WEBVTT 00:00.000 --> 00:08.040 Okay, so while we're getting these slides up, I'm going to go ahead and introduce our next 00:08.040 --> 00:09.040 speaker for you. 00:09.040 --> 00:11.240 I'd like to introduce David Thompson. 00:11.240 --> 00:16.400 He's a CTO at Spitley Institute, a co-maintainer of Gail Hoot, and a long-time contributor 00:16.400 --> 00:18.120 to Ganyu Geeks. 00:18.120 --> 00:22.120 He's going to be talking to us about a proposal to rearchitect web browsers as minimal 00:22.120 --> 00:23.880 awesome run times. 00:23.880 --> 00:29.120 Where functionality is provided by safe modular extensions to reduce centralization. 00:29.120 --> 00:31.440 So as we get these slides up here, let's go ahead and give them a warm-out of 00:31.440 --> 00:32.440 applause. 00:32.440 --> 00:33.440 Everyone. 00:33.440 --> 00:36.440 On mute. 00:36.440 --> 00:40.440 And then we're still here and stay on this side of the board. 00:40.440 --> 00:42.440 Okay, do you want to add it? 00:42.440 --> 00:43.440 Cool. 00:43.440 --> 00:44.440 It goes forward and goes back. 00:44.440 --> 00:46.440 Okay, I don't get a mirror there. 00:46.440 --> 00:47.440 Okay. 00:47.440 --> 00:48.440 Yeah, that's fine. 00:48.440 --> 00:49.680 I'll just be looking over my shoulder. 00:49.680 --> 00:50.680 Did everybody hear me? 00:50.680 --> 00:51.680 Come with you? 00:51.680 --> 00:52.680 Okay, cool. 00:52.680 --> 00:53.680 Well, hi, ready? 00:53.680 --> 00:54.680 I'm Dave. 00:54.680 --> 00:58.840 Just Kevin said in the CTO, the Spitley Institute, the Spitley Institute is 00:58.840 --> 01:06.080 we work on the next generation of decentralized internet technology for the social web. 01:06.080 --> 01:10.800 And specifically, I want to talk about one of our projects called Hoot. 01:10.800 --> 01:12.920 And it's why I'm here to talk to you about WebAssembly today. 01:12.920 --> 01:18.240 I'm a user and implementer of the WebAssembly specification through the Hoot project. 01:18.240 --> 01:20.720 Who does a scheme to WebAssembly compiler? 01:20.720 --> 01:24.680 At Sprite Lee, we do a lot of our research and development in the scheme programming language. 01:24.680 --> 01:30.680 And Hoot is a way to deliver it to anyone that has a web browser to actually try out 01:30.680 --> 01:33.400 our prototypes and demos. 01:33.400 --> 01:36.880 Hoot's not only compiler for an obscure list programming language. 01:36.880 --> 01:43.200 It's also a complete standalone WebAssembly tool chain, including things like a WebAssembly 01:43.200 --> 01:44.200 interpreter. 01:44.200 --> 01:46.880 So, in addition to running things in the browser, we can actually run things in our 01:46.880 --> 01:48.880 own interpreter for testing purposes. 01:49.800 --> 01:51.080 So, that's kind of my background. 01:51.080 --> 01:55.080 And in WebAssembly, I've been doing this working with WebAssembly for two to three years 01:55.080 --> 01:56.080 at this point. 01:58.080 --> 02:01.080 I'm going to talk to you about the state of WebAssembly. 02:01.080 --> 02:03.280 And this is more of a, this is a vision talk. 02:03.280 --> 02:09.080 I normally give talks about kind of concrete things that I've been working on. 02:09.080 --> 02:10.680 This is more of a vision. 02:10.680 --> 02:12.480 It's not my vision. 02:12.480 --> 02:16.080 It's one that I've read about online that I find compelling. 02:16.080 --> 02:20.680 I'm going to be maybe not discussing all of the political things that are going to make 02:20.680 --> 02:25.080 what I'm about to show you, a very difficult thing to achieve, but just an idea I find 02:25.080 --> 02:26.880 very compelling. 02:26.880 --> 02:32.080 And basically, I think the WebAs grown too big to implement, to implement a new browser, 02:32.080 --> 02:38.880 to say, peel any market share away from something like Chrome is mostly impossible. 02:38.880 --> 02:43.080 If you're not Google or funded by Google, you know, good luck implementing it off of the 02:43.080 --> 02:45.480 web standards to make a browser that people can actually use. 02:45.480 --> 02:48.680 People are trying, but it's certainly an uphill battle. 02:48.680 --> 02:52.280 So what if we subdivide the problem? 02:52.280 --> 02:55.480 What might a more modular browser look like? 02:55.480 --> 03:00.080 What if a web browser was little more than a WebAssembly runtime? 03:00.080 --> 03:05.680 What if we shrunk the core of the web browser down to, mostly that, gives you a window 03:05.680 --> 03:12.880 in a runtime and maybe some way to access the OS facilities that the WebAssembly can access. 03:12.880 --> 03:16.080 So how do we get from where we are now to there? 03:16.080 --> 03:19.080 One, I don't totally know, but I'm going to present a vision. 