0:00:09so i i'm martin robinson and i mean a gully and they work and what
0:00:16and i
0:00:18so they wanna talk was it about the work we've been doing with like a
0:00:21G D K and especially i'm gonna focus on some practical things for people who
0:00:28in bed but okay
0:00:30some changes you'll have to make if you for your application directly to
0:00:35i just wanna say like to preface this talk by saying that for us to
0:00:40make a G T K this
0:00:43this table really celebrity was really a revolutionary step in the development of the library
0:00:48rather than on an evolutionary step really changed
0:00:53one of the characteristics of the library so
0:00:56we're actually really excited about it
0:01:00so i suppose there with a quick review for those of you who aren't
0:01:04intimately familiar with like it talk little bit about
0:01:09what is what it is for so
0:01:12what it is
0:01:14is what's referred to as a web content engine which basically means if you have
0:01:18a web browser everything inside
0:01:21inside the chrome in that little box
0:01:24is rented web content and that's what the libraries responsible for
0:01:30as well as some ways in which that content touches the outside world
0:01:36so right it processes in renders web content and processing includes both parsing the H
0:01:42T M L and the C S in rendering it as well as running the
0:01:46java script
0:01:50it was started as a for kick H T M L and for a little
0:01:54while it was closed source but eventually with open source and two thousand five and
0:02:00on the page one of the goals of the project is actually that it's open
0:02:04source that it's
0:02:06this is usable and visible to everyone
0:02:10as well as these to sort of companion goals compatibility in compliance compatibility meaning that
0:02:18there's a lot of content on the web and that the engine should be able
0:02:24to render that content
0:02:26it shouldn't break websites that exist
0:02:30the actually the their criteria for breaking websites
0:02:35it has to be something very important and websites have to be a very small
0:02:40percentage of other sites on the internet for instance on the blink mailing list recently
0:02:45they were talking about removing the feature and the feature was use on something like
0:02:50a percent of websites and some was like that's a lot
0:02:54and it is a lot when you have millions and millions of pages that's a
0:02:58lot of pages
0:03:00so the other part of this is compliance which means that the engine should be
0:03:05should be
0:03:07compliant with the specs
0:03:10and is a kind of a competing goals away because sometimes to be compatible with
0:03:16pages you need to not be compliant with the spec so it's always this kind
0:03:22of back and forth conversation we have
0:03:25obviously stability performance are important because the web browser should be fast and it shouldn't
0:03:33also security which all talk a little bit about more about the security issue is
0:03:38very important portability it should be written in a way that's that makes it useful
0:03:43a lot of systems not just a mac not just intel computer usability in package
0:03:50that would be and hack ability is really a statement about the quality of the
0:03:54code the code to be written in a way that's easily readable easily changeable
0:04:00it should be abstracted away and in the right amount not too much not to
0:04:04will just enough to make it easily hack able
0:04:09you never wanted to be a pain to have to go change the code to
0:04:13fix about
0:04:14any time there's a barrier in the way that means less bugs will be fixed
0:04:18and then they also stay on the website some non goals which is in some
0:04:23sense equally important because sometimes you shouldn't be turning this wiring tool for web browser
0:04:32it's not meant to be able web browser it's meant to be a component it's
0:04:36reusable inside webbrowsers
0:04:38so they need to be a dividing line between what features go in the library
0:04:42what features belong in the embedding application recline
0:04:48it's also not a science project it should be which means that it should be
0:04:53relevant to what exists in the world today it's made to render web content that
0:04:57exists it shouldn't necessarily be place to experiment with things the
0:05:03people will never user are important right now those things can be worked out in
0:05:09what you can meet them halfway
0:05:12the third thing here is it's not meant to be split into a bunch of
0:05:18reusable components which is kind of and sometimes in contrast work with going on because
0:05:23a lot of times in get home when we see that there's a piece of
0:05:27going on that's useful for a lot of other tools suisse you know split into
0:05:30a library and web get the fourth is a little different you know
