JavaScript is JIT’ed where CPython is not. Pypy has JIT and is faster, but I think is incompatible with C extensions.
I think Pythons threading model also adds complexity to optimizing where JavaScripts single thread is easier to optimize.
I would also say there’s generally less impetus to optimize CPython. At least until WASM, JavaScript was sort of stuck with the performance the interpreter had. Python had more off-ramps. You could use pypy for more pure Python stuff, or offload computationally heavy stuff to a C extension.
I think there are some language differences that make JavaScript easier to optimize, but I’m not super qualified to speak on that.
> I would also say there’s generally less impetus to optimize CPython
Nonetheless, Microsoft employed a whole "Faster CPython" team for 4 years - they targeted a 5x speedup but could only achieve ~1.5x. Why couldn't they make a significantly faster Python implementation, especially given that PyPy exists and proves it's possible?
Pypy has much slower C interop than CPython, which I believe is part of the tradeoff. Eg data analysis pipelines are probably still faster in numpy on CPython than pypy.
Not an expert here, but my understanding is that Python is dynamic to the point that optimizing is hard. Like allowing one namespace to modify another; last I used it, the Stackdriver logging adapter for Python would overwrite the stdlib logging library. You import stackdriver, and it changes logging to send logs to stackdriver.
All package level names (functions and variables) are effectively global, mutable variables.
I suspect a dramatically faster Python would involve disabling some of the more unhinged mutability. Eg package functions and variables cannot be mutated, only wrapped into a new variable.
See Smalltalk, Self and Common Lisp, and you will find languages that are even more dynamic than Python, and are in the genesis of high performance JIT research.
The threat profile feels scarily different too. SteamOS doesn’t feel like something I’d install a banking app on.
I don’t think they want to wander further into malware arms races. They don’t seem to really want to maintain their anti-cheat currently, it’s notoriously poor. I love Valve but I’m not sure I’d trust them with a platform I log into my bank with.
Not my space, but I think this would be a cryptography kind of thing. Burn a key into read-only hardware, lock the bootloader, require the kernel and drivers to be signed with a key the burnt-in key can validate. Potentially extend it to all executables on the device.
It’s closed in the sense that you can’t install whatever you want, not in the sense that Valve is going to make their own framework devs have to use.
That really depends on what you classify as “violent”. There are a lot of crimes labeled “violent” that don’t include direct physical harm to another person. Eg burglary is labeled as “violent” many places when the actual act was “smashed a window, grabbed a TV and ran away”. Drug manufacturing is also typically considered “violent” even without any kind of assault/murder/turf war/etc.
The numbers I saw said 47% of inmates had a violent crime under federal or state classifications.
Not just safety nets, but the disappearance of the middle class at least in the US. It increasingly feels like people either make twice or more what they need to live, or half what they need to live.
I can absolutely see why parents see the way things are, try to extrapolate out another 20 or 30 years, and feel like they have to make sure their child is in the "well-to-do" group. It feels like the days are gone where you could be an average performer at an average job and live an okay life.
> The solution is not to come up with yet another artificial identifier but to come up with better means of identification taking into account the fact that things change.
I think artificial and data-less identifiers are the better means of identification that takes into account that things change. They don't have to be the identifier you present to the world, but having them is very useful.
E.g. phone numbers are semi-common identifiers now, but phone numbers change owners for reasons outside of your control. If you use them as an internal identifier, changing them between accounts gets very messy because now you don't have an identifier for the person who used to have that phone number.
It's much cleaner and easier to adapt if each person gets an internal context-less identifier and you use their phone number to convert from their external ID/phone number to an internal ID. The old account still has an identifier, there's just no external identifier that translates to it. Likewise if you have to change your identifier scheme, you can have multiple external IDs that translate to the same internal ID (i.e. you can resolve both their old ID and their new ID to the same internal ID without insanity in the schema).
> I think artificial and data-less identifiers are the better means of identification that takes into account that things change. They don't have to be the identifier you present to the world, but having them is very useful.
If the only reason you need a surrogate key is to introduce indirection in your internal database design then sequence numbers are enough. There is no need to use UUIDs.
The whole discussion is about externally visible identifiers (ie. identifiers visible to external software, potentially used as a persistent long-term reference to your data).
> E.g. phone numbers are semi-common identifiers now, but phone numbers change owners for reasons outside of your control. If you use them as an internal identifier, changing them between accounts gets very messy because now you don't have an identifier for the person who used to have that phone number.
