►
From YouTube: SESify, Vulnerability hotspot visualization
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
B
B
That's
output
that
the
input
is
a
bunch
of
common
J's
stuff
and
the
output
is
a
you
know,
some
small
kernel,
and
then
that
runs
these
all
the
modules
inside
of
s
containers,
and
so
you
know,
the
main
goal
here
is
to
reduce
the
risk
of
supply
chain
attacks.
Where
you
know
third-party
code
is
a
modifying
the
behavior
of
your
app
and
undesired
wares.
C
B
So
there's
three
main
things
that
we've
identified
here,
which
is
preventing
modifying
javascript
primitives
and
limiting
access
so
platform
api.
We
do
this
part
we
assess
and
then
we
need
to
prevent
the
overriding
of
modules
exports,
and
so
we've
tried
that
in
different
ways
previously
before
we
were
doing
like
a
deep
freeze
on
it,
but
some
modules
expect
to
be
able
to
wait
like
modify
their
exports
later.
B
For
example,
like
some
lazily
defined
earthing,
we
have
found
that
in
one
of
our
crypto
libraries
they
are,
they
don't
define
a
curve
until
you
try
to
use
it,
and
so
that
was
breaking
for
frozen
exports,
and
so
this
is
actually
the
the
part.
That
is
the
least
clear
of
what
to
do
and
I
want
to
show
what
I'm
working
on
right
now
and
maybe,
if
there's
some
existing
prior
art
there.
B
B
So,
if
you
write
to
it,
then
you
start
seeing
the
the
thing
that
you
wrote,
and
so
the
idea
is
here
is
when
a
module
has
defined
its
exports
and
then
you
report,
you
input
it
via
require
statement
on
another
module.
You
get
this
deep
proxy
around
whatever
wills
return.
So
then,
if
it's
updated
late
afterwards
by
the
original
model,
module
definition,
then
that
is
that's
fine.
You'll
you'll
see
the
new
thing
and
if.
B
Absolutely
let
me
see
if
I
covered
in
my
notes
here,
no
I,
don't
didn't
so
the
what
we
want
to
do
is
we
want
some
defense
ability
for
the
module
exports
so
that
so
that
something
can't
import
it
and
then
mutate
it
in
a
way
that
affects
other
modules
and
in
that
way
like
an
attacker,
could
move
through
the
dependency
graph
by
modifying
someone
else's
modules.
Okay,
that
makes
sense
so
far
yeah.
B
So
my
initial
approach
was
just
to
deep
freeze.
After
after
module
exports
has
been
set,
and
so
that
works
pretty
well,
except
some
modules
expect
mutability
of
module
exports,
and
so
they
you
know
they
had
set
some
getters
so
that
they
can
Lisa
lazily,
set
the
property
and
then,
instead
of
just
returning
like
a
cached
value
inside
the
getter,
they
were
actually
trying
to
redefine
this
value.
B
C
B
And
so
the
idea
here
is
that
you
take
an
object,
any
object,
it
could
be
a
class
definition
or
you
know
whatever,
and
you
you
put
this
proxy
around
it
and
it's
a
deep
proxy
in
the
sense
that
if
you
try
to
get
something
off
of
it
and
the
result
of
that
will
also
be
wrapped
in
approaching.
You
know,
obviously
for
some
things
like
what
numbers
and
boolean's
and
strings
that
you
don't
wrap
that
into
prep.
So
we
just
return
those
sesers
just.
B
That's
a
great
question
and
I'm
fortunate
I'm
not
gonna
answer
it
completely,
because
browserify
only
works
with
common
J's
style,
and
if
you
want
to
use
you
want
to
consume
them,
something
that
uses
the
import/export
statements
you
have
to
first
like
transpile
it
into
command
J
s,
and
so
it's
common
for
some
people
to
use.
You
know
some
like
babel,
transform
that
that
actually
turns
them
all
into
requirements
which
may
or
may
not
change
the
semantics.
B
A
B
So
one
thing:
that's
common:
is
that
we'll
see
especially
like
inside
a
package,
some
module
exports,
something
and
then
another,
and
so
some
module
imports
that
and
then
decorates
it
or
something
like
that
with
other
things
and
then
exports
that
that
seems
to
be
a
common
pattern.
So
it's
important
to
be
able
to
mutate
the
thing
that
you
actually
get
back
from
your
require
statement,
and
so
you
know
one
push
we
did
before
was.
We
would
do
like
a
shallow
copy
of
everything
you
would
do.
B
You
know
tried
shallow
copies
and
deep
copies
and
all
these
sorts
of
things,
but
then
I
got
stuck
at
when
you
had
this,
like
lately,
updating
of
exports,
so
so
now
I'm
trying
to
do
this.
This.
You
know
this
like
series
of
proxies,
and
so
then,
if
you
perform
a
write
on
them
and
say
the
proxy
it
report
it,
you
know
records
that
right
and
it
will
give
you
back
that
that
written
value
instead
of
giving
back
the
the
underlying
values.
So
that's
what
I
mean
when
I
say
shadow
unright.
