miniblog.

Over a sufficiently long time horizon, all code you write is legacy code.

I'm intrigued to see that Google has quantified that new code is generally buggier and less secure than code that has existed in your codebase for longer: https://security.googleblog.com/2024/09/eliminating-memory-safety-vulnerabilities-Android.html

TIL Tcl has a notion of 'safe interpreters', a mode where you can run untrusted code in a sandbox: https://www.tcl.tk/man/tcl8.4/TclCmd/safe.htm Not many programming languages have this, but it's way safer to include in the implementation than try to build as a userland library.