Deno, a new way to JavaScript. Ryan Dahl. JS Fest 2019 Spring

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments

There are already recruiters looking for people with three years experience in deno.

👍︎︎ 131 👤︎︎ u/GooberMcNutly 📅︎︎ May 05 2019 🗫︎ replies

In 2029, Ryan will introduce his next experiment - Oden

👍︎︎ 126 👤︎︎ u/Farmerdrew 📅︎︎ May 05 2019 🗫︎ replies

Can’t wait to program in the MERD stack!

👍︎︎ 53 👤︎︎ u/misterlight 📅︎︎ May 05 2019 🗫︎ replies

Can someone explain to me how directly importing modules from online is not going to be a giant security risk?

If someone comes by and manages to hijack a common and popular package, and use it for some sort of nefarious use, how is this behaviour going to be prevented by deno?

👍︎︎ 15 👤︎︎ u/frankimthetank 📅︎︎ May 05 2019 🗫︎ replies

This guy literally tells numerous times that this is just a demo and it won’t replace nodejs whatsoever. And yet bullshit responds like to this post are implicating that false assumption... The stupidity that comes with those reactions is impeccable!

👍︎︎ 9 👤︎︎ u/ohcibi 📅︎︎ May 05 2019 🗫︎ replies

Here’s the link to the deno GitHub: https://github.com/denoland/deno

👍︎︎ 2 👤︎︎ u/esthor 📅︎︎ May 06 2019 🗫︎ replies
👍︎︎ 1 👤︎︎ u/Felecorat 📅︎︎ May 06 2019 🗫︎ replies

Erm... this sounds easier to understand than node.

edit: I deno why I'm getting downvoted.