B
A
A
B
I'm
I'm
worried
about
some
things
like
you
know
for
using,
like
you
know,
crypto
libraries
importing
big
number
and
big
number
is
going.
You
know
if
all
these
things
are
proxied,
something
that's
in
some
really
hot
path,
like
a
big
number
that
might
might
be
really
really
mean
fine.
So
what
I'm
is
that
so
far
I've,
you
know
made
sense
by
a
bit
modular
so
that
we
can
do.
We
have
some
options
in
the
execution
environment.
B
A
Yeah
my
way
of
connecting
up
with
what
Kamala's
just
showed
us
with
things
that
have
been
covered
previously
in
these
meetings,
so
the
analysis
that
kanava
still
is
doing
he
bit
he
built
his
own
tofu
tool.
That's
you
know
similar
in
concept
to
what
Bradley
did
but
done
independently
and
Bradley's
thing
generates.
A
Jason,
that's
that's
different
than
the
configuration
file,
but
that
we
need
for
them
so
doing
the
least
authority
configuration
of
modules.
The
idea
was
that
we
would
write
a
converter
from
Bradley's
format
to
ours
for
format.
Now,
whereas
comma
versus
tofu
tour
generates
the
least
authority
configuration
file
directly.
B
Yeah
I
think
mine
is
definitely
more
quickly
thrown
together
and
not
as
mature
as
his
his
was
looking
at
more
how
things
were
used.
Are
they
only
being
read
from
our
being?
Are
they
being
written
to
or
his
seem
to
have
a
much
more
richer
analysis?
I
was
just
doing
whether
or
not
that
API
like
appeared
in
a
module
or
not.
B
So
what
I
have
on
the
screen
right
now
is
a
automatically
generated
config
for
one
of
the
meta
masks,
browserify,
bundles
and
masks
is
quite
large,
especially
the
UI
side
is
that's
a
lot,
but
let
me
so
when
we
see
something
like
this
here
is
a
module.
It's
called
by
a
name.
We
don't
include
the
version
information
here.
So
if
there's
multiple
versions
of
this
excuse
me
of
this
package
included,
then
they
will
get
the
same.
B
We're
just
trying
to
make
it
basically
things
that
were
previously
be
able
to
learn
cessful
containers,
so
that
includes
you
know
well,
if
you're,
using
the
old
style
of
functions
and
doing
function,
to
prototype,
to
string
that
doesn't
work
under
testify
or
under
says.
So.
In
those
situations
we
detect
that
usage
and
we
suggest
a
different
environment
for
execution
such
as
maybe
spinning
up
a
iframe.
B
You
know
like
a
fresh
realm
just
for
instantiating
that
one
module
and
and
then
not
reusing
that
realm.
Obviously
you
run
into
the
identity
in
continuity
issue,
but
we
don't
see
that
too
much
especially
I
feel
like
in
the
NPM
ecosystem.
You
don't
see
that
too
much
because
people
just
I,
don't
know
if
they
get.
They
stopped
using
instance
of
because
if
you
got
like
instance
of
buffer
with
run
package-
and
it
was
I
haven't
seen
that
issues
specifically
to
is
too
often
I'm,
not
sure
why?
But
anyway,
so
here
is
the.
B
So
this
is
slightly
tangential,
but
the
using
instance
of
in
MPM
can
be
tricky
because
if
you
end
up,
let's
say
it's
a
big
number
right
and
something
was
passed
me
and
I
want
to
do
an
instance
of
big
them.
It
might
not
be
the
version
of
bignum
that
I'm
using
I
would
be
a
different
version
of
Bingham
that
they're
eating,
so
instance
of
would
fail
in
that
case,
so
it
kind
of
lost
popularity
in
the
MPM
ecosystem.
For
that
sort
of
reason,.
A
B
Because
right
now,
I'm
only
using
the
default
configuration
and
we
don't
do
anything
like
that
in
default.
Configuration
though
we
could
that
so
that
this
one
doesn't
use
it
any
platform
API.
So
you
know
obviously
uses
JavaScript
things,
but
it
doesn't
use
any
browser
AP
as
whereas
this
one
is
using
quite
a
few
gross
or
api's,
and
but
all
we,
you
know
let
them
all
in
I
then
set
timeout
and
clear
timeout
I
think
are
here
for
historical
reason.
Just
cause
like
the
old
version
of
Seth
I
was
using,
didn't
allow
them
at
all.
B
B
So,
for
example,
this
one
this
is
this
package
called
web
3
and
we
can
see
that
it's
running
in
a
hunt,
frozen
environment
and
it
has
those
Global's
exposed
to
xhr
and
some
other
things
and
then
just
also
the
modules
that
can
talk
to,
but
this
one
so
the
coloring
here
is
all
this
is
sort
of
like
hand
done
not
per
module
but
per
global.
So
if
we
see
it's
doing,
network
stuff
we'll
go
ahead
and
color
it
red
is
like
a
high
high
alert.
This
one
has:
what
is
it?
