Speech Transcript - WebKit2 And You

0:00:09	so i i'm martin robinson and i mean a gully and they work and what
0:00:15	can
0:00:16	and i
0:00:18	so they wanna talk was it about the work we've been doing with like a
0:00:21	G D K and especially i'm gonna focus on some practical things for people who
0:00:28	in bed but okay
0:00:30	some changes you'll have to make if you for your application directly to
0:00:35	i just wanna say like to preface this talk by saying that for us to
0:00:40	make a G T K this
0:00:43	this table really celebrity was really a revolutionary step in the development of the library
0:00:48	rather than on an evolutionary step really changed
0:00:53	one of the characteristics of the library so
0:00:56	we're actually really excited about it
0:01:00	so i suppose there with a quick review for those of you who aren't
0:01:04	intimately familiar with like it talk little bit about
0:01:09	what is what it is for so
0:01:12	what it is
0:01:14	is what's referred to as a web content engine which basically means if you have
0:01:18	a web browser everything inside
0:01:21	inside the chrome in that little box
0:01:24	is rented web content and that's what the libraries responsible for
0:01:30	as well as some ways in which that content touches the outside world
0:01:36	so right it processes in renders web content and processing includes both parsing the H
0:01:42	T M L and the C S in rendering it as well as running the
0:01:46	java script
0:01:48	so
0:01:50	it was started as a for kick H T M L and for a little
0:01:54	while it was closed source but eventually with open source and two thousand five and
0:02:00	on the page one of the goals of the project is actually that it's open
0:02:04	source that it's
0:02:06	this is usable and visible to everyone
0:02:10	as well as these to sort of companion goals compatibility in compliance compatibility meaning that
0:02:18	there's a lot of content on the web and that the engine should be able
0:02:24	to render that content
0:02:26	it shouldn't break websites that exist
0:02:30	the actually the their criteria for breaking websites
0:02:35	it has to be something very important and websites have to be a very small
0:02:40	percentage of other sites on the internet for instance on the blink mailing list recently
0:02:45	they were talking about removing the feature and the feature was use on something like
0:02:49	point
0:02:50	a percent of websites and some was like that's a lot
0:02:54	and it is a lot when you have millions and millions of pages that's a
0:02:58	lot of pages
0:03:00	so the other part of this is compliance which means that the engine should be
0:03:05	should be
0:03:07	compliant with the specs
0:03:10	and is a kind of a competing goals away because sometimes to be compatible with
0:03:16	pages you need to not be compliant with the spec so it's always this kind
0:03:22	of back and forth conversation we have
0:03:25	obviously stability performance are important because the web browser should be fast and it shouldn't
0:03:32	crash
0:03:33	also security which all talk a little bit about more about the security issue is
0:03:38	very important portability it should be written in a way that's that makes it useful
0:03:43	a lot of systems not just a mac not just intel computer usability in package
0:03:50	that would be and hack ability is really a statement about the quality of the
0:03:54	code the code to be written in a way that's easily readable easily changeable
0:04:00	it should be abstracted away and in the right amount not too much not to
0:04:04	will just enough to make it easily hack able
0:04:09	you never wanted to be a pain to have to go change the code to
0:04:13	fix about
0:04:14	any time there's a barrier in the way that means less bugs will be fixed
0:04:18	and then they also stay on the website some non goals which is in some
0:04:23	sense equally important because sometimes you shouldn't be turning this wiring tool for web browser
0:04:32	it's not meant to be able web browser it's meant to be a component it's
0:04:36	reusable inside webbrowsers
0:04:38	so they need to be a dividing line between what features go in the library
0:04:42	what features belong in the embedding application recline
0:04:48	it's also not a science project it should be which means that it should be
0:04:53	relevant to what exists in the world today it's made to render web content that
0:04:57	exists it shouldn't necessarily be place to experiment with things the
0:05:03	people will never user are important right now those things can be worked out in
0:05:09	what you can meet them halfway
0:05:12	the third thing here is it's not meant to be split into a bunch of
0:05:18	reusable components which is kind of and sometimes in contrast work with going on because
0:05:23	a lot of times in get home when we see that there's a piece of