Introducing surrogate keys (regardless of whether UUIDs or anything else) does not solve any problem in reality. When I come to you and say "My name is X, this is my phone number, this is my e-mail, I want my GDPR records deleted", you still need to be able to find all data that is related to me. Surrogate keys don't help here at all. You either have to be able to solve this issue in the database or you need to have an oracle (ie. a person) that must decide ad-hoc what piece of data is identified by the information I provided.
The key issue here is that you try to model identifiable "entities" in your data model, while it is much better to model "captured information".
So in your example there is no "person" identified by "phone number" but rather "at timestamp X we captured information about a person at the time named Y and using phone number Z".
Once you start thinking about your database as structured storage of facts that you can use to infer conclusions, there is much less need for surrogate keys.
> So in your example there is no "person" identified by "phone number" but rather "at timestamp X we captured information about a person at the time named Y and using phone number Z". Once you start thinking about your database as structured storage of facts that you can use to infer conclusions, there is much less need for surrogate keys.
This is so needlessly complex that you contradicted yourself immediately. You claim there is no “person” identified but immediately say you have information “about a person”. The fact that you can assert that the information is about a person means that you have identified a person.
Clearly tying data to the person makes things so much easier. I feel like attempting to do what you propose is begging to mess up GDPR erasure.
> “So I got a request from a John Doe to erase all data we recorded for them. They identified themselves by mailing address and current phone number. So we deleted all data we recorded for that phone number.”
> “Did you delete data recorded for their previous phone number?”
> “Uh, what?”
The stubborn refusal to create a persistent identifier makes your job harder, not easier.
> If the only reason you need a surrogate key is to introduce indirection in your internal database design then sequence numbers are enough. There is no need to use UUIDs.
The UUID would be an example of an external key (for e.g. preventing crawling keys being easy). This article mentions a few reasons why you may later decide there are better external keys.
> When I come to you and say "My name is X, this is my phone number, this is my e-mail, I want my GDPR records deleted", you still need to be able to find all data that is related to me.
How are you going to trace all those records if the requester has changed their name, phone number and email since they signed up if you don't have a surrogate key? All 3 of those are pretty routine to change. I've changed my email and phone number a few times, and if I got married my name might change as well.
> Once you start thinking about your database as structured storage of facts that you can use to infer conclusions, there is much less need for surrogate keys.
I think that spirals into way more complexity than you're thinking. You get those timestamped records about "we got info about person named Y with phone number Z", and then person Y changes their phone number. Now you're going to start getting records from person named Y with phone number A, but it's the same account. You can record "person named Y changed their phone number from Z to A", and now your queries have to be temporal (i.e. know when that person had what phone number). You could back-update all the records to change Z to A, but that breaks some things (e.g. SMS logs will show that you sent a text to a number that you didn't send it to).
Worse yet, neither names nor phone numbers uniquely identify a person, so it's entirely possible to have records saying "person named Y and phone number Z" that refer to different people if a phone number transfers from a John Doe to a different person named John Doe.
I don't doubt you could do it, but I can't imagine it being worth it. I can't imagine a way to do it that doesn't either a) break records by backdating information that wasn't true back then, or b) require repeated/recursive querying that will hammer the DB (e.g. if someone has had 5 phone numbers, how do you get all the numbers they've had without pulling the latest one to find the last change, and then the one before that, and etc). Those queries are incredibly simple with surrogate keys: "SELECT * FROM phone_number_changes WHERE user_id = blah".
> The UUID would be an example of an external key (for e.g. preventing crawling keys being easy). This article mentions a few reasons why you may later decide there are better external keys.
So we are talking about "external" keys (ie. visible outside the database). We are back to square one: externally visible surrogate keys are problematic because they are detached from real world information they are supposed to identify and hence don't really identify anything (see my example about GDPR).
It does not matter if they are random or not.
> How are you going to trace all those records if the requester has changed their name, phone number and email since they signed up if you don't have a surrogate key?
And how does surrogate key help? I don't know the surrogate key that identifies my records in your database.
Even if you use them internally it is an implementation detail.
If you keep information about the time information was captured, you can at least ask me "what was your phone number last time we've interacted and when was it?"
> I think that spirals into way more complexity than you're thinking.
This complexity is there whether you want it or not and you're not going to eliminate it with surrogate keys. It has to be explicitly taken care of.
