1. 26

    That was unexpected to me. Good to see, though.

    1. 10

      Not even close to the JavaScript’s and Ruby’s hilarious code snippets.

      1. 6

        “A patch should arrive soon to flush the L1 cache before vmenter”

        The default in separation kernels from early 2000’s was partitioning and/or flushing caches since shared resources could be covert channels. There’s now covert channels being found in the shared resources. The patch will flush L1 cache. Why not flush them all just in case more attacks are found? Are there not instructions to do that for L2 or L3?

        1. 4

          We don’t know about attacks involving the other caches. Flushing all of them would significantly harm performance.

          1. 4

            That’s what I was thinking. It means they’re doing what maximizes performance instead of minimizes security risks. Then, fixing the problems as they show up. That’s exactly what Intel is doing with the additional benefit of cost reduction.

            So, the fixes are great. Just hypocritical to me that Theo called them out before about not doing enough mitigation for potential, side channels to boost performance or reduce development/runtime costs when they’re doing the same thing for same reasons w.r.t. other shared resources. Anyone wondering where the rest will come from to get started on preventative mitigations can check this out. Also, ditch Intel for simpler architectures where possible. Submitted my list here to help. Reduces attack and research space to identify remaining problems.

            1. 2

              ditch Intel for simpler architectures where possible

              That is, where you’re paranoid enough to prioritize simplicity and security over performance. Generally performance is very important. Trying to do any actual work (say, compiling code) on Cortex-A53s makes you really appreciate the performance hacks CPU designers are doing :)

              I wonder if a good solution is to keep all the aggressive speculation, but avoid sharing any resources between mutually untrusted code. Imagine a machine with a ton of little cores (like this one) plus an OS where applications can completely reserve cores so that nothing else runs on that core – so e.g. a web browser could reserve one core per origin. And in that situation, cache should be flushed, data in RAM should be arranged to maximize space between these untrusted processes, etc. But trusted processes should be able to use the non-reserved resources normally, with maximum performance.

              1. 2

                Yeah, I use Intel/AMD CPU’s for that reason. I also claim to run an intentionally insecure setup. Im at least honest. ;)

                Far as your idea, Clive Robinson on Schneier’s blog always pushed something like that called Prison architecture. They’d be a pile of little CPU’s (more like MCU’s) running individual functions and modules of the system. They’d have behavioral profiles plus be designed where that was possible to begin with. Like Cell’s helper units, they’re restricted to run what they’re told with some master CPU’s and hypervisor controlling them. It would inspect them agsinst the profile like a warden inspecting prison cells. Plus be metered.

                Those are details I remember most. I was into security/separation kernels heavily at the time. We debated the two concepts a lot. Blog readers liked that topic the most that I remember.

        1. 5

          One of my teacher in Highschool complained that we were pretty bad at cheating. She then decided to teach us how to do it properly. The idea was that is you prepare how to cheat, you’re in a way preparing what you’ll need the day of the exam, and having the knowledge of what you’d need was indeed better that not preparing it at all.

          For some of us, it was a nice way to point out that finding the most important parts of the class was half the work of preparing the exams.

          1. 7

            Not really cheating, but one of the exams in my first year in uni allowed all materials you wanted to be present during the exam.

            Did it make it easier? Heck no.

            1. 5

              I had several classes in university like that. One of them was both the most challenging class I’ve ever taken (exams included), even if you were allowed to bring in every scrap of information you wanted.

              The professor would create exams that, generally, would take about 5 hours to complete, but the exam was only 3 hours long. In his own words, students were not expected to finish the exam, and were to choose the questions they answered based on what they thought they could accomplish in the time given. Each question had a different point value (e.g. 15 points, 5 points, etc.), but the full exam didn’t have a fixed number of total points (well, you could add up all the points for all the questions, but seeing as no one was going to finish the exam, that was a non-starter).

              He would then grade all of the questions on all of the tests, and then determine the total number of points the exam was out of retroactively, based on the distribution of questions/points answered.

