The future of operating systems in an Internet world
Despite the web's technical problems, it dominates software development today, largely due to its cross-platform support and ease of distribution. At the same time, our discussions about the future of programming tend to involve new "operating systems", but those discussions rarely take the Internet into account. What could future operating systems look like in a world defined by the Internet?
This is a
fishbowl: a panel conversation held on the Handmade Network Discord where a select few participants discuss a topic in depth. We host them on a regular basis, so if you want to catch the next one,
join the Discord!
Topic: The Future of Operating Systems in an Internet World
(edited)
I'm the one who pitched this topic in the first place, so here's what I was thinking at the time I wrote it
Basically: the web gets a lot of crap around here, for good reasons, but the interesting thing about it to me is that the ease of distribution and the remarkable cross-platform support seem to outweigh the downsides of the crappy tech stack for nearly everyone.
At the same time, we have all kinds of discussions here about the future of computing, and part of that is broadly on the "operating system" side of things
and I often feel like those OS brainstorms don't really take the internet into account
The web has dramatically changed how software is developed and distributed, and I think any future operating system needs to consider how it could achieve some of the same benefits
I've been looking into a lot of the web technologies, having been not very interested until about 5 months ago, the ease of distribution is definitely readily apparent.
One of the nicest things about some of the technologies coming to maturity in this case is WebAssembly which I know both you and Bill have been messing with a lot. Which in practice is a fantasy CPU on the computer of anyone who has a browser on their machine
WASM is really just a small part of it
Of the entire web ecosystem?
I think there's a much larger conversation to be had about what "programs" look like in the context of the web
WASM provides an execution environment, but there's much more to what we expect from an operating system
I don't know when bmp will show, but this has been the center of a lot of discussion around how a user experience is designed in a world chock full of internet.
I didn't prep it as much as I should have 
A starting place may be the fact that browsers have already become strange approximations of operating systems
Browsers now are virtual machines, window managers, persistent storage APIs, and graphics drivers
but they look very different from traditional OSes, and subject "programs" to much stronger restrictions
(edited)
I think traditional operating systems provide a model for an "offline" OS, and browsers provide a model for a strictly "online" OS
A given website is a software package that you download and run, and it needs to be able to be streamed in as such?
I'm curious if there is some kind of middle ground; a hybrid approach that gives you rich control over local data while still allowing easy distribution of software (and extra protections with it?)
I know Ryan mentioned the idea of "temporary software" at one point
as something in that direction
I think that's kinda where the biggest idea of a "online" is comes in, the systems offer different expectations to how the software is structured.
I could get deeper into the weeds, but I want to hear other people's initial thoughts about the issue before I go any further
(edited)
Hello everyone. Regarding OSes, what do people use the OS for effectively? Some way to load programs, access to the file system, communicating to hardware and external things, threads, memory allocation, etc. The OS is not much different to the kernel to what people actually want from it. (This is ignoring the GUI/TUI)
So a Web "OS" needs to support something like this and not much more.
Its interesting you mention protections. I don't want to derail the current topic of convo too much as we just started, but one topic of conversation perhaps on a less "tech centric" level have been what has been pet named "post-Dunbar world problems"
You have a world where, in terms of ethics, anything can be shared so easily. You can imagine an online note-taking app, where how private some information is is variable. Google Plus famously failed the circle idea, but I think how to manage the social connection side of the internet technology is one of the things you'd need most to pay attention to when it comes to how you construct the protection systems both for bad actors, and even your grandma who shares that picture of your child that really didn't need to be on facebook etc.
How do you establish a lifestyle for people to adopt which makes the most use of the internet in their day to day workflow?
But perhaps we should get back to that later. (However I think it's important to have that stewing in everyone's mind as we push forward into the development of the user experience.)
(edited)
Yeah, that will probably be an interesting area to explore once we have a better idea what we're even talking about
I think Bill is right to question what we want from an OS in the first place
We've already seen that a browser can kind of be collapsed into a traditional operating system in the form of ChromeOS. But using ChromeOS makes it pretty apparent that browsers alone are lacking a lot of what you need from a general-purpose computer.
Local data feels like the biggest problem to me. I believe ChromeOS has some kind of terrible file manager, but even assuming they had something better there, web software is generally antithetical to the idea of local data
all the data is almost by definition stored somewhere else
I'm interested in what you mean Bill, if basically the things that the kernel gives you are what's missing (insofar as they are) from the current browser environment, does this mean the OS part of the software being downloaded and run is managed by the website host essentially? (Moving away from "personal computing" or do you mean simply that the web having more access to the computer's resources allows it to do more, the "fantasy cpu"/virtual machine elements essentially just being distribution alone?)
(edited)
I'm thinking this from purely a user standpoint. What does the average computer user use a computer for?
Effectively, they use an application for a particular task. Be it web browsing, emails, Photoshop, word processing, spreadsheets, games, images, printing, etc.
People don't think of the OS as a thing but as the arena that those tasks can be done.
And a web browser is akin to this too.
There's a sense in which something like a file system is already being offloaded onto the internet from a user's standpoint
So many applications make a transition.
Yes. The file system is already abstracted on the web side of things, but not as much locally.
As Ben states, ChromeOS is more than enough for most people using a computer. And that to me is quite interesting.
One thing I dislike from a user perspective about the internet today, though, is that nobody really "owns" their data any more. You usually can't store data locally; it's trapped in third-party services.
I think that what the average user of today needs of technology is a chromebook, and I've suggested it to people I know.
From a market standpoint the largest companies out there already made their move.
But what makes ChromeOS so much more appealing to people? To Bill's point, it's really just that it allows them to do the tasks they want to do.
I think the question is more, how can a operating system incorporate the internet for the better. Can it? If you hybridize, from a user perspective the difference hardly exists
Well, it may be interesting to examine the workflows for which the web does not work today
gaming generally requires better graphics performance than browsers can currently offer, but beyond that, it also requires very large amounts of local data
photography is the same way
Basically, as Bill suggested, just what the kernel gives the "offline" OS now.
(edited)
The question is, when you add the ease of distribution that Ben started with, what happens to that software which can't work on the web now?
How does an operating system, from the user perspective, facilitate that distribution power?
Does the site owner just handle it like say google does with cloud services?
That's what I think is interesting to explore. There are multiple angles to this thing - the web makes software distribution very easy, but web apps today were designed around the assumption that all data had to be on the server
App stores / package managers may provide a contrasting model, but I don't think they're really sufficient
I think if you want to not have the problem you mentioned earlier, you need to be able to "own" and store locally that information despite the distribution system being completely transformed.
so there is software distribution, but also how the software itself operates
which are two very different things, potentially
In addition, where are the failings with package managers for the web in your experience?
I knew I should have written up more of a thesis last night
I've had an alright experience with the AUR for Arch for instance. Or rather parts of it which are nice to use definitely nice even if you miss what works about windows.
I think for the average user, downloading the google package or what have you for a given service is as easy as chrome extensions are now.
(edited)
So, I basically see a strong dichotomy right now between native software and web software, even if that native software is managed by a launcher or package manager. Each has its own advantages and disadvantages. Native software requires explicit installation but has more direct access to your computers resources and can work with shared persistent storage in the form of the filesystem. Web software requires is just streamed to the user as they request it, but is subject to much stronger security models, and due to the ad-hoc design of the web, doesn't really have the same level of capability as a native app. I'm curious if we can envision a system that breaks down that dichotomy while still keeping users safe and happy.
It feels to me like that will happen one way or another. After all, browsers continue to push more and more towards the full capabilities of operating systems.
But I don't want the future of computing to just be renting time on other people's computers. Turning everybody's computers into dumb terminals feels wrong.