👍︎︎ 1 👤︎︎ u/rickdg 📅︎︎ May 05 2019 🗫︎ replies

Does Deno have automatically barreled folders? So many index.ts files

👍︎︎ 1 👤︎︎ u/apatheticonion 📅︎︎ May 05 2019 🗫︎ replies
Captions
good morning you are a lot of people it's kinda scary so I want to talk about my project demo and I always have to give a bit of a disclaimer when I talk about this because this project is experimental and it I think you know a lot of developers might feel confused by this and because demo is a piece of software that it acts very much like no and it dissolves a very similar problem and I would just say that this talk is geared towards the more enthusiastic people among you people who are you know interested in kind of experimenting with with how software could be differently especially this is relevant note software so I would just say that if you're a new developer you know don't don't panic you know no one is going to be around forever and you know just go get a coffee so I guess demo is a command like no time it's it's a new code base it's probably eight months old maybe you've been in haribol at this plan and just to orient you in the world of software this is this is a primarily built on top of the 88 is the JavaScript runtime inside of inside of Chrome much like which is the same at the end the 1002 uses demo is written in rust instead of C++ and instead of Libya feeding again this is gonna be a bit technical but if you know what Levias the corresponding element in in demo is is a library called Tokyo and it uses typescript compiler type that the compiler was actually built in into it so these these four pieces of software in in some way defining the project so naturally your question is why why would you do this notice notice a thing and it works and is a networking well and yeah I mean it is working well and this is you know successful piece of software and many people are using it in 2009 javascript was was very different we didn't have a lot of the conveniences that you have today and the language has has changed quite a bit so yeah in particular there weren't typed arrays back then like JavaScript only had strings and so you know trying to do TCP sockets with with just strings is is kind of wild there's a new module system in JavaScript by the way I have to like gauge your your interest and knowledge here so do you know what es modules are okay it's bad when you just get blank stares like okay yeah so there's es modules now this is this is a fairly radical change to to JavaScript right so you you have these import statements instead of require and modules are statically resolved as opposed to dynamically resolved so the quite quite a big change and of course there's the the async await stuff which makes non blocking programming completely tractable so you don't have to have callbacks everywhere and indent your code you can you can do async await you know what async await is yes okay good yeah so I think that these things are killer features so great and node would just be look very very different if if these things had existed in 2009 and yeah I think you know no node solve some problems but I think it also has some of its own problems in particular the module system so this this whole require thing and this node modules you know your node modules folder this was just this was an afternoon and like where should we put the modules let's put in node modules I guess like you there it was an afterthought the the core design element of node was based around this idea of doing non-blocking i/o so it was you know essentially a web server a programmable web server and originally did not have a module system and essentially these things were were tacked on as they were needed by users and I think the resulting product the the resulting software kind of displays that that lack of design yeah I mean in particular you know we have NPM and which works and is great but it's it's a centralized repository right there's a there's a specific server that you go to to get NPM modules and this is not very webby right the web is about decentralization and yeah another aspect of this is that the v8 VM of course is is a secure sandbox right it until you start poking holes into it supposedly it can can execute secure code execute user code in a secure way I should say and when you run a note program like you you have no no no idea of security anymore right like the anybody could like your SSH keys right there's there's no there's no permissions like when you run something in a web browser that's that's somehow secure right that nobody can access your SSH keys so it's it's kind of regretful that that well I should say you know this is not a problem just of note I mean Python has the same problem if Python Python can also in any Python program can also access your SSH keys right the problem the the the thing is is that node could have been secure right had had we been more careful in when we poked holes for TCP sockets and poked poked a hole for for a file system access we could have been we could have maintained the the sandbox and in some way yeah so I it would be a very nice feature to have and I think in general you know I I myself basically spend my my professional life in C++ and rust and go and kind of statically compiled languages and I think some people might ask why isn't the time of dynamic languages kind of over like aren't we moving to compiling everything into wasum and and binaries and I disagree with that idea I think that that definitely it's like rust and go have have made low-level systems programming like much more accessible to people but at the end of the day I mean I I still am writing a lot of proto scripting right I script all the time right maybe I need to like maybe I have a directory of files and I need to rename a bunch of things or you know maybe I have a big database and I need to kind of massage that data in some way I'm not going to by a rust program to do I'm not going like bust out C++ to do this like this is this is something that they you would want to do in a scripting language and I just think that that these scripting languages are so useful and so important that it yeah I think I think it's worth trying to get this right so