B
B
So
this
something
this
thing
could
technically
be
getting
almost
direct
access
to
the
xhr,
so
you
really
need
to
you
know,
look
around
look
at
the
neighborhood
around
the
these
red
ones,
but
the
the
the
reason
why
this
graph
view
is
useful
is
because
of
you
see
those
connections.
We
could
also
just
let
you
know
like
list
all
the
modules
in
a
spreadsheet
and
you
can
see
what
they
got,
but
it's
important
to
see
the
connections
here
and
understand
that
this
one
might
be
leaking
it's
it's
access
to
crypto
to
this
one.
B
B
You
would
technically
end
up
with
everything
red
doing
that
if
it
was,
if
you
recursively,
followed
their
rule
anyways,
but
you
can
at
least
color
it
yellow
or
something
like
this,
or
we
could
maybe
build
some
more
static
analysis
tools
here.
But
the
the
main
point
here
is
that
if
you're
not
running
this
incessantly
red
because
anything.
A
B
B
Is
a
package
and
we
define
the
configuration
per
package
because
one
they
have
the
same
publisher.
So
it's
not
like
it's
unlikely
that
well
you
know
it's
partially
compromised
or
something
like
that,
and
then
that
just
gives
us
a
major
D
bloat
in
the
in
the
configuration
in
this
position.
You
can
you
can
view
it
as
modules,
but
it's
also
a
lot
of
noise
and
oh,
he
doesn't
sit
in
the
screen
right
now.
So
you
see
a
large
fence.
You
got
this
per
module.
B
D
D
A
Whatever
you
grant
to
the
package
as
a
whole
and
the
we
treat
the
package
as
a
you
know,
we
treat
a
package
authored
by
somebody
else
as
a
black
box
yeah,
whatever
Authority
we
give
to
the
package
as
a
whole,
it
might
be
promiscuous
lee
leaking
that
authority
within
the
package
among
the
modules
within
the
package,
but
it
still
can't
get
you
know.
Hopefully,
I
can't
get
more
authority
than
we've
given
to
the
package
as
a
whole.
A
B
There
so
I'd
also,
you
know.
Obviously
it
needs
to
be
a
lot
of
audits.
It
needs
a
lot
of
documentation.
It
means
a
lot
of
work
to
really
get
it
either
going
in
and
as
a
browserify
plugin,
that's
useful
for
for
some
teams,
but
most
people
have
moved
to
web
pack
these
days,
so
it
would
be
very
appropriate
to
also
make
a
web
pack
version
of
this
I
think
there
would
be
little.
A
Be
per
use
issue
up
yes,
so
this
issue
about
what
the
boundary
around
the
module
looks
like
at
the
import/export
boundary,
whether
you're
doing
a
deep
freeze
or-
and
you
know
whether
there's
it's
a
different
route
realm,
whether
you're
doing
a
membrane.
All
of
those
are
interesting,
knobs
to
turn
you've
been
up
generally,
the
same
I
mean
thinking
about
you,
a
disciplined
or
a
chosen
subset
of
old
codes.
Together
with
new
code.
A
A
But
you
know
the
the
assumption
that
that
I've
been
making
for
what
we're
doing
at
a
gorrik.
Is
that
we're
willing
to
break
we're
willing
to
impose
rules
that
some
old
packages
won't
be
able
to
live
under
and
only
accepting
packages
that
you
live
under
the
rules
that
we
define?
A
What's
you
in,
if
you
did
not
create
separate,
loot
realms
and
you
did
not
impose
the
proxy
or
the
member
s
today,
the
decoration
that
would
you
said
that
would
break
some
of
yours,
some
of
the
packages
you're
using
how
much
of
a
burden
would
that
be?
How
hard
would
it
be
to
recover
from
breaking
needing
to
either
fix
or
replace
them
so
that
it
lives
under
the
new
rules?
Yeah.
B
Good
question
so
I
think
one
one
thing
is
whether
or
not
you
have
good
tools
to
patch
deep
dependencies
like
if
it's
you
know
a
requires,
B
request.
You
requires
D
and
there's
problem
D.
If
you
don't
have
a
good
way
of
replacing
D
without
replacing
that
like
old
dependency
chain,
then
you're
not
in
a
good
situation,
and
that
becomes
problem
and
you
got
to
go
like
knock
on
the
door
of
repose
that
haven't
been
updated
in
years
and
for
your
weird
use
case.
B
It
was
like
a
polyfill
for
something
that
has
really
good
adoption
now,
but
it
also
accidentally
modified
the
platform
API
and
then
there's
and
then
there's
like
a
sec,
P
256
k1,
the
the
crypto
that
we
use,
that
one
is
doing
that
late
instantiation
and
that
one
is
a
very
key,
probably
doesn't
have
a
lot
of
replacements,
and
you
also
don't
want
to
like
choose
alternatives
willy-nilly,
because
there's
a
crypto
library
and
so
that
one's
a
little
trickier
to
deal
with
I
mean
I.
Could
monkey
patch.
B
D
A
I
just
I
see
Bradley
joined
us
I
just
want
to
make
one
in
particular
make
this
connection
badly.
