►
From YouTube: wasmCloud Community Meeting - 11 Jan 2023
Description
Welcome to the wasmCloud community meeting!
Today's Agenda: https://wasmcloud.com/community/2023/01/11/community-meeting
A
All
right,
everyone
welcome
to
the
wasmo
cloud
Wednesday
for
Wednesday,
January,
11th,
second
community
meeting
of
the
New
Year
woohoo,
and
we're
also
trying
out
kind
of
a
new
a
new
setup
so
that
we
can
get
these
recordings
onto
YouTube
quicker
and
into
our
community
page
so
that
they,
you
know,
are
a
little
bit
easier
to
find
and
for
people
to
catch
up.
If
they
end
up
missing
a
call
without
further
Ado,
let's
go
ahead
and
get
started.
We
have
a
few
things
on.
A
B
A
A
We
usually
like
to
start
off
things
with
a
demo,
and
today
we
have
kind
of
one
or
two
of
them,
but
the
first
one,
I'm
gonna
go
ahead
and
hand
it
over
to
Jordan
who's,
been
experimenting
with
a
waslam
cloud
host
written
in,
go
that's
running
on
top
of
the
waziro
run
time,
which,
if
you
haven't
heard
of
that
project
before
it's,
they
call
themselves
a
zero
dependency.
Webassembly
runtime
for
go
developers
won't
steal
any
more.
Your
thunder
Jordan
go
ahead
and
take
it
away.
C
A
C
A
C
C
C
Funnel
equals
true,
and
that's
really
all
we
want
to
show
if
you're
not
familiar
with
what
funnel
is
tell
scale.
You
know,
obviously,
is
a
VPN.
You
have
to
connect
to
your
VPN
and
you
can
access
all
your
nodes
in
there.
However,
they
have
found
a
way
to
allow
you
to
expose
nodes
in
your
VPN
to
the
internet,
which
is
kind
of
cool
as
long
as
they
have
this
I.
D
C
C
C
When
we
start
up
our
provider,
we
now
get
this
this
tag.
That
tells
tell
scale
to
expose
this
particular
node
right
here
to
the
Internet.
So
no
longer
no
longer
do
I
like
have
to
share,
like
you
see
me,
I've
shared
it
out
to
one
other
account
share
these
nodes
out,
like
anyone
can
hit
it,
which
is
pretty
cool,
now
caveat
I
am
using
a
beta
library
on
an
alpha
feature,
so
DNS
takes
forever
to
replicate
and
I
didn't.
I
only
started
this
a
little
while
ago
as
a
DNS.
C
It's
not
replicated
so
y'all
won't
be
able
to
hit
this.
However,
eventually,
when
DNS
replicates,
you
would
be
able
to,
but
a
few
of
the
things
I
wanted
to
show
off
was
for
free,
because
we
have
funnel
we'll
now
notice
that
we
do
have
our
little
green
lock
up
here.
So
the
funnel
Apple,
you
know
by
implementing
the
funnel
we
get
S
to
sell
for
free
and
that's
something
we
did
not
have
last
time.
C
C
You'll
notice
that
I
have
a
to-do
app
here.
It's
garbage!
Don't
worry
about
the
actual
front
end
because
I
wrote
it
but
you'll
see
we
have
buttons
and
these
buttons
don't
actually
do
anything
and
that's
because
we're
not
like
logged
in
here,
but
if
we
hover
over
logged
in
we'll
say,
you'll
see
access
via
telnet.
So
we
come
over
here.
C
We
turn
tell
scale
on
we
refresh
all
of
a
sudden
you'll
see
the
logins
gone,
all
the
buttons
now
work
and
by
way
of
traversing
scale,
tails
telnet
the
provider
is
able
to
pick
up
authentication
based
things
so
we'll
go
here,
we'll
we'll
we
can
add
to
do's
and
then
I
actually
have
there's
no
persistence.
So
if
I
reload
this,
it's
all
going
to
go
away,
but
just
for
the
sake
of
showing
off
that
this
isn't
hard-coded
I
have
a
second
account
and
tell
scale
if
we
connect
it
hit.
C
C
I
think
I,
don't
know
I'm
just
really
excited
about
this.
It's
a
lot
of
I've
had
a
lot.
We
have
a
Community
member
named
z,
who
works
at
tell
scale
and
is
actually
responsible
for
the
entire
library
that
I'm
using
tsnet
and
I
can't
take
them
enough
for
for
helping
me,
you
know
with
a
thousand
questions.