03:19.080 --> 03:25.680 So today, we have, like, most browsers have like a high trust, monolithic core, typically 03:25.680 --> 03:31.680 written in C++, with JavaScript as the user space, and now there's a web assembly runtime 03:31.680 --> 03:36.280 kind of sitting on the side, but it's still driven from JavaScript as like the host of those 03:36.280 --> 03:38.680 things. 03:38.680 --> 03:44.480 The vision is a minimal core with the necessary OS access, and then just a web assembly 03:44.480 --> 03:45.480 user space. 03:45.480 --> 03:49.380 So what if JavaScript wasn't even something you assumed as a core part of your web browser? 03:49.380 --> 03:52.980 What if it was just web assembly? 03:52.980 --> 03:59.080 One of the things that I like that this would enable is having what it call a polyglot environment. 03:59.080 --> 04:03.280 You know, instead of traditionally, we just had JavaScript on the client-side web. 04:03.280 --> 04:06.680 And so if you wanted to do no matter what you wanted to do, you had to use JavaScript 04:06.680 --> 04:10.680 and often people are compiling other languages to JavaScript. 04:10.680 --> 04:16.180 Now with WebAssembly, we have a feasible way to use different languages for the tasks that 04:16.180 --> 04:17.180 they're most appropriate for. 04:17.180 --> 04:23.780 WebAssembly's found a lot of success in using, say, Rust or C++ to make a WebAssembly module 04:23.780 --> 04:27.380 that does a lot of number crunching, let's say, that we offload some of the work from JavaScript 04:27.380 --> 04:32.680 over to WebAssembly for that purpose, but still JavaScript's kind of our main language 04:32.680 --> 04:38.080 we're using, but we could take this further and we could utilize all sorts of different languages 04:38.080 --> 04:41.380 and different programming paradigms for the things that they're best suited for. 04:41.380 --> 04:46.780 So this is kind of looking to use having a big toolbox that we can use to build our applications 04:46.780 --> 04:49.280 out of. 04:49.280 --> 04:51.980 So again, this idea is not mine. 04:51.980 --> 04:55.280 I've read about it for some time. 04:55.280 --> 04:58.080 This is a blog post by Joey Hess. 04:58.080 --> 05:05.080 He knows a long time deviant developer, author of GetAnnex General Haskell Wizard, someone 05:05.080 --> 05:09.080 who's code I often can't understand, but I think he's a really brilliant person. 05:09.080 --> 05:16.080 This would be easy to read if I had my laptop the mirror here, but you know, so throw out 05:16.080 --> 05:19.580 all the web standards, make a browser that just runs Wasm Blobs and give them the surface 05:19.580 --> 05:20.580 to you. 05:20.580 --> 05:21.580 Sort of like the way Wayland does. 05:21.580 --> 05:25.580 It has tabs in a Throbber and URLs, but no HTML and no JavaScript, no CSS. 05:25.580 --> 05:30.580 Just HTTP of Wasm Blobs and Joey asserts, this is where the web browser is going eventually 05:30.580 --> 05:31.580 anyway. 05:31.580 --> 05:37.580 So I don't we try to build a future where we go there, but users retain some agency over 05:37.580 --> 05:39.580 their web browsing and this is not. 05:39.580 --> 05:45.580 It goes there anyway to Wasm Blobs but retains all of the large corporate control that 05:45.580 --> 05:47.580 we currently see with the web browser. 05:47.580 --> 05:52.580 So I found this really compelling and then as I got into WebAssembly work, I found it more 05:52.580 --> 05:53.580 and more compelling. 05:53.580 --> 05:56.580 Alright, WebAssembly, what is it anyway? 05:56.580 --> 06:00.580 So show of hands who's familiar with WebAssembly already. 06:00.580 --> 06:05.580 Okay, that's a good number of people who's worked with WebAssembly directly at any point. 06:05.580 --> 06:06.580 Okay, that's fewer people. 06:06.580 --> 06:13.580 Okay, so just for those that are kind of know but once more information, WebAssembly is a portable stack-based virtual machine. 06:13.580 --> 06:20.580 It's purposes to be a lower level, compilation target than JavaScript, but still being a higher level 06:21.580 --> 06:24.580 at a higher abstraction level than your average assembly language. 06:24.580 --> 06:30.580 So there are features of WebAssembly that you wouldn't find in like your X86 or risk-5, et cetera. 06:30.580 --> 06:36.580 Assembly languages, one of which being garbage collection primitives which I'll get to you. 06:36.580 --> 06:41.580 And so it's everything in WebAssembly, it's statically typed on like JavaScript. 06:41.580 --> 06:49.580 Like JavaScript, control flow is structured, which is unlike most assembly languages that have some kind of go to 06:49.580 --> 06:54.580 things to jump to various labels in the code. 06:54.580 --> 06:59.580 So it's quite different and it has this import export system for composition. 06:59.580 --> 07:07.580 So modules are usually small self-contained things and you can compose many modules together to form your overall application. 07:07.580 --> 07:11.580 So yeah, it's designed to be a good target for compilation. 