0:05:27	going on that's useful for a lot of other tools suisse you know split into
0:05:30	a library and web get the fourth is a little different you know
0:05:34	every time you split a something out to library there's some overhead and maintaining that
0:05:38	you have more consumers
0:05:39	so it's a little it's a little bit more
0:05:43	i guess like of a hermit community you know where together working on this thing
0:05:47	and
0:05:48	you don't always wanna likes but also means we can
0:05:53	right so another the interesting about what is it split into things called ports
0:05:59	and
0:06:01	you can kind of see what is going there's a T K pork important you
0:06:04	know for a mac and windows for tutors on safari import so
0:06:10	are essentially
0:06:13	the common web get code which is most of the code is common
0:06:17	in some layer at the bottom which abstracts away the platform
0:06:22	for instance networking or how to draw to a campus
0:06:27	how to talk to system
0:06:30	and then that's at the bottom and then at the top is the api there
0:06:34	the egg i layer is what the embedding application uses
0:06:38	and way web "'cause" is design is the every and there is a little different
0:06:42	so for instance for the wreckage indicate for
0:06:45	in the problem later we use once you for networking use cover restoration opengl for
0:06:50	making the scene raffles will talk more about later web gel injuries you refer media
0:06:56	and what gets made in such a way that these components
0:07:02	in most of the web get code are totally abstracted away
0:07:05	into a wrapper classes that had the same semantics whether you're writing on a mac
0:07:10	or on for G T K and anytime the semantics differs it's kind of like
0:07:14	a little bug that needs to be fixed usually
0:07:18	there's always a little tricky bits of getting the semantics of different platforms of to
0:07:23	match up
0:07:24	because a C G canvas core graphics isn't necessarily the same as a cover canvas
0:07:29	for instance in cairo used or the path on the canvas but it's a little
0:07:34	different in some other platforms
0:07:37	so
0:07:38	and then at the top of like a G D K there is the A
0:07:42	P I later which is essentially a single a G T K widget the website
0:07:47	web you that would you that is the browser went the window into the web
0:07:52	content and some G I D K P Is around that
0:07:58	and some of the consumers of repeated a game betters are epiphany but or you
0:08:02	know that so maybe you're familiar with these is applications
0:08:08	okay so here's an example of what i was talking about so this is a
0:08:13	so simple by
0:08:15	architecture diagram of what can and at the bottom there's this thing called the media
0:08:23	which is essentially a little bit like booze
0:08:26	it's like a
0:08:29	i it wraps it makes it was a little nicer to use include some collections
0:08:34	some platform abstractions abstracts away like threads
0:08:38	and javascript for
0:08:41	which is the javascript engine and these days another blankets for jobs to for is
0:08:46	the only just in general it
0:08:49	and sitting on top of that is
0:08:52	so what for which includes a platform layer and the rest of web for and
0:08:57	i'm separating those because again the platform layer are our classes that rap
0:09:03	cairo for instance where is the rest of web for are
0:09:10	is functionality that's common to all platforms
0:09:14	like the functionality that takes
0:09:16	a stream of data and parses out C S rules
0:09:20	sitting on top of that is web kit
0:09:23	which is
0:09:27	how do i describe that a web get is sort of like
0:09:30	the glue between web for
0:09:34	and the browser
0:09:36	so this includes the api layer but also includes some code for like
0:09:43	handling different situations and sort of translating that into a pi concepts
0:09:48	that's a little fuzzy but
0:09:51	on top of that's it's the application
0:09:56	and
0:09:57	noticed it right now in this diagram again this is what get one these are
0:10:01	all on the same process this is just a normal library
0:10:08	so
0:10:10	before i start talking about web get to i just wanna talk a little bit
0:10:14	of a little bit about the motivation for what get to so some minor philosophical
0:10:20	point
0:10:21	which i think is what
0:10:25	the thinking that drove the creation of chromium and draw the creation but get to
0:10:33	and i
0:10:35	means that this is the future of the way
0:10:37	so
0:10:39	code has about this they crash the program
0:10:43	or just bucks
0:10:44	all got has boats
0:10:46	and colours bugs that allow arbitrary code execution
0:10:51	which
0:10:53	especially if
0:10:54	that code includes
0:10:58	a java script engine that's
0:11:01	writing machine code into memory