C
So
as
a
reminder,
funnel
is
Alpha
you
actually
it's
invitably,
but
if
you're
interested
I
have
invites
courtesy
of
z,
so
if
you
want
to
play
with
it
I'm
more
than
happy
to
to
give
it
to
you
and
the
library,
the
tsnet
library
this
is
using
is
beta.
So
it
breaks
a
lot.
However,
it's
fully
it's
it's
working
now
and
it's
pretty
great,
so
I'll
stop
there
and
see
if
there
are
any
questions.
A
C
Correct
so
this
is
pretty
much
if
I,
if
I
were
to
give
you
this
tsnet
thing
after
DNS
replicated
it
hasn't
yet
yeah
you'd
be
able
to
access
it
and
that's
the
whole
reason.
I
implemented
like
the
login
feature,
because
you'd
be
able
to
see
it,
but
you
would
not
be
able
to
do
anything
until
you
connected
to
your
telescale
Network
and
then
all
of
a
sudden
you'd
be
authenticated.
A
E
B
C
This
was
cool,
however,
it's
actually
you
that
motivated
me
to
do
this
watching
you
with
all
your
work
on
the
the
SSO
providers
that
you
have
been
doing.
I
was
like
well,
we
have
no
way
with
no
authentication
right
now
and
I
saw
this
and
I
just
wanted
it.
My
idea
is
I'll
put
an
app
out
there
and
if
you
want
to
use
it,
you
can
connect
through
telescale
I,
don't
know
I,
don't
really
have
a
good
use
case
for
it.
Yet
there's.
D
A
there's
a
phenomenal
use
case
for
this.
It
lets
you
take
any
device
on
any
Edge
or
any
cloud
and
publish
the
service
live
to
the
internet
securely
over
a
P2P
private
VPN.
That's
super
powerful.
You
know
one.
The
idea
that
you
can
just
hang
an
HTTP
endpoint
off
the
cloud
I
mean
there
could
be.
You
know
this
could
be
on
a
Raspberry
Pi,
which
is
what
these
are
right
here
running
and
you
could
launch
this
provider
and
now
that
device
is
connected
immediately
to
the
internet.
D
The
second
thing
is:
is
that
then
you
also
get
secure
authentication,
so
you
could
share
something
with
your
team
or
with
a
set
of
users
through
your
telescale
account,
but
that's
incredibly
powerful
and
the
fact
that
it's
completely
P2P
is
awesome.
So
I
think
that
there's
a
bunch
of
great
use
cases
for
this.
C
C
I
found,
as
Brooks
mentioned
earlier,
was
Roswell
wasro,
which
is
a
web
assembly
runtime
written
in
purego
without
using
seago
and
all
that
nonsense
and
the
reason
I
ran
with
it
is
because
on
their
page
they
make
a
promise
that
next
month,
they're
actually
going
100
GA.
So
that
excited
me,
so
I
started
working
on
it
a
little
while
Some
Cloud
host
and,
as
you
can
see
here,
we're
logged
into
boink
Bonk,
that
is
my
Raspberry
Pi
zero,
V1,
32-bit,
arm61
and
I
and
I.
Have
this
go
application
that
I
compiled
down?
C
C
C
I
have
so
much
more
respect
for
the
magic
it
does
now.
That
being
said,
this
little
Echo
actor
is
literally
the
echo
actor
we
do
when
we
do
wash
new
actor,
tiny,
go
and
then
I'm
just
going
to
put
the
the
key
on
it
say:
launch
it
on
a
host
that
has
the
version.
Was
you
know
right
there,
so
we're
gonna
send
it.
C
C
We
actually
this
is
the
Raspberry
Pi
doing
the
gas
requests
to
guess
response
and
I
hard
coded
that
into
the
actor.
So
that's
actually
the
actor
running
right
there
and
that's
the
response
from
the
actor
and
I
was
really
proud
of
this.
So
to
recap,
this
is
awesome:
Cloud
running
an
actor
on
a
32-bit
arm,
6-1
machine
which,
to
my
knowledge,
was
not
possible
before,
for
this.
A
That's
a
good,
that's
a
good
loot
pack
mechanism,
so
you
are
you're,
calling
a
webassembly
module
on
an
arm.
What
is
it
v61,
v6l
and
so
I
mean
this
using
was
zero
in
this
this.
This
opens
up
a
lot
of
possibilities
for
like
iot
devices
that
are
not
arm
V7
or
arm
64,
which
is
kind
of
like
our
limitation.
Before
what
kind
of
pie
is.
This
is
the
pie
one.
C
A
Okay,
oh
it's
a
pi,
zero
wow
Jordan!