yeah essentially this this project is is just trying to make my my own personal workflow the way that I want it for dynamic languages i when when I was growing up I learned Perl for the first time and you know after having studied C in college and uh it was just like it was mind opening to me cuz it's just like oh my god I can I can do so much with this it's like I have you had this this experience you know like when you first really wrap your head around your first dynamic language it's it's it feels very empowering yeah I think it's I think it's important to get this right so in some ways I'm trying to build my pearl that I can use so demo is attempting to correct some of these mistakes so it's it's breaking compatibility with note so no you cannot run your note programs in demo and no I'm not going to try to make that work this is kind of the benefit of choosing a new name and going and it in a different direction note is is a very stable piece of software at this point and that's a good thing like you know there's committees to decide on API changes and you kind of you want that in a big stable piece of software but to be compatible with node would be very difficult and would be would mean making compromises and since this is an experimental project I mean what the hell let's let's let's just be experimental right so it's it's it's very new JavaScript so it only uses yes modules and it does not use NPM there's no there's no package manager at all in fact there's there's only a URLs that you can import so have you ever have you gone into the web browser and tried to like import from a URL yeah possibly like you this this works these days right like you can the yes yes modules work in web browsers so essentially the the denno module system the demo package manager is is is URLs and I'll demonstrate this and denno is trying to be secure by default and I'll show you what that means hopefully and yeah denno tries to be browser compatible so yeah like originally node we like I like for example when you print to the console right console log originally this was just called print like I didn't know anything about web browsers so I was just kind of defining functions left and right and at some point somebody came up to me and they're like why did you call it print why not console.log and I was like mmm that's a good point the point is that these no no did not have have the the goal of being completely browser compatible and it's an important thing to kind of set out to do from the start yeah so let me just open a terminal and and play around with this and give you an idea of what the hell I'm talking about so can you guys see that so that visible okay so I've got I'm just going to make a new directory here so right so here's here's den oh and right when you when you execute it without any command-line arguments you you get a repo much much like note by the way I mean if if you're looking for something amazing happening here it's you're going to be sad because this is these these are going to be very normal sort of things that you can do in in note but hopefully I can convince you why this might be interesting so if you do - H if you look at the help you see all these options here that are like Oh allow read allow Rai aloud net like mmm what's what's this about so this this all get to a bit more but this is this is essentially the the the permissions that allow you to opt out of the sandbox and denno has typescript built in as I mentioned so I it can run JavaScript and does fine but I very much like typescript I think I think Microsoft has has done a fantastic job with it and I think it's you know it should I'm convinced that that typescript is essentially like the next version of JavaScript so anyway what's something nice that we can do is is denno - - types and we can tell you exactly what the runtime provides so if you if you do this it prints out all this stuff and you're like what was that so I'm going to pipe it into vim and then I'm going to set my file type to typescript okay and so this this is a declaration file that that kind of defines what is in denno and so you see there's there's a denno namespace and there's denno kid so maybe if I open another terminal here next to it we can examine this a little bit so like denno dot pid' will give you the pit right so there's this there's this capital denno object it's a global variable and it's essentially a flat namespace that kind of contains all the native functionality that you would want okay so you know in in node you might do require net require FS all of that stuff is basically packed into this thing and it's a flat namespace because I essentially know what I'm going to be exporting from this and it's it's essentially a POSIX sort of API so you know maybe maybe you're looking through here and you might find something like open which is you know what what would you expect open to do oh it it opens a file of course right so yeah everything everything in inside of demo is is defined in this declaration file including things like like webby webby sort of things console object is here I guess yeah okay so anyway quit out of that and yeah let's let's write a little program here so the I'm going to write just as an example like cat like the UNIX cat program so it it takes a a file name as an argument and prints it to standard out right so what does that look like so let's just start with demo I always like to start with with some console logging some console log action makes everything sane so let's just print the arguments that's the command-line arguments so I'm going to run cat Jas and I'm going to try to print out EDC password okay so that's printed the that's printed the arguments you guys can see what I'm typing right yeah okay one guy can great so let's let's pull out the first argument here and say let file name hold that and what are we going to do let's let's open this file right so let's denno dot open file name and of course demo is is a non-blocking i/o of course and so this this this guy is is something that accesses the disk and you know thus returns a promise and so we need to await the the result here we don't support top-level await yeah unfortunately I would