07:11.580 --> 07:15.580 The idea is to be faster than JavaScript and have good boot time as well. 07:15.580 --> 07:21.580 So who's heard of ASM.js? It's a precursor to WebAssembly. 07:21.580 --> 07:34.580 It was basically using a subset of JavaScript that was started by Mozilla using a subset of JavaScript that was amenable to good jit compilation. 07:34.580 --> 07:41.580 And all sorts of interesting demos were done with that, including a form of the Unreal Engine and getting that running in web browsers. 07:41.580 --> 07:46.580 Very cool at the time, but WebAssembly came out of this to like, okay, let's do this but for real. 07:46.580 --> 07:48.580 Let's have a real format for this. 07:48.580 --> 07:50.580 So this is what WebAssembly looks like. 07:50.580 --> 07:53.580 This is a full module in the WebAssembly text format. 07:53.580 --> 07:57.580 It looks like a weird list if you're used to at all the list programming language, 07:57.580 --> 08:00.580 got all these parentheses, everything's in prefix notation. 08:00.580 --> 08:04.580 This module is very simple. It has an exported function called factorial. 08:04.580 --> 08:08.580 And what you see here is just an iterative factorial algorithm. 08:09.580 --> 08:12.580 But note that there's things like loop constructs. 08:12.580 --> 08:16.580 If these things you can have nested instructions and stuff like that. 08:16.580 --> 08:21.580 So different than most assembly languages in that regard. 08:21.580 --> 08:25.580 So yeah, so here's a sketch of a modular web browser. 08:25.580 --> 08:27.580 What if nearly everything was an extension? 08:27.580 --> 08:32.580 I'm an EMAX user and an EMAX nearly everything's an extension and the core is relatively small. 08:32.580 --> 08:35.580 What would the EMAX browsers look like? 08:35.580 --> 08:38.580 It can't even be a thing. 08:38.580 --> 08:41.580 There's so many web standards out there. 08:41.580 --> 08:44.580 If browsers weren't concerned with having to implement all of them, 08:44.580 --> 08:49.580 we could actually have implementations of web standards as web assembly modules. 08:49.580 --> 08:51.580 And so that we could actually have, 08:51.580 --> 08:56.580 we could ship browsers where the implementations could be swapped out as long as they respect compliant. 08:56.580 --> 08:58.580 Maybe you could leave them out entirely. 08:58.580 --> 09:02.580 There could be competition amongst an implementation of individual web standards 09:02.580 --> 09:07.580 as opposed to just having essentially chromium and web kit. 09:07.580 --> 09:10.580 And we got a gecko and stuff over there, 09:10.580 --> 09:15.580 unfortunately, seeming to start to fade into relevance. 09:15.580 --> 09:19.580 So one thing that's compelling to me about this approach would be 09:19.580 --> 09:22.580 the idea of shipping to the web is good. 09:22.580 --> 09:24.580 It's good to have a native app too. 09:24.580 --> 09:27.580 It's good to have the same code in both places. 09:27.580 --> 09:29.580 And so electron is kind of appealing, 09:29.580 --> 09:32.580 but you're shipping all of chromium or something like to people. 09:32.580 --> 09:35.580 And it's just like this giant blob and it does not make me feel good. 09:35.580 --> 09:37.580 It does not spark joy at all. 09:37.580 --> 09:42.580 But if I could tailor what I shipped down to just the things I need for my specific application, 09:42.580 --> 09:45.580 I'd feel a lot better about shipping something like that. 09:45.580 --> 09:50.580 The surface area for problems and just total binary size feels a lot more reasonable. 09:50.580 --> 09:52.580 In that case. 09:52.580 --> 09:56.580 And major browsers could look more like a Linux desktop does. 09:56.580 --> 09:59.580 It's a curated collections of software packages. 09:59.580 --> 10:05.580 What if browsers could be more curated collections of these modules? 10:05.580 --> 10:09.580 But decoupling all this stuff means coordination. 10:09.580 --> 10:11.580 We need modules to interoperate. 10:11.580 --> 10:14.580 They need to share references to objects with each other. 10:14.580 --> 10:19.580 How can modules know when another module is done using our reference? 10:19.580 --> 10:22.580 Is anyone familiar with the WebAssembly component model? 10:22.580 --> 10:24.580 WebAssembly system interface, OK? 10:24.580 --> 10:25.580 Just a few people. 10:25.580 --> 10:28.580 Well, this is a proposal out there for this Wassey thing. 10:28.580 --> 10:32.580 It introduces the component model for collaboration amongst WebAssembly modules. 10:32.580 --> 10:39.580 Unfortunately, in my opinion, it takes a very shared nothing or baro checking approach to collaboration, 10:39.580 --> 10:42.580 where you can send something to another module, 10:42.580 --> 10:46.580 but it's only for the duration of a single call and then you kind of like unbarrow it. 10:46.580 --> 10:50.580 At the end, there's no real idea of sharing things for long term 10:50.580 --> 10:54.580 and then collecting them when the objects are used in that other module. 