Indeed, here’s an example - my climate-system model web-app, written in scala running (mainly) in wasm
(note: that was compiled with scala-js 1.17, they say latest 1.19 does wasm faster, I didn’t yet compare).
[ Edit: note wasm variant only works with most recent browsers, maybe with experimental options set - if not try without ?wasm ]
In principle I’d like to see specific permissions - so for example playing with gui enhancements should be a lower trust barrier than adjusting and running code, but afaik (correct me if wrong) neither js nor rust have a built-in security architecture that could implement this. Maybe certain types of extensions could just be custom script language without filesystem access, but that’s harder to do.
About source code linking, last time I heard (maybe they fixed it?) it seemed that trick vscode extensions can link to arbitrary (safe-looking) source repos, which didn’t actually produce the extension.
I’m less convinced about slowly accumulating publisher trust, as this could be a barrier to honest new contributors, while big actors with a longterm profit or geopolitical motive could game such a system anyway (as they do for social media).
I do trust the scala tools (build Mill, lang-server Metals, compiler) which adjust my code, having seen them evolve over many years.
and like the separation of functions (lang-server / editor), so we are less dependent on any one big-tech solution.
So I suppose a fundamental issue is what to trust less - big corps with a reputation but lock-in power, or an ecosystem of small contributors which might include tricksters. No perfect balance.
It seems so far Zed is cautious, providing api only for specific extensions - i.e. language servers and gui themes.
add a line … right before you run it
I run stuff from the command line using a trusted build tool (Mill, in scala), or via a local server (where js is sandboxed).
But indeed, a tricky language server or AI tool (I don’t use yet) might inject code where I don’t inspect before running it.
That’s a risk even with java-based IDEs - java has security permissions, not in js (vscode) or rust (zed), but are they applied…?
As for audits, a problem with vscode is the marketplace got too big, so many extensions, many lookalikes, nobody can check them all…
Such tricks were was predictable, as VSCode extensions, letting arbitrary JS run on your system, are an obvious security risk.
Recently I used Zed editor instead, it’s smooth, but this also has extensions, only these are fewer and in rust ( maybe a higher barrier, targeting less users, so far… ). What’s the solution here - is there some intrinsically safer sandboxed system ?
Zed, for the last few months, and happy with it (previously vscode) - I code in Scala, so Metals provides the complex hints / actions.
I was concerned about the gap between climate science and policy. So, having learned to program as a kid, I made an interactive model to help bridge that gap, to let people experiment. This evolved over 25 years - recently moved to scala.js, still developing, not for money but because we have to keep trying to solve complex problems.
As a kid, I learned to write i = i +1, before school maths taught me it can’t. The point is, computers do iteration well, especially to model dynamics of real non-linear systems, while classical maths is good at finding algebraic solutions to equilibria - typically more theoretical than real. Calculus is great for understanding repeatable dynamics - such as waves in physics, also integrating over some distributions. But even without knowing that well you could still approximate stuff numerically with simple loops, test it, and if an inner-loop turns out to be time-critical or accuracy-critical (most are not), ask a mathematical colleague to rethink it - believe in iteration rather than perfect solutions.
Indeed to use scala-native you’d need pure-scala libraries, but the core lib re-implements most java lib, and there are now small simple external libs available for common tasks like file management, database, etc. - for example check out the lihaoyi suite.
I mainly use scala-js (to make this) which was formerly a java app - as it compiles to both js and jvm (cross-project) can gradually convert stuff you already wrote. I’ve tried native for stuff like pre-processing data files.
Scala compiles either to native, js or jvm - obviously the IO / interface options vary between these envs, but the lang is the same. Recently Scala 3.5 incorporates a simple-to-use CLI which makes it easier to compile to native (or just run a small file as a script, or experiment with a repl), native binaries are small and fast, and there are some simple io libraries. Since you can also compile to jvm to interop with java, that might help with transition.
I now use Scala 3, and very happy with syntactic whitespace (combined with an intelligent compiler)
Scala-js is working on it - as its compiler design may facilitate this.
I haven’t yet tried (on todo list) and am not an expert, but bookmarked in passing:
recent github implementation, some history, following older discussion
I use vscode as I develop this model in Scala3, whose language-server ‘metals’ integrates well with vscode, and when scala3 was new in mid-21 this was the platform they first targeted. But the scala command-line tools do the clever analysis, vscode provides the layout, colours, git integration, search/regex, web-preview etc… Now considering other options (eg zed) as vscode too dependent on potentially unsafe extensions (of which too much choice), also don’t want M$ scraping my code. Long ago when same model was in java I used netbeans, then eclipse. Would prefer a pure-scala toolset.
Hi, excuse me for replying so late, but i’ve been away from lemmy for.a while.
Well, to summarise, the model calculates the future trajectories, of population, economy, emissions, atmospheric gases, and climate response etc., according to a set of (hundreds of) diverse options and uncertainties which you can adjust - the key feature is that the change shows rapidly enough to let you follow cause -> effect, to understand how the system responds in a quasi-mechanical way.
Indeed you are right, complexity is beautiful, but hard. A challenge with such tools is to adjust gradually from simple to complex. Although SWIM has four complexity levels, they are no longer systematically implemented - also what seems simple or complex varies depending where each person is coming from, so i think to adapt the complexity filter into a topic-focus filter. Much todo …
I can relate to this, having developed a coupled socio-emissions-carbon-climate model, which evolved for 20 years in java, until recently converted to scala3. You can have a look here. The problem is that “coupling” in such models of complex systems is a ‘good’ thing, as there are feedbacks - for example atmospheric co2 drives climate warming but the latter also changes the carbon cycle, demography drives economic growth but the latter influences fertility and migration, etc… (some feedbacks are solved by extrapolating from the previous timestep - the delay is anyway realistic). There are also policy feedbacks - between top-down climate-stabilisation goals, and bottom up trends and national policies, the choice affects the logical calculation order. All this has to work fast within the browser (now scala.js - originally java applet), responding interactively to parameter adjustments, only recalculating curves which changed - getting all these interactions right is hard.
If restarting in scala3 I’d structure it differently, but having a lot of legacy science code known to work, it’s hard to pull it apart. Wish I’d known such principles at the beginning, but as it grew gradually, one doesn’t anticipate such complexity.
I began programming java climate model with UK keyboard. When I moved to the continent, switched to swiss then belgian keyboard to better type emails/docs in french, but it was so tedious for code brackets {[()]} and some other punctuation, eventually switched back. Recently converted whole codebase to Scala 3 (here’s the model), now can drop most of those brackets. I speculate whether one motivation for creating scala3 (made in in Lausanne) was swiss/french keyboards.
I like Scala:
Fwiw, here’s my interactive climate system model running in pure scala.
Oh, it’s designed for a big desktop screen, although it just happens to work on mobile devices too - their compute power is enough, but to understand the interactions of complex systems, we need space.