like to at some point so we need to wrap this whole thing in an async function so I mean I'm just going right like main and an async function and put this guy up here and then I'm going to do like that now look good and let's just log this file object and see what it looks like Oh didn't do anything all right I have to actually call me in here okay so so the first interesting bit is is that it's like demo request read access to easy password do you want to grant this so as I said before like denno has this secure sandbox by default and you know obviously you don't want to allow people random scripts to cat your EDC password file and so if I type a allow always it's going to succeed if I ran that again and typed no we're going to get a permission denied prompt okay so yeah let's let's run that and note we get this this file object out of there and it has this our ID thing our ID is essentially like a refile descriptor resource ID although we don't call it file descriptors because it doesn't map exactly to file descriptors but yeah let me show you something interesting so this idea of resources in in in POSIX right in UNIX this file descriptors is is a fundamental concept right it's an open file or a socket and we we have a very unix e flavor here and so resources are very central to demo and we have a way to to examine those things so I'm going to console table demo resources to print a table of the resources that are that are open right now and maybe I'm going to do that before the open and after the open so also by the way you can always op doubt of this password prompt with the - a right okay so so check this out so before this these are these are the resources that are open zero one and two standard in standard out standard error what very eunuch see right and after we've opened the file you'll see that there's a there's a new file descriptor number number three here right and yeah denno has something like close and you can close any file descriptor so let me just try to close three and print that out again and see what happens okay so here's the first one and here's the second one with the file open and yes we we have closed it in the third one right okay so anyway I thought a little deviation from what I was talking about we were trying to write a cat program here right so what do we want to do we want to print this to standard out so you you get standard out with denno dot standard out and the way that you can copy things copy to streams so it's standard out is is a resource itself and and yeah I would say I've thought quite a bit about this function and this function although I won't go into it in much detail I think is optimal and is is a zero copy copy and this is this is very much modeled after goes standard library if you're familiar with it any go programmers in the building here one guy I know there's there's somebody great well you too this is all for you [Music] yeah okay so yeah let's let's let's copy it to standard out and this this too is an async function so let me let me put that in there put in the await there and tada I have now printed standard out okay so just just a little flavor of what denno is doing so yeah I said before that it's kind of more webby than normal so let me try example two Jas do you guys know what file name does in node it's yeah okay so some people do it's it's the current file that you're in right so so this file was ex2 more underscore file name it drives me insane like why why did I choose this name I don't know bad choice you underscore underscore file name does not exist in denno this this will crash I would never put that back in there so the question is how do you get the current file name there's a very web standard II way of doing this any any brave person want to yell out what what potentially that how do you do this in the web browser hmm no yeah okay I I think somebody over here got it I'm not sure what you said but location okay yeah let's try it location.href okay so so yes actually there's a location object and yes this this is actually printing a file URL there's also this weird thing called like import meta URL do you guys know that one so those two things actually are the same things there yeah let me import another file and and let's examine this further so I'm going to do X to Foo Jas this is another file here and I'm going to create a function foo and I'm just going to print these these two things in foo as well and I'll prefix them with foo here just so we can know what we're talking about and I'll export this guy and I'm going to import food from dot /ix to underscore food ijs yes by the way you must you must leave the the the the file name extensions in there this is this is exactly web compatible es modules right so let me run this again oh should have printed so I have to actually call foo here okay so so yeah so in in this is this these are the guys from main that we saw before the first two ones and these are the guys from foo right and in foo location dot H Raph oops don't know what that was okay in food location.href is this ex2 je s and the import meta URL is is e ex - foo j s so you were wrong guy over there and it's not it's not actually location so location is is the main file actually and and the import meta URL is is the underscore underscore file name and yeah this is this is a random example of course but i'm trying to give you a flavor for what I mean by kind of browser compatible we we try very hard to to make this something that could also potentially work in in the web browser let's see oops wrong way yeah let me let me show you a little bit more interesting things so let me try an echo server so this is going to be a TCP server that you can cat stuff too and or you can you can send data to it and it's going to send back the same data right so how do we do this so first of all I'm going to pull out some guys from from this demo object so remember this this demo global variable here I'm going to pull out listen and I'm going to pull and I think that's all I need and then I'm going to create my boilerplate so annoying function main and blah blah blah okay and then we'll do listen and we do listen TCP and let's choose or 8000 and so this will