Do
you
want
to
talk
about
any
any
kind
of
challenges
that
you
ran
into
when
you
were
messing
with
this
like
well,
one
I
want
to
know
if
you
had
to
do
anything
special
around
the
web
assembly
run
time
to
like
get
it
to
work
with
like
an
existing
actor
and
then
kind
of
also
want
to
hear
about.
If
you
ran
into
any
big
things
that
bought
you
for
a
little
while
or
things
like
that,.
C
C
I
I
just
followed
that
checklist
and
implemented
in
line,
and
you
know
it's.
The
documentation
provides
a
chart
of
what
guest
calls
and
what
the
function
fingerprint
is
I
lit
I
did
a
lot
of
copy
paste,
I
didn't
have
to
figure
out
much
and
I
I've,
never
used
ffis
or
anything
web
assembly.
In
my
life
it
was
actually
all
very
straightforward.
C
The
only
issue
I
have
is
obviously
this
is
a
go
run
time
and
it's
using
the
tiny
go
or
sorry.
The
wasm
cloud
tiny
go
message:
Bust
or
a
message
pack
library
that
yeah
published
I
cannot
run
rust
actors
right
now,
because
there
is
some
skew
in
the
message
pack
decoding
I
ran
into
it
quite
a
bit
when
I
was
doing.
C
E
C
Yeah
I,
absolutely
that'd,
be
great.
I
actually
have
a
branch
in
the
interface
repo
that
I
was
working
on,
for
providers
has
a
few
patches,
but
I,
don't
know
that
I'd
merge
them
because
I
don't
really
know
what
I'm
doing
what
else
other
than
that
Brooks.
That's
literally
the
only
problem.
I
I
hit
one
of
the
ways
you
know.
I
I
would
start
a
awesome,
Cloud
host
stream,
the
gnats
next
to
it,
and
then
that's
how
I
would
say
that
he
checked
to
make
sure
my
provide
my
host
was
emulating.
A
A
You
all
know
that
way.
Back
in
the
day
we
had,
which
is
like
anything
more
than
a
month
ago,
is
way
back.
In
the
day
we
had
a
pure
rust
based
run
time
for
was
and
Cloud,
and
we
rewrote
a
lot
of
the
scheduling
and
orchestration
bits
in
Elixir.
So
our
current
main
wasm
Cloud
runtime
is
a
hybrid
of
Elixir
and
rust
kind
of
getting
the
getting
the
benefits
of
both
earlier
like
right
before
right
before
the
end
of
the
year.
A
That's
written
in,
go
and
can
be
compiled
to
a
little
bit
different
different
targets,
more
constrained
targets
that
have
you
know
more
more
constraints
around
what
they
can
download
and
execute,
and
things
like
that
now
I
want
to
talk
about.
Excuse
me,
I
want
to
talk
about
what
this
really
means
for
wasm
cloud,
because
I
want
to
be
clear
up
front
like
we're
not
planning
on
getting
rid
of
the
OTP
host
in
favor
of
just
JavaScript
or
in
favor
of
just
go
or
something
like
that.
A
It's
kind
of
a
all
of
this
is
additive
and
what
it,
what
it
gives
us
is
abilities
to
take,
was
on
cloud
applications
to
more
places
and
the
reason
it
really
made
sense.
You
know
Jordan
was
like
or
Jordan
pound
was
zero
or
was
looking
at
it
was
like
I
could
can
we
do
like
wasmcloud
on
this,
and
it's
like
why
and
a
whole
reason
is
because,
like
compiling,
some
of
the
rust-based
webassembly
run
times
to
arm32
is
not
officially
supported.
A
Yet
this
lets
you
take
wasmcloud
applications
to
on
32
targets
or
maybe
even
more
constrained
than
that
with
with
go,
and
it
does
it
with
a
a
single
statically
compiled
binary
the
JavaScript
host
lets
you
do
something
like
you,
cannot
compile
a
webassembly
runtime
written
in
Rust,
see
or
go
into
something
that
would
run
in
a
browser
tab.
That's
what
the
the
JavaScript
host
is
good
for.
You
can
take
your
application.
A
You
run
it
in
the
browser
so
right
now,
so
many
of
the
benefits
from
experimenting
with
these
different
run
times
just
gives
us
lets
us
exercise.
The
promise
of
webassembly
to
you
know,
run
a
single
binary
anywhere
without
changing
it,
which
is
really
exciting,
and
you
know
where
this
all
ends
up
Landing
for
us
in
terms
of
Owasso
Cloud
roadmap,
which
runtimes
are
going
to
be
officially
recommended,
and
all
of
that
is
all
going
to
be
the
subject
of
experimenting
and
and
trying
this
out.
A
So
that
was
I.