              I thought it was complete insanity at the time, but it actually turned out quite good. I was less stressed during the exam because of the complete removal of time pressure.

              1. 1

                Lucky you. We actually had 5h exams. All the questions had to be answered. A couple of other teachers believed the maximum score (20 out of 20) was for God, the next best (19 out of 20) was for the teacher and the student could, at the very best, score 18 out of 20. GPAs were shot. Exam scores were not adapted based on the actual answers like you described, so sometimes more than half the class failed to reach the minimum score to pass (10 out of 20 or 12 out of 20).

                1. 1

                  This reminds me the “classes préparatoires” in France. (https://en.m.wikipedia.org/wiki/Classe_pr%C3%A9paratoire_aux_grandes_%C3%A9coles)

                  The best students are expected to be around 10/20.

          1. 2

            I wonder, have you heard of Word?

            1. 7

              I know one author who swears by it. I know many who swear at it.

              1. 2

                That’s fine, I guess. I’m not really sure why you’d want to use this when better tools have existed for years; even if you don’t subscribe to “WYSIWYG” graphical word processing, there’s still tools that are more usable and useful that subscribe to the Unix tautology.

                1. 2

                  While I could be sarcastic and say I tried ed because I like pain, Dark Souls is too easy, and going to a dominatrix would upset my wife, I actually have reasons for doing this.

                  1. I had bought an electronic copy of Michael W. Lucas’ Mastering Ed, and figured that since he bothered to write it and I bothered to not only spend five bucks on it but read it, I might as well try actually using ed.
                  2. I wanted to cut through all of the memes and see if using ed was really as terrible an experience as people seem to think it is. I figured that if Ken Thompson could use it to write the first version of Unix on a PDP-7, it couldn’t be that horrible.
                  3. I want to separate composition from revision because I have trouble actually finishing shit; I tend to go back and edit when I should be writing. A line editor like ed doesn’t prevent me from going back and making changes, but it does make doing so hard enough that it’s easier to say “fuck it” and keep going.
                  1. 4

                    Hand cranked cars that also required extensive manual lubrication weren’t that horrible either, but you would want to use them today? No, thanks ;-)

                    1. 2

                      I figured that if Ken Thompson could use it to write the first version of Unix on a PDP-7, it couldn’t be that horrible.

                      How is that possible? I though he had to write it in assembler, and only later on was it re-written in C with the help Ritchie?

                      But seriously, by that logic we shouldn’t have advanced beyond research unix v1, since if it could be used, why bother changing it? I understand this attitude if one looks at it like a game, but otherwise I’d rather prefer a more integrated experience, at the expense of having to focus by one’s own willpower.

                      1. 2

                        It was originally written in assembly. They started turning B into C in a series of steps called “proto C’s.” They couldn’t do UNIX rewrite in them until the one with structs.

                        If arguing from Thompson’s actions, you’d write a modern, graphical OS in assembly (see MenuetOS). Then, you’d partner with someone who could build the best system language you could on top of the one you had available within your hardware constraints. Probably be more like Rust or Nim esp since they already exist. Could be better, like a leaner one. And then rewrite the assembly OS in that.

                        The result doing about the same things they did with modern tools would output something much better than UNIX and C. People trying to keep to what they did is like if they tried to keep doing what successful, number-crunching, batch-oriented computers did. Better to try to improve things.

                    2. 1

                      what better tools?

                      1. 2

                        vi as mentioned in thread

                        1. 1

                          well vi encourages editing while you write and has a lot more commands, which can be distracting for some. i’d say vi is a different tool, not necessarily better.

                1. 27

                  That you know tools and processes that work for you is great. But it doesn’t sound like you have the best ideas about when to use them.

                  You say you got decent work done while your wife was talking with her friends at dinner. What they saw was someone tuning their presence out to do what they’d really wanted.

                  If you’re gonna be there, be there.

