►
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
In
particular.
What
we've
been
talking
about
with
safe
modules
and
what
we've
been
doing
to
the
Global's
is
essentially
not
exactly
censorship
but
removing
access
to
powerful
bindings
directly,
unfortunately,
for
the
backwards
compatibility
of
node
and
some
fairly
large
ecosystem
usage,
we
have
a
set
of
binding
to
expose
through
a
single
way
of
obtaining
them,
which
is
a
this
powerful
API
called
process.
Stop
binding
and
node
I,
don't
know
I.
A
A
A
A
A
We
need
to
at
least
a
node
figure
out
a
way
to
configure
this,
such
that
this
API
still
exists,
but
we
limit
the
parameters
that
can
accept.
We
haven't
really
talked
about
this
before
in
the
group,
except
through
membranes
and
last
I
talked
about
it
with
membranes.
It
seems
like
membranes
might
be
overkill,
so.
B
A
A
B
A
A
good
example
of
this
is
getting
direct
access
to
a
socket
on
the
network,
so
the
wrappers
provided
by
these
bindings
allow
you
to
directly
manipulate
file
descriptors.
Obtaining
access
to
a
file
descriptor,
for
example,
on
a
running
HTTP
connection,
could
allow
you
to
essentially
inject
things
not
visible
to
other
JavaScript
instrumentation
through
it.
We
don't
want
to
allow
that.
So,
if
you
had
access
to
let's
say
file,
descriptor
number
eight
was
a
HTTP
connection
and
you
started
to
write
things
to
it
to
the
remote
server.
A
A
Have
a
different
set
of
permissions
from
for
when
a
user
obtains
the
binding
versus
when
nodes
core
obtains
the
binding,
so
we
want
nodes
core
to
be
able
to
write
to
it,
but
we
don't
want
a
user
who
obtained
a
binding
created
by
nodes
core
to
have
permission
to
do
things
with
it.
It
should
still
be
able
to
see
the
wrapped
value
because
those
are
passed
around
that
makes
sense.
C
A
B
Good
that
that'd,
that
addresses
a
lot
of
my
other
questions
as
well,
so
good
so
can
one
so
that
that
object
can
one
create
something
that
seems
to
be
a
file
descriptor
associated
with
you
know
the
the
file
descriptor
index
number
nine
such
that
when
node
code
says
I,
want
to
write
to
file
descriptor
index
number
nine.
Instead,
it's
writing
to
would
the
methods
of
the
object
that
the
user
created.
A
B
So
I'm
thinking
of
this
as
confused
deputy,
so
much
as
just
virtualization,
the
you
know,
in
an
object
capability,
oriented
api
to
the
file
system,
which,
for
example,
I
did
in
the
new
language
is
actually
starting
from
the
java
language.
The
java
dot
io,
which
isn't
that
far
off
the
java
io
file
object,
is
a
reification
of
the
ability
to
open
a
particular
file
and
then
there's
a
Open
File
object,
which
is
the
reification
of
what
it
means
to
talk
to
an
open
file.
B
But
the
open
file
object
is
a
implements
the
stream
interface,
which
you're
free
to
implementing
user
land,
so
any
place
where
somebody
would
be
holding
an
object.
That
represents
an
open
file
descriptor.
They
can
instead
be
given
a
stream
created
in
user
land
and
it
all
looks
pretty
much
the
same
to
that.
B
What
I'm
looking
for
is
a
way
to
achieve
the
same
kind
of
virtual
eyes,
ability
for
these
open
file
descriptors
so
that
it's
not
so
that
the
number
does
not
is
is
not,
as
as
seen
by
controlled
code
that
the
that
that
the
number
space
that
it
sees
is
not
a
number
space.
That's
necessarily
tied
to
actual
files.
It
can
just
be
number
space,
that's
tied
to
whatever
virtual
files.
The
the
controlling
code
sets
up
for
the
control
code,
I.
A
A
A
It
wouldn't
be
super
cheap,
since
we'd
have
to
do
it
on
every
file
operation,
but
it
seems
possible
I
think
if,
if
that's
the
only
obvious
solution,
we
could
for
a
direct
native
code,
execution,
I,
don't
I,
don't
think
we
really
have
a
solution.
So
maybe
we'll
just
leave
that
as
out
of
scope.