10:54.580 --> 10:58.580 And Wassey's really focused on non-web use cases anyway, 10:58.580 --> 11:01.580 so I think Wassey is an interesting thing, 11:01.580 --> 11:06.580 but I think it's completely the wrong direction for the Web. 11:06.580 --> 11:10.580 So I think the solution really is to embrace garbage collection, 11:10.580 --> 11:13.580 which is I know sometimes a contentious subject, 11:13.580 --> 11:15.580 but I'm a big proponent of garbage collection. 11:15.580 --> 11:19.580 WebAssembly 1.0 had a linear memory, only model. 11:19.580 --> 11:23.580 You're talking about offsets, pointers, offsets into memory. 11:23.580 --> 11:26.580 WebAssembly 3.0 added these GC managed reference types, 11:26.580 --> 11:29.580 which means that we can do heap allocation. 11:29.580 --> 11:31.580 So there's a struct.new instruction, 11:31.580 --> 11:34.580 and this is what allocating a pair looks like in our scheme implementation. 11:34.580 --> 11:38.580 And this is a pair that has two, you see, 11:38.580 --> 11:40.580 this is Reft.I-31s there. 11:40.580 --> 11:43.580 Those are representation of some immediate values, 11:43.580 --> 11:48.580 in which case those magic numbers are the constant for true and the constant for false. 11:48.580 --> 11:51.580 So this is just a pair of both Boolean values. 11:51.580 --> 11:55.580 So these are heap allocated, they're opaque. 11:55.580 --> 11:59.580 In the sense that you can't just get an offset into that memory there 11:59.580 --> 12:01.580 and then go read off somewhere that you shouldn't be. 12:01.580 --> 12:05.580 So we have some, there's security properties of heap references. 12:05.580 --> 12:08.580 So we have this reference type hierarchy here. 12:08.580 --> 12:12.580 This is what the reference type system looks like in WebAssembly. 12:12.580 --> 12:15.580 You have all your things like structs and arrays for composite types. 12:15.580 --> 12:18.580 And then way over on the other side here, we have this external reference type. 12:19.580 --> 12:22.580 And that's good for sharing references from JavaScript, 12:22.580 --> 12:24.580 or any other WebAssembly module. 12:24.580 --> 12:27.580 So you can get external values, say like a DOM node or something like that, 12:27.580 --> 12:31.580 and you can operate them, interoperate with them through WebAssembly. 12:31.580 --> 12:35.580 So there's a whole rich type system here. 12:35.580 --> 12:38.580 If there's any GC skeptics in the room, 12:38.580 --> 12:42.580 if you're using Rust or something to compile into WebAssembly, 12:42.580 --> 12:44.580 you could use what, why isn't GC as well. 12:44.580 --> 12:47.580 It's not all or nothing kind of thing. 12:47.580 --> 12:51.580 It would be feasible to say, have all your viral checking stuff 12:51.580 --> 12:54.580 that you might prefer inside of your Rust module, 12:54.580 --> 12:59.580 and then have GC between modules for that kind of collaboration that you need. 12:59.580 --> 13:02.580 So it's another issue. 13:02.580 --> 13:05.580 D-coupling means distributing trust. 13:05.580 --> 13:08.580 WebAs is a very secure environment, 13:08.580 --> 13:14.580 and so that high trust C++ core is a, you know, 13:14.580 --> 13:19.580 something that's not changed with any, any speed, you know, 13:19.580 --> 13:20.580 in the previous talk, 13:20.580 --> 13:25.580 something about how careful the browser vendors are about about making changes. 13:25.580 --> 13:28.580 So I'm proposing decoupling these things. 13:28.580 --> 13:30.580 That requires even more security. 13:30.580 --> 13:33.580 So we need a way to, for modules to collaborate safely. 13:33.580 --> 13:34.580 How are we going to do that? 13:34.580 --> 13:37.580 And the solution is capability security. 13:37.580 --> 13:38.580 So sure of hand. 13:38.580 --> 13:41.580 So it was sort of capability security in the room. 13:41.580 --> 13:42.580 Okay. 13:42.580 --> 13:43.580 It's a little less than half. 13:43.580 --> 13:45.580 That's actually better than I expected. 13:45.580 --> 13:46.580 Very cool. 13:46.580 --> 13:48.580 The motto we like to use as rightly is, 13:48.580 --> 13:50.580 if you don't have it, you can't use it. 13:50.580 --> 13:52.580 By holding a reference to something, 13:52.580 --> 13:55.580 you have the authority to send a message to that thing. 13:55.580 --> 13:57.580 That's the essential idea of a capability. 13:57.580 --> 14:00.580 If you're used to passing arguments to functions, 14:00.580 --> 14:01.580 congrats. 14:01.580 --> 14:04.580 You basically understand capabilities at this point. 