Guess
me
a
lot
of
a
lot
of
me
talking,
but
I
wanted
to
kind
of
explain
some
of
the
background
behind
like
why
different
runtimes
are,
you
know,
kind
of
important
in
what
they
mean
for
us,
Jordan
I
know
you
had
that
question
right
when
we
I
think
it
was
like
in
a
DM
we
were,
we
were
talking
it's
like.
Why
would
we
even
have
this
run
time
now
that
you've
started
like
since
you've
started?
Writing
it?
Have
your
thought
changed
at
all?
C
The
concept
that
you
mentioned,
of
getting
the
computers
close
to
the
dip
as
possible
now
resonates
I
mean
I.
Don't
this
little
toy
run
time.
I
have
here,
doesn't
actually
launch
providers,
but
I
could
see
putting
a
provider
like
a
gpio
provider
that
did
everything
there
and
then
finally
offloaded
it
via
the
network
to
you
know
wherever
I
needed
it
to
go
so
so
I
get
it
now
yeah
just
doing
it.
The
hard.
F
Oh,
no,
that's
fine.
I
just
have
a
quick
new
question
trying
to
link
sort
of
this
practical
demo
with
Brooke's
sort
of
abstract
description
of
these
values.
Of
the
different
runtimes
and
I'm
wondering
why
did
was
Zero
enable
running
actors
on
the
30
pit
32-bit
arm
architecture,
where
the
default
runtime
did
not?
A
So
I
think
Bailey
probably
has
a
little
more
information
here,
but
as
far
as
I
know,
there's
nothing
that
explicitly
restricts
you
compiling
something
like
wasm
time
to
a
32-bit
architecture,
I'm,
pretty
sure
it
would
work
and
I,
don't
I
I!
Think
it's
fine
I
think
it's
just
what
they
call
their
first
party
supported
targets
is
the
arm
Linux
and
Mac,
x86,
Linux
and
mac
and
and
windows.
Maybe
they
just
have
like
a
you
know,
it's
very
rust-like
where
they
have
the
super
support
of
like
Level,
One
support
and
level.
A
C
E
I
figure
Bailey
probably
has
a
better
perspective
on
the
wasm
time
stuff
than
I.
Do
I
know
that
for
for
some
of
the
other
webassembly
runtimes
they're,
they
show
up
in
Rust
and
and
go
and
whatnot,
but
most
of
them
have
have
a
common
C
base
and
as
useful
as
that
is
in
making
portable
code
a
lot
of
times.
What
that
ends
up
meaning
is
that
certain
compiled
architectures
aren't
easy
to
to
Target
without
a
bunch
of
you
know,
conditional
compiles
and
other
stuff
like
that.
E
E
G
Right
now,
Watson
time
doesn't
have
a
32-bit
Target,
that's
part
of
the
build
pipeline,
so
something
that
is
continuously
building
and
testing.
I
myself
haven't
tried
to
build
it
for
a
32-bit,
although
intuitively
I
know
there's
going
to
be
some
complications
with
crane,
lift
so
I.
Imagine
there's
work
to
be
done
there.
G
It's
not
that
they're
not
interested
but
was
sometimes
kind
of.
Like
you
know,
number
one
use
case
is
really
similar
to
hours
running
in
the
cloud
and
a
lot
of
the
main
contributors
are
focused
on
taking
while
some
time
and
running
it
in
the
cloud
and
less
so
for
iot,
because
there
are
so
many
other
runtimes
that
are
specifically
targeted
for
it
like
whammer
and
wasm3.
G
Those
two
runtimes
are
that's
like
they're,
that's
that's
their
first
party
support
and
so
Blossom
time
may
add
it
later,
but
you
know
I
I
think
exploring
other
runtimes.
We
we
want
to
write
portable
webassembly
modules,
so
we're
happy
to
use
whatever
runtime
is
the
best
one
for
the
you
know
given
use
case
if
it's
running
in
the
browser,
obviously
we're
going
to
be
probably
using
something
like
V8
or
spider
monkey,
but
it's
running
on
an
embedded
device.
Hey
somebody
got
lost
here
working
and
we
haven't
gotten
anything
else
working.
G
D
Yeah
I
gotta
come
back
to
that
because
you
just
heard
a
hand
waved
over
like
you
just
buried
the
whole
lead
there
on
pulling
gnats
and
everything
else
and
making
that
a
single
binary
Jordan.
That
is
absolutely
incredible,
and
you
know
like
much
like
the
River
Jordan
that
gives
life
to
so
many
things.
I
think
that
your
little
baby
here
Jordan
can
give
life
to
a
lot
of
cool
projects.