0:05:34every time you split a something out to library there's some overhead and maintaining that
0:05:38you have more consumers
0:05:39so it's a little it's a little bit more
0:05:43i guess like of a hermit community you know where together working on this thing
0:05:48you don't always wanna likes but also means we can
0:05:53right so another the interesting about what is it split into things called ports
0:06:01you can kind of see what is going there's a T K pork important you
0:06:04know for a mac and windows for tutors on safari import so
0:06:10are essentially
0:06:13the common web get code which is most of the code is common
0:06:17in some layer at the bottom which abstracts away the platform
0:06:22for instance networking or how to draw to a campus
0:06:27how to talk to system
0:06:30and then that's at the bottom and then at the top is the api there
0:06:34the egg i layer is what the embedding application uses
0:06:38and way web "'cause" is design is the every and there is a little different
0:06:42so for instance for the wreckage indicate for
0:06:45in the problem later we use once you for networking use cover restoration opengl for
0:06:50making the scene raffles will talk more about later web gel injuries you refer media
0:06:56and what gets made in such a way that these components
0:07:02in most of the web get code are totally abstracted away
0:07:05into a wrapper classes that had the same semantics whether you're writing on a mac
0:07:10or on for G T K and anytime the semantics differs it's kind of like
0:07:14a little bug that needs to be fixed usually
0:07:18there's always a little tricky bits of getting the semantics of different platforms of to
0:07:23match up
0:07:24because a C G canvas core graphics isn't necessarily the same as a cover canvas
0:07:29for instance in cairo used or the path on the canvas but it's a little
0:07:34different in some other platforms
0:07:38and then at the top of like a G D K there is the A
0:07:42P I later which is essentially a single a G T K widget the website
0:07:47web you that would you that is the browser went the window into the web
0:07:52content and some G I D K P Is around that
0:07:58and some of the consumers of repeated a game betters are epiphany but or you
0:08:02know that so maybe you're familiar with these is applications
0:08:08okay so here's an example of what i was talking about so this is a
0:08:13so simple by
0:08:15architecture diagram of what can and at the bottom there's this thing called the media
0:08:23which is essentially a little bit like booze
0:08:26it's like a
0:08:29i it wraps it makes it was a little nicer to use include some collections
0:08:34some platform abstractions abstracts away like threads
0:08:38and javascript for
0:08:41which is the javascript engine and these days another blankets for jobs to for is
0:08:46the only just in general it
0:08:49and sitting on top of that is
0:08:52so what for which includes a platform layer and the rest of web for and
0:08:57i'm separating those because again the platform layer are our classes that rap
0:09:03cairo for instance where is the rest of web for are
0:09:10is functionality that's common to all platforms
0:09:14like the functionality that takes
0:09:16a stream of data and parses out C S rules
0:09:20sitting on top of that is web kit
0:09:23which is
0:09:27how do i describe that a web get is sort of like
0:09:30the glue between web for
0:09:34and the browser
0:09:36so this includes the api layer but also includes some code for like
0:09:43handling different situations and sort of translating that into a pi concepts
0:09:48that's a little fuzzy but
0:09:51on top of that's it's the application
0:09:57noticed it right now in this diagram again this is what get one these are
0:10:01all on the same process this is just a normal library
0:10:10before i start talking about web get to i just wanna talk a little bit
0:10:14of a little bit about the motivation for what get to so some minor philosophical
0:10:21which i think is what
0:10:25the thinking that drove the creation of chromium and draw the creation but get to
0:10:33and i
0:10:35means that this is the future of the way
0:10:39code has about this they crash the program
0:10:43or just bucks
0:10:44all got has boats
0:10:46and colours bugs that allow arbitrary code execution
0:10:53especially if
0:10:54that code includes
0:10:58a java script engine that's
0:11:01writing machine code into memory
0:11:06and not only just what happens cut has dependencies that have bugs
0:11:10so maybe you've written perfect code but you're using library like phone configure higher that
0:11:19has a bug
0:11:21one of these buttons
0:11:23and four point is even if everything was looking good live the your code the
0:11:32you're gonna be processing