14:04.580 --> 14:06.580 Okay. 14:06.580 --> 14:08.580 How many programmers in the room would say, 14:09.580 --> 14:12.580 if you're familiar with the concept of lexical scope, 14:12.580 --> 14:15.580 make that your security model and you have capabilities. 14:15.580 --> 14:17.580 Importantly, it means no ambient authority. 14:17.580 --> 14:19.580 And what does ambient authority? 14:19.580 --> 14:23.580 Here's an example just using JavaScript of a contrived thing 14:23.580 --> 14:27.580 that gets the value of something of an element and then focuses it. 14:27.580 --> 14:32.580 The first one uses ambient global state by looking up an element by its ID. 14:32.580 --> 14:36.580 And so the document is this magic global thing that you just assume 14:36.580 --> 14:38.580 every function can access. 14:38.580 --> 14:40.580 And then you can just look up things by identifier. 14:40.580 --> 14:44.580 So this is what you would call ambient global state in a program. 14:44.580 --> 14:47.580 And so that's not a capability approach. 14:47.580 --> 14:49.580 A capability approach is explicit reference passing, 14:49.580 --> 14:51.580 where you would actually get the element as an argument 14:51.580 --> 14:55.580 and by holding a reference to it, you can then send messages. 14:55.580 --> 14:58.580 So that's very simplistic example. 14:58.580 --> 15:00.580 This is not a new idea. 15:00.580 --> 15:03.580 This is a paper at MIT from 1996, 15:03.580 --> 15:07.580 a security kernel based in the way of the calculus by Jonathan Reath. 15:07.580 --> 15:10.580 I highly recommend highly recommended reading, really cool. 15:10.580 --> 15:14.580 But just to show you this is an idea that's decades old. 15:14.580 --> 15:20.580 Capability security also has the benefit of having a good user experience. 15:20.580 --> 15:24.580 There's this paper I would recommend reading as well called not one click for security. 15:24.580 --> 15:27.580 And I'll say, by using a browser today, 15:27.580 --> 15:30.580 you're actually already used to certain capability paradigms. 15:30.580 --> 15:33.580 The file picker, when you want to upload a file, 15:33.580 --> 15:35.580 and give access to a file to a website, 15:35.580 --> 15:38.580 is a capability pattern called a power box. 15:38.580 --> 15:41.580 By clicking the upload file, you open the file picker. 15:41.580 --> 15:44.580 The web page does not have access to your whole file system. 15:44.580 --> 15:47.580 You instead consent to picking a very particular file 15:47.580 --> 15:49.580 and granting it access. 15:49.580 --> 15:53.580 So web browsers already have some of these really nice UX properties already. 15:53.580 --> 15:58.580 And so I think we should take this further. 15:58.580 --> 16:03.580 So yes, so reason I bring up capabilities is because web assembly 16:03.580 --> 16:05.580 is a capability system. 16:05.580 --> 16:08.580 And there's both compile time capabilities and run time capabilities. 16:08.580 --> 16:11.580 Bison binders have no privileges by default. 16:11.580 --> 16:14.580 They can't do anything besides they get into an infinite loop 16:14.580 --> 16:16.580 and make your laptop hot. 16:16.580 --> 16:18.580 They can't do IO. 16:18.580 --> 16:21.580 They can't make network requests, et cetera. 16:21.580 --> 16:24.580 It's all outside world interaction. 16:24.580 --> 16:28.580 Any IO that a module can do has to be explicitly passed in 16:28.580 --> 16:32.580 by its host, the instantiator of the module. 16:32.580 --> 16:37.580 Which means you can't just import something from the web. 16:37.580 --> 16:39.580 The web assembly module can't do that. 16:39.580 --> 16:43.580 So this is a capability security, like a central core principle. 16:43.580 --> 16:46.580 And web assembly modules may also export things 16:46.580 --> 16:49.580 that then can be imported into other web assembly modules. 16:49.580 --> 16:51.580 So with an import export system, 16:51.580 --> 16:54.580 and no way to reach out beyond what you're given, 16:54.580 --> 16:57.580 web assembly makes for a secure runtime. 16:57.580 --> 17:00.580 And then all these heat-allocated references that I was talking about, 17:00.580 --> 17:02.580 and talking about those are runtime capabilities. 17:02.580 --> 17:05.580 So those are you can get access to references at runtime 17:05.580 --> 17:09.580 and then operate on those objects and pass them around. 17:09.580 --> 17:12.580 So this is just an example of importing. 17:12.580 --> 17:15.580 Let's see, I'm just trying to see how I'm doing the time. 17:15.580 --> 17:18.580 I'm doing okay. 17:18.580 --> 17:20.580 So this is from our Hoot project, actually. 