Well,
maybe
I'll
take
that
approach
and
look
at
what
the
performance
implication
is
there
we've
been
having
some
performance
pushback
like
I've,
said
previously
again,
some
of
the
stuff
we've
done
so.
B
The
perform
but
I'm
a
little
confused
as
to
why
there
would
be
a
performance
cost
the
it
would
seem
like
the
oh,
the
the
worst
case
difference
between
this
and
what
you're
doing
now
should
be
the
equivalent
of
an
extra
v
table,
lookup
that,
if
you're,
if
the
thing
that
you're
talking
to
I,
mean
if
the
thing
that
you're,
if
the
object-
that's
that's
associated
with
the
number
is
through
the
given
API,
is
a
primitive
file.
Then
it
directly
goes
and
does
the
primitive
operations.
B
A
B
A
C
A
A
We've
used
them
for
a
while,
but
hasn't
been
strong
enough
incentive,
but
we
had
evidence
that
browsers
were
wishing
to
use
them,
and
that
was
enough
for
at
least
a
frozen
okay.
Okay,
so
that's
one!
The
other
is
the
optimization
passes
for
their
just-in-time
compilation
did
not
allow
mixing
of
operations
and
higher-order
functions
during
an
optimization.
A
So
there
was
a
barrier
where,
if
you
performed
a
JavaScript
operation
such
as
addition
and
you
had
a
higher-order
function
as
well,
even
if
the
higher-order
function
get
completely
optimized
out
to
a
constant
value
by
nature
of
it
being
in
a
different
optimizer.
The
addition
could
never
be
optimized,
and
this
actually
was
very
strange
to
encounter.
A
It
made
a
node
very
much
slower
on
starting
up,
because
we
were
performing
a
computed
property
access
on
a
string
which
should
give
us
a
character,
but
instead
it
would
D
optimize
and
do
a
full
code
stub,
which
was
unfortunate.
The
PR
we
had
out
for
that
was
around
a
20%
loss
on
startup
time
because
of
using
the
saved
intrinsic
require
of
a
string
prototype
car
code.
App
would
require
us
to
wrap
it
with
a
reflect
reflect
turn
this
made
is
the
higher-order
function
pass
instead
of
the
full
pass
for
operations
now.
B
A
A
B
But
I'm
confused
about
this
one,
because,
if
you're
operating
with
frozen
primordial,
then
the
need
to
do
this
ahead
of
time
sampling
and
on
current
and
currying
is
vastly
reduced
the
its
own,
because
you're
no
longer
worried
about
the
primordial
is
being
corrupted
after
initialization.
So
this
should
reduce
the
need
to
do
on
carrying
not
increase
it.
A
A
B
A
We
were
wrapping
things
and
a
little
bit
different,
but
same
idea
where
we
were
generating
these
higher-order
functions.
We
would
actually
get
a
different
ID
for
the
function
whenever
we
wrap
it
in
any
sort
of
way
such
as
trying
to
limit
it
or
do
anything
not
just
uncaring
this,
and
that
would
bail
out
v---aids
optimizer
when
it
came
to
low-level
optimizations.
So.
B
Ses
we
found
that
there
is
a
very
few
of
the
primordial
x'
that
need
to
be
replaced
to
create
a
SES,
safe
environment.
That
most
of
the
work
is
I
mean
you
have
to
replace
the
evaluators.
Of
course,
then
the
function
constructor
and
the
eval
function.
There's
the
the
you
know.
The
old
date
got
now
issue
in
math
dot
random,
but
by
far
for
the
most
part
o
we
do,
is
we
just
freeze
the
primordial
as
themselves
without
wrapping
it?
So
why
are
you
doing
a
sinful
amount
of
wrapping.
A
C
A
We
provided
that
with
async
functions
and
then
Abel's
wealth
not
been
able.
So
that's
a
longer
story
to
her
mechanism
called
async
cooks.
Racing
cooks
essentially
required
us
to
start
tracking
a
bunch
of
stuff,
so
we
installed
handlers
trying
to
detect
if
a
exception
was
handled
or
if
a
promise
was
about
to
be
dropped
or
promised.
Jane
was
about
to
be
dropped,
so
we
just
ended
up
having
to
wrap
it.