At the same time, a dumb terminal is really great for a lot of users (see ChromeOS)
Well I think the utility of being able to have shared file systems and whatnot running on your own machine is highly subject to having a machine that actually has those.
Which as Bill is pointing out about ChromeOS and co, people who can use the applications they expect (however premeditated and provider-constructed that expectation is) will be happy without those, to an extent.
One point that I want to earmark for later is the data ownership. I don't know if we ever found a fifth person, but along the lines of data ownership especially as it relates to security and smarthome/IoT tech, Ryan and I seem to have similar views, which we could expand upon later. Perhaps he'd like to join us for that segment
Avoiding the "car fleet" problem--wherein you are in a future where fleets of automatic Tesla cars roam the world to transport you for a fee--is also hard to avoid for computers as terminals.
I think you have to design for yourself, or as I've been alluding to, sell a lifestyle which the browser advancement facilitates, it's not clear you can avoid that future.
(This is part of why I am skeptical if the ramification of Bill's point that if the web just incorporates the utility of the offline OS' access to hardware, then the issue of the superior qualities of the internet being missing from offline OS is gone.
As Demetri put it at one point, when it comes to something like the ownership of your data, something bigger is going to have to come and kill the current Google profit model to dethrone that.)
(edited)
As far as the Web/OS boundary, as well as the restrictions and sandboxing elements, I think (and this seems to be mildly unpopular among desktop developers) the smartphone "app" model is a good one
I think iOS and Android, for all their flaws, do a much better job of blurring the lines of what constitutes the web, while putting explicit user-interacting security barriers in place
I agree with that, although I think app stores are a plague upon that model
But I think we can take it further than that, and not even have a user-aware distinction between "app" and "webpage"
maybe not inherently, but certainly if they are enforced
(Implied, I hope, is that this is not based on existing web tech, but rather a parallel concept of what the web is more generally)
app stores do provide some legitimacy, though, which is important to consider
I think that is implied everywhere in this conversation 
however I don't think the "store" model is right at all
I'd prefer just a search engine for "apps"
where apps would be generic locally-installed programs
and "web pages" would be a specialized kind of sandboxed app
to the point of webasm, which I hope you and Bill get into more here Ben, I think that's largely one of the virtues of it - it's trying to bridge that gap somewhat
whether it's good enough, or successful enough, or low-level enough for the task is a different matter
(edited)
So in your preferred model, you'd still have a distinction between "apps" and "web apps", where web apps have stronger permissions? Or am I misunderstanding
it certainly addresses the distribution aspect, though, by being runnable in an abstracted machine
@bvisness from a user-facing perspective, no. From a developer perspective, yes, you'd have programs with different levels of gating
A user could choose to "trust" a given program to install itself locally for full access and performance improvements for instance
But it would be the same program
"Web pages" these days are less word doc (old-style HTML pages) and more "an app specialized for displaying text and layouts"
Bother with making different forms of their app?
it's not a different form
Even if it's easier, if you product is expected to do XYZ, the user expects that, and they will give whatever permissions.
imagine pre-compiling a webasm program to machine code
that's basically what I'm talking about
"yes I trust this app completely" -> compile it and allow it to run locally without the sandboxing
some applications might depend on not being sandboxed to function (intensive games)
Games are a great example of the user just expecting to do what they expect to be able to do.
But like with Phone applications, if you don't accept what the hardware can access, you cannot access it.
Security concerns seem to be a mostly solved problem, kind of. Different aspects that the "OS" can interact with requires permission if it isn't completely self isolated
Mobile applications are becoming more and more self isolated + permissions for the outside world.
The OS is the umpire between the hardware and the applications wanting the access the hardware.
So say a web page in a browser is essentially a "service"
I think this model of how things should interact will be taken forth, even if the model is not necessarily the best.
The way wasm works now if you get a memory space for that "instance." Does this self containment + permission mean the permission system is based off a particular API for that form of control over the machine? (Whatever permission you ask for by using it?)
The WebGL -> OpenGL system works kind of like this.
Do you have plans for incorporating that model into how Midgard will be used?
I've been experimenting with WASM lately with my "Midgard" experimental project. I want to see what I can do with the web "platform", per se.
Unfortunately, WASM doesn't have a way to specify what is required with regards to hardware yet, and that has to be done with the JS interface.
As an avid user of gingerBill™️ products, I have to say that if I were going to write serious mixed-platform applications I would much prefer to use Odin over Midgard - tangential to this conversation, but have you considered WASM support for Odin as an end goal of the Midgard "experiment" or is it meant to be a self-contained end product?
In many regards, the JS platform layer can act as this intermediary, which is a form of platform or pseudo-kernel layer for the application
WASM support for Odin should be relatively simple with the LLVM backend, but Midgard is purely an experimental project to see what WASM can do by focusing purely on the WASM platform.
1
I do think a WASM-like model that's designed to be "compilable" would be very nice. I see some elements of this in how Ryan has discussed some of Dion's internal representation/distribution model
(edited)
Don't get me wrong, I'm very interested in Midgard and I'm excited about the new WASM streams 
I am effectively treating WASM as the architecture and the standard web interface (HTML, JS, CSS) as the pseudo-platform/pseudo-kernel layer.
1
And by doing this, I am going to see what is actually required by an "OS" to be useful.
1
@.bmp I was just chatting with a friend on the WASM team at Mozilla last night - they're already planning to cache compiled machine code after loading WASM modules
(edited)
@bvisness this is very much the sort of model I have in mind
distributing "apps"/"pages" in an abstracted platform representation/bytecode, which is sandboxed and API-restricted, and compiling that down to machine code as needed
you can then keep the machine code as long as the version doesn't change
and it has the same security guarantees as the bytecode, exempting problems with the security implementation
(as long as the compilation and sandboxing is correctly implemented, it should be secure - and there are security problems with any platform, so I don't see this as an exceptionally bad sticking point)
(edited)
I think even having this streaming concept be expanded not as wasm then convert to exe, but rather streams of wasm into streams of dll. @.bmp ?
(I'm being pithy, but my point is you construct the software differently)
yes, I've certainly considered dynamic linking as part of my mental model for this
Yeah, I think a clear benefit of the web distribution model is that software can be distributed in chunks if that's useful
I do think you want the distributed code to be "called into" (granted, EXEs are just this, but for the OS itself)
and on that note, nakst's entry point for Essence programs as an event loop is very interesting to me
(edited)
WASM is very much designed to be a Sandboxed environment, but I do find it extremely interesting how it is designed. I am extremely impressed by its design, or it's possible design to be a form of pseudo-application application with it's own virtualized memory spaces (plural) and more.
A given program runs on two cpu's effectively, under your [brendan's] model.
(edited)
correct, the abstract CPU and the real CPU
although ostensibly they're always compiled (no need to interpret, afaict, aside from maybe some JIT metaprogramming stuff)
(edited)
I also have been quite impressed with wasm. The guys working on it are not dumb. It basically utilizes the helpful characteristics of a stack machine, while not getting dragged down by it.
I don't think Brendan's model, however effective which I'm skeptical, fits into it as-is.
But what is there makes "pseudo-native" development very appealing.
I agree that WASM is not suitable as the end-all-be-all of my design (I don't intend to use it at all, outside of experimenting with its design)
I am impressed by how much it seems to get right, though
while having to live under the current ecosystem
It takes the sandboxing, potentially, to a second level instead of trying to cheat it.
Everything gets it's own customizable sandbox.
For me, WASM is the new "Flash". And I mean that as a good thing. Flash allowed people to create things that were not possible with pure HTML/JS/CSS whatsoever. If we are able to have a general purpose environment, the programmer can do whatever he requires.