0:11:06	and not only just what happens cut has dependencies that have bugs
0:11:10	so maybe you've written perfect code but you're using library like phone configure higher that
0:11:19	has a bug
0:11:21	one of these buttons
0:11:23	and four point is even if everything was looking good live the your code the
0:11:30	dependencies
0:11:32	you're gonna be processing
0:11:35	things from though from the world that you don't trust their like little programs france
0:11:41	and images S V G images and these are all like small set of instructions
0:11:47	that mean that the scope of the data your processing is why and in the
0:11:53	the chance of writing a
0:11:57	a font they can we can crash your browser actually i mean it's
0:12:03	it's very hard to eliminate these problems
0:12:06	so
0:12:07	well it was a pragmatic response this
0:12:09	i mean maybe you can say that
0:12:13	that we're gonna work are gonna fix all the buttons in our browser so that
0:12:17	it doesn't crash we're gonna eliminate these security issues
0:12:20	but you also have them at the security issues in your dependencies you also have
0:12:24	to work with sanitise in your input data which is very hard
0:12:28	and
0:12:30	instead we say yes that's keep working on fixing the crashes my browser but let's
0:12:35	also say that if something goes wrong let's make sure that it doesn't
0:12:40	we've our users vulnerable to attack
0:12:43	so
0:12:44	for instance when we talk about arbitrary code execution one thing to keep in mind
0:12:50	is that
0:12:52	is it these days web applications
0:12:56	are our applications they're like
0:13:00	they're like just up applications now and not only other like that stuff publications like
0:13:04	you might be running you know angry birds in your browser and like i want
0:13:07	side it is your banking information and maybe anger birds you know can reach over
0:13:12	and touch your bank account
0:13:14	and this isn't like a hypothetical situation this is this is things that actually happen
0:13:19	so the web is huge remember
0:13:24	so this is what we can do
0:13:29	we can
0:13:30	we can acknowledge at the web platform is huge in everyday it's getting bigger it's
0:13:35	adding more functionality each and you add functionality add more chances for vulnerabilities for crashes
0:13:43	and we can we can think of a way to make the crashes less
0:13:46	inconvenient for users
0:13:48	maybe instead of
0:13:51	when the web rendering crashes it doesn't crash the browser we just crashes that's have
0:13:57	or just crashes
0:13:58	the web rendering part
0:14:00	and we can prevent crashes from exposing
0:14:04	crashes and screen doors from exposing data from outside the scope of the current page
0:14:12	and the way we can get as we can put that data maybe
0:14:15	in another address space words harder to get to put some more separation between the
0:14:21	data of the different applications
0:14:26	and we can also prevent bugs and crashes from damaging the system
0:14:31	or executing arbitrary cut
0:14:34	that's another name for sandbox
0:14:37	so even if even if some paid crashes the browser you can try to that
0:14:43	hard this
0:14:44	because that process can try to the heart
0:14:49	and finally even if we're not talking about a much just page are just talking
0:14:53	about it a page that has a really heavy while
0:14:57	it shouldn't prevent you from using other pages or clicking a menu it shouldn't prevent
0:15:01	you from closing the browser to get away
0:15:05	so this is a this is thinking that drives this because
0:15:09	to be honest
0:15:10	well get to and from in these are like very complicated architectures and
0:15:16	and they deserve a good reason
0:15:22	so this is the end result
0:15:26	we can
0:15:28	we can put each web rendering part into it's own process and have some pair
0:15:33	process
0:15:34	and we could to we call
0:15:37	the web rendering process
0:15:39	the web process we compare process they why process
0:15:42	because the actual from of the browser is in this you are process
0:15:49	and we can sandbox the web rendering
0:15:52	because you know once you separate out the web are it's it doesn't need to
0:15:56	write to the hard disk or even read from the hard disk
0:15:59	and i'll talk a little bit more about
0:16:04	how to make sam boxing easier later
0:16:07	so this is sort of
0:16:10	the first web could to architecture diagram a on the left you can see the
0:16:14	older architecture diagram a little bit different but you see the api boundary was between
0:16:20	the application with kit and here we have now two processes
0:16:25	and the A P I is in the U I process but underneath that api
0:16:30	it's talking the I P C the inter process communication to another process which has
0:16:36	the rest of the library
0:16:39	so even if this web trust what web process crashes it's not gonna be able