Given
the
api's,
I
am
NOT
talking
about
me
personally,
making
any
of
these
choices
that
just
kind
of
how
things
are
currently
either
way.
A
A
B
A
A
B
A
Apparently
so
currently,
if,
if
trusted
code
runs-
and
it
sets
up
a
long-running
asynchronous
task,
okay,
multiple
awaits
does
something:
okay
and
then
untrusted
code
runs
afterwards.
Okay,
if
you
hook
into
async
hooks,
you
can
obtain
data
about
what
the
trusted
code
is
doing.
I
say
even
manipulate
it
to
a
small
extent.
Actually,
we,
at
least
for
policies,
would
like
to
prevent
that
and
doing
so
increases
the
difficulty
in
getting
rid
of
this
performance
problem
got
it.
B
B
A
C
B
A
A
B
A
B
A
D
D
D
This
is
where
we
landed
on,
because
we
use
large
AWS
lambda
and
we
do
a
lot
of
building
Java
gonna.
Take
the
question
sort
of
naturally
led
to
hey
what
about
all
the
packages
that
we
run
in
lambda.
What
about?
Where
did
that
package
tries
to
run
a
function
that
we
don't
want
exposed?
What
options
do
we
have?
And
so
you
know
sort
of
this
is
sort
of
setting
the
stage
for
like
our
general
problem
statement,
and
then
we
also
thought
about
node
in
a
code,
exfiltration
data
exfiltration.
D
So
of
course
the
problem.
Three
all
code
injection
is
a
is
a
very
real
problem,
and
so
what
we
did
was
before
we
we
went
after
this.
We
actually
have
a
fully
and
then,
of
course,
customers
keep
telling
us
that
they
worry
about
this.
So
we
sort
of
tried
to
look
at
you
know.
What's
the
problem
right,
we
constantly
keep
having
to
do
wrong
code
versus
write
code,
trusted
code
versus
are
interested
code,
but
trusted
code
can
have
mistakes,
and
you
know
you
can
just
sort
of
untrust.
D
You
know
even
that
can
sort
of
obfuscate.
You
can
have
a
Trojan
horse
that
can
generate
random
keywords
at
runtime
and
then
go
call
functions
and
you
have
known,
and
so
we
we
kind
of.
First,
we
looked
at
like
hey
where,
where
can
we
sort
of
prove
this
out,
that
it
works
and
that
it
up
there
just
legitimate?
D
Not
quite
grammar
yet
so
we're
not
reordering
up
statements
and
then
we
sort
of
take
a
complete
version
of
code
which
is
given
to
us
before
it
starts,
and
then
we
scramble
all
of
that
to
the
new
language
and
then
we
run
it.
And
so
what
that
tends
to
do
is
if
you
had
an
unguarded
eval.
If
you
had
URL
parameters
that
get
PHP,
does
this
all
the
time?
D
By
the
way
they
will
resolve
a
URL
parameter
by
literally
evolving
it
and
then
getting
us
a
session
variable
and
and
so
what
happens
is
instead,
you
know
or
or
you
can
just
construct
a
string
on
the
fly
which
you
can't
catch
in
the
reg
access.
But
then,
when
you
know,
then
it's
eval,
because
you
can
kind
of
store
it
as
a
hex,
encoding
or
whatever,
and
so
what
we
did
was
we.
D
D
I
was
relying
on
like
a
fixed
set
of
symbols
to
go
after
it.
It
just
rips
over
and
you
Marley
stop
it,
but
you
detected
in
the
log
files,
and
so
that
is
what
we're
actually
going
after
for
JavaScript
right
now,
and
so
we're
we're
kind
of
trying
to
make
modifications
to
v8
where
this
is
all
sort
of
very
random,
very
early-stage
experimental.
D
But
the
idea
is
to
have
you
know
inside
v8
sort
of
change,
the
change,
the
fundamental
key
words
or
symbols,
which
allows
an
attacker
to
generate
a
language,
but
it
all
parts
us
into
the
same
ast,
and
so
you
don't
lose
semantic
meaning
and
then
transform
a
complete
closure
of
source
code
into
this
new
language.
And
in
that
context,
that
context
only
speaks
language
X.
And
what
that
tends
to
do
is
if
you
have
Trojan
horses.
If
you
have
evasive.
