Handmade Network»Fishbowls»The future of operating systems in an Internet world

The future of operating systems in an Internet world

Despite the web's technical problems, it dominates software development today, largely due to its cross-platform support and ease of distribution. At the same time, our discussions about the future of programming tend to involve new "operating systems", but those discussions rarely take the Internet into account. What could future operating systems look like in a world defined by the Internet?

This is a fishbowl: a panel conversation held on the Handmade Network Discord where a select few participants discuss a topic with depth and nuance. We host them every two months, so if you want to catch the next one, join the Discord!
Avatar
bvisness May 08, 2020 10:04 AM
Topic: The Future of Operating Systems in an Internet World (edited)
Avatar
bvisness May 08, 2020 10:06 AM
I'm the one who pitched this topic in the first place, so here's what I was thinking at the time I wrote it
10:07
Basically: the web gets a lot of crap around here, for good reasons, but the interesting thing about it to me is that the ease of distribution and the remarkable cross-platform support seem to outweigh the downsides of the crappy tech stack for nearly everyone.
10:07
At the same time, we have all kinds of discussions here about the future of computing, and part of that is broadly on the "operating system" side of things
10:08
and I often feel like those OS brainstorms don't really take the internet into account
10:08
The web has dramatically changed how software is developed and distributed, and I think any future operating system needs to consider how it could achieve some of the same benefits
Avatar
simp May 08, 2020 10:09 AM
I've been looking into a lot of the web technologies, having been not very interested until about 5 months ago, the ease of distribution is definitely readily apparent. One of the nicest things about some of the technologies coming to maturity in this case is WebAssembly which I know both you and Bill have been messing with a lot. Which in practice is a fantasy CPU on the computer of anyone who has a browser on their machine
10:10
Which is everyone.
Avatar
bvisness May 08, 2020 10:10 AM
WASM is really just a small part of it
Avatar
simp May 08, 2020 10:10 AM
Of the entire web ecosystem?
10:10
(Just to clarify)
Avatar
bvisness May 08, 2020 10:10 AM
I think there's a much larger conversation to be had about what "programs" look like in the context of the web
Avatar
simp May 08, 2020 10:11 AM
Gotcha
Avatar
bvisness May 08, 2020 10:11 AM
WASM provides an execution environment, but there's much more to what we expect from an operating system
Avatar
simp May 08, 2020 10:11 AM
I don't know when bmp will show, but this has been the center of a lot of discussion around how a user experience is designed in a world chock full of internet.
10:12
What's your thesis?
Avatar
bvisness May 08, 2020 10:12 AM
I didn't prep it as much as I should have 😛
10:13
A starting place may be the fact that browsers have already become strange approximations of operating systems
10:13
Browsers now are virtual machines, window managers, persistent storage APIs, and graphics drivers
10:14
but they look very different from traditional OSes, and subject "programs" to much stronger restrictions (edited)
10:14
I think traditional operating systems provide a model for an "offline" OS, and browsers provide a model for a strictly "online" OS
Avatar
simp May 08, 2020 10:15 AM
A given website is a software package that you download and run, and it needs to be able to be streamed in as such?
Avatar
bvisness May 08, 2020 10:15 AM
I'm curious if there is some kind of middle ground; a hybrid approach that gives you rich control over local data while still allowing easy distribution of software (and extra protections with it?)
10:15
I know Ryan mentioned the idea of "temporary software" at one point
10:16
as something in that direction
Avatar
simp May 08, 2020 10:16 AM
I think that's kinda where the biggest idea of a "online" is comes in, the systems offer different expectations to how the software is structured.
Avatar
bvisness May 08, 2020 10:17 AM
I could get deeper into the weeds, but I want to hear other people's initial thoughts about the issue before I go any further (edited)
Avatar
gingerBill May 08, 2020 10:19 AM
Hello everyone. Regarding OSes, what do people use the OS for effectively? Some way to load programs, access to the file system, communicating to hardware and external things, threads, memory allocation, etc. The OS is not much different to the kernel to what people actually want from it. (This is ignoring the GUI/TUI)
10:20
So a Web "OS" needs to support something like this and not much more.
Avatar
simp May 08, 2020 10:20 AM
Its interesting you mention protections. I don't want to derail the current topic of convo too much as we just started, but one topic of conversation perhaps on a less "tech centric" level have been what has been pet named "post-Dunbar world problems" You have a world where, in terms of ethics, anything can be shared so easily. You can imagine an online note-taking app, where how private some information is is variable. Google Plus famously failed the circle idea, but I think how to manage the social connection side of the internet technology is one of the things you'd need most to pay attention to when it comes to how you construct the protection systems both for bad actors, and even your grandma who shares that picture of your child that really didn't need to be on facebook etc. How do you establish a lifestyle for people to adopt which makes the most use of the internet in their day to day workflow?
10:20
But perhaps we should get back to that later. (However I think it's important to have that stewing in everyone's mind as we push forward into the development of the user experience.) (edited)
Avatar
bvisness May 08, 2020 10:21 AM
Yeah, that will probably be an interesting area to explore once we have a better idea what we're even talking about
10:21
I think Bill is right to question what we want from an OS in the first place
10:23
We've already seen that a browser can kind of be collapsed into a traditional operating system in the form of ChromeOS. But using ChromeOS makes it pretty apparent that browsers alone are lacking a lot of what you need from a general-purpose computer.
10:24
Local data feels like the biggest problem to me. I believe ChromeOS has some kind of terrible file manager, but even assuming they had something better there, web software is generally antithetical to the idea of local data
10:25
all the data is almost by definition stored somewhere else
Avatar
simp May 08, 2020 10:27 AM
I'm interested in what you mean Bill, if basically the things that the kernel gives you are what's missing (insofar as they are) from the current browser environment, does this mean the OS part of the software being downloaded and run is managed by the website host essentially? (Moving away from "personal computing" or do you mean simply that the web having more access to the computer's resources allows it to do more, the "fantasy cpu"/virtual machine elements essentially just being distribution alone?) (edited)
Avatar
gingerBill May 08, 2020 10:28 AM
I'm thinking this from purely a user standpoint. What does the average computer user use a computer for?
Avatar
bvisness May 08, 2020 10:28 AM
web browsing
Avatar
simp May 08, 2020 10:28 AM
Email answering machine?
Avatar
gingerBill May 08, 2020 10:29 AM
Effectively, they use an application for a particular task. Be it web browsing, emails, Photoshop, word processing, spreadsheets, games, images, printing, etc.
10:30
People don't think of the OS as a thing but as the arena that those tasks can be done.
10:30
And a web browser is akin to this too.
Avatar
simp May 08, 2020 10:31 AM
There's a sense in which something like a file system is already being offloaded onto the internet from a user's standpoint
10:31
So many applications make a transition.
Avatar
gingerBill May 08, 2020 10:32 AM
Yes. The file system is already abstracted on the web side of things, but not as much locally.
10:33
As Ben states, ChromeOS is more than enough for most people using a computer. And that to me is quite interesting.
Avatar
gingerBill May 08, 2020 10:33 AM
Most being 60%+
Avatar
bvisness May 08, 2020 10:33 AM
One thing I dislike from a user perspective about the internet today, though, is that nobody really "owns" their data any more. You usually can't store data locally; it's trapped in third-party services.
Avatar
simp May 08, 2020 10:34 AM
I think that what the average user of today needs of technology is a chromebook, and I've suggested it to people I know. From a market standpoint the largest companies out there already made their move.
Avatar
bvisness May 08, 2020 10:35 AM
But what makes ChromeOS so much more appealing to people? To Bill's point, it's really just that it allows them to do the tasks they want to do.
Avatar
gingerBill May 08, 2020 10:36 AM
Exactly!!!
Avatar
simp May 08, 2020 10:36 AM
I think the question is more, how can a operating system incorporate the internet for the better. Can it? If you hybridize, from a user perspective the difference hardly exists
10:36
Like none.
Avatar
bvisness May 08, 2020 10:36 AM
Well, it may be interesting to examine the workflows for which the web does not work today
10:37
gaming generally requires better graphics performance than browsers can currently offer, but beyond that, it also requires very large amounts of local data
10:37
photography is the same way
Avatar
simp May 08, 2020 10:37 AM
Basically, as Bill suggested, just what the kernel gives the "offline" OS now. (edited)
10:39
The question is, when you add the ease of distribution that Ben started with, what happens to that software which can't work on the web now?
10:40
How does an operating system, from the user perspective, facilitate that distribution power?
10:40
Does the site owner just handle it like say google does with cloud services?
Avatar
bvisness May 08, 2020 10:40 AM
That's what I think is interesting to explore. There are multiple angles to this thing - the web makes software distribution very easy, but web apps today were designed around the assumption that all data had to be on the server
10:40
App stores / package managers may provide a contrasting model, but I don't think they're really sufficient
Avatar
simp May 08, 2020 10:41 AM
I think if you want to not have the problem you mentioned earlier, you need to be able to "own" and store locally that information despite the distribution system being completely transformed.
Avatar
bvisness May 08, 2020 10:41 AM
so there is software distribution, but also how the software itself operates
10:41
which are two very different things, potentially
Avatar
simp May 08, 2020 10:41 AM
Elaborate?
10:43
In addition, where are the failings with package managers for the web in your experience?
Avatar
bvisness May 08, 2020 10:43 AM
I knew I should have written up more of a thesis last night
Avatar
simp May 08, 2020 10:44 AM
I've had an alright experience with the AUR for Arch for instance. Or rather parts of it which are nice to use definitely nice even if you miss what works about windows.
10:45
I think for the average user, downloading the google package or what have you for a given service is as easy as chrome extensions are now. (edited)
Avatar
bvisness May 08, 2020 10:49 AM
So, I basically see a strong dichotomy right now between native software and web software, even if that native software is managed by a launcher or package manager. Each has its own advantages and disadvantages. Native software requires explicit installation but has more direct access to your computers resources and can work with shared persistent storage in the form of the filesystem. Web software requires is just streamed to the user as they request it, but is subject to much stronger security models, and due to the ad-hoc design of the web, doesn't really have the same level of capability as a native app. I'm curious if we can envision a system that breaks down that dichotomy while still keeping users safe and happy.
Avatar
bvisness May 08, 2020 10:51 AM
It feels to me like that will happen one way or another. After all, browsers continue to push more and more towards the full capabilities of operating systems.
10:52
But I don't want the future of computing to just be renting time on other people's computers. Turning everybody's computers into dumb terminals feels wrong.
10:52
At the same time, a dumb terminal is really great for a lot of users (see ChromeOS)
Avatar
simp May 08, 2020 10:52 AM
Well I think the utility of being able to have shared file systems and whatnot running on your own machine is highly subject to having a machine that actually has those.
10:54
Which as Bill is pointing out about ChromeOS and co, people who can use the applications they expect (however premeditated and provider-constructed that expectation is) will be happy without those, to an extent.
Avatar
.bmp May 08, 2020 10:54 AM
One point that I want to earmark for later is the data ownership. I don't know if we ever found a fifth person, but along the lines of data ownership especially as it relates to security and smarthome/IoT tech, Ryan and I seem to have similar views, which we could expand upon later. Perhaps he'd like to join us for that segment
Avatar
simp May 08, 2020 10:55 AM
Avoiding the "car fleet" problem--wherein you are in a future where fleets of automatic Tesla cars roam the world to transport you for a fee--is also hard to avoid for computers as terminals.