0:11:35things from though from the world that you don't trust their like little programs france
0:11:41and images S V G images and these are all like small set of instructions
0:11:47that mean that the scope of the data your processing is why and in the
0:11:53the chance of writing a
0:11:57a font they can we can crash your browser actually i mean it's
0:12:03it's very hard to eliminate these problems
0:12:07well it was a pragmatic response this
0:12:09i mean maybe you can say that
0:12:13that we're gonna work are gonna fix all the buttons in our browser so that
0:12:17it doesn't crash we're gonna eliminate these security issues
0:12:20but you also have them at the security issues in your dependencies you also have
0:12:24to work with sanitise in your input data which is very hard
0:12:30instead we say yes that's keep working on fixing the crashes my browser but let's
0:12:35also say that if something goes wrong let's make sure that it doesn't
0:12:40we've our users vulnerable to attack
0:12:44for instance when we talk about arbitrary code execution one thing to keep in mind
0:12:50is that
0:12:52is it these days web applications
0:12:56are our applications they're like
0:13:00they're like just up applications now and not only other like that stuff publications like
0:13:04you might be running you know angry birds in your browser and like i want
0:13:07side it is your banking information and maybe anger birds you know can reach over
0:13:12and touch your bank account
0:13:14and this isn't like a hypothetical situation this is this is things that actually happen
0:13:19so the web is huge remember
0:13:24so this is what we can do
0:13:29we can
0:13:30we can acknowledge at the web platform is huge in everyday it's getting bigger it's
0:13:35adding more functionality each and you add functionality add more chances for vulnerabilities for crashes
0:13:43and we can we can think of a way to make the crashes less
0:13:46inconvenient for users
0:13:48maybe instead of
0:13:51when the web rendering crashes it doesn't crash the browser we just crashes that's have
0:13:57or just crashes
0:13:58the web rendering part
0:14:00and we can prevent crashes from exposing
0:14:04crashes and screen doors from exposing data from outside the scope of the current page
0:14:12and the way we can get as we can put that data maybe
0:14:15in another address space words harder to get to put some more separation between the
0:14:21data of the different applications
0:14:26and we can also prevent bugs and crashes from damaging the system
0:14:31or executing arbitrary cut
0:14:34that's another name for sandbox
0:14:37so even if even if some paid crashes the browser you can try to that
0:14:43hard this
0:14:44because that process can try to the heart
0:14:49and finally even if we're not talking about a much just page are just talking
0:14:53about it a page that has a really heavy while
0:14:57it shouldn't prevent you from using other pages or clicking a menu it shouldn't prevent
0:15:01you from closing the browser to get away
0:15:05so this is a this is thinking that drives this because
0:15:09to be honest
0:15:10well get to and from in these are like very complicated architectures and
0:15:16and they deserve a good reason
0:15:22so this is the end result
0:15:26we can
0:15:28we can put each web rendering part into it's own process and have some pair
0:15:34and we could to we call
0:15:37the web rendering process
0:15:39the web process we compare process they why process
0:15:42because the actual from of the browser is in this you are process
0:15:49and we can sandbox the web rendering
0:15:52because you know once you separate out the web are it's it doesn't need to
0:15:56write to the hard disk or even read from the hard disk
0:15:59and i'll talk a little bit more about
0:16:04how to make sam boxing easier later
0:16:07so this is sort of
0:16:10the first web could to architecture diagram a on the left you can see the
0:16:14older architecture diagram a little bit different but you see the api boundary was between
0:16:20the application with kit and here we have now two processes
0:16:25and the A P I is in the U I process but underneath that api
0:16:30it's talking the I P C the inter process communication to another process which has
0:16:36the rest of the library
0:16:39so even if this web trust what web process crashes it's not gonna be able
0:16:43to crash the browser
0:16:46or indeed read arbitrary information from the address space
0:16:51of the U I process
0:16:54and the foregoing are there any questions about this particular "'cause"
0:17:00okay reasonable is it a pretty old concept of this point since programs around for
0:17:06a few years
0:17:08so to teach you details about what's inside which i think i put this here
0:17:13to make it easier to understand the practical bits
