836|null|10237: Notification(channel=sfsdfsdfsd pri=2 contentView=null
vibrate=null sound=null defaults=0x0 flags=0x90 color=0x00000000 vis=PRIVATE semFlags=0x0 semPriority=0 semMissedCount=0))

So the package name is “com.qrcodescanner.barcodescanner“. It looks like the rogue app is disguising itself as a QR barcode scanner. I took another look at the list of my apps and sure enough, I quickly located the offending application. I uninstalled it, and a few hours later, I was happy to observe that the URL’s stopped popping up.

Back to DefCon 5

I went back to the Play Store and tried to find the application that I uninstalled but couldn’t find it, which indicates that Google probably removed it from its store some time ago. The malware I activated most likely side loaded it after I unwittingly approved its installation.

Some forensic research revealed an article from 2018 discussing such a malware QR Code Reader application, but the package and the mode of operation don’t quite match what I found. I am probably dealing with a copycat.

Looking back, I feel pretty disappointed that I had to go through all these steps to get rid of a simple scam application. What would a regular user do?

Conclusions and suggestions

• Listing the apps installed on my phone should give me the option to sort them by “Latest installed”. I am pretty sure that if I had had this option and I had seen a QR Code Scanner installed just a few days ago, it would have immediately grabbed my attention. As it is, the way Android lists the installed apps is pretty useless for this purpose.
  
• MalwareBytes was completely useless and I immediately uninstalled it when I realized this fact. The problem is that it was probably just looking for malware code signatures inside the packages instead of just looking at which apps I had installed.
  
• Google Play Protect was also completely unhelpful, which was a big disappointment. First because Google certainly knows which applications they removed from their store for malware reasons, but even so, I would expect Google Play Protect to at least flag any app it finds on my phone that is not on their store. Such an app is not necessarily malware, but it should certainly be flagged.
  
• Google Play Protect could also do some behavior profiling to analyze what apps are doing in the background. A service launching recurring VIEW intents on web sites in the background should have raised a flag to the system.

A flour windmill on the island of Leros, Greece.

This is what the sky looks like in the Bay Area this week. The orange glow is due to high altitude smoke from the fires that are ravaging the area. The air quality is actually not too bad because the smoke is much higher than usual.

Screen shot Flight Simulator 2020. The game receives real time weather data and this is a model of hurricane Laura as it was unfolding.