10:56
I think you have to design for yourself, or as I've been alluding to, sell a lifestyle which the browser advancement facilitates, it's not clear you can avoid that future. (This is part of why I am skeptical if the ramification of Bill's point that if the web just incorporates the utility of the offline OS' access to hardware, then the issue of the superior qualities of the internet being missing from offline OS is gone. As Demetri put it at one point, when it comes to something like the ownership of your data, something bigger is going to have to come and kill the current Google profit model to dethrone that.) (edited)
Avatar
.bmp May 08, 2020 10:57 AM
As far as the Web/OS boundary, as well as the restrictions and sandboxing elements, I think (and this seems to be mildly unpopular among desktop developers) the smartphone "app" model is a good one
10:57
I think iOS and Android, for all their flaws, do a much better job of blurring the lines of what constitutes the web, while putting explicit user-interacting security barriers in place
Avatar
bvisness May 08, 2020 10:58 AM
I agree with that, although I think app stores are a plague upon that model
Avatar
.bmp May 08, 2020 10:58 AM
But I think we can take it further than that, and not even have a user-aware distinction between "app" and "webpage"
Avatar
bvisness May 08, 2020 10:58 AM
maybe not inherently, but certainly if they are enforced
Avatar
.bmp May 08, 2020 10:58 AM
(Implied, I hope, is that this is not based on existing web tech, but rather a parallel concept of what the web is more generally)
10:59
app stores do provide some legitimacy, though, which is important to consider
Avatar
bvisness May 08, 2020 10:59 AM
I think that is implied everywhere in this conversation 🙂
Avatar
.bmp May 08, 2020 10:59 AM
however I don't think the "store" model is right at all
10:59
I'd prefer just a search engine for "apps"
11:00
where apps would be generic locally-installed programs
11:00
and "web pages" would be a specialized kind of sandboxed app
11:01
to the point of webasm, which I hope you and Bill get into more here Ben, I think that's largely one of the virtues of it - it's trying to bridge that gap somewhat
11:01
whether it's good enough, or successful enough, or low-level enough for the task is a different matter (edited)
Avatar
bvisness May 08, 2020 11:02 AM
So in your preferred model, you'd still have a distinction between "apps" and "web apps", where web apps have stronger permissions? Or am I misunderstanding
Avatar
.bmp May 08, 2020 11:02 AM
it certainly addresses the distribution aspect, though, by being runnable in an abstracted machine
11:02
@bvisness from a user-facing perspective, no. From a developer perspective, yes, you'd have programs with different levels of gating
11:03
A user could choose to "trust" a given program to install itself locally for full access and performance improvements for instance
11:03
But it would be the same program
Avatar
simp May 08, 2020 11:04 AM
Will developers bother?
Avatar
.bmp May 08, 2020 11:04 AM
"Web pages" these days are less word doc (old-style HTML pages) and more "an app specialized for displaying text and layouts"
11:04
Bother with what?
Avatar
simp May 08, 2020 11:05 AM
Bother with making different forms of their app?
Avatar
.bmp May 08, 2020 11:05 AM
it's not a different form
Avatar
simp May 08, 2020 11:05 AM
Even if it's easier, if you product is expected to do XYZ, the user expects that, and they will give whatever permissions.
Avatar
.bmp May 08, 2020 11:05 AM
imagine pre-compiling a webasm program to machine code
11:05
to a .exe
11:05
that's basically what I'm talking about
11:06
"yes I trust this app completely" -> compile it and allow it to run locally without the sandboxing
11:06
some applications might depend on not being sandboxed to function (intensive games)
11:07
but most would not
Avatar
simp May 08, 2020 11:07 AM
Games are a great example of the user just expecting to do what they expect to be able to do.
Avatar
gingerBill May 08, 2020 11:07 AM
But like with Phone applications, if you don't accept what the hardware can access, you cannot access it.
11:08
Security concerns seem to be a mostly solved problem, kind of. Different aspects that the "OS" can interact with requires permission if it isn't completely self isolated
11:09
Mobile applications are becoming more and more self isolated + permissions for the outside world.
11:09
The OS is the umpire between the hardware and the applications wanting the access the hardware.
11:09
And other "services"
Avatar
simp May 08, 2020 11:10 AM
So say a web page in a browser is essentially a "service"
Avatar
gingerBill May 08, 2020 11:11 AM
I think this model of how things should interact will be taken forth, even if the model is not necessarily the best.
Avatar
simp May 08, 2020 11:12 AM
The way wasm works now if you get a memory space for that "instance." Does this self containment + permission mean the permission system is based off a particular API for that form of control over the machine? (Whatever permission you ask for by using it?)
11:13
The WebGL -> OpenGL system works kind of like this.
11:16
Do you have plans for incorporating that model into how Midgard will be used?
Avatar
gingerBill May 08, 2020 11:16 AM
I've been experimenting with WASM lately with my "Midgard" experimental project. I want to see what I can do with the web "platform", per se.
11:17
Unfortunately, WASM doesn't have a way to specify what is required with regards to hardware yet, and that has to be done with the JS interface.
Avatar
.bmp May 08, 2020 11:18 AM
As an avid user of gingerBill™️ products, I have to say that if I were going to write serious mixed-platform applications I would much prefer to use Odin over Midgard - tangential to this conversation, but have you considered WASM support for Odin as an end goal of the Midgard "experiment" or is it meant to be a self-contained end product?
Avatar
gingerBill May 08, 2020 11:18 AM
In many regards, the JS platform layer can act as this intermediary, which is a form of platform or pseudo-kernel layer for the application
11:19
WASM support for Odin should be relatively simple with the LLVM backend, but Midgard is purely an experimental project to see what WASM can do by focusing purely on the WASM platform.
👍 1
Avatar
.bmp May 08, 2020 11:19 AM
I do think a WASM-like model that's designed to be "compilable" would be very nice. I see some elements of this in how Ryan has discussed some of Dion's internal representation/distribution model (edited)
11:19
Don't get me wrong, I'm very interested in Midgard and I'm excited about the new WASM streams 😄
11:19
I just <3 Odin
Avatar
gingerBill May 08, 2020 11:20 AM
I am effectively treating WASM as the architecture and the standard web interface (HTML, JS, CSS) as the pseudo-platform/pseudo-kernel layer.
☝️ 1
Avatar
gingerBill May 08, 2020 11:20 AM
And by doing this, I am going to see what is actually required by an "OS" to be useful.
👍 1
Avatar
bvisness May 08, 2020 11:20 AM
@.bmp I was just chatting with a friend on the WASM team at Mozilla last night - they're already planning to cache compiled machine code after loading WASM modules (edited)
11:20
in Firefox anyway
Avatar
.bmp May 08, 2020 11:20 AM
oh, very interesting!
11:20
@bvisness this is very much the sort of model I have in mind
11:21
distributing "apps"/"pages" in an abstracted platform representation/bytecode, which is sandboxed and API-restricted, and compiling that down to machine code as needed
11:21
you can then keep the machine code as long as the version doesn't change
11:22
and it has the same security guarantees as the bytecode, exempting problems with the security implementation
11:22
(as long as the compilation and sandboxing is correctly implemented, it should be secure - and there are security problems with any platform, so I don't see this as an exceptionally bad sticking point) (edited)
Avatar
simp May 08, 2020 11:24 AM
I think even having this streaming concept be expanded not as wasm then convert to exe, but rather streams of wasm into streams of dll. @.bmp ?
11:24
(I'm being pithy, but my point is you construct the software differently)
Avatar
.bmp May 08, 2020 11:24 AM
yes, I've certainly considered dynamic linking as part of my mental model for this
Avatar
bvisness May 08, 2020 11:24 AM
Yeah, I think a clear benefit of the web distribution model is that software can be distributed in chunks if that's useful
Avatar
.bmp May 08, 2020 11:24 AM
I do think you want the distributed code to be "called into" (granted, EXEs are just this, but for the OS itself)
11:25
and on that note, nakst's entry point for Essence programs as an event loop is very interesting to me (edited)
Avatar
gingerBill May 08, 2020 11:25 AM
WASM is very much designed to be a Sandboxed environment, but I do find it extremely interesting how it is designed. I am extremely impressed by its design, or it's possible design to be a form of pseudo-application application with it's own virtualized memory spaces (plural) and more.
Avatar
simp May 08, 2020 11:25 AM
A given program runs on two cpu's effectively, under your [brendan's] model. (edited)
Avatar
.bmp May 08, 2020 11:26 AM
correct, the abstract CPU and the real CPU
11:27
although ostensibly they're always compiled (no need to interpret, afaict, aside from maybe some JIT metaprogramming stuff) (edited)
Avatar
simp May 08, 2020 11:28 AM
I also have been quite impressed with wasm. The guys working on it are not dumb. It basically utilizes the helpful characteristics of a stack machine, while not getting dragged down by it. I don't think Brendan's model, however effective which I'm skeptical, fits into it as-is. But what is there makes "pseudo-native" development very appealing.
Avatar
.bmp May 08, 2020 11:30 AM
I agree that WASM is not suitable as the end-all-be-all of my design (I don't intend to use it at all, outside of experimenting with its design)
11:30
I am impressed by how much it seems to get right, though
11:30
while having to live under the current ecosystem
Avatar
simp May 08, 2020 11:31 AM
It takes the sandboxing, potentially, to a second level instead of trying to cheat it. Everything gets it's own customizable sandbox.
Avatar
gingerBill May 08, 2020 11:31 AM
For me, WASM is the new "Flash". And I mean that as a good thing. Flash allowed people to create things that were not possible with pure HTML/JS/CSS whatsoever. If we are able to have a general purpose environment, the programmer can do whatever he requires.
Avatar
simp May 08, 2020 11:32 AM
Gets an entire "fantasy cpu" and "fantasy os" to itself in effect.
11:33
WASM is the new "Flash"
Yes minus the terrible battery consumption and other tech issue. My basic intention with wasm is to make a flash-like environment, flash application and games being my childhood tradition. ;P
Avatar
.bmp May 08, 2020 11:33 AM
this gets to the sort of inversion I would like to see
11:33
flash sat inside HTML/CSS/JS and the DOM model
Avatar
simp May 08, 2020 11:33 AM
We talk about this somewhat yesterday, but a good part of the issue with HTML/JS/CSS is trying to split aesthetics and mechanics.
Avatar
.bmp May 08, 2020 11:34 AM
I would like to see WASM become the new lingua franca of the web, and new layouting frameworks emerge within it
11:34
(to the extent that I care about the current instantiation of the web)
Avatar
bvisness May 08, 2020 11:34 AM
that's no different in principle from having programs for viewing PDF documents vs. word docs
11:34
and I think it's very desirable
👆 1
Avatar
bvisness May 08, 2020 11:35 AM
although, there is the whole hypertext aspect to it, but presumably resources could still link between each other
Avatar
simp May 08, 2020 11:34 AM
Html was supposed to be "content" and CSS the "presentation"
Avatar
simp May 08, 2020 11:34 AM
JS thrown on top for "dynamicism"
Avatar
simp May 08, 2020 11:35 AM
The idea of splitting these up into different systems has basically slowed everything down to the loit where node.js or whatever essentially exists to let people who know JS just have access to non-DOM objects.
Avatar
.bmp May 08, 2020 11:36 AM
this is where things like React are actually correct, at least in terms of rethinking the model
11:36
as a unified medium of design
Avatar
bvisness May 08, 2020 11:37 AM
I'm not sure what you mean by that
Avatar
simp May 08, 2020 11:37 AM
It's a noble goal.
Avatar
.bmp May 08, 2020 11:37 AM
React allows you to design pages with pure JavaScript
Avatar
bvisness May 08, 2020 11:37 AM
oh, sure
Avatar
.bmp May 08, 2020 11:37 AM
though it's sunk a bit by including HTML/CSS in its interface
11:38
it makes JS the only first-class citizen
Avatar
bvisness May 08, 2020 11:38 AM
well, it makes sense given what it is working with, and the core of React is not technically DOM-specific at all
11:38
but that's a tangent
Avatar
.bmp May 08, 2020 11:38 AM
the logic belongs as the foundational layer, not the layout
11:38
I agree completely
11:39
I don't think it's much of a tangent; it's a step in the right direction toward abandoning the web as "document viewer" and moving toward the web as "application distributor"
☝️ 1
Avatar
simp May 08, 2020 11:39 AM
The noble goal on question.
11:40
However misguided by trying to preserve Javascript from the ecosystem.
Avatar
gingerBill May 08, 2020 11:40 AM
I hope people understand why I mentioned "Flash".
11:40
Flash was actually what designers and programmers want.
☝️ 1
Avatar
.bmp May 08, 2020 11:40 AM
right
11:40
for all its problems, it was very successful
11:40
it's still held up as an ideal by many animators
Avatar
gingerBill May 08, 2020 11:40 AM
But people need to understand why it was successful.
11:41
And Flash the application is still great for doing animation work.