D
I'm
gonna,
I'm
gonna
work
with
Caroline
on
our
team
and
have
her
collaborate
with
you
on
a
few
blogs,
because
this
is
like
there's
a
really
amazing
demo
that
you've
pulled
together
here
and
what
you
can
do
with
it,
and
there
has
been
so
much
friction
on
on
really
like.
You
know
the
whole
web
assembly
ecosystem-
and
this
is
something
Bailey
is
going
to
be.
D
D
You
sort
of
have
to
like
visit
all
the
right
meetings
and
talk
to
the
right
people
and
join
zulup
and
slack
and
Discord,
and
have
the
right
conversations
and
you're
just
helping
to
make
it
so
much
more
inclusive,
so
much
more
accessible,
so
much
easier
to
use,
don't
hand
wave
on
what
a
slam
dunk
or
grand
slam
that
you
you.
You
know
you
you
really
just
pulled
off
here:
there's
Michael
Jordan
and
then
there's
Jordan
Jordan,
so
I'll
stop!
Now!
C
A
All
right,
well,
I,
think
that
this
is.
This
has
spawned
a
lot
of
a
lot
of
possibilities.
A
lot
of
exciting
things,
for
you
know,
wasn't
Cloud
on
on
edge
devices,
could
look
like
I
I,
just
want
to
reiterate,
and
and
thank
Jordan
for
actually
getting
down
and
experimenting
with
this,
because
this
is
really
cool
and
I'm.
Looking
forward
to
you
know
seeing
how
this
evolves-
and
you
know
I'm
I'm,
saying
that
in
a
little
bit
of
a
passive
way,
not
to
say
that
Jordan
is
just
gonna.
A
A
All
righty
so
getting
on
to
the
next
parts
of
the
agenda.
We
have
two
big
releases
that
we've
cut
in
in
the
Watson
Cloud
organization
over
the
past
few
days.
One
of
them
is
a
release
candidate
and
the
other
one
is
wash
0.14
and
so
I
really
just
want
to
I
really
just
want
to
talk
about
both
of
those
but
kind
of
in
their
own
context.
So
let
me
go
ahead
and
share
a
screen
really
quick.
A
A
Kevin
did
a
little
demo
and
talked
about
that
and
may
want
to
add
a
little
bit
more
color
to
that
description
here.
In
a
moment
that
was
a
very
large
refactor
in
and
of
itself,
it's
gone
through
many
different
refactoring
passes
again.
Thank
you
to
Giuseppe
for
doing
a
lot
of
these
Credo
warnings
and
none
of
those
change
functionality,
but
especially
the
the
supervision
tree
refactor
and
converting
the
lattice
cache,
which
was
previously
stored
as
a
Nats
stream.
It's
where
we
put
link
deaths
claims
all
those
things
link.
A
Debts
will
actually
go
and
be
stored
in
a
Nats
key
Value
Store
instead
of
a
net
stream,
and
this
is
so
core
to
the
wasm
cloud.
Experience
link
definitions
that
we
want
to
make
sure
that
we
could
cut
what
we
call
a
release
candidate
run
through
some
tests,
see,
you
know,
make
sure
nothing
has
drastically
changed
before
we
officially
release
the
the
0.60,
so
anybody
who's
who's.
Looking
at
this,
this
isn't
going
to
be
pulled
in
automatically
to
wash
or
any
of
the
things
that
you've
done
for
wasmcloud.
A
Yet,
but
if
you're
interested
in
testing
this
out,
please
feel
free
to
you
can
grab
the
tarball
from
the
from
this
release
feel
free
to
run
some
tests
on
it,
but
just
to
note
that
we're
going
to
be
either
when
we're
running
through
our
tests.
If
we
find
some
things
that
we
need
to
fix,
I'll
put
in
a
PR
and
probably
release
a
release
candidate
too,
but
as
soon
as
you
see
that
this
is
version
60,
then
that
means
we've
gone
through
a
little
bit
more
tests
than
just
our
automated
pipeline.
A
A
Sweet
well
then,
one
more
thing:
I
wanted
to
talk
about
our
latest
and
greatest
release
of
wash,
which
is
version.
14.
I
dropped
a
couple
notes
for
this
in
the
community
slack
just
because.
Well,
if
you
look
at
what's
changed,
it's
been
a
little
bit.
A
couple
of
things
have
gone
into
this
version
of
of
wash
many
of
these
things
actually
related
to
things
like
Ci
and
internal
things
are
not
all
Breaking
changes,
but
just
to
give
a
general
overview
of
the
big
things
that
changed
in
wash
14.
A
Once
you
go
to
download
it,
it's
already
released
on
on
brew
and
all
the
package
managers
and
everything.