DBMSes provide means to tackle this essential complexity: bi-temporal extensions, views, materialized views etc.
Event sourcing is a somewhat convoluted way to attack this problem as well.
> Those queries are incredibly simple with surrogate keys: "SELECT * FROM phone_number_changes WHERE user_id = blah".
Sure, but those queries are useless if you just don't know user_id.
> externally visible surrogate keys are problematic because they are detached from real world information they are supposed to identify and hence don't really identify anything (see my example about GDPR).
All IDs are detached from the real world. That’s the core premise of an ID. It’s a bit of information that is unique to someone or something, but it is not that person or thing.
Your phone number is a random number that the phone company points to your phone. Your house has a street name and number that someone decided to assign to it. Your email is an arbitrary label that is used to route mail to some server. Your social security number is some arbitrary id the government assigned you. Even your name is an arbitrary label that your parents assigned to you.
Fundamentally your notion that there is some “real world” identifier is not true. No identifiers are real. They are all abstractions and the question is not whether the “real” identifier is better than a “fake” one, but whether an existing identifier is better than one you create for your system.
I would argue that in most cases, creating your own ID is going to save you headaches in the long term. If you bake SSN or Email or Phone Number throughout your system, you will make it a pain for yourself when inevitably someone needs to change their ID and you have cascading updates needed throughout your entire system.
In my country, citizens have an "ID" (a UUID, which most people don't know the value of!) and a social security number which they know - which has all the problems described above).
While the social security number may indeed change (doubly assigned numbers, gender reassignment, etc.), the ID needn't change, since it's the same physical person.
Public sector it-systems may use the ID and rely on it not changing.
Private sector it-systems can't look up people by their ID, but only use the social security number for comparisons and lookups, e.g. for wiping records in GDPR "right to be forgotten"-situations. Social security numbers are sortof-useful for that purpose because they are printed on passports, driver's licenses and the like. And they are a problem w.r.t. identity theft, and shouldn't ever be used as an authenticator (we have better methods for that).
The person ID isn't useful for identity theft, since it's only used between authorized contexts (disregarding Byzantine scenarios with rogue public-sector actors!). You can't social engineer your way to personal data using that ID unless (safe a few movie-plot scenarios).
So what is internal in this case? The person id is indeed internal to the public sector's it-systems, and useful for tracking information between agencies. They're not useful for Bob or Alice. (They ARE useful for Eve, or other malicious inside actors, but that's a different story, which realistically does require a much higher level of digital maturity across the entire society)
Again, sometimes it does, the article lists a few of them. Making it harder to scrape, unifying across databases that share a keyspace, etc.
> And how does surrogate key help? I don't know the surrogate key that identifies my records in your database. Even if you use them internally it is an implementation detail.
That surrogate key is linked to literally every other record in the database I have for you. There are near infinite ways for me to convert something you know to that surrogate key. Give me a transaction ID, give me a phone number/email and the rough date you signed up, hell give me your IP address and I can probably work back to a user ID from auth logs.
The point isn't that you know the surrogate key, it's that _everything_ is linked to that surrogate key so if you can give me literally any info you know I can work back to the internal ID.
> This complexity is there whether you want it or not and you're not going to eliminate it with surrogate keys. It has to be explicitly taken care of.
Okay, then lets do an exercise here. A user gives you a transaction ID, and you have to tell them the date they signed up and the date you first billed them. I think yours is going to be way more complicated.
Mine is just something like:
SELECT user_id FROM transactions WHERE transaction_id=X;
SELECT transaction_date FROM transactions WHERE user_id=Y ORDER BY transaction_date ASC LIMIT 1;
SELECT signup_date FROM users WHERE user_id=Y;
Could be a single query, but you get the idea.
> DBMSes provide means to tackle this essential complexity: bi-temporal extensions, views, materialized views etc.
This kind of proves my point. If you need bi-temporal extensions and materialized views to tell a user what their email address is from a transaction ID, I cannot imagine the absolute mountain of SQL it takes to do something more complicated like calculating revenue per user.
I am not sure you are arguing against my claims or not :)
I am not arguing against surrogate keys in general. They are obviously very useful _internally_ to introduce a level of indirection. But if they are used _internally_ then it doesn't really matter if they are UUIDs or sequence numbers or whatever - it is just an implementation detail.
What I claim is that surrogate keys are problematic as _externally visible_ identifiers.