0:16:43	to crash the browser
0:16:46	or indeed read arbitrary information from the address space
0:16:51	of the U I process
0:16:54	and the foregoing are there any questions about this particular "'cause"
0:17:00	okay reasonable is it a pretty old concept of this point since programs around for
0:17:06	a few years
0:17:08	so to teach you details about what's inside which i think i put this here
0:17:13	to make it easier to understand the practical bits
0:17:18	but
0:17:20	essentially we have to process is now they need some way to communicate
0:17:26	and i said is what those ways into three distinct
0:17:31	one of the first is messaging so say D web process reads the browser title
0:17:39	and then it needs to tell you i process that i've read the title you
0:17:43	know change
0:17:44	the title bar to reflect that sends a message with some arguments the arguments in
0:17:49	the message or serialise into a chunk of data it sent across socket to the
0:17:54	other side
0:17:56	and then de serialise
0:17:58	interpreted
0:18:00	and there's also a shared memory which is used for sending big chunks of data
0:18:05	like the what processes finish rendering the page to an image and sends that it's
0:18:10	too big for this socket
0:18:13	it sounds that as a target sure and memory you are process we avoid making
0:18:18	unnecessary companies
0:18:21	and the third is a shared services which are different the czech memory because is
0:18:26	typically are on the gpu
0:18:29	the what processes put something on a gpu you know what's the send it to
0:18:32	the U I process without downloading the data from the gpu again
0:18:37	putting in shared memory in the real putting it
0:18:40	so for instance in
0:18:43	in the X eleven version of repeated okay we use X composite and next damage
0:18:47	sort of like we make a little window manager and we send these gpu services
0:18:56	to the you i process to run
0:19:04	and why do we have to do that that's because
0:19:09	web pages these days more are just asking graphs like colour sing graphs
0:19:17	for three main reasons the first is that we wanna prevent wanna prevent unnecessary redraw
0:19:23	say like some D of is moving animating on top of the rest of web
0:19:26	content only this dave is changing and maybe just only in the position so instead
0:19:31	of constant reread redrawing entire page what if we just stored all the different layers
0:19:36	of the page in the textures and just we can positive those textures on the
0:19:40	gpu again and you use actually really good a composite it turns out so
0:19:45	it it's quite fast you do of really and second thing is three C S
0:19:50	transforms the way those work usually is that they're done on the gpu with a
0:19:55	opengl and in so once you once you start doing work on the gpu it's
0:20:02	really expensive just stop in bring it back into main memory
0:20:06	only to re uploaded again so you can display it that's actually enough to kill
0:20:10	your frame right so
0:20:12	so it sort of a non starter to do that and the same with what
0:20:16	you know web G obviously is opengl which is on a gpu downloading and again
0:20:21	downing andrea pointing again will bring the frame rate below the
0:20:26	the limits of the human eye so
0:20:31	right so the way it works is that the scene graph is built in process
0:20:35	in the web process and web process
0:20:38	and what's the scene graph is there and all the rendering is there
0:20:43	you the composing there you need some way to send those results to do i
0:20:46	process and that's where X composite next damage comes and sort of like the way
0:20:51	a application does all the rendering insensitive the window manager
0:20:56	in the way this will work and lemon is probably that will use a
0:21:02	and embedded women composite
0:21:08	so working that
0:21:10	alright so that sort of
0:21:14	the high level overview of web get to and
0:21:20	in you know we end up inventing work in a few places so some if
0:21:25	you may be asking
0:21:28	should i pour my application to web get to if you use what could U
0:21:31	K or even any other port of work that and
0:21:34	the answer is yes
0:21:36	you should fortification with get to in fact
0:21:40	even if you don't think it'll be useful
0:21:43	the reason is
0:21:45	okay G K is moving in the maintenance moon
0:21:50	so
0:21:51	it turns out that it takes a lot of work to maintain a web chip
0:21:54	or so
0:21:56	when your team has to maintain to it's a bit harder
0:22:01	in addition
0:22:04	what did you think it work it won't be deprecated at some point because once
0:22:07	you start maintaining work it then you start wearing about security vulnerabilities and fixing bugs
0:22:15	so
0:22:17	the good thing about this is that web get to is a better api it's