So
you
should
be
able
to
upgrade
with
your
method
of
choice,
but
some
of
the
big
things
is:
we've
actually
dropped
the
openssl
dependency
in
favor
of
using
rust,
TLS
everywhere,
which
has
been
really
sweet
for
portability
and
not
running
running
into
issues
compiling
wash
and
then
running
it
on
a
newer
version
or
a
newer
operating
system
that
has
a
different,
open,
SSL
version.
A
So,
if
you're
doing
something,
if
you're
working
in
your
own
rust
project-
and
you
want
to-
and
you
want
to
embed
some
of
the
functionality
that
a
wash
has
you
can
do
that
now
with
the
the
reusable
crate.
A
lot
of
that
is
there
and
that's
that's,
been
really
really
a
cool
evolution
of
the
wash
code
base.
A
D
This
is
a
mirror
board.
We're
just
shared
here
in
our
slack
behind
here.
I'll
put
the
link
internally
again
or
the
link
should
be
there.
If
you,
if
anyone
else
Brooks,
you
want
to
jump
in
all
right.
So
the
first
thing
I
would
want
to
start
by
calling
out
is:
let's
just
give
me
the
overview
of
what
the
layers
are,
we're
going
to
go
through
here.
So
we're
going
to
start
by
talking
about
the
security
value
propositions
that
webassembly
itself
brings
to
the
table.
D
Then
we're
going
to
talk
a
little
bit
about
what
Wazi
adds
in
its
model
and
maybe
introduce
some
of
the
component
model.
Stuff,
then
we'll
add
the
security
layers
that
are
added
by
wasmcloud
the
security
approach,
contract
driven
development
that
we
get
with
capability
providers
with
actors
and
then
finally,
by
running
Watson
cloud
and
clusters
and
then
I
think
there's
a
sidebar
here
where
we
can
kind
of
talk
about
how
taking
all
of
a
source
code
out
of
your
projects
and
just
writing.
D
Business
logic
is
the
ultimate
security
innovation
which
is
really
aligned
to
the
component
model.
Now,
because
that
is,
you
know,
makes
developers
responsible
for
so
much
less.
So,
let's
start
here
at
the
at
the
wasm
cloud
layer
and
the
first
three
things
I
would
call
out
would
be
a
one.
You
get
sandbox
code.
D
D
So
by
default
there's
a
hard
boundary
between
your
hosts
and
your
and
your
host
operating
system
and
your
guest
modules
that
are
running
a
web
assembly
here,
Kevin
Bailey,
anything
our
books,
anything
else
you
guys
would
add,
or
anyone
on
the
call
that
you
would
jump
in
and
throw
out,
is
big
security.
Innovations
here.
G
G
Would
definitely
push
for
the
linear
memory,
like
basically
you're
able
to
validate
a
what
was
a
module
before
ever
executing
it,
and
part
of
that
is
also
proving
that
that
was
a
valid?
Was
a
module
isn't
able
to
access
memory
outside
of
it?
It's
linear
memory
constraints
and
the
fact
that
it
is
a
valid,
was
a
module
and
can
compile
as
wasm
basically
means
that
it's
memory
safe,
go
ahead.
Kevin.
D
E
Yeah
I
was
just
going
to
add
to
what
Bailey
was
talking
about
at
the
below
webassembly
level.
Is
so
actually
there's
another
great
question
in
there
from
Justin
that
I
was
gonna
talk
about,
which
is
a
number
of
things
that
webassembly
enables
at
a
low
level
or
prevents
at
the
low
level.
Are
things
like
buffer
over
on
so
a
typical
way
to
attack
software
is
to
cause
it
to
crash
and
then
execute
the
instruction
that
you've
left
dangling
in
memory
and
then
you
then
have
control
over
that
process.
E
If
something
reads
beyond
the
end
of
what
exists,
it
will
cause
a
panic
or
a
trap,
but
you
cannot
physically
execute
code,
byte
codes
that
are
sitting
in
a
data
segment.
So
it's
a
subtle
distinction,
but
in
regular
processes,
I
can
tell
you
that
you
know
the
the
the
value
at
this
memory
address
is
an
OP
code
to
execute.
But
you
can't
do
that
in
webassembly.
E
Yeah
you
can't
insert
assembly
if
I'm
understanding,
Justin's
question
right.
You
can't
actually
insert
code
into
the
webassembly
module
in
order
to
make
it
do
things,
and
then
this
runs
into
another
part
of
the
defense
in-depth
approach,
which
is
even
if
you
could
do
buffer
overruns,
or
you
know,
get
a
webassembly
module
to
execute
your
op
code
rather
than
what
it's
supposed
to.