                  1. 12

                    There are a few details to my story that I had left out because I didn’t think they were relevant. You just made them relevant.

                    1. My wife and her friends know I’m a writer.
                    2. They know that I sometimes come up with ideas at socially inconvenient times.
                    3. I had told them that talking with them had sparked an idea, and asked them if they would mind if I wrote it down right away.
                    4. Only one person objected.
                    5. The one person who objected wasn’t my wife, so her opinion didn’t really matter.
                    6. I didn’t have headphones plugged in, so I was able to put aside my work and engage when the conversation turned back toward me.
                    7. When you’re the only man in a party of twelve, the conversation doesn’t turn to you that often.

                    Do you usually give out unsolicited etiquette advice online, or should I be flattered?

                    1. 5

                      It’s advice, we don’t know the whole story.

                      I’m thankful when someone online is forward and seems genuinely interested in giving helpful etiquette advice. Unsolicited is the only solution if I don’t know I’m being rude.

                    2. 1

                      Hah, I thought the same. It’s funny how most people will not put up with someone opening up their laptop in the restaurant but we don’t bat an eye when we start using smart phones.

                      1. 7

                        I’m not going to defend smart phone usage and will call my friends out for using them at the table (in a friendly manner, of course), but the difference of degree between pulling out your phone and pulling out a laptop is so large it becomes a difference of kind.

                        1. 2

                          I guess it only depends of the intent. If it’s just to write your thoughts quickly not to forget something, then a notebook is as intrusive in a dinner as a smartphone or a laptop.

                    1. 1

                      Hmm. Is this related to bsdcan?

                      1. 2
                        1. 1

                          Yes, Theo gave an impromptu talk where he expressed frustration at rumors of openbsd being untrustworthy and then speculated on possible future intel problems. Screaming happened. But now it seems he was right.

                          Though the bigger issue of embargo’s and their value remains.

                          1. 4

                            Screaming happened.

                            To be clear, the screaming was not done by Theo.

                            1. 3

                              I wish people would stop saying he gave a talk / presentation because that’s not what it was. This was a BOF session. It is a group discussion about a predefined topic and Theo was the BOF organizer. This is why he was talking to the crowd and asking questions. It wasn’t to attack anyone or inflame the situation; it was entirely within the spirit of the BOF.

                          1. 0

                            A list of beliefs about programming that I maintain are misconceptions.

                            1. 3

                              Small suggestion: use a darker, bigger font. There are likely guidelines somewhere but I don’t think you can fail with using #000 for text people are supposed to read for longer than a couple of seconds.

                              1. 3

                                Current web design seems allergic to any sort of contrast. Even hyper-minimalist web design calls for less contrast for reasons I can’t figure out. Admittedly, I’m a sucker for contrast; I find most programming colorschemes hugely distasteful for the lack of contrast.

                                1. 6

                                  I think a lot of people find the maximum contrast ratios their screens can produce physically unpleasant to look at when reading text.

                                  I believe that people with dyslexia in particular find reading easier with contrast ratios lower than #000-on-#fff. Research on this is a bit of a mixed bag but offhand I think a whole bunch of people report that contrast ratios around 10:1 are more comfortable for them to read.

                                  As well as personal preference, I think it’s also quite situational? IME, bright screens in dark rooms make black-on-white headache inducing but charcoal-on-silver or grey-on-black really nice to look at.

                                  WCAG AAA asks for a contrast ratio of 7:1 or higher in body text which does leave a nice amount of leeway for producing something that doesn’t look like looking into a laser pointer in the dark every time you hit the edge of a glyph. :)

                                  As for the people putting, like, #777-on-#999 on the web, I assume they’re just assholes or something, I dunno.

                                  Lobsters is #333-on-#fefefe which is a 12.5:1 contrast ratio and IMHO quite nice with these fairly narrow glyphs.

                                  (FWIW, I configure most of my software for contrast ratios around 8:1.)

                                  1. 2

                                    Very informative, thank you!