Gets an entire "fantasy cpu" and "fantasy os" to itself in effect.
Yes minus the terrible battery consumption and other tech issue.
My basic intention with wasm is to make a flash-like environment, flash application and games being my childhood tradition. ;P
this gets to the sort of inversion I would like to see
flash sat inside HTML/CSS/JS and the DOM model
We talk about this somewhat yesterday, but a good part of the issue with HTML/JS/CSS is trying to split aesthetics and mechanics.
I would like to see WASM become the new lingua franca of the web, and new layouting frameworks emerge within it
(to the extent that I care about the current instantiation of the web)
that's no different in principle from having programs for viewing PDF documents vs. word docs
and I think it's very desirable
1
although, there is the whole hypertext aspect to it, but presumably resources could still link between each other
Html was supposed to be "content" and CSS the "presentation"
JS thrown on top for "dynamicism"
The idea of splitting these up into different systems has basically slowed everything down to the loit where node.js or whatever essentially exists to let people who know JS just have access to non-DOM objects.
this is where things like React are actually correct, at least in terms of rethinking the model
as a unified medium of design
I'm not sure what you mean by that
React allows you to design pages with pure JavaScript
though it's sunk a bit by including HTML/CSS in its interface
it makes JS the only first-class citizen
well, it makes sense given what it is working with, and the core of React is not technically DOM-specific at all
the logic belongs as the foundational layer, not the layout
I don't think it's much of a tangent; it's a step in the right direction toward abandoning the web as "document viewer" and moving toward the web as "application distributor"
1
The noble goal on question.
However misguided by trying to preserve Javascript from the ecosystem.
I hope people understand why I mentioned "Flash".
Flash was actually what designers and programmers want.
1
for all its problems, it was very successful
it's still held up as an ideal by many animators
But people need to understand why it was successful.
And Flash the application is still great for doing animation work.
It let people do what they wanted and expected to be able to do
From what it said on the tin
flash was "embedded applications for the web" in the same way that webasm/canvas promises to be
I hope WASM can be that, and my experimentation is showing that it might be possible.
I have a problem with the "embedded" part but that's not flash or webasm's fault
and it being embedded is only a side effect of the current ecosystem
it can be embedded in any host that will give it what it needs
Bill, you mentioned on stream how brilliant the linking/distribution for webasm programs is; could you elaborate a bit on that? If it's not too technical for this discussion
I think that sort of thing is important when discussing distribution models for applications that live between native and sandbox
Through Ben's help, I actually discovered a way to do linking with WASM, which I don't know if anyone else has determined yet.
The short answer, you define the memory offset for the data segment to be relative to an externally defined global variable.
data_seg_foo = offset(_external_data_segment + _local_offset)
The way WASM works actually reminds me a bit of the idea of booting into software on older PCs (and the nostalgia for doing this with old games)
Opening the webpage is booting into a system with virtual memory (potentially multiple) you get pretty complete access to what you ask for, it seems.
Once again, the sandboxing is taken to the next level instead of trying to cheat it.
I believe that works fine as long as you make all your data accesses relative to that offset global, right?
Absolute memory addresses in instructions would still be unable to relocate in a sensible way
So to my understanding, that makes it an acceptable linking solution when you are the producer of all modules, but it wouldn't work in general for importing a third-party WASM module?
I suppose that's trivially true anyway, since they wouldn't care about your offset global
(edited)
For two modules to communicate, the JS platform layer would have to be the mediator.
But for this linking system to work, each application would have to follow the same convention. It would not be enforced exactly.
From what I was reading in their docs, it's primarily set up right now to allow for careful dynamic linking, and eventually they wanted to make a stable ABI to allow for more options
with "dynamic linking" being just passing exports and imports around in JS
My idea was probably something a little more "clever".
I know it came up in the context of static linking; were you imagining that you would process several WASM modules and combine them into one by reordering the data segments?
anyway, that's probably a tangent from this overall conversation - and in general I'm thinking that dynamic linking is probably the way to go for much of web software
right so you could have SuperDuperGuiFramework-v12.56 machine-code cached on your machine
and any application that requests the same version of the same library uses that cached version
That is a potential for language runtimes as well
This isn't tangential whatsoever.
For me, the OS/Kernel is fundamentally an umpire/mediator between applications and hardware.
I think it's useful to explore WASM-specific concepts as they relate to this conceptually-similar thing that we're discussing
Applications and Applications; Applications and Hardware; Hardware and Hardware
And the web browser has become a form of pseudo-kernel, which I keep stating.
I am not sure I like this future, but it is the future we are dealing with.
the web browser is an abstract OS
hence ChomeOS as a small shim under the browser being a relatively fully-featured OS
(leaving aside the full Android app support, haha)
I was going to bring up inter-process communication, actually, and more generally that desktop programs have a much better time interoperating because they all have access to the filesystem
For me, the OS/Kernel is fundamentally an umpire/mediator between applications and hardware.
I think that's a great opportunity to use an old and honestly great model.
Same. I hope my experimentation brings light to some of this.
I am not entirely sure I will discover much, but it will be useful to me regardless.
That was kinda gonna be my pithy answer to he whole thing we started the conversation on. Each webpage is it's own OS basically. (Like Doom or whatever has it's own way of accessing and managing the resources of the computer it's made to run on.)
I'd say each OS is it's own virtualized environment, and not an OS.
I did say it was meant to be pithy. ;P
The browser itself is the "OS".
My point is it fits the booting model.
In a strange way, I'm excited for the web as a place for self contained applications, with all the distributive powers of loading a webpage.
I am partially excited too. The web will be this homogenous thing which will be the "same" across multiple browsers.
1
So regarding the design of Midgard, how does it fit into your model for how you see wasm being used in the best case?
I am designing Midgard just to be a basic language that directly maps to WASM. So I can see what I can do for an application in a virtualized environment.
There are Pascalism like group declarations that fit into the wasm model quite well, without needing to do a straight s-expression* based .wat it seems
(edited)
Ans thus easy to adapt if wasm changes much?
It seems that the Pascal model fits very well for WASM, which is partially surprising to me.
I am not sure who are the main architects behind WASM, but I would love to discuss things with them.
The design repo for WebAssembly has lists of people who are in on the meetings and doing proposals
I do guess that there is a main architect or two.
Because the general idea does seem to come from a single-ish mind.
Compared to the rest of the web stuff, it's extremely well designed.
Have you read any of the post-mvp proposals?
I was just starting to dig into those this morning
Could we get a brief rundown on how WASM "memories" work?
For myself and spectators who are not familiar
@.bmp Simply, they are just a separate memory spaces. Currently, there is only one memory allowed.
Basically virtualized memory, but you can get more of them (eventually)
1
I was sort of leading into that
It should be possible to (with permission) get direct access to another program's memory space
In the form of a fat pointer of sorts
Possibly, yes. I could imagine "mmap-ing" something into a specialized memory space, and thus be very safe too.
It would have to be a fat pointer, which stores the memory index too.
So you can already see the potential for some of the excitement of a model built fully around these concepts if you imagine having full-native applications that simply provide a memory-mapped region to the WASM environment
hey so I have an emergency bulletin - my friend who works on the WASM team at Mozilla is available right now
so, if you have specific questions about WASM, the design behind it, and the new proposals in the works...
(edited)
That is very very cool!!!
1
Hello!
7
Short questions that I have straight away:
* Multiple memories support?
* SIMD support?
* Threading support of some sort?
* System Call like things rather than "internally defined" calls only? With WASI or whatever?