create a server which I'll call s right and just to make sure that everything is working let me let me just log that and see if that works so demo echo server J s Oh didn't do anything oh good gonna actually call me here ok so again we're we get this put this prompt Dino requests network access to listen should we grant that well let's just say allowed net okay okay so we we've we've got a new listener socket here right our ID 3 and what can we do with the server we can accept a connection right so let's let's try this let sock it equals this accept and accept of course is an asynchronous function so we have to we have to do it in a wait here and let's just try to let's let's write something to the socket right so sock it right oh this brings up a point so demo works very much on the level of typed arrays so so un8 arrays so this sort of thing writing a string to a socket we don't handle this not at all we only deal with TC with with typed arrays so there there's no there's no implicit encoding so actually what I need to do here in order to write this message is I need to encode this this message into a un8 array and i always forget how to do this is it text encoder decoder oh and you guys are worse than me okay encoder encode let's let's try this hello I think this creates a un8 array I am Not sure of course I should have tried this before I got up here on stage right so okay there's the hello object let's let's try it again oh yeah until they worked okay so yeah now now let's connect to do that let's let's try to connect to this server and I'm just going to do Usenet cat so net cat localhost 8000 and right okay so let's let's improve this slightly will do a while true loop here and then we'll do yeah we'll put that in there blah blah and let's use that same function that we used before that copy function so let me just pull that out here at the top copy and let's copy sock it sock it okay I think that should work so there we go we've started it and we got something and we can say blah blah blah okay it's it's sending back the same data to me right yeah I think we can connect again yeah seems to work okay cool so that's essentially what the what the TCP server does in node the HTTP server is built in to belt built into node and demo we have what I consider to be a quite nice module system Oh going quite slow I have to speed up here HTTP server is oh you know let's let's let's switch to typescript although it's it's a bit difficult to do typescript in a live audience right I mean the whole point of this this kind of JavaScript typescript world is is that you can you can prototype and you can hack very fast in in JavaScript right this is great and you know slowly over time you can kind of build you know if this if if you're hacking kind of turns into something that you want to reuse then you can slowly start adding types to it so it so this kind of optional typing model of programming I think is great for dynamic languages right you often start with a prototype that slowly migrates into something that needs to be more robust anyway so so here's here's how we do a HTP server it's an external module so we're going to import serve from the hgp module which is hosted at den ole and standard HTTP server ts okay and again have to write my boilerplate I can't wait for top-level await it's going to be so nice ok and let's just do serve and I think we can just give a poor 8,000 and I think that's going to give me a server and I'm going to console.log that guy and see if it works ok kill that let's try this again not with echo server but with hgp server mmm ok so got this this weird message here downloading something so demo can download and fetch modules itself so it does act as its own package manager and yeah let me complete this example and and let's try to examine this a little bit more so for oh wait this is how this is how the web server looks in in denno so so you await a request with this this for await loop and I can console.log got a request and let's see if that works ok running for that request of oh yes ok it hasn't printed anything let's curl localhost 8080 no the request got another request just for the sake of completion let's let's create that hello message again new text encoder encode hello new line law and again we only work on the level of type to raise so and then we do request respond and we can give a body which is this hello object let's try that again I'll give this - a because I don't want to mess with that and we got hello response ok so so that works so right so this this web server as as I mentioned is is not is not part of denno built-in right it's it's kind of part of this this third-party module system and well we can examine this a little bit closer by doing down OH - info so when you do this it kind of prints some information about the the program that you're currently running so it's a typescript program it's located here here's the compiled j/s form which is in this weird directory here maybe we should check that out so there's there's this cache directory and yeah what's what's in this guy there's there's the adepts folder and there's a gen folder if we look in the gen folder you'll see all these compiled assets source maps and and JavaScript and in in the the depths folder you'll see HTTPS and you'll see raw hub user content and dental and and Dino standard yeah so so this is this is the the the cache where where it downloads stuff to and you might feel a little weird about this like how can you rely on you know if you're on an airplane this isn't going to work like how is how is this supposed to solve your your module problems like you know you can't rely on the internet being there all the time and I would say I think this is this is completely a solvable problem in particular you can take this cache directory and you can for example check it into a git repo and then you can set an environmental variable called Den odor this this guy and then it will always resolve from from that from that directory right and so I in that way like you don't need to rely although you're still referencing URLs they're cached and you know they're cache because you've you've sent this this environmental variable so I