17:20.580 --> 17:22.580 Like a snippet from it. 17:22.580 --> 17:26.580 This is calling into JavaScript's big-int implementation 17:26.580 --> 17:28.580 to allocate big-ints. 17:28.580 --> 17:30.580 This is what the web assembly decoration looks like. 17:30.580 --> 17:32.580 It's basically a function that doesn't have a body. 17:32.580 --> 17:35.580 We just say there's a hole that's got this signature, 17:35.580 --> 17:37.580 and I need the host to put something in there, 17:37.580 --> 17:39.580 so that this module can work. 17:39.580 --> 17:42.580 And here's an implementation of it from the web assembly side, 17:42.580 --> 17:45.580 where we boot the module and then we pass in the import. 17:45.580 --> 17:49.580 And in this case, it's using the big-int class to actually allocate the big-int. 17:49.580 --> 17:54.580 But the important thing is that the instantiator is in control. 17:54.580 --> 17:56.580 If a module asks for something, 17:56.580 --> 17:58.580 that asks for something with a certain signature, 17:58.580 --> 18:01.580 is up to the host to say what that is. 18:01.580 --> 18:04.580 And the host could just pass in something that didn't do 18:04.580 --> 18:07.580 what the module hopes it would do in the first place. 18:07.580 --> 18:10.580 So if there was a dangerous feature or something that you didn't trust 18:10.580 --> 18:12.580 about the thing you're trying to run, 18:12.580 --> 18:14.580 well, okay, it wants an import. 18:14.580 --> 18:17.580 Imagine this was like some kind of HTTP request. 18:17.580 --> 18:20.580 You could just say, no, I'm just going to return 18:20.580 --> 18:22.580 some garbage or spoof something or whatever. 18:22.580 --> 18:26.580 So it's really the instantiator is who is in control, 18:26.580 --> 18:29.580 which means we have the ability to run entrusted code, 18:29.580 --> 18:31.580 which is kind of nice. 18:31.580 --> 18:34.580 But let it end about to wrap up. 18:34.580 --> 18:36.580 Another article that I found really compelling 18:36.580 --> 18:39.580 was by Ian Hixie Hixon, 18:39.580 --> 18:41.580 towards a modern web stack. 18:41.580 --> 18:44.580 And Hixie has been advocating for kind of the same thing 18:44.580 --> 18:47.580 that Joey Hess was advocating for, 18:47.580 --> 18:50.580 of kind of reducing the stack. 18:50.580 --> 18:52.580 More to being like, okay, you have a canvas 18:52.580 --> 18:54.580 and you can draw on it somehow. 18:54.580 --> 18:58.580 And this article has made people concerned 18:58.580 --> 19:01.580 that the whole idea of web documents 19:01.580 --> 19:03.580 and all the stuff that we get with the document object model 19:03.580 --> 19:06.580 and all the accessibility features that are built into the document 19:06.580 --> 19:07.580 model. 19:07.580 --> 19:09.580 Like, are you proposing to throw all of that out 19:09.580 --> 19:12.580 and just have a canvas and you just write pixels? 19:12.580 --> 19:15.580 And I'm speaking for myself here. 19:15.580 --> 19:18.580 And I think if we can figure out the right approach 19:18.580 --> 19:21.580 to modularity, I don't think it has to be a dichotomy. 19:21.580 --> 19:23.580 I don't think it has to be one of the other. 19:23.580 --> 19:25.580 I think for the document web is great, 19:25.580 --> 19:28.580 but also it's not sufficient for certain types of applications. 19:28.580 --> 19:32.580 Can we find a way to have both of these things work? 19:32.580 --> 19:36.580 So I don't, I'm not advocating for a choice 19:36.580 --> 19:37.580 between one or the other. 19:37.580 --> 19:40.580 I would like both. 19:40.580 --> 19:42.580 So Wasm is room to grow. 19:42.580 --> 19:44.580 What's out there with WasmGC right now is 19:44.580 --> 19:46.580 it's minimal viable product. 19:46.580 --> 19:47.580 It works. 19:47.580 --> 19:48.580 I use it daily. 19:48.580 --> 19:49.580 It's nice. 19:49.580 --> 19:51.580 But there's a number of things that should be improved. 19:51.580 --> 19:53.580 I gave a talk yesterday talking about these things more 19:53.580 --> 19:56.580 in depth, but stack switching, multi-biter A access, 19:56.580 --> 19:59.580 reference type strings for whatever reasons strings 19:59.580 --> 20:00.580 are not as easy to work with. 20:00.580 --> 20:03.580 I think what I'm talking about is you might expect. 20:03.580 --> 20:05.580 There are many things that we can improve to make Wasm 20:05.580 --> 20:08.580 like a suitable substrate for the kind of thing that I'm talking about. 20:08.580 --> 20:11.580 But I think the core stuff is there. 20:11.580 --> 20:13.580 The core security properties are there, 20:13.580 --> 20:16.580 and I think we have a good base to build on. 20:16.580 --> 20:20.580 So yeah, in summary, we have a near monopoly for browser engines. 20:20.580 --> 20:21.580 I think it's quite unhealthy. 20:21.580 --> 20:25.580 We need to break it up somehow, at least I hope we could. 20:25.580 --> 20:28.580 I think Wasm is the suitable thing to use for this. 20:28.580 --> 20:31.580 It's a really great technology, and I think also it's very accessible. 20:31.580 --> 20:33.580 The standard is very easy to read, 20:33.580 --> 20:37.580 and it's actually implementable without too much engineering effort. 