Multi-memory support is interesting, it's a fairly small spec change and not a large amount of work for implementors (like SpiderMonkey or V8) as they all have to support multiple memories in the runtime just not more than one in a specific instance. But there is very little pressure to implement because no one is asking for it yet. But it's on our radar
SIMD support is coming soon, we're getting support in Firefox Nightly probably in the next month. V8 is further ahead than us, not sure about JSC/webkit. People really want it, so it's a high priority
Threading support is complicated (at least on the web)
The problem is that with multiple threads and shared memory in a web browser, you can build a high resolution timer which would allow you to do side channel attacks to read process memory (ala Spectre)
Yes, I will be happy with single threading support.
Maybe the possibility to support coroutines might be more than enough. e.g. allowing the application to have pseudo threads.
So short-term it's been disabled until Firefox is able to get better process isolation like Chrome has
Ah yes, there's been discussions around stack primitves that could support that. That would also be useful for languages like Go which want to switch stacks for goroutines
There's no formal proposal for it yet though, and interop with the web may be tricky? I'm unsure on that
Longer question,
* what's your general theory on how you expect applications to work in terms of streaming in wasm? (As in, how do you expect the structure of programs to change compared to the luxury of having larger file sizes etc)
* when it comes to safety with interfacing with C, I hear the idea is to have safe defaults and unsafe escape hatches, essentially, (so normally you have issues with bad pointers, arrays of wrong lengths etc) how is this planned to be implemented so far?
(edited)
Theoretically, coroutines don't need to be that special in implementation. But you do need to support different "locals" stack frames.
For WASM, I am actually designing a language that directly maps to WASM's concepts and experimenting to see what it possible with the platform. I want to see what I can do with WASM with a minimal JavaScript platform layer in order to interact with the everything else. Especially since WASM is quite self contained.
(edited)
As my main goal is to effectively have a language that I can use to do proper typesetting and graphics, which CSS and JS sadly cannot do in a sane way at the moment.
(edited)
Wasm in general is in a unique position right now. The ecosystem is very new and young, so a lot of things are being built right now. The first generation of users are generally people porting (e.g. emscripten). For these users they're really not taking advantage of the platform completely and are just trying to bring their legacy applications completely as-is. Think like adobe photoshop. This is pretty cool and was enough to get the whole project started, but has a bunch of disadvantages like huge file sizes and slow loading
What's likely (in my opinion) to be happening in the next few years is people designing languages, frameworks, and tools that actually take advantage of wasm's strengths to build something new and better
Yep, exactly what we are excited to try to do.
We just don't have that yet however, so wasm on the web can be a bit clunky
I have been extremely impressed by how well WASM has been designed, which is sadly uncommon for the web.
1
And we have been discussing about how Flash was actually what designers and programmers wanted, even if it was actually quite a poor implementation of it.
@gingerBill are you going to try to expose all of wasm's concepts like globals/tables/memories? or just be a good general purpose low level language?
I understand that WASM itself is going to be difficult to get things working well, especially taking into account accessibility issues, but it does allow for a good framework to extend to other things.
WASM was uniquely designed compared to most of the web (it was actually designed)
4
4
There's also a small amount of (smart) people actually making decisions, which helps
The separation of aesthetics and mechanics (as though presentation was not content) with html and css is something that has to be amended if you want something like flash, whether that's the intention or not. (For those who say wasm isn't supposed to replace JS or whatever.)
Breaking things up like that just makes it impenetrable for designers no matter how you slice it.
I will agree to that, that the web was not really designed.
The least worst bit about the web is HTTP (and its children).
And then HTML, and then JS, and then CSS.
As many people know here, I think the idea of separating presentation (CSS) and content (HTML) was an extremely bad idea. And if you explain this to a graphic designer or typographer, they'll look at you with bewilderment as they'll say "but presentation is content"
or as @simp correctly states, "aesthetics is mechanics, and mechanics is aesthetics"
So for me, WASM actually seems like a way to bypass most of the bad mistakes of the past, even if it still has to contend with the mistakes of the past.
(edited)
Yeah I would agree (I used to work in layout + graphics at Mozilla before WASM). Separating presentation and content generally only works for simple user interfaces, which most web content was originally.
and if it's simple, the benefit is not even clear
It's interesting to see "CSS in JS" becoming popular as a response to this
A web designed for scientists to share docs
What I find annoying is that none of the early "designers" of the web actually asked graphic designers or typographers or artists or developers what they actually wanted. It was purely designed by "engineers".
1
Not the rich interaction we expect today.
So thank you for working on WASM.
There is however something useful about commonly understood metadata for an application (like HTML today) It's what enables search engines, ad blockers, and extensions to be useful.
It's just unfortunate that HTML and CSS are so poor at that
HTML is not that bad compared to JS and CSS.
HTML is bad, don't get me wrong.
But it's the least worst about of the trinity.
I don't think any user interface language is sufficient for everyone's needs, but having some interoperability is helpful and is arguably why the web even still matters today.
But I'm torn, because it's also what makes it a poor application platform
Yes. It's a complicated problem.
I don't disagree with that.
I saw there was a question about system calls and WASM, what was being asked there?
That's one of my focuses right now
Currently, the instruction call only works with internal funcidx.
What I am suggesting is a way to call predefined platform defined things.
You can do this already with the import things, but that is not really a common interface, akin to *nix's syscall.
Maybe the solution is that the thing already works, and nothing needs to be added.
(edited)
And that's actually a "solution" I am fine with.
Ah yes. So the general thinking here as I understand it, is that WASM by default has no capabilities beyond compute. If you wish to give it a new capability, like access to a file or socket or DOM api, you need to pass it as an import to a WASM module
Okay. That's perfectly fine.
Now that works, but that means that all users of WASM have to come up with their own imports
The reason I bring this up is because "WASI" seems a little confusing to me as a concept, if you are not dealing with something like C.
And so I think you mentioned this, but WASI is a project to come up with a standard interface of things you can import to do system things like UNIX
So WASI is effectively a POSIX emulation for WASM, correct?
I might be wrong by the way.
It's not intended to be POSIX compatible, but will have similarities and fulfill the same goal of a common system interface
I meant POSIX/*NIX like interface.
Not necessary strict POSIX. Sorry for the confusion
Ah yeah, compatibility with POSIX/*NIX etc is not a goal. You should be able to emulate most of those APIs performantly ontop of WASI, but it's intending to be something new that could correct some mistakes those APIs have
And fit into the WASM ecosystem in an idiomatic way
Notably mmap might not work the same way
With regards to WASM's design, Tables still partially confuse me. Because you can only have one, they seem a partially useless.
And you can emulate them through other means.
Yeah, they're a bit odd. They were originally added to solve the function pointer problem. So that C++ classes could store a vtable, with each function pointer in it as an index into table[0]. then when you wanted to call a virtual method you would use the call_indirect instruction
New proposals are expanding the use cases
But even that confuses me. Because you only need the data segment.
I understand jump tables are really useful, but they are not exactly "jump tables" in the normal sense.
Hmm, I might not be understanding something. What do you mean by data segment? MVP wasm can't call a function determined dynamically at runtime except through call_indirect and tables
I was speaking in the hypothetically partially.
Ah, yeah I suppose there are probably other ways of solving the problem. Why tables were designed this way and not other ways was a bit before my time.
Effectively, what I would like is this:
push parameters
push funcidx
call_index typeidx
Because I can store the funcidx in the datasegment or globals or locals or memories.
And then when I load that value, I can then call it indirectly
And it acts like a normal "pointer" per se.
Yeah that does. My best guess is that they chose the table design because it extends naturally to future extensions, like reference-types.
I've been using the webassmbly.github.io docs as my source because they are the easiest to read, but they might not the best source of truth.
Yeah, I'll have to ask around to see if there's a reason a call_index wasn't considered.
Yes. That's effectively what I want. Because it would be safe too.