think I think this is this is quite like a nice little module system yeah so mmm I kind of need to skip a bit here but I would say denno is organized in a bit more organized way than then note is it's it's much more like a operating system right so so we don't trust user code so this these are kind of like processes right and we have web workers and so you can you can kind of run different processes here and we have this idea of ops which are essentially syscalls ways to break out of the VM and all calls in denno all things that exit the VM are organized as an OP and ops send back and forth array buffers un8 arrays specifically and along with ops you have file descriptors which kind of talk about a resource that is allocated outside of is is managed outside of the VM so something like a socket but there's there's other things too and yeah well I I think you know you can kind of summarize it with with with this drawing which is an extremely simplified way of presenting this but essentially we're just sending unit eight arrays back and forth okay and so people who implement kind of functionality inside of denno in in kind of the rough side of denno native functionality they don't get to have access to v8 handles themself they're sending back and forth typed arrays and yeah that's very oversimplified and this this this diagram actually is way oversimplified to but you know it's it's a bit more complicated than that but essentially the design philosophy here is that all things should be ops and all things should be sending typed arrays okay and and I think this is a this is quite a nice way of organizing a VM so you know I think there's there's use cases I think JavaScript is is extremely useful dynamic languages are extremely useful and and JavaScript in particular is kind of the best of these and yeah I think there's use cases for this where you know a browser is not appropriate and also like node / demo is is also not appropriate there's kind of like this in-between use case so for example imagine you're implementing a new database right and imagine that you want to have a MapReduce function and you want to give your users the ability to send some some JavaScript to this database to do a MapReduce write or imagine you're doing some sort of serverless type system where you you want to give you you have essentially a web server think CloudFlare workers or lambda edge and but you want you want to kind of you know present an easy interface to kind of scripting this this web server right you know shelling out to node it's kind of inappropriate this is largely what people do to solve these problems node has all these security concerns so now you have to run in a docker container and you know there's there's you're going to have to have all these files there's there's a you need to have NPM installed you need to have some way of like potentially installing modules at the other end of kind of the spectrum is is like Ravi eight like like why not just use Ravi a well Ravi a is very difficult it's it's it's it's essentially not approachable to many people and I think that there's a middle ground here and with the design of demo we're trying to address this by kind of having this this tiered architecture where we have a lower level API which is published as a rust crate and yeah this this API doesn't include a lot of the stuff that I just showed there's no command-line utility so essentially all this gives you this this crate is a way to send by typed arrays back and forth from from v8 like everything else is up to you you you have to do everything else but it does kind of the heavy lifting part of mapping promises in JavaScript to futures in rust and futures is essentially the the promise analog in in rust so it's it's saying in FF I would be too strong because it's it's not that automatic but essentially you can you can program this this this correspondence between defined promises in JavaScript and things in in rust and you do it by implementing this this crazy callback here which you know is is rust so probably not intelligible to you and even if you know rust it's not going to be intelligible because it has all these types that you don't know we're working on this interface and we're I think it's important to get this right like this is this is kind of on what everything sits on top of everything sits on top of these ops that send back and forth typed arrays yeah where there's a lot of problems there they're trying to be solved here one of the things is is the user space like this a cheapy module that I showed you lives in something called denno standard it's a standard module set we didn't have this with node every all the standard modules are basically built into node and what this created was was a situation where there's a lot of little utility modules on the in NPM that you know you end up kind of getting into this dependency health situation where one person kind of wants this thing but that depends on that one and then and suddenly you have like 10,000 modules that you depend on the idea what this is that if we have a standard set of modules and we kind of push everybody to put the common utilities into this this standard location that you know of course your dependency tree is going to fan out but hopefully it terminates relatively quickly right it doesn't it doesn't keep spreading like this so yeah the the the the core things that this provides us is that essentially it's reviewed by me so you know you can be somewhat confident that it doesn't have some hack in it and it doesn't have external dependencies so so once you once you depend on something in in denno standard your dependency graph terminates so this is this is one thing that tries to address the dependency help problem the other being kind of our use of this very simple module system I namely the URLs I should talk about performance so we we measure a I'm very I don't know kind of a performance freak yes there you know this is this is kind of what what I like to nerd out on and so we we track performance on every commit and we're we're being very careful that we kind of push the project in the right direction over time and so this is a graph where of startup time and