Avatar
simp May 08, 2020 11:41 AM
It let people do what they wanted and expected to be able to do
Avatar
simp May 08, 2020 11:41 AM
From what it said on the tin
Avatar
.bmp May 08, 2020 11:41 AM
flash was "embedded applications for the web" in the same way that webasm/canvas promises to be
Avatar
gingerBill May 08, 2020 11:42 AM
I hope WASM can be that, and my experimentation is showing that it might be possible.
Avatar
.bmp May 08, 2020 11:42 AM
I have a problem with the "embedded" part but that's not flash or webasm's fault
Avatar
bvisness May 08, 2020 11:42 AM
and it being embedded is only a side effect of the current ecosystem
Avatar
.bmp May 08, 2020 11:42 AM
indeed
Avatar
bvisness May 08, 2020 11:43 AM
it can be embedded in any host that will give it what it needs
Avatar
.bmp May 08, 2020 11:43 AM
Bill, you mentioned on stream how brilliant the linking/distribution for webasm programs is; could you elaborate a bit on that? If it's not too technical for this discussion
11:44
I think that sort of thing is important when discussing distribution models for applications that live between native and sandbox
Avatar
gingerBill May 08, 2020 11:45 AM
Through Ben's help, I actually discovered a way to do linking with WASM, which I don't know if anyone else has determined yet.
11:46
The short answer, you define the memory offset for the data segment to be relative to an externally defined global variable.
data_seg_foo = offset(_external_data_segment + _local_offset)
11:47
Or whatever.
Avatar
simp May 08, 2020 11:47 AM
The way WASM works actually reminds me a bit of the idea of booting into software on older PCs (and the nostalgia for doing this with old games) Opening the webpage is booting into a system with virtual memory (potentially multiple) you get pretty complete access to what you ask for, it seems. Once again, the sandboxing is taken to the next level instead of trying to cheat it.
Avatar
bvisness May 08, 2020 11:47 AM
I believe that works fine as long as you make all your data accesses relative to that offset global, right?
Avatar
gingerBill May 08, 2020 11:48 AM
Correct, I think.
Avatar
bvisness May 08, 2020 11:48 AM
Absolute memory addresses in instructions would still be unable to relocate in a sensible way
11:48
So to my understanding, that makes it an acceptable linking solution when you are the producer of all modules, but it wouldn't work in general for importing a third-party WASM module?
11:48
I suppose that's trivially true anyway, since they wouldn't care about your offset global (edited)
Avatar
gingerBill May 08, 2020 11:49 AM
For two modules to communicate, the JS platform layer would have to be the mediator.
11:49
e.g. the pseudo-kernel
Avatar
bvisness May 08, 2020 11:50 AM
yeah
Avatar
gingerBill May 08, 2020 11:51 AM
But for this linking system to work, each application would have to follow the same convention. It would not be enforced exactly.
Avatar
bvisness May 08, 2020 11:52 AM
From what I was reading in their docs, it's primarily set up right now to allow for careful dynamic linking, and eventually they wanted to make a stable ABI to allow for more options
11:52
with "dynamic linking" being just passing exports and imports around in JS
Avatar
gingerBill May 08, 2020 11:52 AM
My idea was probably something a little more "clever".
Avatar
bvisness May 08, 2020 11:53 AM
I know it came up in the context of static linking; were you imagining that you would process several WASM modules and combine them into one by reordering the data segments?
11:55
anyway, that's probably a tangent from this overall conversation - and in general I'm thinking that dynamic linking is probably the way to go for much of web software
Avatar
.bmp May 08, 2020 11:56 AM
right so you could have SuperDuperGuiFramework-v12.56 machine-code cached on your machine
11:56
and any application that requests the same version of the same library uses that cached version
Avatar
bvisness May 08, 2020 11:56 AM
That is a potential for language runtimes as well
Avatar
gingerBill May 08, 2020 11:57 AM
This isn't tangential whatsoever.
11:57
For me, the OS/Kernel is fundamentally an umpire/mediator between applications and hardware.
Avatar
.bmp May 08, 2020 11:57 AM
I think it's useful to explore WASM-specific concepts as they relate to this conceptually-similar thing that we're discussing
Avatar
gingerBill May 08, 2020 11:57 AM
Applications and Applications; Applications and Hardware; Hardware and Hardware
11:58
And the web browser has become a form of pseudo-kernel, which I keep stating.
11:58
I am not sure I like this future, but it is the future we are dealing with.
Avatar
.bmp May 08, 2020 11:59 AM
the web browser is an abstract OS
Avatar
.bmp May 08, 2020 11:59 AM
hence ChomeOS as a small shim under the browser being a relatively fully-featured OS
11:59
(leaving aside the full Android app support, haha)
Avatar
bvisness May 08, 2020 11:59 AM
I was going to bring up inter-process communication, actually, and more generally that desktop programs have a much better time interoperating because they all have access to the filesystem
Avatar
simp May 08, 2020 12:00 PM
For me, the OS/Kernel is fundamentally an umpire/mediator between applications and hardware.
This gets to the booting software idea. Classically you imagine booting into Doom or something and you get full access to the hardware resources, in WASM it's essentially virtualized but completely accessible no? @gingerBill
Avatar
gingerBill May 08, 2020 12:00 PM
Yes.
Avatar
simp May 08, 2020 12:00 PM
I think that's a great opportunity to use an old and honestly great model.
Avatar
gingerBill May 08, 2020 12:01 PM
Same. I hope my experimentation brings light to some of this.
12:01
I am not entirely sure I will discover much, but it will be useful to me regardless.
Avatar
simp May 08, 2020 12:02 PM
That was kinda gonna be my pithy answer to he whole thing we started the conversation on. Each webpage is it's own OS basically. (Like Doom or whatever has it's own way of accessing and managing the resources of the computer it's made to run on.)
Avatar
gingerBill May 08, 2020 12:02 PM
I'd say each OS is it's own virtualized environment, and not an OS.
Avatar
simp May 08, 2020 12:03 PM
Sure.
12:03
I did say it was meant to be pithy. ;P
Avatar
gingerBill May 08, 2020 12:03 PM
The browser itself is the "OS".
Avatar
simp May 08, 2020 12:03 PM
My point is it fits the booting model.
12:03
In a strange way, I'm excited for the web as a place for self contained applications, with all the distributive powers of loading a webpage.
Avatar
gingerBill May 08, 2020 12:05 PM
I am partially excited too. The web will be this homogenous thing which will be the "same" across multiple browsers.
☝️ 1
Avatar
simp May 08, 2020 12:06 PM
So regarding the design of Midgard, how does it fit into your model for how you see wasm being used in the best case?
Avatar
gingerBill May 08, 2020 12:06 PM
I am designing Midgard just to be a basic language that directly maps to WASM. So I can see what I can do for an application in a virtualized environment.
Avatar
simp May 08, 2020 12:07 PM
There are Pascalism like group declarations that fit into the wasm model quite well, without needing to do a straight s-expression* based .wat it seems (edited)
12:07
Very easy to implement
12:07
Ans thus easy to adapt if wasm changes much?
Avatar
gingerBill May 08, 2020 12:07 PM
It seems that the Pascal model fits very well for WASM, which is partially surprising to me.
12:08
I am not sure who are the main architects behind WASM, but I would love to discuss things with them.
Avatar
simp May 08, 2020 12:08 PM
The design repo for WebAssembly has lists of people who are in on the meetings and doing proposals
Avatar
gingerBill May 08, 2020 12:09 PM
I do guess that there is a main architect or two.
12:09
Because the general idea does seem to come from a single-ish mind.
12:09
Compared to the rest of the web stuff, it's extremely well designed.
Avatar
simp May 08, 2020 12:09 PM
Agreed
Avatar
bvisness May 08, 2020 12:09 PM
Have you read any of the post-mvp proposals?
Avatar
gingerBill May 08, 2020 12:09 PM
I haven't yet.
Avatar
bvisness May 08, 2020 12:09 PM
I was just starting to dig into those this morning
Avatar
simp May 08, 2020 12:10 PM
Likewise!
Avatar
.bmp May 08, 2020 12:10 PM
Could we get a brief rundown on how WASM "memories" work?
12:10
For myself and spectators who are not familiar
Avatar
gingerBill May 08, 2020 12:10 PM
@.bmp Simply, they are just a separate memory spaces. Currently, there is only one memory allowed.
Avatar
simp May 08, 2020 12:11 PM
Basically virtualized memory, but you can get more of them (eventually)
Avatar
gingerBill May 08, 2020 12:11 PM
Yes
12:11
NEAR and FAR pointers are back, baby!
distHappy 1
Avatar
.bmp May 08, 2020 12:12 PM
I was sort of leading into that
12:13
It should be possible to (with permission) get direct access to another program's memory space
12:13
In the form of a fat pointer of sorts
Avatar
gingerBill May 08, 2020 12:13 PM
Possibly, yes. I could imagine "mmap-ing" something into a specialized memory space, and thus be very safe too.
12:14
It would have to be a fat pointer, which stores the memory index too.
Avatar
.bmp May 08, 2020 12:14 PM
So you can already see the potential for some of the excitement of a model built fully around these concepts if you imagine having full-native applications that simply provide a memory-mapped region to the WASM environment
Avatar
bvisness May 08, 2020 12:14 PM
hey so I have an emergency bulletin - my friend who works on the WASM team at Mozilla is available right now
😮 3
fishbowl 2
hmn 3
Avatar
.bmp May 08, 2020 12:14 PM
For interop
Avatar
bvisness May 08, 2020 12:15 PM
so, if you have specific questions about WASM, the design behind it, and the new proposals in the works... (edited)
Avatar
gingerBill May 08, 2020 12:15 PM
That is very very cool!!!
Avatar
bvisness May 08, 2020 12:15 PM
@eqrion is your guy
Avatar
gingerBill May 08, 2020 12:15 PM
I'll make a quick list.
Avatar
simp May 08, 2020 12:15 PM
Awesome!
Avatar
.bmp May 08, 2020 12:16 PM
distHappy 1
12:16
H Y P E
Avatar
eqrion May 08, 2020 12:16 PM
Hello!
👋 7
Avatar
simp May 08, 2020 12:16 PM
Heya
Avatar
gingerBill May 08, 2020 12:17 PM
Short questions that I have straight away: * Multiple memories support? * SIMD support? * Threading support of some sort? * System Call like things rather than "internally defined" calls only? With WASI or whatever?
Avatar
eqrion May 08, 2020 12:19 PM
Multi-memory support is interesting, it's a fairly small spec change and not a large amount of work for implementors (like SpiderMonkey or V8) as they all have to support multiple memories in the runtime just not more than one in a specific instance. But there is very little pressure to implement because no one is asking for it yet. But it's on our radar
12:19
SIMD support is coming soon, we're getting support in Firefox Nightly probably in the next month. V8 is further ahead than us, not sure about JSC/webkit. People really want it, so it's a high priority
12:20
Threading support is complicated (at least on the web)
12:20
The problem is that with multiple threads and shared memory in a web browser, you can build a high resolution timer which would allow you to do side channel attacks to read process memory (ala Spectre)
Avatar
gingerBill May 08, 2020 12:20 PM
Yes, I will be happy with single threading support.
12:21
Maybe the possibility to support coroutines might be more than enough. e.g. allowing the application to have pseudo threads.
Avatar
eqrion May 08, 2020 12:21 PM
So short-term it's been disabled until Firefox is able to get better process isolation like Chrome has
12:22
Ah yes, there's been discussions around stack primitves that could support that. That would also be useful for languages like Go which want to switch stacks for goroutines
12:22
There's no formal proposal for it yet though, and interop with the web may be tricky? I'm unsure on that
Avatar
simp May 08, 2020 12:23 PM
Longer question, * what's your general theory on how you expect applications to work in terms of streaming in wasm? (As in, how do you expect the structure of programs to change compared to the luxury of having larger file sizes etc) * when it comes to safety with interfacing with C, I hear the idea is to have safe defaults and unsafe escape hatches, essentially, (so normally you have issues with bad pointers, arrays of wrong lengths etc) how is this planned to be implemented so far? (edited)
Avatar
gingerBill May 08, 2020 12:23 PM
Theoretically, coroutines don't need to be that special in implementation. But you do need to support different "locals" stack frames.