> Okay, then lets do an exercise here. A user gives you a transaction ID, and you have to tell them the date they signed up and the date you first billed them. I think yours is going to be way more complicated.
> Mine is just something like:
> SELECT user_id FROM transactions WHERE transaction_id=X; SELECT transaction_date FROM transactions WHERE user_id=Y ORDER BY transaction_date ASC LIMIT 1; SELECT signup_date FROM users WHERE user_id=Y;
I think you are missing the actual problem I am talking about: where does the user take the transaction ID from? Do you expect the users to remember all transaction IDs your system ever generated for them? How would they know which transaction ID to ask about? Are they expected to keep some metadata that would allow them to identify transaction IDs? But if there is metadata that enables identification of transaction IDs then why not use it instead of transaction ID in the first place?
> I think you are missing the actual problem I am talking about: where does the user take the transaction ID from? Do you expect the users to remember all transaction IDs your system ever generated for them? How would they know which transaction ID to ask about? Are they expected to keep some metadata that would allow them to identify transaction IDs? But if there is metadata that enables identification of transaction IDs then why not use it instead of transaction ID in the first place?
Your notion that you can avoid sharing internal ids is technically true, but that didn’t mean it’s a good idea. You’re trying force a philosophical viewpoint and disregarding practical concerns, many of which people have already pointed out.
But to answer your question, yes, your customer will probably have some notion of a transaction id. This is why everyone gives you invoice numbers or order numbers. These are indexes back into some system. Because the alternative is that your customer calls you up and says “so I bought this thing last week, maybe on Tuesday?” And it’s most likely possible to eventually find the transaction this way, but it’s a pain and usually requires human investigation to find the right transaction. It’s wasteful for you and the customer to do business this way if you don’t have to.
> Your notion that you can avoid sharing internal ids is technically true, but that didn’t mean it’s a good idea. You’re trying force a philosophical viewpoint and disregarding practical concerns, many of which people have already pointed out.
What some call "philosophical viewpoint" I call "essential complexity" :)
> But to answer your question, yes, your customer will probably have some notion of a transaction id. This is why everyone gives you invoice numbers or order numbers.
We are in agreement here: externally visible identifiers are needed for many reasons (mostly technical). The discussion is not about that though but about what information should be included in these identifiers.
> This is why everyone gives you invoice numbers or order numbers.
And there are good reasons why invoice or order numbers are not randomly generated strings but contain information about the invoices and orders they identify.
My claim is that externally visible identifiers should possess a few characteristics:
* should be based on the data they identify (not detached from it)
* should be easy to remember (and that means they should be as short as possible, they should be easy to construct by a human from the data itself - so they cannot be hashes of data)
* should be versioned (ie. they should contain information somehow identifying the actual algorithm used to construct them)
* should be easy to index by database engines (that is highly db implementation dependent unfortunately)
* can be meaningfully sortable (that is not strictly a requirement but nice to have)
Coming up with an identifier having these characteristics is not trivial but is going to pay off in the long run (ie. is essential complexity).
Much of this is not essential complexity, but accidental complexity.
* Based on the data they identify - This is a minefield of accidental complexity. Data changes and needs to be redacted for GDPR and other data laws. What do you do when someone demands you delete all personally identifiable data but you’ve burned it into invoice ids that you need to retain for other legal reasons? This is also begging for collisions and very much at odds with making IDs short.
* easy to remember - This is a nice to have. Short is convenient for sharing on the phone. Memorable didn’t matter much. I don’t remember any invoice number I’ve ever received.
* versioned - Versioning is only interesting because you’re trying to derive from real data. Again, accidental complexity.
(which means human readable and related to the actual information which makes them easier to remember)
These actually are the most important features.
Example: transaction references not related to the actual subject of the transaction (ie. what is being paid for) is enabler for MITM scam schemes.
> Short is convenient
Nah. Short is crucial for identifiers to be effective for computers to handle (memory and CPU efficiency). Otherwise we wouldn't need any identifiers and would just pass raw data around.
> * versioned - Versioning is only interesting because you’re trying to derive from real data.
Nah. Even UUID formats contain version information.
> * easy to index - Sure.
> * sortable - Nice to have at best.