D
B
D
B
D
See
and
so
then,
that
eval
won't
be
able
to
reach
out
of
objects
or
do
anything
right,
I
see
yeah.
So
that's
definitely
why
we're
presenting
here
is.
We
didn't
know
about
suss,
okay,
and
so
we
were.
We
were
approaching
it
from
this
other
angle,
yeah
and
so
we're
looking
into
that
as
well.
By
the
way,
okay.
B
Let
me
let
me
try
out
an
attack
on
this
that
occurs
to
me
and
see
if
the
attack
works,
so
the
your
you're
doing
once
once
you've
generated
the
substitution
table,
you're
reusing
it
over
a
good
body
of
code,
yep,
okay.
So
if
I
as
the
attacker
code
can
obtain,
let's
say
a
trusted
function,
I'm,
sorry
who,
which,
which
code
are
you
trying
are
you?
Are
you
subjecting
this
objecting
the
trusted
code
to
this
and
not
or
you're
subjecting
the
untrusted
code
to
this.
D
We
will
be
substituting
actually
both
types
of
code,
but
it
would
be
sanctioned
or
unsanctioned
code
really
and
so,
like
both
pieces
of
code
gets
substituted
and
then
the
function
gets
forgotten,
and
so
this
really
really
I
tends
to
make
sense
in
terms
of
lambdas
like
functions
as
a
service,
more
so
than
node,
where
you
might
need
a
legitimate
use
of
eval.
But
we
are
looking
at
like
yeah.
B
B
D
Yes,
you
can,
and
so
that's
that's
absolutely
true.
What
we
do
as
well
ad
is
we're
also
adding
symbol
scrambling.
So
if
that
code
was
still
symbolic
symbolically
executed,
it
would
break
right
because
you
could
just
do
function
call
and
that
would
get
transformed
safely
if
you
can
call
by
name,
but
if
you
are
sort
of
eval
out-of-band.
D
A
B
What
they're
trying
to
do
is
code
obfuscation,
so
that
you
can
deliver
code
to
a
browser
that
actually
runs
according
to
the
semantics
of
the
original
program,
but
for
which
somebody
looking
at
what's
delivered
to
the
browser
cannot
figure
out
what
the
original
program
is
or
cannot.
You
basically
cannot
reverse
engineer
the
logic
of
the
original
program
and
I've
always
thought
that
was
impossible.
Shape
security
has
a
very,
very
nice
paper
on
a
double
meta
interpretation
approach,
where
they
scramble
at
two
levels
and
then
they
analyze
the
difficulty
of
reverse
engineering.
B
C
D
B
Good,
thank
you.
Oh
and
you
should
also
I,
have
a
presentation
on
the
8:00
magic
lines
of
code,
which
is
the
core
mechanism.
Obsess
kriti
is
the
actual
creator
of
the
eight
magic
lines,
the
inventor
of
the
eight
magic
wands,
but
I
did
a
YouTube
presentation
which
I'll
find
them
and
send
to
you,
oh
cool.
Thank
you
that
that's
really
kind
of
explains
how
it
is
that
the
session
can
create
safe
evaluation
garden.
B
E
So
yeah
I
was
just
pushing
so
I'm
trying
to
recognize
myself
now
and
you
know:
I'll
keep
my
money
a
script
as
much
as
possible.
Okay,
so
I'm
gonna
share
my
screen.
If
you
know,
if
you
guys
don't
mind,
I
want
to
quickly
just
update
on
tokenizer
related
things,
and
hopefully
it's
already
alive.
I'm
gonna
share
in
a
second.
E
E
So
yeah
I'm
gonna
start
with
so
so.
I
made
a
like
a
little
set
of
links.
I
just
wanted
to
give
a
quick
update
on
where
the
mark-up
efforts
were
last.
You
know,
I
had
last
reached.
I
haven't
really
been
working
on
this
since
August,
but
you
know
not
working
is
like
working
but
not
really
pushing
any
particular
major
changes.
E
So
the
the
repo
is
still
where
it
is
like
it's
I'm,
considering
this
like
the
big
experiment,
so
I'm
just
gonna,
keep
you
know
adding
to
it
and
I'm,
starting
now
to
actually
realize
the
importance
of
documentation,
and
you
know
updating
documents
to
make
sure
they
reflect
things.