0:22:21	richer it exposes more functionality it's more in line with other web to web reports
0:22:27	it just all around a better right guy because it's the second time around we
0:22:30	made an A P I so we got a lot better at it
0:22:35	and top of all that if you put your navigation web get to
0:22:39	without doing anything other importing it will be faster more responsive
0:22:44	when some random might kind then crashes
0:22:46	but it won't crash or application you can just we started it's very nice
0:22:53	alright
0:22:55	but it's not necessarily easy
0:22:59	for all use cases
0:23:02	some of the problems are that there's not yet up or to porting guide which
0:23:06	is the better shame
0:23:09	because we've and promising it for a while and we don't we have it yet
0:23:13	but
0:23:15	but there is really good A P I documentation
0:23:18	and the differences between the two basically boiled down to the second point which is
0:23:24	that before
0:23:26	before it made sense to do things synchronously so when you wanted to save the
0:23:31	page images away into the save is done
0:23:35	but in my pocket to that makes a little less sense because now you're
0:23:39	you're sending a message to the web process which again you don't necessarily trust anymore
0:23:46	you know we're starting to just trust things across a process boundary and instead of
0:23:51	waiting for maybe it's better to just
0:23:53	just send the request you know save the page and when you're done with that
0:23:58	let me know
0:23:59	and
0:24:01	what this means is a lot of it guys very synchronous now and they look
0:24:04	a little bit harder use you have to pass a callback
0:24:08	and use sort of G I O style
0:24:11	J O style is intrinsically i
0:24:16	so the really tricky bit is that if you were doing some sign a some
0:24:21	kind of deep integration with the web content you were interacting with the page changing
0:24:26	in real time then it becomes actually quite a bit trickier because before you could
0:24:33	actually reach down into the library and modify the actual down in memory
0:24:40	but now it's not in memory more it's and some other process
0:24:44	so some of the process you notice that we trust
0:24:48	so what you have to do is used one of these for techniques jetted script
0:24:54	source custom protocols you have to die down bindings are page axes
0:24:59	we the jesse api
0:25:03	so injected script source is a is essentially a and it and the web you
0:25:09	would you give it a string of javascript source
0:25:13	and you send that to the web process to be executed in the page content
0:25:17	in the page context
0:25:18	and the resulting javascript return value will be serialised and sent back to you
0:25:26	so you can imagine writing a small javascript program to walk
0:25:31	the elements of the page and do some processing maybe find
0:25:36	say the password field the kind of the pasture field in getting back a string
0:25:42	from we process
0:25:47	and that looks a bit like this
0:25:52	you call what but you run javascript
0:25:54	with the web you and then the string here is actually the
0:25:59	the script you're right
0:26:01	and then you get a callback pretty simple
0:26:05	and then the callback you call
0:26:07	but it would you run javascript finish like T I O again
0:26:11	and you get this
0:26:13	serialise return value and everything below that is getting the actual javascript core values from
0:26:22	the return value this is funky a J S A P I is are the
0:26:27	javascript for api this is like the A P I for touching the javascript engine
0:26:33	itself
0:26:37	but you can see that we're just converting this value into a string and then
0:26:40	converting that string into a C string it's a little bit of a of the
0:26:45	paying a bit verbose but
0:26:49	but really like other than this callback it's similar to what you would do before
0:26:57	so before talk about
0:27:00	a custom protocols so
0:27:03	maybe views are chromium before maybe and you type about
0:27:09	and you get a web page
0:27:11	and it's almost like instead of H diffusing this about protocol
0:27:16	and that's
0:27:17	exactly what custom particles are
0:27:21	it's that you're gonna grading with the networking library to add a new protocol
0:27:27	to the to the web engine
0:27:31	and not only can you can access pages by unloading them you can actually use
0:27:37	ajax
0:27:39	to interact with the with the U I process for instance you can
0:27:44	for instance we have a innovation we have a page about plug ins
0:27:48	and it's not there yet but eventually they'll be a button that says disable
0:27:53	and what that could do is you could send an ajax request
0:27:57	_2d protocol and when it gets that request it process it as if it was
0:28:01	a web server
0:28:02	again to disable the plug in without reloading the page