Because the typeidx would be an extra check before you call anything.
It wouldn't effect call_indirect
It's personally my only complaint with WASM.
(edited)
Yeah, they definitely could be equivalent with a couple less steps. But my best guess is that having a 'table' concept is more general and applies to other values you can't store in linear memory, like reference-types
I'm not sure I agree with that actually.
I think you may want to give a brief summary of the reference types proposal; I read it this morning but am still a little unclear on what it does and what problems it's solving
Thank you
Thank you for all of your answers by the way
It's rare I actually get to talk to the creators/designers of something
aside from yourself, presumably
The basic problem is how can wasm call imports with values from the host. For example, if you have a wasm module in the browser and you want to call an import, which is some web-api that accepts a JS value. The existing value types (i32, i64, f32, f64) are too limited and so reference-types adds a new value type (externref) which can be used as the in parameters, results, locals of wasm functions and can hold any host value. On the web this is any JS value. Tables are also extended to be able to hold externref, so a Wasm module can then hold onto values from the host. externref's cannot be inspected or modified by Wasm (they're opaque) and so theres no security concerns about pointers be read
It's a small stepping stone into allowing wasm to interact more with the host
I understand exactly what you mean by a reference type now!!!
I'm more of a proxy to the creator/designers of wasm, I just do their engineering work
That's fine. You probably understand the consequences of their decisions a lot more.
So for me, I don't think you need a "reference type", per se.
For me, my solution is going to be a "fat pointer".
Where this pointer contains two things: memidx and memory offset for the "memory".
What's the use case for these fat pointers, or what are you doing with them?
I know this approach requires two "registers" and doesn't store any type information.
But it's probably the approach that many compilers to WASM use for normal pointers.
But they don't need to be "fat pointers" because there is only one "memory" at the moment.
And most languages nowadays assume a single memory space.
If I understand correctly, you may have an issue as memidx's for loads/stores are static and can't be specified at runtime
We don't live in the 16-bit world any more.
I personally don't want that.
I am just spit balling at the moment.
@gingerBill I assume you still want non-fat pointers for the "main" memory space
but I agree with the fat pointer model 100%, it gives you incredible flexibility
so you store which memory as well as the actual address within that memory
@.bmp You can encode the memory space in the type system itself e.g. NEAR and FAR pointers are back, baby!
1
And many tools like LLVM already support this.
I was about to say, LLVM already covers this, so having it work for wasm is all the easier.
I don't know if I am probably not the normal person questioning WASM.
I think one of the stated goals of tables in WASM is to make things as opaque to the module as possible; how would you choose to achieve those security goals in this model?
Would be interesting to see how it works in practice in any case when more memories are added.
To be clear, I don't know if any of these ideas the best yet.
It might be that a single "memory" is the best option.
That reminds me, will we be able to have memory protections on "memories"?
e.g. I want to reserve this first page so that if you try to read/write from it, it raises an exception of sorts.
That's been proposed many times But not yet
Good to know
The problem is ideally you'd have granularity of a page size, but the wasm page size is way too big
And there's also concerns about multithreading that would make it challenging for all hosts to implement
16K might have been a better size.
I know typically 4K is a page size on most OSes.
There's been talk about allowing users to specify the page size as a parameter to their memory type. Along with some additional information, like heuristics on which memory (in multi memory scenarios) is the main memory, if any, and should be given improved performance
We do a lot of tricks to make memory access safe and efficient
@simp what were you wondering about c-api's? was it about the wasm c-api? or c languages running in wasm?
Basically my understanding is there is a default, then a unsafe escape hatch?
Or that was the proposal?
Things like bad pointers or array lengths
Side note: The other night, @bvisness and I were discussing about how to make a WASM "linker" per se. And effectively what would be needed is just a have a runtime specified the data segment offsets. e.g.
WASM module #1 (data-segment-offset: 1024):
foo (offset = + 0)
bar (offset = + 4)
WASM module #2 (data-segment-offset: 2048):
foo (offset = + 0)
bar (offset = + 8)
This should work already, right?
because the data segment elements take an "expr" for the offset.
Yeah, that's been a point of contention that I've only heard a bit about. As I understand it, the wasm-c-api has some methods that are easy to use incorrectly if you pass in values with the wrong length, etc. There's been debate about whether it's something we could even improve as you can basically screw up C api's in any way and not everything, like bad pointers, can be checked. But the community group did just vote to add some safety checks to raise the bar a bit, https://github.com/WebAssembly/wasm-c-api/pull/134
This patch illustrates what safe interfaces for wasm_func_call,
wasm_global_set, wasm_instance_new, wasm_table_new, wasm_table_grow,
wasm_global_new, wasm_table_get, wasm_table_set might look like....
And the idea is, like you said, to have unsafe escape hatches for if the checks hurt performance too much
That makes sense to have the hatches for that case.
I've got to get heading, but if anyone has more wasm questions feel free to send them my way. Would also be happy to join a wasm channel if there is one
1
(I am definitely in the sceptic camp which is why I ask, thanks for the link to the proper discussion)
Thank you very much for you time and answers.
It has been wonderful
Well, wasm might become a bigger topic going forward
Otherwise thank you a ton for your time!
I can keep rounding up questions and nagging you in person
thanks so much for doing this
No problem, it was fun!
1
@gingerBill was the discussion between yourself and bvisness public (here or on the Odin server)?
It was on the past stream.
My past stream with WASM experimentation.
Well I’m tempted to say we should revisit this topic in a while when we’ve all experimented further with WASM
1
I was kind of surprised to see that I think most of us were on board with a rather browser-like direction for things, now that it turns out WASM is actually good
Completely agree, I think especially the feasibility of OS-like forms will be more easy to grok once we have some non-trivial demos completed.
I am not necessarily onboard, but rather, this is the near future and I am going to have to accept it.
Native will always be better.
The distribution just can't be beat, frankly.
It also helps when people want to test things. You don't have to download and install anything. It just works straight from your browser.
1
I can completely understand it.
I think if we revive this conversation at some point tonight we should focus on OS stuff
given that we got thoroughly off track on WASM stuff
not complaining, it's all related and very interesting
But I think it's completely related to the topic of "The Future of Operating Systems in an Internet World"
To go completely in a different direction:
I think "the cloud" (another person's computer) is the emergences of older paradigms with computing.
There seems to be a "recurring patterns in history" going on
Perhaps there will be a swing back toward local hardware and self-ownership of data/programs
But it seems increasingly unlikely without a massive upheaval, some kind of sea change
Well - I hinted earlier at the discussion I'd like to have around data ownership and security especially as it pertains to the ever-increasing amount of (data-generating) devices in people's homes
I think there is space for something like a "home server" in the average household
For many people, having a central powerhouse which other screen-having devices and smart devices remote into would be more cost effective than having a half-dozen or more expensive devices which need to be periodically upgraded
it's all about user experience, and the user experience of having your work everywhere beats the user experience of owning a paid copy of Excel, I guess
(desktops, monitors, laptops)
What I'm talking about isn't "killing" the cloud, it's returning the option of self-ownership of data and logic
You might want your work files available everywhere
But maybe you want to back up your pictures yourself
Certainly running all of your smart devices off of one local logic center/interface to the web would be good
As opposed to having dozens of endpoint devices which are all potential security vulnerabilities, all transmitting metadata to the cloud all of the time
I think of the "home server" as a practical hardware decision economically and functionally
But also as a gateway for personal information
This would be designed from the ground up to be configurable, user profile-focused, and to make explicit which people and services have access to which data
and I think a lot of people would respond positively to a security-minded IoT system if the user experience was good
The thing I wonder about is whether the incentives will really ever be there to own the data yourself. If a company like Google will give you lots of data storage and a bunch of programs for free, why would you bother to set it up yourself, pay someone for backup, etc.?