It's
the
same
documentation
here
and
I
basically
think
that
anyone
interested
should
just
work.
The
more
recent
documents
here
this
was
I
believe
you
know
I
made
around
May,
where
we
kind
of
wrapped
some
ideas,
like
the
ones
that
ten
dozen
came
up
with.
E
E
E
E
When
we're
pressing
action
scripts,
you
know
we
have
this
approach,
that
we
want
to
make
sure
we're
in
a
loop,
because
that
allows
us
to
put
a
lot
of
logic
and
make
sure
we're.
You
know
changing
the
nature
of
how
we're
pressing
the
next
token.
Or
you
know
there
are
a
lot
of
ways
that
people
try
to
imagine
that
the
next
thing
is
a
regular
expression
and
the
spec
says
that
this
is
absolutely
not
how
a
regular
expression
happens,
and
you
know
the
best
reference
on.
E
You
know
how
to
go
about,
knowing
where
a
regular
expression
should
be.
The
next
thing,
without
even
looking,
except
for
the
slash,
was
the
work
by
Tim
Disney.
His
work,
like
he
focused
about
when
he
post
on
other
aspects,
not
just
how
we
can
safely
parse
JavaScript.
So
so
his
work
was
a
little
bit
hard
to.
You
know,
wrap
her
head
around,
and
so
so
we
tried
to
come
up
with
a
way
to
describe
the
language
and
be
able
to
call
the
solidus
a
regular
expression
and,
as
it
turns
out,
if
it
occurs
solid.
E
E
Yeah,
so
you
know
the
the
summary
of
things
is
that
the
spec
says
if
it's
in
the
beginning
of
an
expression
like
in
math,
you
cannot
divide
in
the
beginning
of
formula.
So
if
it's
in
the
beginning
of
an
expression,
it
cannot
be
a
division
son
if
it's
following
something
and
that
thing
can
be
a
function
object
under
particular
conditions.
If
it's
a
continuation
of
that
expression
without
you
know,
thinking
thinking
about
the
asi
rules
and
everything,
then
if
it's
a
continuation,
it's
a
division.
If
it's
not,
then
it
has
to
be
a
regular
expression.
E
So
you
know
his
way
of
approaching
it
was
eye-opening.
He
said
that
when
you
start
a
curly
or
a
round
bracket,
ACMA
script
or
or
regular
expression,
regardless
of
the
goal,
whatever
whatever
happens
between
the
open
and
the
close
curly
is
kind
of
like
you
could
look
at
it
as
token,
so
we
thought
okay.
This
is
like
a
fat
token
and
since
then
you
know
building
on
his
ideas.
We
thought
okay.
E
So
it's
it's
funny,
because,
if
you're
writing
an
expression
in
your
racket
in
parentheses,
you
can
do
endless
wrapping
and
it's
still
the
same.
So
all
you
want
to
know
is
whether
or
not
you're
in
the
beginning
of
a
employed,
parentheses
or
you
are
within
an
implied
curve
or
a
literal
curve,
and
this
really
breaks
breaks
the
language
down
nicely
that
if
you
want
to
make
code
more
verbose,
you
could
use
a
parce.
That
knows
exactly
that.
E
You
imply
an
expression
or
you
imply
statement,
and
you
could
theoretically
just
wrap
them
accordingly,
but
you
don't
have
to
but
I
mean
if
you
do,
that
it
becomes
unavailable.
So
so
this
was
just
you
know
how
we
can
look
at
do
we
know
that
we're
purchasing
the
right
thing,
but
how
do
you
actually
go
about
tokenizing
efficiently
to
be
able
to
do
that
at
runtime,
and
the
idea
of
constructs
alone
is
not
necessarily
there.
E
So
that's
the
other
thing,
that's
the
articulated
person
and
how
you
can
start
to
actually
make
your
code
more
verbose
ahead
of
time
and
so
at
runtime.
If
you
need
to
do
any
kind
of
code,
manipulation
you're
working
with
code,
that
is
verbose
enough,
so
that
it's
easily
parsed
and
safely
manipulated.
E
E
You
know
older
stuff,
I
think
under
drats,
but
there's
the
playgrounds,
and
since
this
is
an
experiment,
there
are
so
many
different
implementations
that
I
worked
on
at
different
times
and
it's
not
just
for
acne
spread
like
it
was
initially
for
the
web
trifecta
to
be
able
to
safely
do
certain.