These are directly related (and in the context of UUIDv4 vs UUIDv7 discussion sortable is not enough - we also want them to be "close" to each other when generating so that they can be indexed efficiently)
You keep saying that but you have provided virtually no evidence in support of this. This is why I called your claim philosophical. You are asserting this as fact and arguing from that standpoint rather than considering what is the best based on actual requirements and trade offs.
> Example: transaction references not related to the actual subject of the transaction (ie. what is being paid for) is enabler for MITM scam schemes.
I don’t see how this is true. If anything transaction references based on the actual subject would make scamming slightly easier because a scammer can glean information from the reference.
I’m going to stop here, though. I don’t see that this is going to converge on any shared agreement.
Take care. And if you celebrate the holidays, happy holidays, too.
There is a Bitcoin seller B, a thieve T and a victim V.
T proposes to buy Bitcoin from B.
T offers a new iPhone for a very low price to unsuspecting V. V agrees to buy it.
B gives T account details and transaction reference so that T can transfer money to B's account.
T gives these details to V. V transfers the money. B transfers Bitcoin to T. T disappears.
If only transaction reference contained information that the transfer is about buying Bitcoin, V would have never paid the money.
The scheme was quite common in UK because banks did not like Bitcoin so Bitcoin sellers and buyers avoided referencing it in bank transfers.
You’re arguing that in this circumstance, the bitcoin seller should produce an ID for the payer that exposes the purchase contents.
Firstly, I am extremely doubtful that this would actually prevent the issue. A wary buyer would not agree to transfer money account to account like this to pay for a cell phone in the first place. Only gullible people would engage in this scam, and I am doubtful that they would question the transaction ID deeply. “Hey what is this bitcoin thing?” “Oh, don’t worry about it. That’s just internal for our tracking purposes. Do you want me to throw in a free phone case too?!”
Secondly, this seems like a massive privacy concern. Is someone purchasing sex toys supposed to use a transaction ID like purpledildo656 and expose what they are buying to the bank?
I’m sympathetic to people who get scammed, but I don’t think your transaction IDs solve this problem. People have been getting scammed like this forever. “Hey, just send the $600 via Western Union and I’ll totally put your phone in the mail for you tomorrow.”
This isn’t an ID anyway. What you are really asking for is to mandate that the contents of the purchase be burned into the transaction from the seller all the way to the buyer through the bank. I think that’s a terrible idea because of privacy concerns, but regardless, it’s not an ID. This would be much better expressed as a different form of metadata.
Let me preface this by saying it is wildly impractical, but you could boot into a separate, minimal OS that mounts your primary OS disk and manages those permissions.
For an extra layer, have the “god mode OS” installed on physically read-only media, and mount the primary OS in a no-exec mode.
Regular OS can’t modify permissions, and the thing that can modify permissions can’t be modified.
It’s too clunky for home use, but could probably be used for things like VM images (where the “god mode OS” is the image builder, and changing permissions would require rebuilding the image and redeploying).
Some BSDs have concept of "securelevel" - a global setting that could be used to permanently put the system up into the mode which restricts certain operations, like writing to raw disks or truncating logs.
The idea is if you want to modify the the system, you reboot into single-user mode and do what you need. It does not start up ssh / networking by default, so it is accessible to local console only.
And of course plenty of smaller MCUs (used in IoT devices) can be locked down to prevent any sort of writing to program memory - you need an external programming adapter to update the code. This is the ultimate security in some sense - no matter what kinds of bugs you have, a power cycle will always restore system into pristine state (*unless there is a bug in settings parser).
GPS is a bad example, but there are things that pose a physical threat to others that we maybe shouldn't tinker with. Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering. If it's also push-to-start, that's probably not physically connected to the ignition either.
It would be difficult to catch in an inspection if you could reprogram the OEM parts.
I don't care about closed-course cars, though. Do whatever you want to your track/drag car, but cars on the highway should probably have stock software for functional parts.
> Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering.
Essentially all passenger cars use physical/hydraulic connections for the steering and brakes. The computer can activate the brakes, not disable the pedal from working.
But also, this argument is absurd. What if someone could reprogram your computer to make the brakes not work? They could also cut the brake lines or run you off the road. Which is why attempted murder is illegal and you don't need "programming a computer" to be illegal.
> It would be difficult to catch in an inspection if you could reprogram the OEM parts.
People already do this. There are also schmucks who make things like straight-through "catalytic converters" that internally bypass the catalyst for the main exhaust flow to improve performance while putting a mini-catalyst right in front of the oxygen sensor to fool the computer. You'd basically have to remove the catalytic converter and inspect the inside of it to catch them, or test the car on a dyno using an external exhaust probe, which are the same things that would catch someone reprogramming the computer.