Nothing leaves your home without your permission, and without your visibility
Obviously there will be people who want that, but many won't care enough to offset the cost
(edited)
That's part of the sell of this
Because it's economically viable
Instead of a gaming computer for one kid, laptops for every family member, Xbox One and PS4 in the living room, plus an Apple TV which doesn't work with your Windows devices, iPads, a mix of Android and iOS phones, etc
You have one central device that provides all of this functionality to a series of screens
Which are just thin clients
(You'd still have phones because you want portability)
So if you want the Gaming package, you splurge for the gaming upgrade to the home server
And you can run it off any screen in the home
You just hook up your peripherals, sign into your user account (fingerprint reader controller?), and go
This could scale all the way down to like, a Raspberry Pi type device for people whose needs are very limited
(single person "web browsing", limited media consumption, no gaming)
(edited)
So the way this relates to the internet is that you'd essentially have an ecosystem where you have one internet endpoint in the home, which you fully control, with rich privacy/configurability settings, and then ~1 smartphone per person on top of that (which could route through the server while home, and remote in with a secure tunnel for home access while away)
So you'd have an OS where driving functionality is a first-class design consideration
And sites/apps would include little logic bundles for controlling home devices which would link up to your system as building blocks in your configuration (in a user-friendly sort of way) - a home command center, roughly
I think we're driving toward something like this, except highly cloud-driven, anyway
At some point companies will figure out IoT and how it relates to things like identity, where your devices will track your location and status via a smartwatch and do things like turn on lights accordingly
(knowing who you are in the family, for example, or whether you're a guest)
The current software/hardware stack is ill-suited for this (particularly the guest/edge network experience) but they'll retrofit it
Anyway </rant>, want to give people a chance to respond
I have plenty of my own thoughts about this that I can save for another time
But as far as the networking side goes, it’s an interesting consideration
I’m interested in being able to move easily between local and remote, offline and online
We could have a more expansive IoT/smarthome fishbowl at some point
And home network stuff certainly does play into that
But I agree, the context here is about how this relates to networked OSes
As far as what those computers are actually running, I dunno
To go back to an earlier topic, you mentioned that you like the paradigm of apps (as presented by mobile devices)
There’s no coherent notion of an “app” for most web programs though
And I’m wondering if there would be benefit in such a thing
(edited)
Right, I like the paradigm, but not as the paradigm going forward
I do think there is an important conceptual distinction between a packaged app and a web page, of course
But I’m not actually sure what the value proposition is for apps like that right now, since pretty much all web software needs a live connection to be useful at all
Browsers are just kind of nerfed if they’re not connected because they can’t access files easily
Maybe if we had a properly networked file system instead of Google Drive and Dropbox, web apps could actually just open your files directly.
This is a big part of my own project... I want something like IPFS/Kademlia
(edited)
Want something where the local file storage is just one instance of a massive interconnected web of distributed file storage (with permissions/user account discrimination, ofc)
That doesn't mean all connections need to be peer-to-peer or there's no place for central hubs, centralized services/storage
(edited)
I need to sleep now. Goodnight everyone
Good night, Bill! 
I would expect a central hub to be very valuable; I think most peer-to-peer stuff would be a huge pain
Unless one of your “peers” was a sysadmin with a gigabit connection
Could you have a system that just uses URLs for all paths, including “local” files? I bet you could
(edited)
The doubt I keep coming back to is whether you’ll be able to beat the value of a giant company giving you everything for free
And that kind of shapes how I think about this web os thing in general
You can come up with an amazing system that allows you to really own and access your data anywhere, but if it’s not free, who will use it?
Maybe total self-hosting is the only way to go
URLs 
Where the address is a hash key
The actual endpoint can be stored wherever or in multiple places
Obviously there's no getting rid of IP, so at some point you need to fetch an IP address, but I don't think URLs or IPs are a desirable thing to expose to the average user
I haven't yet, but I'll be exploring some different ways of handling "breadcrumbs" generically, to a point krixano made in #general
Regarding how to refer to individual pages or states of an app/site
(edited)
What beef do you have with URLs?
Average person doesn't understand what most of a URL is/does/means
Well a string globally identifying something is still desirable, archaic structure aside
And it exposes information the user doesn't usually even want/need
A UUID is just fine as well
The thing that's useful with URLs is the breadcrumbs
No domain names? I’m sure Merkle trees are a wonderful technical solution, but there’s a lot of useful stuff in a URL
Domain names maybe, they're fine as a globally unique/memorable mapping for an IP address
But still, really, a technical detail
If you imagine 100-years-in-the-future-tech, are you imagining URLs still being a thing?
Discovery is done through search
And realistically, most of the time someone visits a specific site, it's through search, cached history, or bookmarks/links of some kind
I can type a+m+a+z+enter into my address bar and get the Amazon homepage
I never need to know "amazon.com"
Maybe true, but search isn’t everything
Search is useful but fuzzy
And besides, if you want to move toward people hosting their own stuff, you want something clear for normal humans
Domain names are pretty clear. TLDs aside.
You see a commercial for a new widget delivery service
Or do you remember some keywords, maybe the name of the service, and Google it?
Of course I google it, but I feel pretty strongly that stable, human-readable names are really important for a network
When does the average user interact with these names, nowadays?
Now I have Amazon forever without caring about the URL
You just told me you wanted people to host their own stuff, presumably share it with people sometimes
And you want people to share...an IP address?
I share my folder with you, it shows up as "Folder Name"
Doesn't need to be universally unique
And you don't need to care what the folder icon that shows up on your side maps to in terms of address
Right? Just like Dropbox/Google Drive
Files aren’t the only use case for this stuff, and besides, domain names are the only guarantee I have that the site I’m on is legit
It’s an authoritative and readable name for the service I want to access
Whether I use it for navigation or not, I think it’s extremely important
Well the model I'm thinking about doesn't have browsers or "sites"
It's not clear where a URL would be useful
In the same way that you don't interact with URLs using smartphone apps
You follow some links, maybe, that take you out to the browser
But you can download and use the app without ever seeing a URL
That’s only because you have a centralized App Store
Thanks phone for capitalizing App Store
Well, I think it's useful maybe to have app stores, or rather something like "curated collections"
Not one big centralized one
But somewhere you can go, like a search engine, that feeds you results
And there's some trust involved
If you don’t have domains, then you’ll need some other form of identity
People need to be able to trust that they are in the right place
To the App Store the app is some kind of UUID
To the user, it's just an icon and a name
The App Store itself is the trust broker
It might be useful for power users to have some debug info they can view that gives them some kind of verification
But maybe that comes in the form of whitelists, like you see in modern browsers
You visit a known bad site, browser says no bueno
You visit a known trusted site, the browser displays a happy green shield
and/or it shows the logo
1
URLs discussion is interesting. I guess the thing I am thinking about is this comment:
If you don’t have domains, then you’ll need some other form of identity
How does this differ from identifiers in a programming language?
Like, why do we need text to identify something?
Instead of having text label something that is actually unique?
Anyway what Ryan is saying is valid; I think the real question is, in a system without URLs and familiar means of superficial verification, how can we broker trust in a massively distributed online environment
So, on textual labels instead of textual identifiers, I just realized that this is basically what URLs are, right?
I mean, the URLs are identified as requiring uniqueness
But they really redirect to some IP address, right? (Internet noob coming through)
Yes, potentially one of many
Some IP address or range of IPs, yes
(edited)
Isn't that what a DNS is for?