so bigger is bigger is worse smaller is better right and this is this is a graph over the course of a couple of months where we we basically pushed a certain benchmark startup time from like two seconds which is ridiculously bad right down to I don't know point point zero one seconds it turns out to be like 3 X faster than node who cares no it starts up very fast anyway the the performance problem that we have not yet solved is kind of I mentioned there's this op ops model where everything kind of sits on top of this st. this this message passing interface and so like this is the entire bottleneck for the entire system this this dispatch function right and that's good because if we can make that fast then like basically all all of the ops become fast and and so we designed it in this this way so that we we kind of have this one place that we need to make fast and currently it's not so fast so this is a HTP server benchmark where bigger is better this is requests per second and at the top here is is a this this green guy is a pure rust web server so this is kind of the upper bound of what should be possible on on this machine down here on this purple line is is demos web server that I demoed earlier very bad well I would say not very bad it does thousands of requests per second it's fine but you know it we're kind of not okay with that because nodes web server is this blue line over here and actually let me zoom into the to the side here so the thing that we're working on right now and you know part of the reason I came here to this conference is to try to entice some of some of you guys to that who may be interested in these the performance problems and coding and rust to have a look at this because I think these are fun problems to solve so demos TCP server is is this brown line here and nodes is is here this this this pink line so notice notice a bit faster right demo core itself if you throw away all the command line utilities and you just implement a very basic TCP server on top of that demo core module that crate that I was showing you earlier it's actually quite fast it's up here right so what this what this tells us is that there's a performance gap like essentially this brown line should be up here by this by this red line there's there's some bottleneck in here okay and and I'll just tell you it's it's our serialization of the ops that gets sent back and forth we understand what what is causing this and so this is a performance gap that we need to close and yeah I would just say that these are fun problems to work on because we track them very carefully and so you know if you can make the plot go in the right way then you can be a hero maybe just just for one day yeah so right roadmap so demo as I said is an experimental piece of software and this is of course a very ambitious project and you know node works so all of you who are you know less than five-year-old developers ignore everything I've said go use node don't worry about it okay it's going to be around forever but yeah we find I find this interesting and I am going to pursue this it's it's getting a bit better I used to give this talk and not demo anything because it would crash every second it gets a bit it's a bit better these days so hopefully in the next couple months maybe by the end of summer we'll have something that I would consider calling 1.0 we have to deal with these i/o performance issues we need to you know paralyze the code loading pipeline when you import like a like a cheapy URL you'll see a bunch of downloading things it's it's quite ugly we're going to clean this up it'll be quite fast like like a web browser we don't have SSL support yet we have to do that yeah and well some other things you know we've we've kind of built up this this kind of base functionality this new code base which i think is kind of well well designed in in my humble opinion and I think that now that we have this this this base and it's starting to become usable we can start doing cool little one-off things and I'm very interested in v8 snapshots and I think there's there's cool things to do there yeah talk to me if you're interested in such things eventually someday and you know once all of these kind of basic issues are solved WebGL is is on the horizon this is you know I have some statistics homework to finish and WebGL would allow me to do this so yeah but not not yet and yeah denno is not just myself it's built by a number of people in particular Bert Bell der Kitson Kelly and and and Kevin so it's it's an open collaboration and I would yeah welcome anybody who's interested in this sort of thing and maybe I have some time for questions do i yeah that was a long rant first thank you for the talk it was really interesting my question is about permission systems for example if I'm not doing micro services in docker in this case the permission system is not so useful for example I'm doing the web server with the monolith that definitely would require file system permissions web permissions and all other then how can I be sure that some of the requirements of my requirements would not get my ssh folder what is the reason well you understand yeah I mean you're going to have to I mean at this point like what you would do is you you would run your code and you'd kind of step through and not click accept all but just kind of yes yes yes and you kind of get some idea of where the requests are are coming from the the point is with with this security system is not necessarily this this kind of prompt model that I showed you here but just though that we are aware of this and we're trying to maintain it so I think in the future we could have kind of better utilities for for inspecting where where people jump out of the sandbox and you know better better than these these prompts here but the point is is that you know if you can jump out of the sandbox we consider that a bug that needs to be needs to be fixed so yeah but how can a different differ my request to my config file and the moleculus request today my association folder you it's the same permission say that I can if for example I'm starting web server and I give it permission to read file system to read my config file