12:24
For WASM, I am actually designing a language that directly maps to WASM's concepts and experimenting to see what it possible with the platform. I want to see what I can do with WASM with a minimal JavaScript platform layer in order to interact with the everything else. Especially since WASM is quite self contained. (edited)
12:26
As my main goal is to effectively have a language that I can use to do proper typesetting and graphics, which CSS and JS sadly cannot do in a sane way at the moment. (edited)
Avatar
eqrion May 08, 2020 12:26 PM
Wasm in general is in a unique position right now. The ecosystem is very new and young, so a lot of things are being built right now. The first generation of users are generally people porting (e.g. emscripten). For these users they're really not taking advantage of the platform completely and are just trying to bring their legacy applications completely as-is. Think like adobe photoshop. This is pretty cool and was enough to get the whole project started, but has a bunch of disadvantages like huge file sizes and slow loading
12:27
What's likely (in my opinion) to be happening in the next few years is people designing languages, frameworks, and tools that actually take advantage of wasm's strengths to build something new and better
Avatar
simp May 08, 2020 12:27 PM
Yep, exactly what we are excited to try to do.
Avatar
eqrion May 08, 2020 12:27 PM
We just don't have that yet however, so wasm on the web can be a bit clunky
Avatar
simp May 08, 2020 12:28 PM
#flashisback
Avatar
gingerBill May 08, 2020 12:28 PM
I have been extremely impressed by how well WASM has been designed, which is sadly uncommon for the web.
☝️ 1
12:28
And we have been discussing about how Flash was actually what designers and programmers wanted, even if it was actually quite a poor implementation of it.
Avatar
eqrion May 08, 2020 12:29 PM
@gingerBill are you going to try to expose all of wasm's concepts like globals/tables/memories? or just be a good general purpose low level language?
Avatar
gingerBill May 08, 2020 12:29 PM
I understand that WASM itself is going to be difficult to get things working well, especially taking into account accessibility issues, but it does allow for a good framework to extend to other things.
12:29
@eqrion Both.
Avatar
eqrion May 08, 2020 12:29 PM
WASM was uniquely designed compared to most of the web (it was actually designed)
🤣 4
👍 4
12:30
There's also a small amount of (smart) people actually making decisions, which helps
Avatar
simp May 08, 2020 12:30 PM
The separation of aesthetics and mechanics (as though presentation was not content) with html and css is something that has to be amended if you want something like flash, whether that's the intention or not. (For those who say wasm isn't supposed to replace JS or whatever.)
12:30
Breaking things up like that just makes it impenetrable for designers no matter how you slice it.
Avatar
gingerBill May 08, 2020 12:30 PM
I will agree to that, that the web was not really designed.
12:31
The least worst bit about the web is HTTP (and its children).
12:31
And then HTML, and then JS, and then CSS.
12:32
As many people know here, I think the idea of separating presentation (CSS) and content (HTML) was an extremely bad idea. And if you explain this to a graphic designer or typographer, they'll look at you with bewilderment as they'll say "but presentation is content"
Avatar
simp May 08, 2020 12:32 PM
^ (edited)
Avatar
gingerBill May 08, 2020 12:32 PM
or as @simp correctly states, "aesthetics is mechanics, and mechanics is aesthetics"
12:33
So for me, WASM actually seems like a way to bypass most of the bad mistakes of the past, even if it still has to contend with the mistakes of the past. (edited)
Avatar
eqrion May 08, 2020 12:33 PM
Yeah I would agree (I used to work in layout + graphics at Mozilla before WASM). Separating presentation and content generally only works for simple user interfaces, which most web content was originally.
Avatar
.bmp May 08, 2020 12:33 PM
and if it's simple, the benefit is not even clear
Avatar
bvisness May 08, 2020 12:33 PM
It's interesting to see "CSS in JS" becoming popular as a response to this
Avatar
simp May 08, 2020 12:34 PM
A web designed for scientists to share docs
Avatar
gingerBill May 08, 2020 12:34 PM
What I find annoying is that none of the early "designers" of the web actually asked graphic designers or typographers or artists or developers what they actually wanted. It was purely designed by "engineers".
☝️ 1
Avatar
simp May 08, 2020 12:34 PM
Not the rich interaction we expect today.
Avatar
gingerBill May 08, 2020 12:35 PM
So thank you for working on WASM.
Avatar
eqrion May 08, 2020 12:35 PM
There is however something useful about commonly understood metadata for an application (like HTML today) It's what enables search engines, ad blockers, and extensions to be useful.
12:36
It's just unfortunate that HTML and CSS are so poor at that
Avatar
gingerBill May 08, 2020 12:36 PM
HTML is not that bad compared to JS and CSS.
12:36
HTML is bad, don't get me wrong.
12:36
But it's the least worst about of the trinity.
Avatar
eqrion May 08, 2020 12:37 PM
I don't think any user interface language is sufficient for everyone's needs, but having some interoperability is helpful and is arguably why the web even still matters today.
12:37
But I'm torn, because it's also what makes it a poor application platform
Avatar
gingerBill May 08, 2020 12:37 PM
Yes. It's a complicated problem.
12:37
I don't disagree with that.
Avatar
eqrion May 08, 2020 12:38 PM
I saw there was a question about system calls and WASM, what was being asked there?
12:38
That's one of my focuses right now
Avatar
gingerBill May 08, 2020 12:39 PM
Currently, the instruction call only works with internal funcidx.
12:39
What I am suggesting is a way to call predefined platform defined things.
Avatar
simp May 08, 2020 12:40 PM
https://discordapp.com/channels/239737791225790464/707742863076622358/708398711188750396 I had a question on C API safety, I'm not sure if that's close to your wheelhouse working on said syscalls.
Avatar
gingerBill May 08, 2020 12:40 PM
You can do this already with the import things, but that is not really a common interface, akin to *nix's syscall.
12:41
Maybe the solution is that the thing already works, and nothing needs to be added. (edited)
12:41
And that's actually a "solution" I am fine with.
Avatar
eqrion May 08, 2020 12:42 PM
Ah yes. So the general thinking here as I understand it, is that WASM by default has no capabilities beyond compute. If you wish to give it a new capability, like access to a file or socket or DOM api, you need to pass it as an import to a WASM module
Avatar
gingerBill May 08, 2020 12:42 PM
Okay. That's perfectly fine.
Avatar
simp May 08, 2020 12:42 PM
Makes sense
Avatar
eqrion May 08, 2020 12:42 PM
Now that works, but that means that all users of WASM have to come up with their own imports
Avatar
gingerBill May 08, 2020 12:43 PM
The reason I bring this up is because "WASI" seems a little confusing to me as a concept, if you are not dealing with something like C.
Avatar
eqrion May 08, 2020 12:43 PM
And so I think you mentioned this, but WASI is a project to come up with a standard interface of things you can import to do system things like UNIX
12:43
Why do you say that?
Avatar
gingerBill May 08, 2020 12:44 PM
So WASI is effectively a POSIX emulation for WASM, correct?
12:44
I might be wrong by the way.
Avatar
eqrion May 08, 2020 12:44 PM
It's not intended to be POSIX compatible, but will have similarities and fulfill the same goal of a common system interface
Avatar
gingerBill May 08, 2020 12:45 PM
I meant POSIX/*NIX like interface.
12:45
Not necessary strict POSIX. Sorry for the confusion
Avatar
eqrion May 08, 2020 12:46 PM
Ah yeah, compatibility with POSIX/*NIX etc is not a goal. You should be able to emulate most of those APIs performantly ontop of WASI, but it's intending to be something new that could correct some mistakes those APIs have
12:47
And fit into the WASM ecosystem in an idiomatic way
Avatar
gingerBill May 08, 2020 12:47 PM
Okay. Good to know.
Avatar
eqrion May 08, 2020 12:47 PM
Notably mmap might not work the same way
Avatar
gingerBill May 08, 2020 12:48 PM
With regards to WASM's design, Tables still partially confuse me. Because you can only have one, they seem a partially useless.
12:49
And you can emulate them through other means.
Avatar
eqrion May 08, 2020 12:50 PM
Yeah, they're a bit odd. They were originally added to solve the function pointer problem. So that C++ classes could store a vtable, with each function pointer in it as an index into table[0]. then when you wanted to call a virtual method you would use the call_indirect instruction
12:50
which operates on tables
12:50
New proposals are expanding the use cases
Avatar
gingerBill May 08, 2020 12:50 PM
But even that confuses me. Because you only need the data segment.
12:51
I understand jump tables are really useful, but they are not exactly "jump tables" in the normal sense.
Avatar
eqrion May 08, 2020 12:52 PM
Hmm, I might not be understanding something. What do you mean by data segment? MVP wasm can't call a function determined dynamically at runtime except through call_indirect and tables
Avatar
gingerBill May 08, 2020 12:53 PM
I was speaking in the hypothetically partially.
Avatar
eqrion May 08, 2020 12:54 PM
Ah, yeah I suppose there are probably other ways of solving the problem. Why tables were designed this way and not other ways was a bit before my time.
Avatar
gingerBill May 08, 2020 12:54 PM
Effectively, what I would like is this:
push parameters push funcidx call_index typeidx
12:54
Or whatever.
Avatar
eqrion May 08, 2020 12:54 PM
Ahh.
Avatar
gingerBill May 08, 2020 12:55 PM
Because I can store the funcidx in the datasegment or globals or locals or memories.
12:55
And then when I load that value, I can then call it indirectly
12:55
And it acts like a normal "pointer" per se.
12:55
Does this make sense?
Avatar
eqrion May 08, 2020 12:57 PM
Yeah that does. My best guess is that they chose the table design because it extends naturally to future extensions, like reference-types.
Avatar
bvisness May 08, 2020 12:57 PM
the docs on webassembly.org suggest something to that effect (edited)
Avatar
gingerBill May 08, 2020 12:58 PM
I've been using the webassmbly.github.io docs as my source because they are the easiest to read, but they might not the best source of truth.
Avatar
eqrion May 08, 2020 12:59 PM
Yeah, I'll have to ask around to see if there's a reason a call_index wasn't considered.
Avatar
gingerBill May 08, 2020 12:59 PM
Yes. That's effectively what I want. Because it would be safe too.
12:59
Because the typeidx would be an extra check before you call anything.
12:59
It wouldn't effect call_indirect
13:00
It's personally my only complaint with WASM. (edited)
Avatar
eqrion May 08, 2020 01:00 PM
Yeah, they definitely could be equivalent with a couple less steps. But my best guess is that having a 'table' concept is more general and applies to other values you can't store in linear memory, like reference-types
Avatar
gingerBill May 08, 2020 01:01 PM
I'm not sure I agree with that actually.
Avatar
bvisness May 08, 2020 01:01 PM
I think you may want to give a brief summary of the reference types proposal; I read it this morning but am still a little unclear on what it does and what problems it's solving
Avatar
eqrion May 08, 2020 01:01 PM
Yeah, sure.
Avatar
gingerBill May 08, 2020 01:02 PM
Thank you 🙂
13:03
Thank you for all of your answers by the way 🙂
Avatar
.bmp May 08, 2020 01:05 PM
🙂
13:05
(this is great)
Avatar
gingerBill May 08, 2020 01:06 PM
It's rare I actually get to talk to the creators/designers of something
Avatar
.bmp May 08, 2020 01:06 PM
aside from yourself, presumably 😛
Avatar
eqrion May 08, 2020 01:06 PM
The basic problem is how can wasm call imports with values from the host. For example, if you have a wasm module in the browser and you want to call an import, which is some web-api that accepts a JS value. The existing value types (i32, i64, f32, f64) are too limited and so reference-types adds a new value type (externref) which can be used as the in parameters, results, locals of wasm functions and can hold any host value. On the web this is any JS value. Tables are also extended to be able to hold externref, so a Wasm module can then hold onto values from the host. externref's cannot be inspected or modified by Wasm (they're opaque) and so theres no security concerns about pointers be read
Avatar
gingerBill May 08, 2020 01:06 PM
Oh....
Avatar
eqrion May 08, 2020 01:07 PM
It's a small stepping stone into allowing wasm to interact more with the host
Avatar
gingerBill May 08, 2020 01:07 PM
I understand exactly what you mean by a reference type now!!!