(edited)
the domain goes through DNS which translates to an IP
which you then make a request to
Right, that's the purpose of DNS
Which is a major attack/problem vector, btw
Ahhh right okay. So the DNS is basically a "hash table" where you feed the domain in, and get out an IP
the request then includes the full URL again
a big hierarchical and distributed hash table yeah
(edited)
So, what's the benefit of having those be textual? It seems that URLs are obviously not human readable, at least in many cases
If we want a human-friendly interface, it seems like we should just have that thing
The benefit of a Merkle tree model is that the mapping is universal, it does not require a broker (still need a gateway or something to map to IPs, though)
(edited)
domain names were meant to be human friendly
and it provides some indirection so you can change IPs without needing to update hundreds of settings to point to the new server
Yeah I don’t know why you say they’re unreadable
Aside from query parameters
Hmmm. Well it does seem that just the domain name is readable, usually
It is the extension that is unreadable
channels/239737791225790464/707742863076622358
https://www.amazon.com/gp/buy/thankyou/handlers/display.html?ie=UTF8&asins=B07K4SSNDM&isRefresh=1&orderId=111-4775530-2979447&purchaseId=106-9455094-0353063&ref_=chk_typ_browserRefresh&viewId=ThankYouCart
I get that within an app URLs become silly
That’s not really what I’m concerned about here
Well, right, but the web is consistently moving towards more app-like, right?
We can distinguish this GET request nonsense from what a URL fundamentally is, though
You could certainly mask the latter parts away, I don’t care
the readability of URL paths has come down a lot since web became more app like
I get the desire to have some human-readable, memorable, top-level universally unique address mapping
But it's not really useful in practice almost ever from a user perspective
I think the domain is by far the most important part, and the part I am pretty bullish about
Domains clearly indicate ownership
Even "using the URL to verify I'm at the right site" requires you to know what the legitimate URL is
Or know what legitimate URLs usually look like
Which is playing a metagame that the average user isn't really equipped to care about, much less play
or that you know that the certificate will be a proof and that you know what the proper certificate looks like
which is a step further down the trust chain
I know that all the details of actually verifying trust will be outside of a user’s grasp, but consider that my mom gets spam emails from “godaddy” that are not from a godaddy domain
The fact that the domain can not be spoofed, in a system that verifies everything else, is really the only thing that can give a human confidence that they are in the right place
Even with the web as it is today, if you replaced the address bar with a search bar 100% completely, I really, really don't think much would change for the average user
@.bmp the browsers have basically done that already
(edited)
agreed, aside from actually displaying the URL
You can achieve all levels of “trust” and verification that you are connected to the “right” computer, but unless a human can look at something and see a familiar name, they cannot actually be confident that they are in the right place
it's more search bar than address bar now, in that they clearly prioritize search
Like, googlee.com could have a good cert and look exactly like the real thing
But it’s clearly wrong and a human needs to be able to see this.
Just throwing ideas out there, what if websites were mapped spatially?
No idea if this is a good idea, but if someone tells you to go to somewhere, what if they could use spatially contextual information?
I have no idea what you mean
Grid of apps on your phone
You don't type in the app you want to run
You go to the right folder and run it
You'd need some sort of fast "acceleration structure"
you searched an app store to get those apps
To traverse to the thing you're looking at, or search them
we're talking about basically all software being available instantaneously to you in some form
Right, but I'm saying what if the "globally unique ID" was the location within a tree?
how big can a tree get before any spatial sense breaks down?
I guarantee I have too many programs on this computer alone for that to work
and how do you guard against close proximity from causing issues
but more broadly, my point is that there is a very important human factor to consider in these designs
and we run the risk of moving from systems designed for human readability (admittedly with some archaic flaws), to systems that technically solve things more robustly but that nobody will actually be confident using.
I would say that URLs actually provide more attack vector than cover by virtue of universal names
Sure you can make sure it's google.com and not googlee.com
you don't hover over links to see what site they're taking you to?
That is why I posit some way of having spatial information.
You know it's not Google because it's not in the right place spatially
(edited)
But maybe you type google.co and it takes you to a completely different website that spoofs google
It's a typo, you don't double-check, you get your credit card details stolen
I think TLDs are goofy and wrong
and what's your proposed alternative?
or getting tricked by unicode characters that have the exact same glyph
goog1e.com or googIe.com
(edited)
I'm not proposing an alternative, I don't think we need one to have a parallel system that operates at pretty much the same security re: spoofing
What DNS provides (and email) is universally federated identity
(edited)
I guess what I am getting at more broadly with the "spatial information" thing is that, if the goal is to make it obvious that something is legit and not a spoof, then a string is just about the worst way you can do that
Spatial information is something humans use all the time to distinguish things
a human-readable string is far better than a practically random string
Along with certs, which verify that the thing you're looking at is what it says on the tin
but what does it say on the tin
So you just need to replace this with some other form of federation
Yes, but is a human-readable string better than spatial information?
There's no reason you can't have a Twitter model for example
You have a username and a picture and a bright blue checkmark
The username/pic say who it is
What if a website was registered as being tied to the geographic location of registration? You couldn't possible mistake googlee for google because someone told you to go to California on the globe to go to Google
(edited)
The blue check says "we agree this is who it says it is"
The blue check is a certificate
who is "we"
1
So, the cert people
At some level you're trusting the people who are handing out certificates
we are talking about different kinds of trust here
@ryanfleury I'll go register for whitehoose.gov on penn ave
@.bmp Well, you'd have some sort of verification of course
a certificate can verify that you are in fact talking to the original entity who registered a name
it cannot verify that that is the entity you wanted to talk to
that is fully outside the system
and whether you use a domain name, or a logo, or anything, you need some kind of human-readable cue you can trust
Right, that has nothing to do with who's handing out the checkmark/cert
if this is right, then the cert and everything else verifies that the rest is right
but you absolutely must be able to know what entity you are talking to
So you have some username, etc that's tied to the cert
Point is all you need is something unique and human-readable
It doesn't need to be a URL
I can imagine either having domains, or having identities of organizations like "Twitter" or "Ben Visness"
but domains seem more natural
I just don't know why we are pretending that we need to have uniqueness embedded within a little thing of text
what use is it if it is not unique?
There's nothing natural about URLs
I don't mean to have it non-unique
But a spatial position, for example, is always unique if you guarantee two things cannot occupy the same place
I don't know what the correct representation is
@.bmp I'm not suggesting that we need to keep URLs in their current form, but for the identity component of URLs specifically, I am proposing that you need something with equally as much human-readable identifying information as a domain.
But taking advantage of spatial information makes it much easier to verify "location"
Spatial information is also not "human readable", a human doesn't need to read anything, they just need to use all of the same navigational skills they use in the real world
(edited)
your primary identifier for the service you are accessing should be unique to that service
but there is value in having the identifier be human communicatable
that way one person can tell the other how to find the service
frankly I don't see why you wouldn't have it be
so you use search all the time, great
Spatial information doesn't obfuscate anything
It is exact, precise, unique, etc.
I'm not talking about spatial information.
I wasn't saying that you were, but I'm saying that it is solving many problems with both propositions of search-based or identifier-based
Or, at least, it could solve them
Again, not sure what the correct representation is
I still have absolutely zero clue what you are envisioning
what if you wanted to tell people to go a certain news site, or you were sent a link?
how would a person verify that the resource they are accessing is correct, "spatially"?
The same way that they verify such a location in real life, in a game, or in any other spatially-defined environment
because I can't look at the sign above the door
We're not in VR, but that doesn't mean we cannot represent uniqueness in a spatially-defined, perhaps three-dimensional environment
I'm kind of flabbergasted here
I guess my point is that, in my head, this is the difference between having to type go to forest in an old text adventure, versus just moving your character there and being able to see all contextual information
(edited)
like, people can know this Facebook is the right Facebook because it's next to the Burger King?