0:17:20essentially we have to process is now they need some way to communicate
0:17:26and i said is what those ways into three distinct
0:17:31one of the first is messaging so say D web process reads the browser title
0:17:39and then it needs to tell you i process that i've read the title you
0:17:43know change
0:17:44the title bar to reflect that sends a message with some arguments the arguments in
0:17:49the message or serialise into a chunk of data it sent across socket to the
0:17:54other side
0:17:56and then de serialise
0:18:00and there's also a shared memory which is used for sending big chunks of data
0:18:05like the what processes finish rendering the page to an image and sends that it's
0:18:10too big for this socket
0:18:13it sounds that as a target sure and memory you are process we avoid making
0:18:18unnecessary companies
0:18:21and the third is a shared services which are different the czech memory because is
0:18:26typically are on the gpu
0:18:29the what processes put something on a gpu you know what's the send it to
0:18:32the U I process without downloading the data from the gpu again
0:18:37putting in shared memory in the real putting it
0:18:40so for instance in
0:18:43in the X eleven version of repeated okay we use X composite and next damage
0:18:47sort of like we make a little window manager and we send these gpu services
0:18:56to the you i process to run
0:19:04and why do we have to do that that's because
0:19:09web pages these days more are just asking graphs like colour sing graphs
0:19:17for three main reasons the first is that we wanna prevent wanna prevent unnecessary redraw
0:19:23say like some D of is moving animating on top of the rest of web
0:19:26content only this dave is changing and maybe just only in the position so instead
0:19:31of constant reread redrawing entire page what if we just stored all the different layers
0:19:36of the page in the textures and just we can positive those textures on the
0:19:40gpu again and you use actually really good a composite it turns out so
0:19:45it it's quite fast you do of really and second thing is three C S
0:19:50transforms the way those work usually is that they're done on the gpu with a
0:19:55opengl and in so once you once you start doing work on the gpu it's
0:20:02really expensive just stop in bring it back into main memory
0:20:06only to re uploaded again so you can display it that's actually enough to kill
0:20:10your frame right so
0:20:12so it sort of a non starter to do that and the same with what
0:20:16you know web G obviously is opengl which is on a gpu downloading and again
0:20:21downing andrea pointing again will bring the frame rate below the
0:20:26the limits of the human eye so
0:20:31right so the way it works is that the scene graph is built in process
0:20:35in the web process and web process
0:20:38and what's the scene graph is there and all the rendering is there
0:20:43you the composing there you need some way to send those results to do i
0:20:46process and that's where X composite next damage comes and sort of like the way
0:20:51a application does all the rendering insensitive the window manager
0:20:56in the way this will work and lemon is probably that will use a
0:21:02and embedded women composite
0:21:08so working that
0:21:10alright so that sort of
0:21:14the high level overview of web get to and
0:21:20in you know we end up inventing work in a few places so some if
0:21:25you may be asking
0:21:28should i pour my application to web get to if you use what could U
0:21:31K or even any other port of work that and
0:21:34the answer is yes
0:21:36you should fortification with get to in fact
0:21:40even if you don't think it'll be useful
0:21:43the reason is
0:21:45okay G K is moving in the maintenance moon
0:21:51it turns out that it takes a lot of work to maintain a web chip
0:21:54or so
0:21:56when your team has to maintain to it's a bit harder
0:22:01in addition
0:22:04what did you think it work it won't be deprecated at some point because once
0:22:07you start maintaining work it then you start wearing about security vulnerabilities and fixing bugs
0:22:17the good thing about this is that web get to is a better api it's
0:22:21richer it exposes more functionality it's more in line with other web to web reports
0:22:27it just all around a better right guy because it's the second time around we
0:22:30made an A P I so we got a lot better at it
0:22:35and top of all that if you put your navigation web get to
0:22:39without doing anything other importing it will be faster more responsive
0:22:44when some random might kind then crashes
0:22:46but it won't crash or application you can just we started it's very nice
0:22:55but it's not necessarily easy
0:22:59for all use cases
0:23:02some of the problems are that there's not yet up or to porting guide which