It
still
doesn't
have
access
to
do
anything
malicious
because
of
the
other
sandboxes.
D
Here
with
Wazi,
we
really
have
a
couple
of
innovations
that
that
we
embedded
into
cosmonic,
but
let
me
go
ahead
and
talk
about
them
now,
at
this
layer,
the
first
one
I
would
draw
out
would
be
capability
driven
security,
so,
where
now
with
the
component
model,
you
can
start
by
writing
contracts
for
what
your
code
segments
look
like
and
then
swap
those
across
different
languages
or
different
implementations
of
those
contracts.
The
second
thing
I
would
call
out-
and
please
feel,
free
to
rephrase
Kevin
or
Bailey.
D
If
you
feel
like
my
notes
here,
are
a
little
off
would
be
that
these
are
now
composable,
because
the
ability
to
switch
and
use
a
contract
that
would
say
written
in
Ross
with
a
contract
that
was
written
in
c,
means
that
you
can
start
to.
You
know
hot
swap
different
languages
that
are
there.
Are
there
any
other
things
with
Wazi
a
Bailey,
Kevin
Brooks,
or
anyone
on
the
call
that
you
guys
would
throw
in
here.
E
E
E
G
G
Because
this
is
what
introduces
those
capabilities
like
being
able
to
open
up
a
socket
and
what
files
you
can
read
and
being
able
to
start
a
thread
like
a
lot
of
that
stuff.
That's
where
we're
iterating
and
innovating,
and
so
with
Wazi
we're
coming
up
with
the
apis
that
have
are
that
are
based
around
granted
capabilities.
D
Great
and
Kevin
I
love
that
you're
just
running
ahead
down
the
list
here
with
the
Watson
thought
Innovations,
because
I
know
this
is
where
you
know
you've
invested
a
significant
amount
of
your
time
is
thinking
through
you
know
the
microservice
and
the
application
model
here
so
running
down
your
list.
A
tamper-proof
module
that
gets
signed
by
keys
I
would
put
that
you
can
be
verified
with
issues
and
signers,
even
when
you're
offline.
D
E
Yeah
I
don't
know
if
this
is
like
a
bullet
item,
but
the
the
I
guess
the
the
inciting
event
that
got
me
thinking
about
how
to
properly
secure
webassembly
modules
was
I
was
doing
work
on
the
docker
notary
system
and
basically
you
could
set
policies
that
says
this.
Docker
image
can
do
these
things,
but
you
have
to
consult
the
notary
to
get
that
validation
and
the
image
that
you're
referring
to
has
no
embedded
security
information.
D
A
From
here,
quick
Liam's
I
have
one
more
that
I'd
love
to
throw
in
for
the
Watson
Cloud
side
just
want
to
distinguish
the
signed
invocations.
We
we
both
have
an
invocation
hash
to
make
sure
it
hasn't
been
transfer
tampered
with
in
transit,
and
we
know
that
the
invocation
came
from
a
valid
source
in
a
wasm
cloud
lattice,
because
it's
signed
by
a
a
cluster
seat.
A
All
of
the
hosts
in
lattice
that
communicate
with
each
other
have
to
have
the
same
set
of
allowed
cluster
issuers,
which
kind
of
sounds
like
the
verifiable
issuer
signers.
But
there
is
a
difference
between
the
issuer
and
signer
of
the
webassembly
artifact
and
the
issuer
and
signer
of
an
invocation.
We
do
it
for
both
so
I
just
wanted
to
make
sure
that
we
had
that
down.
Thank
you
Kevin
for
updating
that
sticky.
D
All
right
super:
well,
let's
go
and
move
on
to
capability
providers.
If
we
can
now,
capability
providers
are
very
much
in
the
model
of
what
the
component
model
represents
here
so
I
here
I
would
maybe
open
the
floor
and
say
Kevin
Bailey.
Are
there
what
additional
things
do
we
add
here?
Maybe
that
we
inherit
from
Smithy
or
the
validation
that
we're
doing
in
our
contract
driven
development
that
we
might
want
to
call
out
here.
D
Assigned
with
capability
claims,
okay,
oh
you're,
moving
ahead,
there
I'm
sorry
on
capability
providers,
so
nothing
additional,
except
that
we've
adopted
the
Smithy
tooling,
so
it
makes
in
modeling
capability
providers
at
scale.
It
uses
the
exact
same
set
of
tooling
that
we
that
AWS
uses
itself
to
model
their
Cloud,
so
I
grew.
D
Think
it
there's
a
there's,
a
some
derived
Security
benefits
from
ensuring
that
you
can
have
your
code
be
a
part
of
a
broader
ecosystem.