Avatar
eqrion May 08, 2020 01:08 PM
I'm more of a proxy to the creator/designers of wasm, I just do their engineering work 🙂
Avatar
gingerBill May 08, 2020 01:08 PM
That's fine. You probably understand the consequences of their decisions a lot more.
13:09
So for me, I don't think you need a "reference type", per se.
13:09
For me, my solution is going to be a "fat pointer".
13:09
Where this pointer contains two things: memidx and memory offset for the "memory".
Avatar
eqrion May 08, 2020 01:11 PM
What's the use case for these fat pointers, or what are you doing with them?
Avatar
gingerBill May 08, 2020 01:11 PM
I know this approach requires two "registers" and doesn't store any type information.
13:12
But it's probably the approach that many compilers to WASM use for normal pointers.
13:12
But they don't need to be "fat pointers" because there is only one "memory" at the moment.
13:13
And most languages nowadays assume a single memory space.
Avatar
eqrion May 08, 2020 01:13 PM
If I understand correctly, you may have an issue as memidx's for loads/stores are static and can't be specified at runtime
Avatar
gingerBill May 08, 2020 01:13 PM
We don't live in the 16-bit world any more.
13:13
Yes, that is a problem.
13:14
I personally don't want that.
13:14
I am just spit balling at the moment.
Avatar
eqrion May 08, 2020 01:14 PM
Oh yeah, no problem
Avatar
.bmp May 08, 2020 01:14 PM
@gingerBill I assume you still want non-fat pointers for the "main" memory space
13:15
but I agree with the fat pointer model 100%, it gives you incredible flexibility
13:15
so you store which memory as well as the actual address within that memory
Avatar
gingerBill May 08, 2020 01:15 PM
@.bmp You can encode the memory space in the type system itself e.g. NEAR and FAR pointers are back, baby!
distHappy 1
Avatar
.bmp May 08, 2020 01:15 PM
lol
Avatar
gingerBill May 08, 2020 01:15 PM
And many tools like LLVM already support this.
Avatar
simp May 08, 2020 01:16 PM
I was about to say, LLVM already covers this, so having it work for wasm is all the easier.
Avatar
gingerBill May 08, 2020 01:16 PM
Very much so.
13:17
I don't know if I am probably not the normal person questioning WASM.
Avatar
bvisness May 08, 2020 01:17 PM
I think one of the stated goals of tables in WASM is to make things as opaque to the module as possible; how would you choose to achieve those security goals in this model?
Avatar
simp May 08, 2020 01:20 PM
Would be interesting to see how it works in practice in any case when more memories are added.
Avatar
gingerBill May 08, 2020 01:20 PM
To be clear, I don't know if any of these ideas the best yet.
13:21
It might be that a single "memory" is the best option.
13:21
Oooo
13:21
That reminds me, will we be able to have memory protections on "memories"?
13:21
e.g. I want to reserve this first page so that if you try to read/write from it, it raises an exception of sorts.
Avatar
eqrion May 08, 2020 01:22 PM
That's been proposed many times 🙂 But not yet
Avatar
gingerBill May 08, 2020 01:22 PM
Good to know 🙂
Avatar
eqrion May 08, 2020 01:23 PM
The problem is ideally you'd have granularity of a page size, but the wasm page size is way too big
Avatar
gingerBill May 08, 2020 01:23 PM
64K is quite large, yes.
Avatar
eqrion May 08, 2020 01:23 PM
And there's also concerns about multithreading that would make it challenging for all hosts to implement
Avatar
gingerBill May 08, 2020 01:23 PM
16K might have been a better size.
13:24
I know typically 4K is a page size on most OSes.
Avatar
eqrion May 08, 2020 01:25 PM
There's been talk about allowing users to specify the page size as a parameter to their memory type. Along with some additional information, like heuristics on which memory (in multi memory scenarios) is the main memory, if any, and should be given improved performance
13:25
We do a lot of tricks to make memory access safe and efficient
13:26
@simp what were you wondering about c-api's? was it about the wasm c-api? or c languages running in wasm?
Avatar
simp May 08, 2020 01:27 PM
c-api
13:28
Basically my understanding is there is a default, then a unsafe escape hatch?
13:28
Or that was the proposal?
13:28
Things like bad pointers or array lengths
Avatar
gingerBill May 08, 2020 01:28 PM
Side note: The other night, @bvisness and I were discussing about how to make a WASM "linker" per se. And effectively what would be needed is just a have a runtime specified the data segment offsets. e.g. WASM module #1 (data-segment-offset: 1024): foo (offset = + 0) bar (offset = + 4) WASM module #2 (data-segment-offset: 2048): foo (offset = + 0) bar (offset = + 8)
13:30
This should work already, right?
13:30
because the data segment elements take an "expr" for the offset.
Avatar
eqrion May 08, 2020 01:32 PM
Yeah, that's been a point of contention that I've only heard a bit about. As I understand it, the wasm-c-api has some methods that are easy to use incorrectly if you pass in values with the wrong length, etc. There's been debate about whether it's something we could even improve as you can basically screw up C api's in any way and not everything, like bad pointers, can be checked. But the community group did just vote to add some safety checks to raise the bar a bit, https://github.com/WebAssembly/wasm-c-api/pull/134
This patch illustrates what safe interfaces for wasm_func_call, wasm_global_set, wasm_instance_new, wasm_table_new, wasm_table_grow, wasm_global_new, wasm_table_get, wasm_table_set might look like....
13:33
And the idea is, like you said, to have unsafe escape hatches for if the checks hurt performance too much
Avatar
simp May 08, 2020 01:33 PM
Ahh
13:34
That makes sense to have the hatches for that case.
Avatar
eqrion May 08, 2020 01:37 PM
I've got to get heading, but if anyone has more wasm questions feel free to send them my way. Would also be happy to join a wasm channel if there is one
🙏 1
Avatar
simp May 08, 2020 01:37 PM
(I am definitely in the sceptic camp which is why I ask, thanks for the link to the proper discussion)
Avatar
gingerBill May 08, 2020 01:37 PM
Thank you very much for you time and answers.
Avatar
gingerBill May 08, 2020 01:37 PM
It has been wonderful 🙂
Avatar
simp May 08, 2020 01:37 PM
Well, wasm might become a bigger topic going forward
Avatar
simp May 08, 2020 01:37 PM
So that might happen
13:38
Otherwise thank you a ton for your time!
Avatar
bvisness May 08, 2020 01:38 PM
I can keep rounding up questions and nagging you in person 😛
13:38
thanks so much for doing this
Avatar
eqrion May 08, 2020 01:39 PM
No problem, it was fun!
👍 1
Avatar
.bmp May 08, 2020 01:53 PM
@gingerBill was the discussion between yourself and bvisness public (here or on the Odin server)?
Avatar
gingerBill May 08, 2020 01:54 PM
It was on the past stream.
13:54
I figured it out.
13:54
My past stream with WASM experimentation.
Avatar
bvisness May 08, 2020 02:13 PM
Well I’m tempted to say we should revisit this topic in a while when we’ve all experimented further with WASM
☝️ 1
14:13
I was kind of surprised to see that I think most of us were on board with a rather browser-like direction for things, now that it turns out WASM is actually good
🇵 1
🇮 1
🇨 1
🇴 1
🎱 1
🇸 1
🇷 1
🇾 1
😛 1
Avatar
simp May 08, 2020 02:20 PM
Completely agree, I think especially the feasibility of OS-like forms will be more easy to grok once we have some non-trivial demos completed.
Avatar
gingerBill May 08, 2020 02:21 PM
I am not necessarily onboard, but rather, this is the near future and I am going to have to accept it.
14:21
Native will always be better.
Avatar
simp May 08, 2020 02:21 PM
The distribution just can't be beat, frankly.
Avatar
gingerBill May 08, 2020 02:43 PM
It also helps when people want to test things. You don't have to download and install anything. It just works straight from your browser.
☝️ 1
14:43
I can completely understand it.
Avatar
.bmp May 08, 2020 02:44 PM
I think if we revive this conversation at some point tonight we should focus on OS stuff
14:44
given that we got thoroughly off track on WASM stuff 😛
14:44
not complaining, it's all related and very interesting
Avatar
gingerBill May 08, 2020 02:46 PM
I agree.
14:46
But I think it's completely related to the topic of "The Future of Operating Systems in an Internet World"
14:47
To go completely in a different direction:
14:47
I think "the cloud" (another person's computer) is the emergences of older paradigms with computing.
Avatar
.bmp May 08, 2020 02:50 PM
14:50
Yes.
14:50
There seems to be a "recurring patterns in history" going on
14:50
Perhaps there will be a swing back toward local hardware and self-ownership of data/programs
14:51
But it seems increasingly unlikely without a massive upheaval, some kind of sea change
14:52
Well - I hinted earlier at the discussion I'd like to have around data ownership and security especially as it pertains to the ever-increasing amount of (data-generating) devices in people's homes
14:52
I think there is space for something like a "home server" in the average household
14:53
For many people, having a central powerhouse which other screen-having devices and smart devices remote into would be more cost effective than having a half-dozen or more expensive devices which need to be periodically upgraded
Avatar
bvisness May 08, 2020 02:53 PM
it's all about user experience, and the user experience of having your work everywhere beats the user experience of owning a paid copy of Excel, I guess
Avatar
.bmp May 08, 2020 02:54 PM
(desktops, monitors, laptops)
14:54
Sure
14:55
What I'm talking about isn't "killing" the cloud, it's returning the option of self-ownership of data and logic
14:55
You might want your work files available everywhere
14:55
But maybe you want to back up your pictures yourself
14:56
Certainly running all of your smart devices off of one local logic center/interface to the web would be good
14:56
As opposed to having dozens of endpoint devices which are all potential security vulnerabilities, all transmitting metadata to the cloud all of the time
Avatar
bvisness May 08, 2020 02:56 PM
absolutely
Avatar
.bmp May 08, 2020 02:57 PM
I think of the "home server" as a practical hardware decision economically and functionally
Avatar
.bmp May 08, 2020 02:57 PM
But also as a gateway for personal information
14:58
This would be designed from the ground up to be configurable, user profile-focused, and to make explicit which people and services have access to which data
Avatar
bvisness May 08, 2020 02:57 PM
and I think a lot of people would respond positively to a security-minded IoT system if the user experience was good
Avatar
bvisness May 08, 2020 02:58 PM
The thing I wonder about is whether the incentives will really ever be there to own the data yourself. If a company like Google will give you lots of data storage and a bunch of programs for free, why would you bother to set it up yourself, pay someone for backup, etc.?