20:37.580 --> 20:40.580 Like you could do it as a free time project. 20:40.580 --> 20:42.580 You could do it with minimal resources. 20:42.580 --> 20:43.580 It's pretty cool. 20:43.580 --> 20:46.580 We should push Wasm to its limit for this purpose. 20:46.580 --> 20:48.580 See what we can get out of it. 20:48.580 --> 20:52.580 And just in general, let's take back the web for regular people, 20:52.580 --> 20:55.580 and to give users more agency over their computing. 20:55.580 --> 20:58.580 So people are concerned about web assembly being like, 20:58.580 --> 21:00.580 well, with JavaScript, I can read the source code, 21:00.580 --> 21:02.580 right? I can look at the inspector and see the source. 21:02.580 --> 21:05.580 It's not really true because most websites are delivering stuff 21:05.580 --> 21:07.580 that's been run through a compiler to chain, 21:07.580 --> 21:08.580 and minified. 21:08.580 --> 21:11.580 You're already looking at things that aren't real source code anyway. 21:11.580 --> 21:14.580 So the web has already gone in this direction of shipping you blogs. 21:14.580 --> 21:18.580 And if we're going to do this, what we need is to give people agency. 21:18.580 --> 21:22.580 If they're to have control over their computing in the long term. 21:22.580 --> 21:24.580 So that's what I would like. 21:24.580 --> 21:25.580 I don't exactly know how to get there, 21:25.580 --> 21:28.580 but I've hope I've planted a seed of interest 21:28.580 --> 21:30.580 in exploring this direction. 21:30.580 --> 21:34.580 So I just encourage more thought and effort put into here. 21:34.580 --> 21:36.580 So that's all. 21:36.580 --> 21:38.580 Again, I work for a small nonprofit. 21:38.580 --> 21:40.580 We do a lot with a little. 21:40.580 --> 21:42.580 And if you like the work we do, 21:42.580 --> 21:44.580 please visit SpritLetAinstitute. 21:44.580 --> 21:45.580 So I should donate. 21:45.580 --> 21:46.580 We really need your support. 21:46.580 --> 21:49.580 We're a 501c3 nonprofit in the United States. 21:49.580 --> 21:50.580 If you happen to be in the United States, 21:50.580 --> 21:53.580 it means your donations tax deductible. 21:53.580 --> 21:55.580 And yeah, otherwise, just check out our blog. 21:55.580 --> 21:56.580 We have interesting things there. 21:56.580 --> 21:58.580 So I hope this was of interest. 21:58.580 --> 21:59.580 Thank you. 21:59.580 --> 22:00.580 Questions. 22:00.580 --> 22:02.580 Thank you. 22:06.580 --> 22:08.580 All right, I can already see a hand. 22:08.580 --> 22:09.580 All right. 22:09.580 --> 22:10.580 We're going to do questions now. 22:10.580 --> 22:11.580 We've got about six minutes. 22:11.580 --> 22:12.580 Oh, I don't know what I'm saying. 22:12.580 --> 22:13.580 Okay, great. 22:13.580 --> 22:14.580 I forgot to start my talk once again. 22:14.580 --> 22:15.580 So I didn't know. 22:15.580 --> 22:16.580 Yeah, I apologize. 22:16.580 --> 22:18.580 The apologies to anyone that came on. 22:18.580 --> 22:22.580 I came in at groom on time or anyone watching this stream. 22:22.580 --> 22:24.580 I did start your talk a couple minutes early. 22:24.580 --> 22:25.580 So my apologies. 22:25.580 --> 22:27.580 But anyone watching this stream can actually rewind it. 22:27.580 --> 22:28.580 Watch the recording. 22:28.580 --> 22:36.580 So I, I think the case is really convincing for this from the bottom up. 22:36.580 --> 22:44.580 Like, you know, everyone below the like web dev that never got further than learning 22:44.580 --> 22:47.580 of the JavaScript frameworks could be pretty convinced by this. 22:47.580 --> 22:55.580 But I'm kind of like trying to imagine on the in the other direction from like the dumbest possible web dev. 22:55.580 --> 23:07.580 How painful is it to have to do like your example of having to do capability like not having any global functions unless you're using the module that gives you global functions. 23:07.580 --> 23:13.580 And and I was thinking like you talked about garbage collection capabilities, but just even. 23:13.580 --> 23:29.580 I'm thinking there's like a whole school of thought that web 1.0 and web 2.0 were like basically enabled by the weird janky session abstraction that like made it so that you had to learn much less. 23:29.580 --> 23:36.580 Programming to be able to make a web app that was state full and like how, how would we do just as a. 23:36.580 --> 23:37.580 Random example. 23:37.580 --> 23:44.580 I'm going to move in the possible question answer, but like how would you give that equivalence like what would have to be in place. 23:44.580 --> 23:48.580 Which modules would have to already be written for someone to have. 23:48.580 --> 23:54.580 Old school session variables and JavaScript and have it all run in this. 23:54.580 --> 23:56.580 That's a great question. 