0:23:06is the better shame
0:23:09because we've and promising it for a while and we don't we have it yet
0:23:15but there is really good A P I documentation
0:23:18and the differences between the two basically boiled down to the second point which is
0:23:24that before
0:23:26before it made sense to do things synchronously so when you wanted to save the
0:23:31page images away into the save is done
0:23:35but in my pocket to that makes a little less sense because now you're
0:23:39you're sending a message to the web process which again you don't necessarily trust anymore
0:23:46you know we're starting to just trust things across a process boundary and instead of
0:23:51waiting for maybe it's better to just
0:23:53just send the request you know save the page and when you're done with that
0:23:58let me know
0:24:01what this means is a lot of it guys very synchronous now and they look
0:24:04a little bit harder use you have to pass a callback
0:24:08and use sort of G I O style
0:24:11J O style is intrinsically i
0:24:16so the really tricky bit is that if you were doing some sign a some
0:24:21kind of deep integration with the web content you were interacting with the page changing
0:24:26in real time then it becomes actually quite a bit trickier because before you could
0:24:33actually reach down into the library and modify the actual down in memory
0:24:40but now it's not in memory more it's and some other process
0:24:44so some of the process you notice that we trust
0:24:48so what you have to do is used one of these for techniques jetted script
0:24:54source custom protocols you have to die down bindings are page axes
0:24:59we the jesse api
0:25:03so injected script source is a is essentially a and it and the web you
0:25:09would you give it a string of javascript source
0:25:13and you send that to the web process to be executed in the page content
0:25:17in the page context
0:25:18and the resulting javascript return value will be serialised and sent back to you
0:25:26so you can imagine writing a small javascript program to walk
0:25:31the elements of the page and do some processing maybe find
0:25:36say the password field the kind of the pasture field in getting back a string
0:25:42from we process
0:25:47and that looks a bit like this
0:25:52you call what but you run javascript
0:25:54with the web you and then the string here is actually the
0:25:59the script you're right
0:26:01and then you get a callback pretty simple
0:26:05and then the callback you call
0:26:07but it would you run javascript finish like T I O again
0:26:11and you get this
0:26:13serialise return value and everything below that is getting the actual javascript core values from
0:26:22the return value this is funky a J S A P I is are the
0:26:27javascript for api this is like the A P I for touching the javascript engine
0:26:37but you can see that we're just converting this value into a string and then
0:26:40converting that string into a C string it's a little bit of a of the
0:26:45paying a bit verbose but
0:26:49but really like other than this callback it's similar to what you would do before
0:26:57so before talk about
0:27:00a custom protocols so
0:27:03maybe views are chromium before maybe and you type about
0:27:09and you get a web page
0:27:11and it's almost like instead of H diffusing this about protocol
0:27:16and that's
0:27:17exactly what custom particles are
0:27:21it's that you're gonna grading with the networking library to add a new protocol
0:27:27to the to the web engine
0:27:31and not only can you can access pages by unloading them you can actually use
0:27:39to interact with the with the U I process for instance you can
0:27:44for instance we have a innovation we have a page about plug ins
0:27:48and it's not there yet but eventually they'll be a button that says disable
0:27:53and what that could do is you could send an ajax request
0:27:57_2d protocol and when it gets that request it process it as if it was
0:28:01a web server
0:28:02again to disable the plug in without reloading the page
0:28:09the big issue with this is that it's a web browser and it subject to
0:28:13same origin security restrictions which essentially means that if you doing ajax promoting resources there
0:28:20are restrictions for accessing resources in another
0:28:26scheme postport triplet which means that if you try to access the cost this your
0:28:33custom protocol
0:28:35from a web page on a she's ep then it's not gonna work it's gonna
0:28:39be a security but quite a security restrictions
0:28:44don't disables
0:28:46so this what this looks like now
0:28:50again we're just sort of
0:28:53registering this about protocol and again with just a callback
0:28:57what happens here is that
0:29:00is that we get the request and we can read the different properties of the