As
person
I
was
mentioning
that
did
the
other
tofu
tool
so
Bradley
come
August
did
a
tofu
tool
for
assess
if
I,
which
he's
been
shelling
us
it's,
he
describes
it
as
as
much
more
of
you
didn't.
We
use
the
word.
I
had
Hawk
remember
what
were
you
use,
but
I,
never.
A
Okay,
but
but
what
he's
doing
is
he's
directly
generating
the
configuration
file
that
he
then
uses
to
drive
the
least
authority
linking
through
assess
among
them
among
the
packages,
so
I
guess
I
just
want
it.
I
want
to
make
sure
they
this.
You
guys
put
you
guys
in
contact,
because
it
would
be
great
to
you
know,
get
a
really
great
tofu
tool
that
does
generate
the
configuration
that
we
need
for
the
least
authority
linkage.
B
B
Though
I
did
do,
I
did
do
something,
let's
see
if
I
can
find
it.
Exam
I
did
do
some
sort
of
like
deep
things
so
like
here's,
its
console
dot
log,
not
giving
the
whole
of
console
it's
giving
console
that
log-
and
you
know,
I,
just
implemented
that
in
an
arbitrary
way.
So
sometimes
it
gets
kind
of
crazy
order.
A
I
think
I
think,
would
be
very
good
for
all
of
the
really
simple
cases
of
attenuators
that
can
be
derived
from
the
tofu
information
to
just
be
driven
declaratively
from
the
configuration
file,
and
then
the
programmer
would
still
write
manual
attenuators
when
there's
some
case
that
exceeds
what
we
can
capture
declaratively
and
you
know
that
would
still
be
fairly
common.
But
but
it
should
still
better.
You
know,
it'll
be
much
less
common
than
the
ones
that
we
can
capture
declaratively.
B
E
Social
engineering
tool
for
promoting
you
know
to
as
something
that
somebody
can.
You
know
see
a
visualization
of
this
like
this
of
their
own
stuff,
and
you
know
it
invites
them
to
say.
Oh,
this
is
one
little
red
blob
over
here.
Well,
if
I
fiddle
with
my
code,
this
way
you
know
I
can
make
it
dream
and
the
thing
which
is
really
encouraging
about
this
brass
now,
I,
don't
know
how
representative
this
is.
A
typical
system
is
how
much
if
it
is,
is
green,
it
kind
of
says
yeah.
This
is
not
a
hopeless.
You
know.
E
B
So
yeah
pretty
much
everything
here
is,
is
fairly
off-the-shelf.
This
I
mean
it's
from
my
module,
but
there's
other
ones
out
there
that
do
this.
Just
just
as
well
and
and
so
I
do
I
think
the
best
thing
to
do
would
be
to
make
another
browser
fly
plugin,
while
we're
still
in
the
browserify
ecosystem
make
another
browser
for
our
plugin
that
just
spits
out
this
visualization
and
the
doing
it
as
a
service
is
a
cool
idea
and
you
can
kind
of
do
that
for
packages.
B
B
A
That's
properly
representative,
all
you
can
do
is
create
a
suite
that
fails
in
different
ways,
so
they
fill
in
each
other's
blind
spots,
and
this
is
a
first
such
a
benchmark
for
measuring
risk
and
calling
attention
to
the
places
that
should
be
reviewed
first,
because
they're
the
most
risky
points.
It's
got,
you
know
it's
got
enough
truth
to
it,
certainly
justify
it
as
a
as
one
good
first
approximation
and
the
answer
to
objections
to
it
should
be.
A
B
D
You
know
it
doesn't
give
you
all
the
details.
It
doesn't.
You
know
say
that,
okay,
you
don't
have
to
do
the
hard
work
to
can.
Can
you
know
not
be
it
which
is
not
misleading
to
those
who
understand
that
can
still
use
leading
to
those
who
find
it
very
convenient
that
they
forget
to
actually
ask.
Is
this
sufficient?
Do
I
need
to
do
more
more
or
is
that
the
whole?
E
Mean
I,
I
think
I
think
that's
a
valid
concern,
but
but
given
the
the
extent
to
which
there
already
you
know,
the
world
is
already
over,
what
run
with
with
over
simplifications
that
are
that
are
just
outright
and
which
are
less
heavily
relied
upon.
I
think
I
think
something
which
which
gives
a
a
picture
which
which,
which
creates
a
you
know,
sort
of
the
Darwinian
gradient
that
pushes
people
in
the
right
direction.
Even
if
it
is
an
oversimplification,
is
still
a
net
benefit.
A
large
margin,
yeah.
D
E
D
Recommended
that
the
visible
disclaimer
individual
to
say
that
do
your
own
work
to
whatever
how
nice
polite
this
needs
to
be,
but
it
just
has
to
be
part
of
the
visual
thing
to
let
people
feel
that
they
need.
You
know
to
know
that
this
is
not.
You
know
in
place
of
reality.
It's
a
visualization,
but
you
know,
in
order
for
us
to
actually
overcome
the
conveniences
of
false
sense
of
truth.
I
think
that
visualization
would
just
be
a
great
picture.
A
Yeah
I
mean
there
isn't.