Avatar
.bmp May 08, 2020 02:58 PM
Nothing leaves your home without your permission, and without your visibility
Avatar
bvisness May 08, 2020 02:58 PM
Obviously there will be people who want that, but many won't care enough to offset the cost (edited)
Avatar
.bmp May 08, 2020 02:58 PM
That's part of the sell of this
14:58
Because it's economically viable
14:59
Instead of a gaming computer for one kid, laptops for every family member, Xbox One and PS4 in the living room, plus an Apple TV which doesn't work with your Windows devices, iPads, a mix of Android and iOS phones, etc
14:59
You have one central device that provides all of this functionality to a series of screens
15:00
Which are just thin clients
15:00
(You'd still have phones because you want portability)
15:00
So if you want the Gaming package, you splurge for the gaming upgrade to the home server
15:01
And you can run it off any screen in the home
15:01
You just hook up your peripherals, sign into your user account (fingerprint reader controller?), and go
15:02
This could scale all the way down to like, a Raspberry Pi type device for people whose needs are very limited
15:02
(single person "web browsing", limited media consumption, no gaming) (edited)
15:04
So the way this relates to the internet is that you'd essentially have an ecosystem where you have one internet endpoint in the home, which you fully control, with rich privacy/configurability settings, and then ~1 smartphone per person on top of that (which could route through the server while home, and remote in with a secure tunnel for home access while away)
15:05
So you'd have an OS where driving functionality is a first-class design consideration
15:06
And sites/apps would include little logic bundles for controlling home devices which would link up to your system as building blocks in your configuration (in a user-friendly sort of way) - a home command center, roughly
15:06
I think we're driving toward something like this, except highly cloud-driven, anyway
15:07
At some point companies will figure out IoT and how it relates to things like identity, where your devices will track your location and status via a smartwatch and do things like turn on lights accordingly
15:07
(knowing who you are in the family, for example, or whether you're a guest)
15:08
The current software/hardware stack is ill-suited for this (particularly the guest/edge network experience) but they'll retrofit it
15:08
Anyway </rant>, want to give people a chance to respond
Avatar
bvisness May 08, 2020 03:44 PM
I have plenty of my own thoughts about this that I can save for another time
15:45
But as far as the networking side goes, it’s an interesting consideration
15:45
I’m interested in being able to move easily between local and remote, offline and online
Avatar
.bmp May 08, 2020 03:45 PM
We could have a more expansive IoT/smarthome fishbowl at some point
Avatar
bvisness May 08, 2020 03:45 PM
And home network stuff certainly does play into that
Avatar
.bmp May 08, 2020 03:45 PM
But I agree, the context here is about how this relates to networked OSes
Avatar
bvisness May 08, 2020 03:45 PM
As far as what those computers are actually running, I dunno
15:46
To go back to an earlier topic, you mentioned that you like the paradigm of apps (as presented by mobile devices)
15:46
There’s no coherent notion of an “app” for most web programs though
15:46
And I’m wondering if there would be benefit in such a thing (edited)
Avatar
.bmp May 08, 2020 03:47 PM
Right, I like the paradigm, but not as the paradigm going forward
15:47
I do think there is an important conceptual distinction between a packaged app and a web page, of course
Avatar
bvisness May 08, 2020 03:47 PM
I need to learn more about progressive web apps; some people are already pushing in that direction
15:48
But I’m not actually sure what the value proposition is for apps like that right now, since pretty much all web software needs a live connection to be useful at all
15:49
Browsers are just kind of nerfed if they’re not connected because they can’t access files easily
15:50
Maybe if we had a properly networked file system instead of Google Drive and Dropbox, web apps could actually just open your files directly.
Avatar
.bmp May 08, 2020 03:50 PM
🙂
15:50
This is a big part of my own project... I want something like IPFS/Kademlia (edited)
15:52
Want something where the local file storage is just one instance of a massive interconnected web of distributed file storage (with permissions/user account discrimination, ofc)
15:52
That doesn't mean all connections need to be peer-to-peer or there's no place for central hubs, centralized services/storage (edited)
Avatar
gingerBill May 08, 2020 03:52 PM
I need to sleep now. Goodnight everyone 🙂
Avatar
.bmp May 08, 2020 03:52 PM
Good night, Bill! 🌃
15:53
Sleep well
Avatar
bvisness May 08, 2020 03:54 PM
I would expect a central hub to be very valuable; I think most peer-to-peer stuff would be a huge pain
15:54
Unless one of your “peers” was a sysadmin with a gigabit connection
15:54
In other words, a hub
15:55
Could you have a system that just uses URLs for all paths, including “local” files? I bet you could (edited)
15:58
The doubt I keep coming back to is whether you’ll be able to beat the value of a giant company giving you everything for free
15:58
And that kind of shapes how I think about this web os thing in general
15:59
You can come up with an amazing system that allows you to really own and access your data anywhere, but if it’s not free, who will use it?
15:59
Maybe total self-hosting is the only way to go
Avatar
.bmp May 08, 2020 04:02 PM
URLs eyes_shaking
16:02
I'm ditching HTTP
16:03
I like the IPFS model of using a Merkel tree
16:03
Where the address is a hash key
16:03
The actual endpoint can be stored wherever or in multiple places
16:04
Obviously there's no getting rid of IP, so at some point you need to fetch an IP address, but I don't think URLs or IPs are a desirable thing to expose to the average user
16:05
I haven't yet, but I'll be exploring some different ways of handling "breadcrumbs" generically, to a point krixano made in #general
16:05
Regarding how to refer to individual pages or states of an app/site (edited)
Avatar
bvisness May 08, 2020 04:06 PM
What beef do you have with URLs?
Avatar
.bmp May 08, 2020 04:06 PM
They feel terminal-y
16:06
Average person doesn't understand what most of a URL is/does/means
Avatar
bvisness May 08, 2020 04:06 PM
Well a string globally identifying something is still desirable, archaic structure aside
Avatar
.bmp May 08, 2020 04:06 PM
And it exposes information the user doesn't usually even want/need
16:07
A UUID is just fine as well
16:07
The thing that's useful with URLs is the breadcrumbs
Avatar
bvisness May 08, 2020 04:07 PM
No domain names? I’m sure Merkle trees are a wonderful technical solution, but there’s a lot of useful stuff in a URL
Avatar
.bmp May 08, 2020 04:08 PM
Domain names maybe, they're fine as a globally unique/memorable mapping for an IP address
16:08
But still, really, a technical detail
16:09
If you imagine 100-years-in-the-future-tech, are you imagining URLs still being a thing?
16:09
Discovery is done through search
16:10
And realistically, most of the time someone visits a specific site, it's through search, cached history, or bookmarks/links of some kind
16:10
I can type a+m+a+z+enter into my address bar and get the Amazon homepage
16:11
I never need to know "amazon.com"
Avatar
bvisness May 08, 2020 04:11 PM
Maybe true, but search isn’t everything
16:11
Search is useful but fuzzy
16:12
And besides, if you want to move toward people hosting their own stuff, you want something clear for normal humans
16:12
Domain names are pretty clear. TLDs aside.
Avatar
.bmp May 08, 2020 04:12 PM
You see a commercial for a new widget delivery service
16:13
Do you remember the URL
16:13
Or do you remember some keywords, maybe the name of the service, and Google it?
Avatar
bvisness May 08, 2020 04:13 PM
Of course I google it, but I feel pretty strongly that stable, human-readable names are really important for a network
Avatar
.bmp May 08, 2020 04:14 PM
When does the average user interact with these names, nowadays?
16:14
Google Amazon Bookmark
16:14
Now I have Amazon forever without caring about the URL
Avatar
bvisness May 08, 2020 04:14 PM
You just told me you wanted people to host their own stuff, presumably share it with people sometimes
16:15
And you want people to share...an IP address?
Avatar
.bmp May 08, 2020 04:15 PM
No
16:15
I share my folder with you, it shows up as "Folder Name"
16:15
Doesn't need to be universally unique
16:16
And you don't need to care what the folder icon that shows up on your side maps to in terms of address
16:16
Right? Just like Dropbox/Google Drive
Avatar
bvisness May 08, 2020 04:16 PM
Files aren’t the only use case for this stuff, and besides, domain names are the only guarantee I have that the site I’m on is legit
16:17
It’s an authoritative and readable name for the service I want to access
16:17
Whether I use it for navigation or not, I think it’s extremely important
Avatar
.bmp May 08, 2020 04:17 PM
Well the model I'm thinking about doesn't have browsers or "sites"
16:17
It's not clear where a URL would be useful
16:17
In the same way that you don't interact with URLs using smartphone apps
16:17
You follow some links, maybe, that take you out to the browser
16:18
But you can download and use the app without ever seeing a URL
Avatar
bvisness May 08, 2020 04:18 PM
That’s only because you have a centralized App Store
16:18
Thanks phone for capitalizing App Store
Avatar
.bmp May 08, 2020 04:18 PM
Haha
16:18
Well, I think it's useful maybe to have app stores, or rather something like "curated collections"
16:19
Not one big centralized one
16:19
But somewhere you can go, like a search engine, that feeds you results
16:19
And there's some trust involved
Avatar
bvisness May 08, 2020 04:19 PM
If you don’t have domains, then you’ll need some other form of identity
16:19
People need to be able to trust that they are in the right place
Avatar
.bmp May 08, 2020 04:19 PM
To the App Store the app is some kind of UUID
16:19
To the user, it's just an icon and a name
16:20
The App Store itself is the trust broker
16:21
It might be useful for power users to have some debug info they can view that gives them some kind of verification
16:21
But maybe that comes in the form of whitelists, like you see in modern browsers
16:21
You visit a known bad site, browser says no bueno
16:22
You visit a known trusted site, the browser displays a happy green shield
Avatar
ratchetfreak May 08, 2020 04:24 PM
and/or it shows the logo
☝️ 1
Avatar
ryanfleury May 08, 2020 04:20 PM
URLs discussion is interesting. I guess the thing I am thinking about is this comment:
If you don’t have domains, then you’ll need some other form of identity
Avatar
ryanfleury May 08, 2020 04:21 PM
How does this differ from identifiers in a programming language?
16:21
Like, why do we need text to identify something?
16:21
Instead of having text label something that is actually unique?
Avatar
.bmp May 08, 2020 04:24 PM
Anyway what Ryan is saying is valid; I think the real question is, in a system without URLs and familiar means of superficial verification, how can we broker trust in a massively distributed online environment
Avatar
ryanfleury May 08, 2020 04:24 PM
So, on textual labels instead of textual identifiers, I just realized that this is basically what URLs are, right?
16:24
I mean, the URLs are identified as requiring uniqueness
16:25
But they really redirect to some IP address, right? (Internet noob coming through)
Avatar
bvisness May 08, 2020 04:25 PM
Yes, potentially one of many
Avatar
.bmp May 08, 2020 04:25 PM
Some IP address or range of IPs, yes (edited)
Avatar
ryanfleury May 08, 2020 04:25 PM
Isn't that what a DNS is for? (edited)
Avatar
ratchetfreak May 08, 2020 04:25 PM
the domain goes through DNS which translates to an IP
Avatar
ratchetfreak May 08, 2020 04:25 PM
which you then make a request to
Avatar
.bmp May 08, 2020 04:25 PM
Right, that's the purpose of DNS
Avatar
.bmp May 08, 2020 04:25 PM
Which is a major attack/problem vector, btw
Avatar
ryanfleury May 08, 2020 04:25 PM
Ahhh right okay. So the DNS is basically a "hash table" where you feed the domain in, and get out an IP
Avatar
ratchetfreak May 08, 2020 04:25 PM
the request then includes the full URL again
16:26
a big hierarchical and distributed hash table yeah (edited)
Avatar
ryanfleury May 08, 2020 04:26 PM
Right, that makes sense
16:26
So, what's the benefit of having those be textual? It seems that URLs are obviously not human readable, at least in many cases
Avatar
ryanfleury May 08, 2020 04:27 PM
If we want a human-friendly interface, it seems like we should just have that thing
Avatar
.bmp May 08, 2020 04:27 PM
The benefit of a Merkle tree model is that the mapping is universal, it does not require a broker (still need a gateway or something to map to IPs, though) (edited)
Avatar
ratchetfreak May 08, 2020 04:27 PM
domain names were meant to be human friendly
Avatar
ratchetfreak May 08, 2020 04:28 PM
and it provides some indirection so you can change IPs without needing to update hundreds of settings to point to the new server
Avatar
bvisness May 08, 2020 04:27 PM
Yeah I don’t know why you say they’re unreadable
Avatar
bvisness May 08, 2020 04:27 PM
Aside from query parameters
Avatar
ryanfleury May 08, 2020 04:27 PM
Hmmm. Well it does seem that just the domain name is readable, usually
Avatar
ryanfleury May 08, 2020 04:27 PM
It is the extension that is unreadable
Avatar
ryanfleury May 08, 2020 04:28 PM
channels/239737791225790464/707742863076622358
16:28
This is why
Avatar
.bmp May 08, 2020 04:28 PM
https://www.amazon.com/gp/buy/thankyou/handlers/display.html?ie=UTF8&asins=B07K4SSNDM&isRefresh=1&orderId=111-4775530-2979447&purchaseId=106-9455094-0353063&ref_=chk_typ_browserRefresh&viewId=ThankYouCart
Avatar
bvisness May 08, 2020 04:28 PM
I get that within an app URLs become silly
16:28
That’s not really what I’m concerned about here
Avatar
ryanfleury May 08, 2020 04:28 PM
Well, right, but the web is consistently moving towards more app-like, right?