0:29:04question the path
0:29:07in here i'm just use in the past the printout a response i'm sending the
0:29:11response back to the browser
0:29:14as if i was a web server
0:29:26so before talk about the other ones i wanna talk about web extensions
0:29:33so what makes engines are essentially the way
0:29:37that we've exposed some of the more common techniques of interacting with the page
0:29:43in this multiprocessor environment
0:29:46essentially it's the shared object that the web process finds it loads it it's own
0:29:50address space
0:29:54you don't have to do in the I P C really
0:29:57if you just working inside the confines of the web extension
0:30:00it's a bit like a plug and the loads in the web process
0:30:05and so you can do things synchronously like walk through the dom and it won't
0:30:10block the U I process at all we're not you are processed maybe doesn't even
0:30:16and you have to worry about i the overhead of I P C or
0:30:21or not
0:30:23in is great because you have actual direct access to the dom objects just like
0:30:27you did before
0:30:29answer and on top of this
0:30:32the sort of common idea of it injected bundle you something that web get to
0:30:36exposes and all ports
0:30:41sometimes it inside a web extension you want to communicate with the U I process
0:30:45in which case you can just use D bus or whatever you went back
0:30:54typically we use device
0:30:59and this is that what that looks like so occur is a source file with
0:31:04this web kit web extension initialize which is sort of like that you for the
0:31:09name of the entry point to the to a shared object and what happens is
0:31:15once we compile this new we shared object and set the extensions directory you'll find
0:31:20the shared out we can load it and all this call this
0:31:23this function
0:31:30you can print but also you can
0:31:33used G object on bindings
0:31:37i guess i should probably explain is a little bit too if you're not familiar
0:31:40with those
0:31:41so essentially
0:31:43there's the doll
0:31:45and if you're familiar with web development you use the dom and javascript
0:31:51to access the internal structure of the page so you can say like page give
0:31:56me your
0:31:58your dave's and you can look at all the did you can see their contents
0:32:01you can see other properties or C S properties whatever
0:32:06and that's
0:32:07that's the javascript down bindings
0:32:10what that means is that it exposes these you there's inside or see possible subjects
0:32:15it exposes them to javascript
0:32:18and likewise you've written G a breakdown bindings which means that you can walk the
0:32:22dom with do you object
0:32:26and that means you can walk the don't see or any other language it supports
0:32:30geography introduction
0:32:32which is quite nice
0:32:36and unfortunately not of the dom is in another process we can just do that
0:32:40from the from the you i process anymore we have to do it in the
0:32:44web extension
0:32:46and again we see the
0:32:50web kit web extension initialize function which
0:32:55in which we connect
0:32:56to the page created signal of this extension object so page created is like
0:33:02you open the browser to
0:33:05and now we have a new browser time
0:33:08here in the callback for page created we attach to the document what it signal
0:33:19so what obviously fires when the document is finishes loading
0:33:23and that point maybe we need a title using the exact same down binding it
0:33:31pi so we had a market one
0:33:35so if you more steps and we kind of get to feature parity with work
0:33:39at one
0:33:42so at this point we're waiting
0:33:45the value of all those things i mentioned before
0:33:48security stability not exposing users banking information to fishers and scammers versus like a couple
0:33:56function calls and compound sure object
0:34:07so finally the most flexible approach which will be unveiled global be and upcoming work
0:34:15htk release
0:34:18is that we can
0:34:21we can use directly the javascript core api to interact with the page
0:34:26and what this means is that not only can we walk the dom
0:34:30but we can make a new javascript objects that are backed by native code say
0:34:35like you make a new object in the page can actually interact with that object
0:34:39for instance maybe you want to expose some system functionality
0:34:44to the page
0:34:46if you're making a hybrid application for instance and you want it to be able
0:34:50to like put the screen to sleep
0:34:53or maybe prevent the screen from sleeping if you want your video player application to
0:34:59not a
0:35:00some like at a simple it's
0:35:03what's playing what video
0:35:05what you can do is you can use this A P I to expose new
0:35:09objects into the world of the page and have the page javascript interact with it