There
is
one
way
that
that
I
mean
there's
a
lot
of
ways
in
which
this
as
a
first
approximation
is
really
quite
good
and
there's
a
lot
of
ways
in
which
you
can
say
that
this
really
does
show
something.
That's
a
genuine
true
constraint,
which
is
the
ability
to
affect
the
outside
world,
can
only
enter
this
graph
through
nodes
that
are
not
great
and
the
further
influence
on
the
outside
world
can
come
from
green
nodes,
but
only
through
the
explicit
connections.
A
So
there's
both
the
the
fact
that
the
connection
to
the
outside
world
is
indicated
by
color
and
then
the
further
influence
among
modules
has
to
be
bootstraps
over
off
of
the
initial
connectivity.
You
know
the
eventual
connectivity
has
to
be
bootstrapped
off
of
initial
connectivity,
so
you
know
the
basic
object
capability
rule
of
only
connectivity
begets
connectivity.
This
visualization
really
does
state
an
important
truth.
That's
better
than
a
first
approximation
in
terms
of
understanding
the
limits
on
vulnerability
that
are
implied
by
the
graph.
B
So
far,
I've
been
primarily
working
on
this
by
myself.
Besides,
obviously
pulling
in
the
great
work
obsess
and
being
able
to.
You
know,
nag,
mark
millar
now
and
then
about
various
thing,
and
then
you
know,
inspiration,
inspiration
from
like
the
tofu
work
and
likely
this
membrane
work
once
I
get
my
hands
on
it,
but
in
terms
of
you
know,
obviously,
auditing
and
documentation
and
flashy
data
visualization
as
a
service
in
all
these
things,
I'm
definitely
going
to
need
some
help
doing
those
things.
So
this
we
do
that
there.
F
Is
a
company
that
started
up
that
might
be
good
to
at
least
talk
to
they've
had
some
contact
recently
with
the
node
security
working
group.
They
called
themselves
return
to
Corp
there
at
r2c
dot,
dev.
F
F
They're
not
necessarily
doing
that
what
they've
been
doing
is
more
around
type
safety
we
were
talking
well.
Is
it
this
week
yeah
this
week,
I
had
a
call
with
them
about
at
least
what
node
is
doing,
to
create
policy
and
kind
of
the
constraints
that
were
applying
to
these
api's
and
multiple
views
in
an
object
capabilities
manner.
F
They
seemed
interested
and
have
just
a
very
similar
toolset
going
on,
and
so
I'm
currently
rewriting
some
stuff
to
run
on
their
platform
to
see
how
it
works
and
we're
gonna
see
how
it
goes
from
that
point
on,
since
they
do
allow
you
to
write
your
own
analysis
tools,
it's
basically
anything
you
can
run
within
a
docker
container.
B
B
C
B
C
C
B
B
A
Yeah
I'm,
going
to
I'm
gonna,
be
giving
a
talk
on
the
15th.
This
Monday
and
I'm,
probably
going
to
just
borrow
some
some
of
these
graphics
to
just
you
know
briefly
make
a
point
about
least
authority
linking
of
modules
under
SES.
A
A
C
C
A
A
Yeah
we
we
don't
one
of
the
things
that
I've
gotten
the
sense
of
from
all
the
existing
packages
is
that
none
of
them
carefully
document
what
their
transformation
is,
and
in
particular,
they
don't
carefully
document
what
their
transformation
is
guaranteed,
not
to
be
future.
So
there's
no
strong
sense
in
which
we
can
be
confident
that
the
packagers
are
preserving
the
semantics
that
our
security
depends
on
generally
their
their
notion
of
semantics.
Preserving
is
functionality
rather
than
security.
It's
about
what
does
happen,
not
about
guarantees
and
what
does
not
happen.
Yeah.
E
A
D
A
B
And
then
with
also
by
having
a
system
with
plugins,
you
also
maybe
don't
have
those
guarantees
as
soon
as
you
include
a
plug-in
like
with
with
browserify
I'm,
taking
their
like
their
kernel
like
their
finalization
process,
where
they
take
all
the
individual
modules
and
slap
them
together
with
this
kernel
and
I'm,
throwing
it
out
and
putting
in
my
own
thing
that
doesn't
a
very
different
way,
and
so
maybe
how
much
can
they
actually
guarantee
these
things?
It's
another
problem.
D
B
B
A
C
A
If
the
things
that
you're
linking
together
that
need
to
coexist
within
one
root
realm,
don't
need
distinct,
global
variables,
then
just
doing
a
realm
value
ache
is
fine
too,
to
bring
them
to
cause
them
to
coexisting
just
directly
in
the
root
realm.
However,
for
authority
aware
code
for
the
browser
I
imagine
that
they
are
using
global
variables
and
that
your
analysis.
A
B
Well,
yeah
I'm
not
doing
I'm,
doing
platform,
API
s
and
then
I'm
ignoring
other
Global's,
which
is
maybe
a
mistake.
I
found
a
lot
of
modules
that
accidentally
set
Global's,
like
particularly
bad,
is
in
for
statements.
People
don't
like
put
a
let
before
their
index.
They
just
do
index
equal.