                              2. 3

                                I think the byte-order argument doesn’t hold when you mentioned ntohs and htons which are exactly where byte-order needs to be accounted for…

                                1. 2

                                  If you read the byte stream as a byte stream and shift them into position, there’s no need to check endianness of your machine (just need to know endianness of the stream) - the shifts will always do the right thing. That’s the point he was trying to make there.

                                  1. 2

                                    ntohs and htons do that exact thing and you don’t need to check endianess of your machine, so the comment about not understanding why they exist makes me feel like the author is not quite groking it. Those functions/macros can be implemented to do the exact thing linked to in the blog post.

                              1. 1

                                And then the usual horror would come: “Translate these numbers, which are written in base seven, to base five.” Translating from one base to another is an utterly useless thing. If you can do it, maybe it’s entertaining; if you can’t do it, forget it. There’s no point to it.

                                True for elementary school students but it does become important later on for those who want to study mathematics or computer science / engineering.

                                1. 6

                                  Useful, but not important.

                                  And I’m not sure it’s math, actually: a computer can do it for you.

                                  Math is understanding that digits are not numbers, that they are just symbols, a useful notation.

                                1. 4

                                  As someone who has been working remote for almost 4 months now and it has been an interesting experience thus far.

                                  Previously I was commuting 50-60ish minutes each way to work, so I was fairly excited to not have to put up with that drive and the traffic.

                                  A few times I’ve felt really strange being in my house for the whole for a few consecutive days, so going out and grabbing a coffee helped me a lot. I would work at a coffee shop or something, but my employer sent a desktop as opposed to a laptop.

                                  I also no longer enjoy spending time in my room - I also believe it is important to have a separate room/space set aside for remote working, but I don’t have that luxury right now. I work about a foot away from where I sleep so just “relaxing” after work isn’t very appealing anymore.

                                  I still do sometimes feel like I am on an island since I can’t turn around and ask a question, but I’m trying to over-communicate more to solve for that.

                                  Those are just some of my thoughts on remote work thus far thanks for the post! :)

                                  1. 2

                                    You should ask your employer for a laptop then. It looks like it’s affecting your work.

                                    1. 2

                                      I suppose - I did initially ask for one, but they sent me a more powerful desktop instead for some reason. I’ve never heard of getting a desktop for work until now lol.

                                  1. 19

                                    My best pieces of advice, as someone who’s worked from home for ten years or so now:

                                    1. Anywhere from one to three times a month, I meet up with another friend of mine who also works from home at a bar/cafe/restaurant and we set up shop and work while we hang out. I’ll admit that sometimes there’s more hanging out than working, but considering it’s all pent up I don’t feel too bad about it. This is doubly important if you have small kids or some other reason why your social life outside of work might be curtailed.

                                    2. It sounds silly, but: if your office is on a different floor of your house, only use the bathroom of the floor you’re not on (even when you’re not working). This gets you up and down the stairs multiple times a day and gets back some of the exercise you lost from working from home.

                                    3. Take a walk every morning. A good one. You don’t have to worry about a commute so you won’t be late to work. Walk around the neighborhood, listen to the birds sing, etc. It doesn’t have to be a long one, just fifteen minutes or so (though my usual route is around 30 minutes).

                                    4. Most importantly, spend time with your family. If you’re like me (and I know I am!), you’re often eager to get to work and, because work is so accessible, you can make excuses to get to work as quickly as possible. Don’t let that mean less time with your kids or your husband/wife/partner. (Right now I’d normally be downstairs playing but I’m waiting for an email from a customer that will affect what time I officially start working, alas…)

                                    1. 1

                                      Yep, walking is something I just realized I should’ve mentioned but forgot.

                                      Either go for walks, or like in my case, get a dog. Mine forces me to go out at least three times a day. :)

                                      1. 6

                                        TIL I have a lazy-ass dog.