I
think
that
is
the
is
the
sort
of
value
props.
That
I
would
call
there
I'm
sliding
on
up
to
actors
or
Kevin.
Did
you
want
to
maybe
jump
in
here
and
and
start
on
your
couple
actor
ones?
You
laid
out.
G
I
I
mean
so
much,
of
course,
for
the
Watson
Cloud
cluster
is,
you
know,
copy
paste
from
a
lot
of
what
we
were
doing
here
with
wasmcloud
right,
but
it's
the
into
insecurity
that
you
get
from
the
combination
of
all
of
these
pieces
that
you
have
before
so
I
feel
like
when
you
talk
about
this
cluster.
My
the
first
thing
that
had
that
came
to
mind
for
me
was
you
know
you
basically
have
proof
of
stake
throughout
the
entire
ecosystem.
G
So
I
don't
know
if
I,
if
I,
I
and
I
jumped
I'm
jumping
ahead
really
to
the
to
the
red
here
but
signed
with
capability
claims
is
another
way
of
saying
that
not
only
is
it
do
we
say
what
you're
allowed
to
do,
but
we
also
signed
that.
That's
what
you
said
you
were
allowed
to
do.
So
you
can't
like
give
yourself
more
power
than
what
you
were
granted
when
you
were
built.
D
You
now
have
simple
knobs
that
when
you
want
more
compute,
whether
it's
just
more
instant
is
for
more
throughput
or
where
you
want
more
availability
or
more
reliability,
you
can
simply
just
spin
this
up
in
more
places
and
if
you've
seen
any
of
the
cosmotic
demos
that
we
do
out
in
booze,
I
will
be
at
shmukon
next
weekend
and
we've
got
a
really
Lively
schedule
this
year.
Already
that's
a
key
one
that
we
really
emphasize.
D
Quite
a
bit
that
we
inherit
just
from
just
from
webassembly
and
I,
think
we're
I
know
we're
so
tight
on
time
here.
Whoever's
putting
these
couple
down.
Can
you
just
jump
in
on
those
and
then
I've
got
maybe
one
or
two
more
to
add
and
we'll
wrap
this
up
and
I?
Thank
everybody
for
staying
a
couple
minutes
over
sure.
E
The
ones
that
I
put
in
there
just
real
quick
some
of
the
things
that
we
tend
to
take
for
granted
within
Alanis
or
Horizon
Cloud
cluster
uses
it
every
node
in
that
cluster
knows
which
other
nodes
are
which
other
node
is.
Issuers
are
supported
and
is
itself
an
issuer.
So
even
if
someone
were
able
to
compromise
your
infrastructure
or
compromise,
your
gnats
infrastructure
gain
access
to
the
lattice's
topic
structure
and
then
issue
fake
invocations
on
your
lattice.
All
the
hosts
would
reject
them.
D
Yeah
those
are
phenomenal
and
let
me
just
throw
a
few
in
here
at
the
end,
the
biggest
thing
to
me
and
what
inspired
me
to
fall
in
love
with
this
project
when
Kevin
pitched
it
to
me
God
three
or
four
years
ago,
when
we
were
at
Capital
One
was
right.
Less
code
maintain
less
code.
The
and
I
think
this
is
the
biggest
thing
that
we
actually
contribute
to,
because
developers
today
spend
80
percent
of
their
time
on
operations
and
maintenance,
and
what
that
means
is
that
you're
not
spending
your
time
delivering
new
features.
D
That
I
think
applies
all
the
way
across
the
board,
so
we're
sort
of
following
those
new
to
you
know:
NSA.
Even
the
NSA
recommends
that
people
start
to
move
to
memory
safe
languages
like
rust.
We
do
have
this
coming
in
a
white
paper
here
soon
I'm
actually
reading
most
of
this
from
the
white
paper,
which
includes
a
lot
more
detail
on
this,
so
be
on
the
lookout
for
that
soon,
and
thank
you,
everyone
so
much
for
staying
late
on
the
on
today's
call.
A
All
right,
everyone
yeah
just
reiterating
big,
thank
you
to
coming
great
call
today,
really
really
awesome
agenda
and
really
looking
forward
to
looking
forward
to
next
week.
This
call
has
actually
been
successfully
streaming
to
YouTube
unlisted,
which
is
great
because,
right
after
we
wrap
up,
I
can
actually
go
and
grab
the
URL
and
drop
it
in
our
community
page
and
it'll
be
on
the
website.
So,
looking
forward
to
doing
this
from
now
on,
anyone
who
actually
came
and
is
watching
the
live
stream
on
on
any
of
the
various
sources.