That's
a
lot
so
I,
just
kind
of
said,
ignoring
this
and
just
only
to
platform.
Api
is
from
a
list
of
platform.
Epa's,
okay,.
A
So
the
plants
will
talk
about
platform
API.
This
is
where
this
comes
up.
Let's
say
that
you've
got
package
X
that
uses
document
and
package
wise.
It
does
not
use
document,
but
X&Y
really
should
just
be
linked
together
within
the
same
root
realm,
so
that
there's
no
identity,
discontinuity
between
them
and
in
general
compartments
are
much
much
much
lighter
weight
than
root
realms.
A
So
if
there's
no
reason
why
they
would
need
to
be
in
separate
Luke
realms,
they
should
they
should
be
in
just
separate
compartments,
but
in
order
to
give
one
a
global
object
that
has
document
on
it
and
give
the
other
one
a
global
object
that
does
not
have
document
on
it
now.
The
natural
way
to
do
that
would
be
separate
compartments.
B
A
If
you're
doing
a
so
each
realm
instance
object
has
its
own
dot
evaluate,
so
we
need
to
create
a
root
room.
You
get
a
realm
instance
object
and
doing
a
dot
evaluate
on
that.
Does
it
evaluates
it
directly
in
the
root
realm
in
the
global
scope
that
comes
with
the
root
realm
within
the
root
realm?
If
you
do
a
capital
realm,
the
realm
class
capital
realm
dot
make
compartment.
B
Okay,
I
think
you're
interesting,
but
the
so
it
sounds
like
the
main
difference
between
running
in
realm,
of
evaluate
and
running
in
a
round
container
is
the
global
reference.
However,
in
in
my
case,
the
third
party
code
is
always
wrapped
in
a
function,
and
so
it
never
gets
a
reference
to
the
global
anyway.
A
A
You
very
much
yeah
for
code
that
assumes
that
the
primordial
Tsar
mutable,
giving
them
their
own
separate
mutable
root
realms
so
that
they
only
foul
their
own
nest.
That
that's
good
I
mean
does
does
give
you
the
potential
issue
of
identity.
Discontinuity,
if
you're
aware
of
already-
and
it
sounds
like
you've
already
empirically
found
that
just
not
to
be
as
much
of
a
problem
as
I
would
have
expected.
A
B
Guess
there's
some
other
things
where,
like
you
know,
if
those
objects
that
are
you
have
on
there,
that
you
on
your
exports,
I
mean
then
they
still
are
gonna
expose,
like
you
know,
basically
the
function
constructor
and
then
you
could
eval
in
their
realm
or
something
so
maybe
we'd
want
to
like
freeze
after
evaluation.
It's
like
let
them
define.
A
A
Or
act,
and
it
might
even
work
just
to
make
a
well
there's,
there's
a
bunch
of
safety
things
that
we
do
on
top
of
realm.
That
SES
does
which
you
probably
still
need,
but
in
a
case
one
of
the
things
even
at
the
realm
level,
even
ignoring
the
SES
level,
is
we
already
make
it
the
case
that
the
function
constructor
that
you
can
obtain
by
navigation
doesn't
do
anything
when
I
say
obtained
by
navigation?
What
I
mean
is
from
any
function.
A
So
that's
the
function,
constructor
you
can
obtain
by
navigation
and
inside
the
anything
that's
created
using
the
realm
shim
that
function
constructor
when
invoked
simply
always
throws
an
error
that
one
will
never
evaluate
anything
separately
on
each
global
object.
The
global
object
that
comes
with
the
root
realm,
as
well
as
the
global
object
that
comes
with
each
compartment,
each
one
of
those
has
its
own
function,
constructor
that
yet
that
still
constrains
the
code
to
SES
will.
So.
None
of
this
allows
you
to
escape
SES
constraints,
but
each
of
those
function
constructors
does.
A
A
So
it
should
be
the
case
that,
as
you
give,
as
you
know,
as
as
modules
defined
in
different
root,
realms
as
well
as
different
compartments
within
the
family,
drum
in
both
cases,
as
long
as
all
of
its
running
under
the
realm
Shen
or
better,
the
SEM
in
either
case
as
they
export
and
import
things
to
each
other.
As
long
as
they
don't
export
the
function,
constructor
directly
or
the
eval
function
directly
or
the
global
object
directly,
it
should
be
impossible
to
obtain
them
by
navigation
from
from
something
that
was
innocently
exported.
A
C
A
To
right
so
I'm
going
to
be
at
the
full
echo
script
meeting
I'm
currently
scheduled
to
come
in
on
the
Monday
before
the
meeting,
but
there's
other
potential
meetings
that
might
have
in
Seattle.
That
might
cause
me
to
come
into
town
earlier
or
to
leave
later
that
hasn't
been
determined
yet,
but
I'll
at
least
be
there
for
Monday
Tuesday,
Wednesday,
Thursday,
okay,.
B
A
A
B
F
So
other
stuff
going
on
I
did
end
up
opening
that
PR
I
talked
about
before
I
left.