I mean, I'm not proposing an actual 3D world
Where you move an avatar around or something
But the same idea in principle, where you can identify something by its spatial relationship with other entities
This is why I brought up the apps on a phone, even though that is probably not the correct representation either
(edited)
I don't know what spatial cues you're even referring to. It's not like I would be able to see that this website is in a shady back alley
I mean, imagine a shady app called "Slapchat" with a little yellow square and a white ghost appears in a location on your phone that is completely different than the place you usually go to open Snapchat
Are you going to open it?
Anyways, point is, I am not saying that some three-dimensional representation is good or another one is good, just that it seems like humans use spatial information all the time to identify unique entities
When I want to go the right place in real life, I look up its address, I navigate there, and then I verify that I am at the right establishment by looking for its name. This is precisely analogous to how navigating the web works.
I am proposing that you need something with equally as much human-readable identifying information as a domain.
I really don't think this spatial identity thing is a fruitful avenue
Just an idea @.bmp
I absolutely do not verify that I am in the correct venue based on anything surrounding it; I verify it based on its name and appearance
I mean sure if I woke up and all my furniture was moved around, that would be a spatial cue of something
but you have no familiarity to go on when visiting an unfamiliar place
I think it is crazy to suggest that you can verify a new resource, be it a physical venue or a website, by anything other than its stated identity and a trusted third party
You don't have familiarity when visiting a site for the first time, either (what the "correct" URL should be)
this is true, and that's why I look things up on Google first
but that doesn't obviate the need for a domain
Google provides soft assurance that I am visiting the correct resource
If you've looked it up on Google first, you're placing trust in the search mechanism
Which was my first suggestion
it's soft, non-authoritative trust
it's a heuristic for when I lack authoritative knowledge
but if I know the precise resource I want to visit, I visit it
This follows my "find amazon" model
and to my earlier point, even if you prioritize search, I don't know why you would want to obfuscate the name of the resource
and to demetri's point in banter, without a name or another identifier that a human can understand, what is there to certify?
(edited)
1) Google "amazon"
2) Bookmark Amazon
3) Next time, type a+m+a+z+enter in the search bar
What are you certifying? Under my model, you're following your own saved link from your soft-authoritative source
1.5) look for a domain that looks correct instead of just picking the top result
"looks correct" is the metagame I was talking about earlier
most users don't engage in that level of scrutiny
Without a human-readable, recognizable identifier, how can a search engine give you any confidence that you are in the right place?
So you're saying we should throw our hands up and make everything UUIDs, because nobody bothers to check what site they're visiting?
It's pretty weak to suggest that we shouldn't use domains or domain-like things because they can sometimes be spoofed, and many people don't bother
The vast majority of people that don't bother, it's a feature that offers marginal benefit to some users
Anyway I agree that some readable, federated identifier is good and important
Well good, that's the only part I was actually pushing for
But I don't think it's this front-and-center thing that affects most users
Certainly not in the way URLs are "designed" to be used
(entering in a URL in an address bar by hand)
I think it is irresponsible to build a system that masks the user's only chance to verify that they are in the right place
what reason is there to deemphasize that identifier, except that URLs in their current form are kind of gross UX?
the identifier is not the problem
Well, maybe you just have the identifier in an info panel
You bring it up if you need it
It doesn't necessarily need to be displayed to you by default
And for that matter, it doesn't need to map 1:1 to an application or page or resource
I could have an Amazon identifier that is equally valid for amazon, kindle, audible, etc
As you said you need to verify you're interacting with the entity that you think you are (that the identity of the entity is honest)
That entity may (and in reality, often does) command many top-level resources
I'm totally fine if there is an "author" identity separate from the actual resource
that's the app store model and it works
and everything outside the domain in a URL is effectively implementation detail on the receiving end
so I don't care about that
@ryanfleury On the spatial structure note, I don't think I would use that for integrity verification, but I do like the idea as a way to memorize where things are, and generally mind-map your resources (laying things out spatially yourself)
As evidenced by my project prominently featuring a pannable canvas on which to store things spatially
I think spatial cues are great, but how do you expect them to work unless the structure is familiar?
There is familiarity value to spatial relationships
Yeah I think it is a very useful and more effective way to memorize things, dramatically more valuable than remembering a sequence of characters
Outside of that, I'm not sure what value is provided except where the relationships are intuitive
If you step into someone else's house, you need to "learn" their space before it's meaningfully helpful to you
Patterns help establish a baseline
An analogous idea, on the memorization front, is the "Memory Palace" I think it is called
You know to check the hallways first if you're looking for the bathroom
@ryanfleury Yes, that's very much on my mind here
So, it was just an idea, but I think not only can you use spatial information to identify (if you verify no two things can collide), you can also use it to explore a relevant space
But it could be a terrible idea!
Maybe it is correct for personal organization and not much else
(edited)
and some patterns are regulations, like having a lightswitch right at the door
"Mandated patterns" are also useful in that way (though come with drawbacks)
I forgot what we were even talking about originally
URLs came from discussion about networked file storage
suffice to say then that I think it would be interesting to make a system where you can access your "file" data (in whatever form) by an identifying address of some form
such that you could open your data in a web app regardless of what server you had it on
if it's accessible to the internet in some form (authenticated of course), then a program could access and modify it
and of course this could apply locally instead of going across a network
scrolls up oh in house server for IOT shit
As a broader point I do think the federation issue is a big one, and needs careful consideration - I think individuals should have their own federated identity on par with organizations (URLs and email handle this separately right now)
well they are arguably both handled by the domain name system, but of course everybody just has gmail
so everyone gets a identifier that they can use to set up a personal server on the internet for their stuff?
you definitely need something more stable than an IP address
there's no concept here of getting rid of the cloud, but potentially (personally storing your stuff)
(edited)
the function of the server is mainly in-home and as a gateway for your data
you could of course have a cloud backup service all the same
I think finer permission gating is useful here though
as a first-class function of an internet-first OS
(relating back to the actual topic of this fishbowl chat )
e.g. back up all my photos tagged "family", "friends", "selfie", whatever
do not back up photos tagged "naughty", "private", etc
instead put those in a sub folder in tax docs
"if the red panic button on the home screen is pressed, delete delete delete"
this is a big concern with iCloud and similar that could be solved pretty easily by being able to be more granular about what services can access
maybe people aren't as concerned as they should be, but people are generally at least somewhat distressed by things like massive leaks of celebrity nudes
and even very security-unaware people go to the lengths of having fake calculator apps on their phones and stuff
when your nudes are only protected by a 10 character string, they are not safe
not sure how much you can do systemically on the password front
long password requirements tend to just turn people off the service
or result in them writing it on a sticky note in their wallet
you can do stuff like secure hardware token
sure, but since most of this stuff is done on smartphones, not that useful
if you carry both on your person, no benefit
but they'd have to steal your keys and your phone
which is much lower opportunity window
fair enough, depends how it happens
you could leave both in a hotel room
but yeah if you're talking pickpockets, or even just forgetting your phone on a park bench, uber seat, whatever
I do think hardware keys are a good idea, they at least address the issue from the non-physical side
eliminate the need to have short, memorable passwords
most of the attack vector is online anyway
they don't protect against hacks and stuff, but when it comes to hacks you're just out of luck
all you can do is hope whoever has your data is security-conscious enough
(and be aware of who has your data...)
End of Fishbowl Day 1, thanks everyone for participating! (Logs will be posted soon)
If you have an idea for a Fishbowl conversation, throw it in #network-meta or DM me!
3
2
3
1
1
1
1
1
1
1
1
1