You
know
server
lists
and
at
that
point
I
wanted
to
purse.
E
You
know-
and
we
can
say
this
is
a
CSS
file
and
obviously
it's
going
to
be
like
no,
it's
not,
but
you
know
it
will
try.
So
so
you
know
this.
This
allows
people
to
try.
You
know
different
ways
of
parsing,
it's
really
a
developing
tool,
though
it's
what
I
use
when
I
develop
and
basically
what
I'm
doing
here
is
I'm
saying
that
this
project
is
out
there.
It's
open
source
work,
I
want
to
get
back
to
it.
I
would
love
that
people
have
interest
in.
E
B
C
C
C
What
I
could
see
is
that
there
might
be
an
intermediate
here.
Where
could
if
we
can
express
the
rules,
that
cell
is
coming
up
with
for
JavaScript
in
the
generator,
then
we
could
essentially
absorb
all
the
unnecessary
parts
of
the
parse
tree
without
having
to
go
through
the
work
of
creating
them,
and
that's
something.
I
would
like
to
try
once
we
have
a
something
working.
C
So
the
the
problem
with
the
quasi
parser
generator
and
said:
if
you
throw
a
lot
of
source
code
at
it,
okay,
it
does
have
to
do
a
lot
of
extra
JavaScript.
Javascript
work
that
would
ordinarily
just
be
done
by
the
evaluator
and
Babel
is
probably
the
even
worse
than
that
in
some
ways.
But
it's
been
optimized
more
mm-hmm,
so
yeah
it's
it
offers
us
another
way
of
doing
things.
I
say.
B
Could
you
foresee
the
the
separating
out
the
general
idea
for
the
kind
of
pressure
Saul
is
working
on
from
the
particular
grammar
that
Salah
is
parsing,
so
there's
a
question
to
both
Saleh
and
Michael
is?
Could
you
foresee
a
parser
generator
for
generating
the
kind
of
parser
that
Saleh
is
building
manually
here.
B
E
E
I'm,
actually
so
I
have
two
parts:
I
have
one
where
I
describe
our
goals
and
how
they
nest.
You
want
or
another.
Those
becomes
those-
and
you
know,
they're,
based
on
my
initial
design,
but
they
are
just
raw
here,
but
the
meat
of
the
purse
happens
with
a
you
know.
This
is
just
a
way
for
me
to
simplify,
because
this
is
a
big
expression,
I
wrapped
each
part
of
the
expression
into
an
error
function,
but
it
combines
together
in
one
regular
expression,
so
you
could
actually
see
that
expression
so.
B
E
Will
yeah
I
just
hope
it
doesn't
crash
on
us
what
happened
like
I
used
to
be
able
to
edit
that
yeah?
Thank
you
all
right.
Let's,
so
this
is
ACMA
script
most
of
it
not
not
strings,
and
you
know
what
happens
in
between
those
are
like
smaller
expressions
like
the
one
over
here
that
get
called
in
the
right
context,
but
yeah,
that's
mainly
higher
level
atmospheric.
E
B
And
since
so
interesting
thing
is
in
general,
when
we
have
pressure
generators
as
the
only
expression
of
a
language
grammar,
the
painful
issue
that
always
comes
up,
that's
always
kind
of
neglected
too
late
in
the
parser
generator
design
and
certainly
I
had
neglected
it.
The
original
posit,
quasi
parser
generator
is
error.
Messages
is
when
something
fails
to
parse
being
able
to
give
a
sensible
diagnostic
to
the
programmers,
and
they
understand
what
the
problem
is
in
a
way
that
can
help
them
correct
it
in
the
in
the
case
of
what
you're
doing
with
JavaScript.
E
E
C
E
E
E
You
know
it
would
do
CSS,
but
I
stopped
putting
CSS
on
my
HTML
code
right
before
the
demo.
I
just
removed
everything.
For
some
reason
it
does
also
markdown
anything
yeah,
but
it
doesn't
like
give
you
a
a
SC.
The
whole
idea
here
is
that
it
just
gives
you
what
it
can
without
without
making
the
assumption
that
you
need
to
make
an
ast.