In practice those people often don't get caught and the better solution is to go after the people selling those things rather than the people buying them anyway.
> GPS is a bad example, but there are things that pose a physical threat to others that we maybe shouldn't tinker with. Like I think some modern cars are fly-by-wire, so you could stick the accelerator open and disable the breaks and steering. If it's also push-to-start, that's probably not physically connected to the ignition either.
I'm not seeing an argument here.
Cars have posed a physical threat to humans ever since they were invented, and yet the owners could do whatever the hell they wanted as long as the car still behaved legally when tested[1].
Aftermarket brakes (note spelling!), aftermarket steering wheels, aftermarket accelerator pedals (which can stick!), aftermarket suspensions - all legal. Aftermarket air filters, fuel injectors and pumps, exhausts - all legal. Hell, even additions, like forced induction (super/turbo chargers), cold air intake systems, lights, transmission coolers, etc are perfectly fine.
You just have to pass the tests, that's all.
I want to know why it is suddenly so important to remove the owners right to repair.
After all, it's only been quite recent that replacement aftermarket ECUs for engine control were made illegal under certain circumstances[2], and that's only a a few special jurisdictions.
What you are proposing is the automakers wet dream come true - they can effectively disable the car by bricking it after X years, and will legally prevent you from getting it running again even if you had the technical knowhow to do so!
---------------------------
[1] Like with emissions. Or brakes (note spelling!)
[2] Reprogramming the existing one is still legal, though, you just have to ensure you pass the emissions test.
>you could stick the accelerator open and disable the breaks and steering
This is silly. Prohibiting modifying car firmware because it would enable some methods of sabotage is like prohibiting making sledgehammers because someone might use one to bludgeon someone, when murder is already a crime to begin with.
I think it's more fundamental than that: science education has gotten so bad that people miss what should be pretty clear red flags.
The hydroxychloroquine debacle is one thing because there's no way as a layman to gauge that. It's still wrong, but I understand that people were worried and there's no intuitive route to "this won't help".
This feels like something where even laymen should be skeptical. Baseline, disinfectants are generally not medicine. Really, I would hope our education system was good enough that people hear "chlorinated disinfectant" and can jump to "probably an oxidizer and very bad for living things".
Hydroxychloroquine is definitely different from most of the bogus medical stuff going around.
When hydroxychloroquine was first proposed for COVID there was actually reason to think it might help. It is known to interfere with one of the mechanisms that COVID uses to enter cell membranes. The FDA in the US and equivalent regulators in many other countries gave it an emergency use authorization.
A few months later with more data it was found that it had some bad side effects and that it wasn't actually useful against COVID (most of the time COVID used a mechanism other than the one that hydroxychloroquine interfered with to enter cells).
I don’t think that really exists in a literal sense of “your policy has a reserve of money to pay out for you”.
I think it exists in the same way social security does: money from people who pay in but don’t withdraw goes to people who do withdraw. There’s probably some reserve, but I’d guess it’s thin because withdrawals should be fairly predictable for large insurers.
> There’s probably some reserve, but I’d guess it’s thin because withdrawals should be fairly predictable for large insurers.
At least in the EU, by Solvency II, insurance companies are obliged to fulfill prescribed solvency ratios (i.e. have sufficient capital resources available). I would strongly assume that there exist similar regulations in the USA.
There are, but I would consider them fairly thin. If I'm reading right, and I may not be, the US only requires a solvency ratio of 1.45. I never worked in health insurance, but I did work for a P&C insurance company and I believe we had assets far in excess of that but kept close to the minimum in liquid assets (returns on investing premiums we hadn't paid out yet was the majority of our profit).
JavaScript is JIT’ed where CPython is not. Pypy has JIT and is faster, but I think is incompatible with C extensions.
I think Pythons threading model also adds complexity to optimizing where JavaScripts single thread is easier to optimize.
I would also say there’s generally less impetus to optimize CPython. At least until WASM, JavaScript was sort of stuck with the performance the interpreter had. Python had more off-ramps. You could use pypy for more pure Python stuff, or offload computationally heavy stuff to a C extension.
I think there are some language differences that make JavaScript easier to optimize, but I’m not super qualified to speak on that.
reply