Her
leave
a
note
about
data,
URLs
I,
don't
know
if
anybody
cares,
but
data
URLs
in
particular
are
affordable
and
shared
across
all
sorts
of
things
according
to
their
scheme.
So
if
you
care
about
it
or
have
concerns,
let
me
know
in
particular:
you
can
roughly
use
them
to
create
global
State.
F
F
F
The
require
system
is
fairly
closely
tied
to
its
cache
and
also
to
being
on
the
file
system.
It
just
doesn't
make
sense
there.
We
do
have
a
mind
for
common
jeaious.
We
have
not
included
it.
We
also
have
a
mind
for
C++
modules.
Those
are
also
not
included,
and
this
because
for
C++
modules,
much
like
CGS,
they
expect
to
be
run
on
a
file.
There's
an
operating
system
call
to
load
them
called
deal
open,
which
does
not
work
out
of
memory
directly
yeah.
D
F
F
F
G
G
G
The
main
thing
about
it
expanding
is
that
we
want
to
be
able
to
run
these
synchronous
operations
on
promises.
That
is
more
than
just
pulling
out
the
value
with
a
bank
lots
or
getting
the
results
of
a
rejection,
but
with
a
catch
or
finally,
so
the
in
fix,
Bank
syntax
is
essentially
a
combination
between
dot
and
pipe.
So
you
can
say
with
this
one
on
line
number
one
after
the
promise.
G
X
results
run
the
function
P
with
arguments,
X
why's
that
exciting
cute
on
the
result,
so
the
translation
and
the
right-hand
side
for
all
of
in
fix
bang.
We
first
promise
resolved
resolved
X,
so
this
works
for
anything.
That
is
not
a
promise
as
well,
and
then
we
run
dot
host
for
actually
sending
a
function,
call
to
it,
and
this
all
depends
on
the
extended
promise
semantics,
where
I,
regular
promise
object,
is
ignited
with
prototype
methods
for
post
and
get
it
quite
into
leads
and
stuff
like
that.
C
G
So
that's
what
this
syntax
looks
like
and
behind
the
scenes
this
is
handled
in
much
the
same
way
that
it
would
be
synchronously
unless
you
make
a
so
called
a
handled
promise
and
the
handle
promise
has
hooks
that
it
can
implement
to
trap
these
things.
So
I'll
show
I
try
to
be
guided
by
what
the
question
is.
Our
first
of
all,
so.
C
G
G
G
This
is
color
relay
right
now
used
to
be
called
relays,
but
we
change
the
name
to
handlers,
so
essentially
make
a
handle
promise
and
it
gets
a
resolve
and
reject
first
argument:
executors-
and
you
can
say
yours
off
to
an
object
that
is
mapped
to
a
given
handler.
So
the
relay
is
there.
So
when
this
promise
is
resolved,
it
returns
whatever.
You
mapped
to
the
first
argument,
just
like
a
regular
promise
would.
D
G
D
G
We
can
do
that
in
a
second,
so
with
the
remote
promise
or
a
handle
promise,
we
can
run
post
on
it
and
basically,
that
dispatches
handler
that
has
a
post
method
that
gets
three
resolved
value
and
then
the
key
then
we're
trying
to
invoke
in
the
arguments.
So
in
this
case
we
actually
return
stuff
based
on
another
object.
C
So
the
demo
is,
you
know
this
is
a
very
simple
demo.
Inspired
by
a
thing
called
the
million
dollar
homepage,
where
you
could,
you
could
basically
pay
for
coloring
a
pixel
on
a
page
and
it
went
to
charity
or
something
like
that,
and
so
people
would
bid
to
get
interesting
pictures
happen
in
our
system.
This
is
smart
contracts
on
a
blockchain.
There
are
individual
digital
rights
to
color
a
pixel
and
those
are
ones
rights
that
you
can
buy
and
trade
or
make
covered
calls
on,
or
what
have
you
and
so
the
mechanism?
C
So
there
is
a
home
which
is
a
local
directory.
What
happens
here
is
I
have
a
rebel
here.
That
is
the
in
my
browser.
I
have
a
rebel
where
I'm
sending
JavaScript
it's
run
over
here
in
a
compartment
that
has
a
remote
reference
from
my
playground
over
to
objects
in
the
oh
I
have
a
different,
slightly
improved
home.
A
C
That
will
return
me
I
immediately
get
a
promise
and
then
it
resolved
to
a
remote
presence
where
a
presence
this
is
a
familiar
term
to
chip
is,
is
if
the
the
real
object
is
over
here.
That
represents
the
right
to
change
the
color
of
a
pixel.
The
presence
is
an
object
over
here
in
the
eyes,
and
the
presence
is
an
object
in
another
VAT.
C
G
C
So,
conceptually
more
simply
a
presence
represents
the
local
object,
that
is
the
resolved
reference
to
a
remote
object,
and-
and
so
it's,
if
you
did
a
then
on
a
promise
that
only
has
a
remote
object
by
today.
If
I
did
a
you
know
conceptually,
this
object
is
pointing
at
that.
This
has
a
pointer
to
that
object.