for example yeah but after that any it's any subsequent guys can access something else so then yes then they might access your your SSH key yes so if I have at least middle sized application I would have all permissions but on by default and what is the meaning of having them in the first place that you have some inspect ability rather than none yeah of course when you when you run it you're going to have probably everything turned on because you kind of know what it's doing but when you just start running things especially when you when you just start running a program for the first time and you know by the way like let me show you something so demo HGPS so this is this is a little web server a standard HTTP file server dot TS so this is a little program that can browse your your local serves up your local directory right and when I run this it's it's going to ask me for for a prompt and I'll say yes and then it's going to ask me if it can accept things and I'll say yes and it's going to to give me a URL that I can visit and I'll try to curl that and it's going to ask me again to if if it can accept the connection you know I'm clicking yes each time and if it can read this file and if it can read this file and if it can read this file the point is you have this this very basic form of being able to step through your code and see these sort of things I think in a future version it would be nice to have like more robust permissions that aren't just binary but you could like say oh I want to give it file system access to this sub-tree this is you know essentially an easy feature on top of this this more granular permission system I'm going to just click all here just to so I'm not randomly showing you something see - 700 dot 1000 no no for 4,500 oh wait let me let me do - all run this program so this this serves up my my local directory and I guess the other thing I wanted to point out about this is that like you demo is kind of like a browser for scripts in a way like you can you don't need to download these programs like you can you can kind of go to them as as URLs in itself we do need more we do need more granular permissions it would nice to be nice to have like a whitelist for network connections to be able to say like oh I only want to allow access to Google com these are these are essentially easy features on top of what we have now Thanks so I believe it will be successful project I'm concerned about import statements are this can we use variables no you can't is part of the specification so it's it's evaluated statically ahead of time right so you're you're concerned about the case where you know oh I read somebody's SSH key and then I kind of stick that into an import statement somehow like question mark SSH key and well I mean a note package manager is like Dino package manager I think there should be something like this I think there needs to be some economics on top of this where we're working on kind of the base system and and making this economic is a little bit you know essentially making alias to some of these commands ok wait where you do you see Dino against no Jason let's say five years oh I can't answer that this is a very experimental project it's is not at all clear that it would live beyond the year so you know well it's it seems it seems interesting but yeah I I don't know all right thank you do you see any real-world cases for Dino yeah sure I mean I like I said like this is trying to be my pearl so this is what I want to be my my main scripting language right I I want it for you know renaming files kind of one-off sort of sort of things that you would do but I also want it for all the situations where I would want a dynamic language inside of a larger system so hence this this rust crate situation so yeah you know if you're writing a database and rust like please come talk to me like we have things to discuss so yeah I I don't know how many of you are have tried rust it's very nice it's super nice super hard but very very nice try it it's it's an interesting language hello hello I'm him no I hello so the my question is about Tokyo and how much it will differ from Lee BV how much will it follow the same architecture maybe design ideas that thread pool a synchronicity and everything else how will it differ and/or house what I say or how alike will it be so Tokyo is is different in that it executes these futures on many different threads so it I think it's it's more similar to like the the Linux kernel scheduler it's it's much more of a scheduler than than then libuv which is really based around a single event loop and I didn't mention in here but the VA isolates sorry to get technical here the VA isolates are modeled in the create as as futures themselves and so what's really nice is that because the VA isolates our futures and they're running and tight inside this Tokio thread pool they get kind of scheduled to different places right whereas in node like you really allocate an entire thread to to executing a single isolate and so potentially this this allows you to run more workers than than you normally would and also things like like TLS when when we get to this will be done in in the rust land and so they can be done a that can like TLS can be decoded asynchronously from from from the the v8 runtime and basically we can offload a lot of stuff to the thread pool whereas in libel UV the thread pool is much much more just for like blocking file i/o thank you thank you you can meet Ryan you can meet Ryan at the
Info
Channel: Fest Group
Views: 87,106
Rating: undefined out of 5
Keywords: Ryan Dahl, ryan dahl deno, ryan dahl 10 things i regret about node.js, ryan dahl node.js, JavaScript, ryan dahl node js presentation, ryan dahl golang, ryan dahl original node.js presentation, deno js, deno js ryan dahl, deno js node js, deno js api, v8 js, node js v8, v8 js engine, rust vs node js, rust vs js, node js rust, ArrayBuffers, async-await, deno js уроки, deno js обзор, как работает v8 js, движок v8 js, async await js как работает, deno js огляд, як працює v8 js
Id: z6JRlx5NC9E
Channel Id: undefined
Length: 59min 2sec (3542 seconds)
Published: Mon Apr 08 2019
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.