                                        1. 3

                                          I think it depends on the dog and how used to being outside he/she is. One of our rescue dogs was fine going outside but it wasn’t until 6 months later that he got REALLY into it and tries to get me to grab the leash sometimes. He’s 7 or 8 years old and has CDRM so it’s not like he’s super healthy.

                                    1. 4

                                      Great illustrations!

                                      1. 3

                                        This is by the same guy who does the delightful Pepper & Carrot webcomic (and the cat here in these illustrations looks very much like Carrot). There’s a long wait between episodes, but they’re all gorgeous.

                                      1. 6

                                        I wish we had this hysteria about the recent child protection acts that target prostitution specifically in the US, making life terribly dangerous for sex workers. There was a recent Reply All podcast where they interviewed a researcher who examined murder rates for women in markets as Craigslist offered their persons section (often used for adult services) to cities. The before and after picture is that murders went down 17% on average (that’s all women; not just sex workers, so we’re just talking correlation, not causation):


                                        The GDPR, just like the child sex trafficking protection laws in the US, will be a real time case study and it will be interesting to see the effect over the new few years.

                                        I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire. Specifically the GDPR probably couldn’t pass in the US simply due to freedom of speech (which is why we can’t have a protected sex offender list like Australia does, or real criminal record expulsion).

                                        I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship (like the Right to be Forgotten laws, which the EFF opposes).

                                        I think people should do their best to comply and some of the projects that have closed are being hysterical, but at the same time, people don’t really know what will and won’t be acceptable until we see actual enforcement and what that will involve.

                                        1. 10

                                          Sorry but why couldn’t the US have the GDPR and why is freedom of speech relevant?

                                          1. 3

                                            The theory is that the government isn’t allowed to interfere with people speaking.

                                            It’s of course not true: The US has Libel laws and can obviously choose to recognise protections for certain kinds of speech (e.g. secret/clearance documents, etc).

                                          2. 8

                                            I think American devs are afraid of the GDPR because we’ve seen how laws like this can backfire.

                                            I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                                            the GDPR probably couldn’t pass in the US simply due to freedom of speech

                                            I don’t see the link between GDPR and freedom of speed. GDPR is about user data retention. Freedom of speech is pretty key in most countries in western Europe, and I don’t think they plan anything to sabotage it.

                                            I like the idea of the GDPR, but I hope it doesn’t turn into a tool for censorship

                                            Again, GDPR is about user data retention. You could probably use that to censor a company in some way, but that would be pretty hard to prove and the company censored would first have to be audited for that matter.

                                            I think you might mix-up GDPR with something else.

                                            1. 5

                                              I see this as: Devs are afraid because they have to comply to something (annoying) that they didn’t have before.

                                              That’s wrong. They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                                              Again, GDPR is about user data retention.

                                              GDPR is not about data retention. There’s no minimum or maximum time that you have to retain data.

                                              I’m doing a fair amount of GDPR consulting at the moment, and this isn’t the strangest theory I’ve heard about the regulations.

                                              There’s a big chunk about keeping data safe. If you have personal data, you have a responsibility to keep yourself from being hacked. That means using best practices for minimising risk like encryption and deleting it when you don’t need it anymore, and understanding who in your company can access the data (and when they do it).

                                              There’s also a big chunk about making sure if you use personal data, you’re only using it in a way that the subject would approve of. This really means being able to demonstrate (perhaps to a regulator) why you think you have their consent to use this data. Records and contracts can help, but the subject can also back out at any time and needs to have controls to do so.

                                              You could probably use that to censor a company in some way

                                              You cannot. If you believe a company is using your data inappropriately, you report them to a regulator. You do not get to “prove your case” and you won’t be asked to show up in court. The regulator will assess the situation and prioritise it based on the claim and risk for further damage. The regulator will talk to that company and find out what is going on and correct the issue.

                                              If that non-compliance is egregious and wilful, then the regulator has a pretty big stick, but this is far removed from “censoring a company” in any possible interpretation of the term.