C
If
I
did
then
on
the
promise,
for
that
what
I
get
is
a
presence
running
over
on
the
Left
machine,
and
so
that
is
implemented
by
this
handler
mechanism,
where
it
does,
the
promised
out
resolve
of
the
presence,
gets
a
promise
and
the
Handler
on
that
promise
is
the
remote
reference
mechanics
so
now
here?
If
I
do
a
quick,
can
we
finish
my
demo
just
so
you
can
see
it
so
I
grab
and
for
historical
reasons.
C
C
C
Tap,
faucet,
bang
I
think
it's
get
balance
maybe,
and
that
was
the
balance,
which
is
a
balance.
It
says,
I'm,
pixel
and
1.1.2
went
one
by
two,
so
that's
it
fairly
simple,
but
it
means
that
it's
easy
to
do
remote
reference
stuff
right,
I
can
just
do
async
messages,
and
these
were
this
was
code
that
was
sent
to
one
VAT
and
then
async
messages
from
one
machine
to
another
machine.
C
E
C
It
is
I've,
got
a
proxy
to
the
road
object
there,
a
promise
for
the
remote
object
and
I.
Do
it
then,
on
that,
what's
the
argument?
What's
the
result
that
you
think
gets
passed
into
the
then,
which
is
something
that's
always
been
annoying
in
the
in
II
and
in
promise
systems?
And
the
answer
is
it's
the
presence
for
that
object
on
this
machine
right?
Okay
and
it
has
identity,
yeah.
G
G
G
C
C
C
And
that
should
work
and,
of
course,
return
to
me
a
promise
that
then
resolves
to
food
up
bar
and
my
command
line
here.
I,
don't
know
if
you
could
see
the
flicker
of
it
is
that
it
it,
as
you
can
see
in
some
of
these
other
things,
it
turns
into
a
promise
and
then
turns
into
the
resolved
value
of
the
process.
That's
just
a
property,
the
command
line
that
does
event
on
the
resulting
promise.
So
that's
you.
G
Could
also
do
food
bank
and
cat
bar
dot,
then
yes,
and
then
just
return
this
again
sure
that's
the
same
kind
of
thing,
so
just
I'm
just
reading
that
when
she
hit
bang,
then
you're
in
the
front
world
of
promises.
So
where
this,
where
this
matters
for
each
distribution
model,
is
you
can't
do
anything
that
blocks
the
system
way
to
use
back.
E
G
G
G
Okay,
so
a
transform
is
basically
something
that
can
run
on
the
evaluated
strings
before
they
get
passed
all
the
way
to
the
evaluator
right.
So
the
bank
transformer,
for
example,
contains
a
parse
method
in
the
generated
method
and
basically
there's
a
babel,
transform
that
first
parses
these
strings
to
evaluate
and
then
generates
new
source
strings
from
it
and
that's,
what's
actually
passed
the
realm
to
evaluate
so
with
the
appropriate
shims
for
the
for
the
extended
promised
semantics.
E
Mechanics
is
perhaps
the
wrong
word,
but
I
looked
at
Babel
once
upon
a
time
as
oh
here's,
what
exactly
what
we
need
to
experiment
with
infix
bang
and
the
way
they've
packaged
it
strongly
inhibits
developers
from
just
adding
new
transformations
yeah.
Obviously,
there's
a
way
to
do
that,
because
you
did
it.
G
G
B
I'm,
sorry,
it's
going
back
a
little
bit
to
that.
The
babble
jsni
Oh
ripple
yeah
an
example.
I
was
just
wondering
with
that.
The
post
get
put
delete
or.
G
C
G
G
G
G
So
the
the
canonical
representation
for
that
is
down
here,
where
we
have
forwarders,
so
this
forwarding
handler
basically
says
if
there's,
if
there's
a
affording,
if
there's
a
handler
for
this
particular
operation
on
handlers,
then
use
it
otherwise
fall
back
to
the
circle
notation
so
get
is
the
canonical
implementation
is
with
oh
and
key.
You
take
the
key
property
of
the
object.
What
is
the
key
property
of
signs
of
value?
The
meat
is
just
deleting
the
key.
The
post
is
calling
either
undefined
key
cause.
You
the
function
directly
or
else
calls
the
member
so.
B
D
G
G
C
E
E
E
E
C
G
G
E
B
One
thing
so
I'm
sort
of
a
little
further
out
from
this
Intex
up
I'm,
not
that
familiar
with
it,
and
so
this
is
you're
kind
of
showing
that
you're
in
Babel
example
kind
of
showing
that
your
syntax
works,
then
that
your
Babel
plug-in
works,
but
the
if
this
is
not
super
clear
as
why
I
would
want
this
or
it
doesn't
approximate
and
say
like
a
real
world
example.
Yeah.
G
C
C
G
E
G
E
D
Mike
one
minute
or
two
minutes
after
the
recording
just
to
bounce
the
idea
and
see
if
it
bounces
or
a
doesn't
and
this
way,
but
then
stop
nagging
it.
Everyone
knows
absolutely
that's
good.
Alright,
I'm
gonna
stop
the
recording
sure
alright
in
case
I'm
insane.
Well,
we
all.