Avatar
.bmp May 08, 2020 04:28 PM
We can distinguish this GET request nonsense from what a URL fundamentally is, though
Avatar
bvisness May 08, 2020 04:28 PM
You could certainly mask the latter parts away, I don’t care
Avatar
ratchetfreak May 08, 2020 04:29 PM
the readability of URL paths has come down a lot since web became more app like
Avatar
.bmp May 08, 2020 04:29 PM
I get the desire to have some human-readable, memorable, top-level universally unique address mapping
16:30
But it's not really useful in practice almost ever from a user perspective
Avatar
bvisness May 08, 2020 04:30 PM
I think the domain is by far the most important part, and the part I am pretty bullish about
Avatar
bvisness May 08, 2020 04:30 PM
Domains clearly indicate ownership
Avatar
.bmp May 08, 2020 04:30 PM
Even "using the URL to verify I'm at the right site" requires you to know what the legitimate URL is
Avatar
.bmp May 08, 2020 04:30 PM
Or know what legitimate URLs usually look like
16:31
Which is playing a metagame that the average user isn't really equipped to care about, much less play
Avatar
ratchetfreak May 08, 2020 04:31 PM
or that you know that the certificate will be a proof and that you know what the proper certificate looks like
16:31
which is a step further down the trust chain
Avatar
bvisness May 08, 2020 04:32 PM
I know that all the details of actually verifying trust will be outside of a user’s grasp, but consider that my mom gets spam emails from “godaddy” that are not from a godaddy domain
Avatar
bvisness May 08, 2020 04:32 PM
The fact that the domain can not be spoofed, in a system that verifies everything else, is really the only thing that can give a human confidence that they are in the right place
Avatar
.bmp May 08, 2020 04:32 PM
Even with the web as it is today, if you replaced the address bar with a search bar 100% completely, I really, really don't think much would change for the average user
Avatar
.bmp May 08, 2020 04:33 PM
(it 100% can be spoofed)
Avatar
ratchetfreak May 08, 2020 04:33 PM
@.bmp the browsers have basically done that already (edited)
Avatar
.bmp May 08, 2020 04:33 PM
agreed, aside from actually displaying the URL
Avatar
bvisness May 08, 2020 04:33 PM
You can achieve all levels of “trust” and verification that you are connected to the “right” computer, but unless a human can look at something and see a familiar name, they cannot actually be confident that they are in the right place
Avatar
.bmp May 08, 2020 04:34 PM
it's more search bar than address bar now, in that they clearly prioritize search
Avatar
bvisness May 08, 2020 04:34 PM
Like, googlee.com could have a good cert and look exactly like the real thing
16:34
But it’s clearly wrong and a human needs to be able to see this.
Avatar
ryanfleury May 08, 2020 04:35 PM
Just throwing ideas out there, what if websites were mapped spatially?
16:35
No idea if this is a good idea, but if someone tells you to go to somewhere, what if they could use spatially contextual information?
Avatar
bvisness May 08, 2020 04:35 PM
I have no idea what you mean
Avatar
ryanfleury May 08, 2020 04:35 PM
Grid of apps on your phone
16:36
You don't type in the app you want to run
16:36
You go to the right folder and run it
16:36
You'd need some sort of fast "acceleration structure"
Avatar
bvisness May 08, 2020 04:36 PM
search is inevitable
16:36
you searched an app store to get those apps
Avatar
ryanfleury May 08, 2020 04:36 PM
To traverse to the thing you're looking at, or search them
Avatar
bvisness May 08, 2020 04:36 PM
we're talking about basically all software being available instantaneously to you in some form
Avatar
ryanfleury May 08, 2020 04:37 PM
Right, but I'm saying what if the "globally unique ID" was the location within a tree?
Avatar
bvisness May 08, 2020 04:37 PM
how big can a tree get before any spatial sense breaks down?
16:38
I guarantee I have too many programs on this computer alone for that to work
Avatar
ryanfleury May 08, 2020 04:38 PM
You can LOD it, right?
Avatar
ratchetfreak May 08, 2020 04:38 PM
and how do you guard against close proximity from causing issues
Avatar
bvisness May 08, 2020 04:39 PM
e.g. googlee
16:39
but more broadly, my point is that there is a very important human factor to consider in these designs
16:40
and we run the risk of moving from systems designed for human readability (admittedly with some archaic flaws), to systems that technically solve things more robustly but that nobody will actually be confident using.
Avatar
.bmp May 08, 2020 04:40 PM
I would say that URLs actually provide more attack vector than cover by virtue of universal names
16:40
Sure you can make sure it's google.com and not googlee.com
16:41
Do you ever do that
Avatar
bvisness May 08, 2020 04:41 PM
you don't hover over links to see what site they're taking you to?
Avatar
ryanfleury May 08, 2020 04:41 PM
That is why I posit some way of having spatial information.
Avatar
ryanfleury May 08, 2020 04:41 PM
You know it's not Google because it's not in the right place spatially (edited)
Avatar
.bmp May 08, 2020 04:41 PM
But maybe you type google.co and it takes you to a completely different website that spoofs google
Avatar
.bmp May 08, 2020 04:41 PM
Or googlee.com
16:41
It's a typo, you don't double-check, you get your credit card details stolen
16:42
Because of a name
Avatar
bvisness May 08, 2020 04:41 PM
I think TLDs are goofy and wrong
Avatar
bvisness May 08, 2020 04:42 PM
and what's your proposed alternative?
Avatar
ratchetfreak May 08, 2020 04:42 PM
or getting tricked by unicode characters that have the exact same glyph
16:42
goog1e.com or googIe.com (edited)
Avatar
.bmp May 08, 2020 04:43 PM
I'm not proposing an alternative, I don't think we need one to have a parallel system that operates at pretty much the same security re: spoofing
16:43
But I do have an idea
16:43
What DNS provides (and email) is universally federated identity (edited)
Avatar
ryanfleury May 08, 2020 04:43 PM
I guess what I am getting at more broadly with the "spatial information" thing is that, if the goal is to make it obvious that something is legit and not a spoof, then a string is just about the worst way you can do that
16:43
Spatial information is something humans use all the time to distinguish things
Avatar
bvisness May 08, 2020 04:43 PM
a human-readable string is far better than a practically random string
Avatar
.bmp May 08, 2020 04:43 PM
Along with certs, which verify that the thing you're looking at is what it says on the tin
Avatar
bvisness May 08, 2020 04:44 PM
but what does it say on the tin
Avatar
.bmp May 08, 2020 04:44 PM
So you just need to replace this with some other form of federation
Avatar
ryanfleury May 08, 2020 04:44 PM
Yes, but is a human-readable string better than spatial information?
Avatar
.bmp May 08, 2020 04:44 PM
There's no reason you can't have a Twitter model for example
16:44
You have a username and a picture and a bright blue checkmark
16:44
The username/pic say who it is
Avatar
bvisness May 08, 2020 04:44 PM
@.bmp verified by whom?
Avatar
ryanfleury May 08, 2020 04:44 PM
What if a website was registered as being tied to the geographic location of registration? You couldn't possible mistake googlee for google because someone told you to go to California on the globe to go to Google (edited)
Avatar
.bmp May 08, 2020 04:45 PM
The blue check says "we agree this is who it says it is"
16:45
The blue check is a certificate
Avatar
ratchetfreak May 08, 2020 04:45 PM
who is "we"
☝️ 1
Avatar
.bmp May 08, 2020 04:45 PM
So, the cert people 😛
16:45
At some level you're trusting the people who are handing out certificates
Avatar
bvisness May 08, 2020 04:46 PM
we are talking about different kinds of trust here
Avatar
.bmp May 08, 2020 04:46 PM
@ryanfleury I'll go register for whitehoose.gov on penn ave
Avatar
ryanfleury May 08, 2020 04:46 PM
@.bmp Well, you'd have some sort of verification of course
Avatar
bvisness May 08, 2020 04:47 PM
a certificate can verify that you are in fact talking to the original entity who registered a name
16:47
it cannot verify that that is the entity you wanted to talk to
16:47
that is fully outside the system
16:47
and whether you use a domain name, or a logo, or anything, you need some kind of human-readable cue you can trust
Avatar
.bmp May 08, 2020 04:47 PM
Right, that has nothing to do with who's handing out the checkmark/cert
Avatar
bvisness May 08, 2020 04:47 PM
if this is right, then the cert and everything else verifies that the rest is right
16:48
but you absolutely must be able to know what entity you are talking to
Avatar
.bmp May 08, 2020 04:48 PM
So you have some username, etc that's tied to the cert
16:48
Point is all you need is something unique and human-readable
Avatar
bvisness May 08, 2020 04:48 PM
like a domain?
Avatar
.bmp May 08, 2020 04:48 PM
It doesn't need to be a URL
16:48
It can have spaces in it
Avatar
bvisness May 08, 2020 04:48 PM
I can imagine either having domains, or having identities of organizations like "Twitter" or "Ben Visness"
16:48
but domains seem more natural
Avatar
ryanfleury May 08, 2020 04:49 PM
I just don't know why we are pretending that we need to have uniqueness embedded within a little thing of text
Avatar
.bmp May 08, 2020 04:49 PM
This is familiarity bias
Avatar
bvisness May 08, 2020 04:49 PM
what use is it if it is not unique?
Avatar
.bmp May 08, 2020 04:49 PM
There's nothing natural about URLs
Avatar
ryanfleury May 08, 2020 04:49 PM
I don't mean to have it non-unique
16:49
But a spatial position, for example, is always unique if you guarantee two things cannot occupy the same place
16:50
I don't know what the correct representation is
Avatar
bvisness May 08, 2020 04:50 PM
@.bmp I'm not suggesting that we need to keep URLs in their current form, but for the identity component of URLs specifically, I am proposing that you need something with equally as much human-readable identifying information as a domain.
Avatar
ryanfleury May 08, 2020 04:50 PM
But taking advantage of spatial information makes it much easier to verify "location"
Avatar
ryanfleury May 08, 2020 04:51 PM
Spatial information is also not "human readable", a human doesn't need to read anything, they just need to use all of the same navigational skills they use in the real world (edited)
Avatar
ratchetfreak May 08, 2020 04:50 PM
your primary identifier for the service you are accessing should be unique to that service
Avatar
ratchetfreak May 08, 2020 04:51 PM
but there is value in having the identifier be human communicatable
Avatar
ratchetfreak May 08, 2020 04:52 PM
that way one person can tell the other how to find the service
Avatar
bvisness May 08, 2020 04:52 PM
frankly I don't see why you wouldn't have it be
16:52
so you use search all the time, great
Avatar
bvisness May 08, 2020 04:52 PM
why obfuscate things?
Avatar
ryanfleury May 08, 2020 04:52 PM
Spatial information doesn't obfuscate anything
16:52
It is exact, precise, unique, etc.
Avatar
bvisness May 08, 2020 04:52 PM
I'm not talking about spatial information.
Avatar
ryanfleury May 08, 2020 04:53 PM
I wasn't saying that you were, but I'm saying that it is solving many problems with both propositions of search-based or identifier-based
16:53
Or, at least, it could solve them
16:53
Again, not sure what the correct representation is
Avatar
bvisness May 08, 2020 04:53 PM
I still have absolutely zero clue what you are envisioning
16:54
what if you wanted to tell people to go a certain news site, or you were sent a link?
16:54
how would a person verify that the resource they are accessing is correct, "spatially"?
Avatar
ryanfleury May 08, 2020 04:54 PM
The same way that they verify such a location in real life, in a game, or in any other spatially-defined environment
Avatar
bvisness May 08, 2020 04:54 PM
ok we're not in VR here
16:55
you'll have to elaborate
16:55
because I can't look at the sign above the door
Avatar
ryanfleury May 08, 2020 04:55 PM
We're not in VR, but that doesn't mean we cannot represent uniqueness in a spatially-defined, perhaps three-dimensional environment
Avatar
bvisness May 08, 2020 04:56 PM
I'm kind of flabbergasted here
Avatar
ryanfleury May 08, 2020 04:56 PM
I guess my point is that, in my head, this is the difference between having to type go to forest in an old text adventure, versus just moving your character there and being able to see all contextual information (edited)
Avatar
bvisness May 08, 2020 04:56 PM
like, people can know this Facebook is the right Facebook because it's next to the Burger King?