23:56.580 --> 24:04.580 Well, I would I would hope that by by doing something like this, we don't like throw away any of that old stuff because the web has to continue to be backwards compatible. 24:04.580 --> 24:13.580 I would hope that like yeah, that old session based thing would still work and you would have hopefully that the API layer just you yourself the API layer to do that. 24:13.580 --> 24:20.580 But you're I think you're getting at like you're talking about capabilities and it's it's slightly it's a it's. 24:20.580 --> 24:25.580 In some ways a familiar way to program but also different because we're all we're used to some. 24:25.580 --> 24:33.580 Being able to just like request like we talked to rest APIs and things like resource based things things with names, file names like non globally unique names. 24:33.580 --> 24:46.580 I should say and that is not fully answered question like the world has not come to view capabilities as the way to go. 24:46.580 --> 25:02.580 But I think the research is encouraging around things like this not one click for security paper around so there's there's the developer experience part and making things good for the developer and then there's the user experience part of like when you. 25:02.580 --> 25:10.580 When you have capabilities as like what your systems built on how to how to users interact with them you're asking more about the developer experience. 25:10.580 --> 25:19.580 And I think what we try to do it sprightly we try to like really emphasize that it looks like regular programming like I think. 25:19.580 --> 25:26.580 The conceptual leap is not as big as people might think but there's still some education and. 25:26.580 --> 25:34.580 I'm still looking for ways to like how do I how do I make this leap intuitive to people and I don't fully have an answer for you. 25:34.580 --> 25:36.580 Does that answer your question in any form. 25:36.580 --> 25:37.580 Okay. 25:37.580 --> 25:39.580 Cool that was a great question thank you. 25:39.580 --> 25:40.580 Awesome we should talk after. 25:40.580 --> 25:42.580 We have time for one more question. 25:42.580 --> 25:45.580 I'm going to go ahead and head over now and then we'll do change over. 25:45.580 --> 25:52.580 If you do have a question for free to talk to Dave afterwards. 25:52.580 --> 26:02.580 My main question would be that browsers are currently written in C++ for a great reason of performance and like. 26:02.580 --> 26:15.580 WebAssembly like kindness puts a like branch in the works because it occurs like several times overhead in relation to the actual native implementation. 26:15.580 --> 26:28.580 So if we were to like actually make layout in the engine and webAssembly like all of that graphics abstraction and webAssembly wouldn't that be just horribly slow. 26:28.580 --> 26:31.580 That's a great question. 26:31.580 --> 26:36.580 I think I could have a one word answer with yes but it's like yes but. 26:36.580 --> 26:43.580 What I think you know I'm talking about like a vision here I think we need to like if this were to be pursued. 26:43.580 --> 26:50.580 We'd have to find out like where where do we make the trade off where we where we maybe sacrifice a little bit of. 26:50.580 --> 26:59.580 Performance for flexibility and for modularity and where where do we say that's not tenable and what do we keep in the core. 26:59.580 --> 27:03.580 To you know there are certain things that just need to be faster than the R. 27:03.580 --> 27:12.580 So you make a good point so I think I'm not saying get rid of all of the C++ essentially like if you maybe there are certain things that we have to keep there for practical reasons. 27:12.580 --> 27:15.580 But we can modularize more a lot more than what we have now. 27:15.580 --> 27:20.580 At the same time I think webAssembly can also kind of come up in its ability. 27:20.580 --> 27:27.580 To express more performance programs and to be more efficiently compiled. 27:27.580 --> 27:36.580 So for example webAssembly right now you're kind of strictly talking like single threaded programs there's there's a proposal for threads out there. 27:36.580 --> 27:52.580 So for example like you're not going to have like a you can't write a really good garbage collector and webAssembly right now because it's not going to perform well because good garbage collectors want to use all of your CPUs for so it can be allocating across many threads and collecting and things like that so. 27:52.580 --> 28:03.580 So there's room for webAssembly to level up and then there's also a matter of like we have to make practical tradeoffs of like what what what's worth it like what's worth having the modularity what's not right now does that. 28:03.580 --> 28:07.580 Can answer question it's nebulous, but yeah sure. 28:07.580 --> 28:11.580 Are you like later like yeah we get to that clear you sound unconvinced that's okay. 28:11.580 --> 28:13.580 Thank you everybody.