                                              1. 4

                                                They did need to keep my data safe from being hacked off their servers, there was simply little-to-no threat of law.

                                                No they didn’t. If it’s for-profit and no laws stopping it, then keeping your data in a barely-secure form is legal and maybe even beneficial for the organization. Most organizations that have data breaches take a financial hit before going back to normal. Strong investments in security cost money every year. Managers might also believe they reduce productivity if applied everywhere. The managers apathetic to security wanting more ways to make money will see your data as an asset whose leaking barely concerns them.

                                                So, capitalist companies operating under their theory of morality in a system with no liability for data-related externalities should continue to collect on you ignoring as many risks as they can get away with. That’s what most were doing before regulation forced them to care a little more. Also, why I support such regulations.

                                                1. 2

                                                  Thank you very much for correcting my false ideas.

                                                  GDPR is not about data retention.

                                                  I’m not a native speaker but to me retention is the fact of holding the data, so indeed, holding it securely. In addition of that I particulary meant the “Right to erasure” and “Right of access”, I’m more familiar with the side of friends having to deal with the documentation process (to actually have somewhere why you can hold this data). But I”m by no means an expert on the subject.

                                                  By censoring I was thinking that since the proof that you need to hold a data might be pretty subjective, the regulator could probably damage a company which business is holding the data, but I agree that it’s very extrapolated.

                                                  1. 4

                                                    No problem.

                                                    If you (a business) actually need to hold data on a subject, then indeed the “proof” is quite subjective. You have to feel comfortable you can convince regulators that your processing is a part of you providing a service for that subject, and that they would expect you to use their data in this way. Simple examples might be keeping someone’s address in order to ship them goods that they ordered.

                                                    If you are an individual and you want to compel a company to remove/erase data they have on you, understand that they can ignore such a request with regards to things like the address they used to ship goods (among other reasons).

                                                    If you are an individual and you want to ask a company to provide data they have on you, it should be easy to do so with regards to things like the address they used to ship goods to you. They’re under no obligation (however) to discover who you are – that is, if you send them an IP address they’re not required to link any information or activity they have on that IP address to you.

                                              2. 5

                                                the GDPR probably couldn’t pass in the US simply due to freedom of speech

                                                It would obviously depend on the details, but it’s not inconsistent with the US’s view of free speech to regulate various kinds of commercial record-keeping and enforce privacy and access protections on those records. For example, healthcare data is fairly strongly regulated in the US, and this hasn’t been found to be a constitutional problem. (The “right to be forgotten” laws are a different story.)

                                                1. 1

                                                  I health company (insurance, hospital, whoever) is bound by HIPPA. A school is bound by FERPA. They can’t divulge information. But if someone leaks someone else’s medical records and a news paper publishes them, that information is protected in the paper. Now wherever the leak happened, that’s a problem if it was someone covered under HIPPA.

                                                  Criminal records can’t be expunged in the US. Not really. While your record was public, some other company scooped that data up and can sell it forever even if your official record is clear. Maybe we’ll have laws that will force companies to ignore those styles of background checks (some states probably do).

                                                  Actually this is a good question, how does the GDPR affect collecting data about people who aren’t your customers or who ever visit your website or store front? Does it say anything about collecting public data?

                                              1. 3

                                                I think I might start a flame war but with all these features, one day Vim will be able to run Gnus. ;-)

                                                1. 2

                                                  Actually I think Vim 8 could definitely support something like Gnus. A big reason it was hard in prior Vim versions is the alck of asynchronous connection capability.

                                                1. 1

                                                  Really nice!

                                                  1. 1

                                                    It’s quite interesting that the non-optimized version of the Nim program takes 3 seconds on my computer. The size difference is also 56K (release) vs 308K (debug) .

                                                    1. 9

                                                      Someone should create a website that grabs these twitter threads and creates a blog page out of them

                                                      1. 14

                                                        There are a few different sites like that. Here is this thread as displayed by threadreaderapp.com.