0:35:15interact with the application
0:35:19and as well is that you can just execute arbitrary javascript and the web process
0:35:27for this you need to know the jobs to cory pi which isn't actually
0:35:32so complicated but at some point we really like to be able to
0:35:38just exposed you objects directly with see that that's a ways off
0:35:43this is the most flexible approach and it's really like it if you really need
0:35:48the interaction with the page you'll have to do this
0:35:55our so that was a practical section i hope that it was useful for some
0:36:00betters to sort of see what's involve important work it to and how about convince
0:36:05use that it's worth it
0:36:09and keep in mind that like this is not just what can stick at the
0:36:12whole web this is beginning to look like this multiple processes
0:36:17and it it's a
0:36:19it's beginning to look like this because the web is beginning to look like an
0:36:22operating system the web platforms getting to look like the application platform
0:36:28and we already user browsers like this
0:36:30i mean many of you probably keep
0:36:32a web browser open all the time with one application running
0:36:36i mean that's not different in keeping an application running in your window manager i
0:36:40mean the distinction between web applications and applications is
0:36:44is almost gone
0:36:46i keep saying it but it's like a thirty happened
0:36:51so what's gonna happen with get to in the future
0:36:55given us the architecture diagram gets a little bit more complicated we have more processes
0:37:01because we did it once in a work so when i keep doing it
0:37:05and so we run out of
0:37:07process handles
0:37:12so what we have here is the not only do we have web processes we
0:37:15have no word process worker process stored process
0:37:20it seems first it seems like a little bit superfluous to be also is also
0:37:25something like why so many different processes
0:37:27but really it makes good sense
0:37:31in fact
0:37:35when you think about it
0:37:38we really wanted to send box the web process
0:37:41we didn't want it to be able to read the disk or
0:37:46even access the network you know maybe
0:37:51maybe it's dangerous to allow arbitrary code execution to talk to that work
0:37:59and one interesting thing is that
0:38:01the way make it to works now is when the web process crashes all your
0:38:06times crash
0:38:07and really it would be nice if it was like from in where when
0:38:11attack crashed with just that time
0:38:14so that means we need multiple web processes running
0:38:17which means that they're all trying to talk to network which should be fine they
0:38:22could do that separately but once they talk to the now to take all their
0:38:25data and they try to put into the cash they try to the cookie store
0:38:31and maybe that cookie store shared among different processes
0:38:35which means that we start having like contention issues and we have to worry about
0:38:39multiple writers multiple readers
0:38:42so instead of handling all that we just split are all the networking all the
0:38:46cookie storage into it on process and we have all these different processes talk to
0:38:50this one or process
0:38:55there are a pi is in the web platform
0:38:58what if you actually that write to the disk
0:39:02and if we sandbox the web process to laurie range of the desk and those
0:39:06if you guys won't work
0:39:08so instead of having that
0:39:11capabilities write to the disk there with this possibly militias java script code we split
0:39:19the disk access use worker process or starts is stored process
0:39:26and the way that we want to think about like these process communications again is
0:39:30that we just trust the process on the other side
0:39:33we will have to cover is if
0:39:35as if that process has already been compromise is it sending us the most people
0:39:39message as possible
0:39:44but that's a lot easier
0:39:47then if there was no single point of communication between the processes there wasn't just
0:39:52if we had to make a decision all the time like overseas just we're doing
0:39:56I P C handle
0:40:00a similar was talking about snow
0:40:04we isolate applications from each other as well as really why
0:40:09our and the
0:40:11the web process regression all the taps just crash you know that one page
0:40:21makes a marketing lot easier
0:40:25the nice thing about this storage process is that this access is really slow so
0:40:31there's always some walking going on if we if we always do that is increasing
0:40:35in another process there's no issue with that
0:40:40it could be a threat but then we couldn't it sandbox
0:40:46that's a feature vector to and that was my talk so is there any questions
0:40:53i can answer them now