Avatar
ryanfleury May 08, 2020 04:57 PM
I mean, I'm not proposing an actual 3D world
16:57
Where you move an avatar around or something
16:57
But the same idea in principle, where you can identify something by its spatial relationship with other entities
16:57
This is why I brought up the apps on a phone, even though that is probably not the correct representation either (edited)
Avatar
bvisness May 08, 2020 04:58 PM
I don't know what spatial cues you're even referring to. It's not like I would be able to see that this website is in a shady back alley
Avatar
ryanfleury May 08, 2020 04:59 PM
I mean, imagine a shady app called "Slapchat" with a little yellow square and a white ghost appears in a location on your phone that is completely different than the place you usually go to open Snapchat
16:59
Or whatever
17:00
Are you going to open it?
17:00
Anyways, point is, I am not saying that some three-dimensional representation is good or another one is good, just that it seems like humans use spatial information all the time to identify unique entities
Avatar
bvisness May 08, 2020 05:02 PM
When I want to go the right place in real life, I look up its address, I navigate there, and then I verify that I am at the right establishment by looking for its name. This is precisely analogous to how navigating the web works.
Avatar
.bmp May 08, 2020 05:02 PM
I am proposing that you need something with equally as much human-readable identifying information as a domain.
17:02
I agree
Avatar
.bmp May 08, 2020 05:03 PM
I really don't think this spatial identity thing is a fruitful avenue 😛
Avatar
ryanfleury May 08, 2020 05:03 PM
Just an idea @.bmp 🙂
Avatar
bvisness May 08, 2020 05:02 PM
I absolutely do not verify that I am in the correct venue based on anything surrounding it; I verify it based on its name and appearance
17:02
I mean sure if I woke up and all my furniture was moved around, that would be a spatial cue of something
Avatar
bvisness May 08, 2020 05:03 PM
but you have no familiarity to go on when visiting an unfamiliar place
17:03
by definition
Avatar
bvisness May 08, 2020 05:03 PM
I think it is crazy to suggest that you can verify a new resource, be it a physical venue or a website, by anything other than its stated identity and a trusted third party
Avatar
.bmp May 08, 2020 05:04 PM
You don't have familiarity when visiting a site for the first time, either (what the "correct" URL should be)
Avatar
bvisness May 08, 2020 05:04 PM
this is true, and that's why I look things up on Google first
17:04
but that doesn't obviate the need for a domain
17:04
Google provides soft assurance that I am visiting the correct resource
Avatar
.bmp May 08, 2020 05:04 PM
If you've looked it up on Google first, you're placing trust in the search mechanism
17:04
Which was my first suggestion 😛
Avatar
bvisness May 08, 2020 05:05 PM
it's soft, non-authoritative trust
17:05
it's a heuristic for when I lack authoritative knowledge
17:05
but if I know the precise resource I want to visit, I visit it
Avatar
.bmp May 08, 2020 05:05 PM
This follows my "find amazon" model
Avatar
bvisness May 08, 2020 05:06 PM
and to my earlier point, even if you prioritize search, I don't know why you would want to obfuscate the name of the resource
17:06
and to demetri's point in banter, without a name or another identifier that a human can understand, what is there to certify? (edited)
Avatar
.bmp May 08, 2020 05:06 PM
1) Google "amazon" 2) Bookmark Amazon 3) Next time, type a+m+a+z+enter in the search bar
17:07
What are you certifying? Under my model, you're following your own saved link from your soft-authoritative source
Avatar
bvisness May 08, 2020 05:07 PM
1.5) look for a domain that looks correct instead of just picking the top result
Avatar
.bmp May 08, 2020 05:07 PM
"looks correct" is the metagame I was talking about earlier
17:08
most users don't engage in that level of scrutiny
17:08
we may wish they did
17:08
but they don't
Avatar
bvisness May 08, 2020 05:08 PM
Without a human-readable, recognizable identifier, how can a search engine give you any confidence that you are in the right place?
17:08
So you're saying we should throw our hands up and make everything UUIDs, because nobody bothers to check what site they're visiting?
17:09
It's pretty weak to suggest that we shouldn't use domains or domain-like things because they can sometimes be spoofed, and many people don't bother
Avatar
.bmp May 08, 2020 05:09 PM
The vast majority of people that don't bother, it's a feature that offers marginal benefit to some users
17:10
Anyway I agree that some readable, federated identifier is good and important
Avatar
bvisness May 08, 2020 05:10 PM
Well good, that's the only part I was actually pushing for
Avatar
bvisness May 08, 2020 05:10 PM
glad we agree there
Avatar
.bmp May 08, 2020 05:10 PM
But I don't think it's this front-and-center thing that affects most users
Avatar
.bmp May 08, 2020 05:10 PM
Certainly not in the way URLs are "designed" to be used
Avatar
.bmp May 08, 2020 05:10 PM
(entering in a URL in an address bar by hand)
Avatar
bvisness May 08, 2020 05:10 PM
I think it is irresponsible to build a system that masks the user's only chance to verify that they are in the right place
Avatar
bvisness May 08, 2020 05:11 PM
what reason is there to deemphasize that identifier, except that URLs in their current form are kind of gross UX?
17:11
the identifier is not the problem
Avatar
.bmp May 08, 2020 05:12 PM
Well, maybe you just have the identifier in an info panel
17:12
You bring it up if you need it
17:12
It doesn't necessarily need to be displayed to you by default
17:12
And for that matter, it doesn't need to map 1:1 to an application or page or resource
17:13
I could have an Amazon identifier that is equally valid for amazon, kindle, audible, etc
17:13
As you said you need to verify you're interacting with the entity that you think you are (that the identity of the entity is honest)
Avatar
bvisness May 08, 2020 05:14 PM
sure
Avatar
.bmp May 08, 2020 05:14 PM
That entity may (and in reality, often does) command many top-level resources
Avatar
bvisness May 08, 2020 05:17 PM
I'm totally fine if there is an "author" identity separate from the actual resource
17:17
that's the app store model and it works
17:17
presumably
17:18
and everything outside the domain in a URL is effectively implementation detail on the receiving end
17:18
so I don't care about that
Avatar
.bmp May 08, 2020 05:18 PM
@ryanfleury On the spatial structure note, I don't think I would use that for integrity verification, but I do like the idea as a way to memorize where things are, and generally mind-map your resources (laying things out spatially yourself)
17:18
As evidenced by my project prominently featuring a pannable canvas on which to store things spatially
Avatar
bvisness May 08, 2020 05:19 PM
I think spatial cues are great, but how do you expect them to work unless the structure is familiar?
Avatar
.bmp May 08, 2020 05:19 PM
There is familiarity value to spatial relationships
Avatar
ryanfleury May 08, 2020 05:19 PM
Yeah I think it is a very useful and more effective way to memorize things, dramatically more valuable than remembering a sequence of characters
Avatar
.bmp May 08, 2020 05:19 PM
Outside of that, I'm not sure what value is provided except where the relationships are intuitive
17:20
If you step into someone else's house, you need to "learn" their space before it's meaningfully helpful to you
17:20
Patterns help establish a baseline
Avatar
ryanfleury May 08, 2020 05:20 PM
An analogous idea, on the memorization front, is the "Memory Palace" I think it is called
Avatar
.bmp May 08, 2020 05:20 PM
You know to check the hallways first if you're looking for the bathroom
17:20
@ryanfleury Yes, that's very much on my mind here
Avatar
ryanfleury May 08, 2020 05:21 PM
So, it was just an idea, but I think not only can you use spatial information to identify (if you verify no two things can collide), you can also use it to explore a relevant space
17:22
But it could be a terrible idea!
17:22
Maybe it is correct for personal organization and not much else (edited)
Avatar
ratchetfreak May 08, 2020 05:22 PM
and some patterns are regulations, like having a lightswitch right at the door
Avatar
.bmp May 08, 2020 05:23 PM
True
17:23
"Mandated patterns" are also useful in that way (though come with drawbacks)
Avatar
bvisness May 08, 2020 05:24 PM
I forgot what we were even talking about originally
Avatar
.bmp May 08, 2020 05:24 PM
😛
17:24
Files
Avatar
ratchetfreak May 08, 2020 05:24 PM
URLs
Avatar
.bmp May 08, 2020 05:25 PM
URLs came from discussion about networked file storage
Avatar
bvisness May 08, 2020 05:25 PM
suffice to say then that I think it would be interesting to make a system where you can access your "file" data (in whatever form) by an identifying address of some form
17:25
such that you could open your data in a web app regardless of what server you had it on
17:26
if it's accessible to the internet in some form (authenticated of course), then a program could access and modify it
Avatar
bvisness May 08, 2020 05:26 PM
and of course this could apply locally instead of going across a network
Avatar
ratchetfreak May 08, 2020 05:26 PM
scrolls up oh in house server for IOT shit
Avatar
.bmp May 08, 2020 05:26 PM
As a broader point I do think the federation issue is a big one, and needs careful consideration - I think individuals should have their own federated identity on par with organizations (URLs and email handle this separately right now)
Avatar
bvisness May 08, 2020 05:26 PM
well they are arguably both handled by the domain name system, but of course everybody just has gmail
Avatar
ratchetfreak May 08, 2020 05:27 PM
so everyone gets a identifier that they can use to set up a personal server on the internet for their stuff?
Avatar
bvisness May 08, 2020 05:28 PM
you definitely need something more stable than an IP address
Avatar
.bmp May 08, 2020 05:28 PM
there's no concept here of getting rid of the cloud, but potentially (personally storing your stuff) (edited)
17:28
the function of the server is mainly in-home and as a gateway for your data
17:29
you could of course have a cloud backup service all the same
17:29
I think finer permission gating is useful here though
17:29
as a first-class function of an internet-first OS
17:29
(relating back to the actual topic of this fishbowl chat 😛 )
17:30
e.g. back up all my photos tagged "family", "friends", "selfie", whatever
17:30
do not back up photos tagged "naughty", "private", etc
Avatar
ratchetfreak May 08, 2020 05:31 PM
instead put those in a sub folder in tax docs
Avatar
.bmp May 08, 2020 05:31 PM
haha
17:31
"if the red panic button on the home screen is pressed, delete delete delete"
17:32
this is a big concern with iCloud and similar that could be solved pretty easily by being able to be more granular about what services can access
17:33
maybe people aren't as concerned as they should be, but people are generally at least somewhat distressed by things like massive leaks of celebrity nudes
17:33
and even very security-unaware people go to the lengths of having fake calculator apps on their phones and stuff
Avatar
ratchetfreak May 08, 2020 05:34 PM
when your nudes are only protected by a 10 character string, they are not safe
Avatar
.bmp May 08, 2020 05:35 PM
not sure how much you can do systemically on the password front
17:35
long password requirements tend to just turn people off the service
17:36
or result in them writing it on a sticky note in their wallet
Avatar
ratchetfreak May 08, 2020 05:36 PM
you can do stuff like secure hardware token
17:36
USB or NFC tokens exist
Avatar
.bmp May 08, 2020 05:39 PM
sure, but since most of this stuff is done on smartphones, not that useful
17:39
if you carry both on your person, no benefit
17:39
(over sticky note)
Avatar
ratchetfreak May 08, 2020 05:40 PM
but they'd have to steal your keys and your phone
17:40
which is much lower opportunity window
Avatar
.bmp May 08, 2020 05:40 PM
fair enough, depends how it happens
17:41
you could leave both in a hotel room
Avatar
ratchetfreak May 08, 2020 05:41 PM
or a pool locker
Avatar
.bmp May 08, 2020 05:41 PM
but yeah if you're talking pickpockets, or even just forgetting your phone on a park bench, uber seat, whatever
17:41
right
17:42
I do think hardware keys are a good idea, they at least address the issue from the non-physical side
17:42
eliminate the need to have short, memorable passwords
17:42
most of the attack vector is online anyway
17:42
they don't protect against hacks and stuff, but when it comes to hacks you're just out of luck
17:43
all you can do is hope whoever has your data is security-conscious enough
17:43
(and be aware of who has your data...)
Avatar
ryanfleury May 08, 2020 11:51 PM
End of Fishbowl Day 1, thanks everyone for participating! (Logs will be posted soon) If you have an idea for a Fishbowl conversation, throw it in #network-meta or DM me!