                                                      1. 2

                                                        Those that see other people’s mistakes are doomed to repeat them…? I know “junior” devs who write better code and better commit logs that 20y old veterans.

                                                        1. 3

                                                          The offhand ‘even perl’ in there struck me as unfair. It reminds me that perl is actually pretty fast (specifically at startup, but my recollection was also that it runs quickly):

                                                          $ time for i in `seq 1 1000`; do perl < /dev/null; done
                                                          real    0m2.786s
                                                          user    0m1.337s
                                                          sys     0m0.686s
                                                          $ time for i in `seq 1 1000`; do python < /dev/null; done
                                                          real    0m19.245s
                                                          user    0m9.329s
                                                          sys     0m4.860s
                                                          $ time for i in `seq 1 1000`; do python3 < /dev/null; done
                                                          real    0m48.840s
                                                          user    0m30.672s
                                                          sys     0m7.130s
                                                          1. 1

                                                            I can’t comment on how fast Perl is, but you are measuring the time taken to tear down here too.

                                                            The correct way would be to take the raw monotonic time immediately before invoking the VM, then inside the guest language immediately print it again and take the difference.

                                                            P.S. Wow Python3 is slower.

                                                            1. 2

                                                              but you are measuring the time taken to tear down here too.

                                                              I guess so? I’m not sure that’s a useful distinction.

                                                              The people wanting “faster startup” are also wanting “fast teardown”, because otherwise you’re running in some kind of daemon-mode and both times are moot.

                                                              1. 1

                                                                The people wanting “faster startup” are also wanting “fast teardown”

                                                                Yeah, I guess I agree that they should both be fast, but if we were measuring for real, I’d measure them separately.

                                                                1. 1

                                                                  I’m not sure that’s a useful distinction.

                                                                  If latency matters then it could be. If you’re spawning a process to handle network requests for example then the startup time affects latency but the teardown time doesn’t, unless the load gets too high.

                                                              2. 1

                                                                Hah before I read the comments I did the same thing! My results on a 2015 MBP - with only startup and teardown on an empty script, and I included node and ruby also:

                                                                ~/temp:$ time python2 empty.txt 
                                                                real    0m0.028s
                                                                user    0m0.016s
                                                                sys     0m0.008s
                                                                ~/temp:$ time python3 empty.txt 
                                                                real    0m0.042s
                                                                user    0m0.030s
                                                                sys     0m0.009s
                                                                ~/temp:$ time node empty.txt 
                                                                real    0m0.079s
                                                                user    0m0.059s
                                                                sys     0m0.018s
                                                                ~/temp:$ time perl empty.txt 
                                                                real    0m0.011s
                                                                user    0m0.004s
                                                                sys     0m0.002s
                                                                ~/temp:$ time ruby empty.txt 
                                                                real    0m0.096s
                                                                user    0m0.027s
                                                                sys     0m0.044s
                                                                1. 2

                                                                  Ruby can do a bit better if you don’t need gems (and it’s Python 3 here):

                                                                  $ time for i in $(seq 1 1000); do ruby </dev/null; done
                                                                  real	0m31.612s
                                                                  user	0m27.910s
                                                                  sys	0m3.622s
                                                                  $ time for i in $(seq 1 1000); do ruby --disable-gems </dev/null; done
                                                                  real	0m4.117s
                                                                  user	0m2.848s
                                                                  sys	0m1.271s
                                                                  $ time for i in $(seq 1 1000); do perl </dev/null; done
                                                                  real	0m1.225s
                                                                  user	0m0.920s
                                                                  sys	0m0.294s
                                                                  $ time for i in $(seq 1 1000); do python </dev/null; done
                                                                  real	0m13.216s
                                                                  user	0m10.916s
                                                                  sys	0m2.275s
                                                                  1. 1

                                                                    So as long python3 is faster than ruby/node, we are ok…?

                                                                1. 0

                                                                  Quite impressive