0:28:09	the big issue with this is that it's a web browser and it subject to
0:28:13	same origin security restrictions which essentially means that if you doing ajax promoting resources there
0:28:20	are restrictions for accessing resources in another
0:28:25	another
0:28:26	scheme postport triplet which means that if you try to access the cost this your
0:28:33	custom protocol
0:28:35	from a web page on a she's ep then it's not gonna work it's gonna
0:28:39	be a security but quite a security restrictions
0:28:44	don't disables
0:28:46	so this what this looks like now
0:28:50	again we're just sort of
0:28:53	registering this about protocol and again with just a callback
0:28:57	what happens here is that
0:29:00	is that we get the request and we can read the different properties of the
0:29:04	question the path
0:29:07	in here i'm just use in the past the printout a response i'm sending the
0:29:11	response back to the browser
0:29:14	as if i was a web server
0:29:26	so before talk about the other ones i wanna talk about web extensions
0:29:33	so what makes engines are essentially the way
0:29:37	that we've exposed some of the more common techniques of interacting with the page
0:29:43	in this multiprocessor environment
0:29:46	essentially it's the shared object that the web process finds it loads it it's own
0:29:50	address space
0:29:52	so
0:29:54	you don't have to do in the I P C really
0:29:57	if you just working inside the confines of the web extension
0:30:00	it's a bit like a plug and the loads in the web process
0:30:05	and so you can do things synchronously like walk through the dom and it won't
0:30:10	block the U I process at all we're not you are processed maybe doesn't even
0:30:14	know
0:30:16	and you have to worry about i the overhead of I P C or
0:30:21	or not
0:30:23	in is great because you have actual direct access to the dom objects just like
0:30:27	you did before
0:30:29	answer and on top of this
0:30:32	the sort of common idea of it injected bundle you something that web get to
0:30:36	exposes and all ports
0:30:41	sometimes it inside a web extension you want to communicate with the U I process
0:30:45	in which case you can just use D bus or whatever you went back
0:30:54	typically we use device
0:30:59	and this is that what that looks like so occur is a source file with
0:31:04	this web kit web extension initialize which is sort of like that you for the
0:31:09	name of the entry point to the to a shared object and what happens is
0:31:15	once we compile this new we shared object and set the extensions directory you'll find
0:31:20	the shared out we can load it and all this call this
0:31:23	this function
0:31:27	and
0:31:30	you can print but also you can
0:31:33	used G object on bindings
0:31:35	which
0:31:37	i guess i should probably explain is a little bit too if you're not familiar
0:31:40	with those
0:31:41	so essentially
0:31:43	there's the doll
0:31:45	and if you're familiar with web development you use the dom and javascript
0:31:51	to access the internal structure of the page so you can say like page give
0:31:56	me your
0:31:58	your dave's and you can look at all the did you can see their contents
0:32:01	you can see other properties or C S properties whatever
0:32:06	and that's
0:32:07	that's the javascript down bindings
0:32:10	what that means is that it exposes these you there's inside or see possible subjects
0:32:15	it exposes them to javascript
0:32:18	and likewise you've written G a breakdown bindings which means that you can walk the
0:32:22	dom with do you object
0:32:26	and that means you can walk the don't see or any other language it supports
0:32:30	geography introduction
0:32:32	which is quite nice
0:32:36	and unfortunately not of the dom is in another process we can just do that
0:32:40	from the from the you i process anymore we have to do it in the
0:32:44	web extension
0:32:46	and again we see the
0:32:50	web kit web extension initialize function which
0:32:55	in which we connect
0:32:56	to the page created signal of this extension object so page created is like
0:33:02	you open the browser to
0:33:05	and now we have a new browser time
0:33:08	here in the callback for page created we attach to the document what it signal
0:33:16	which
0:33:19	so what obviously fires when the document is finishes loading
0:33:23	and that point maybe we need a title using the exact same down binding it
0:33:31	pi so we had a market one
0:33:35	so if you more steps and we kind of get to feature parity with work
0:33:39	at one
0:33:41	so
0:33:42	so at this point we're waiting
0:33:45	the value of all those things i mentioned before
0:33:48	security stability not exposing users banking information to fishers and scammers versus like a couple
0:33:56	function calls and compound sure object
0:34:07	so finally the most flexible approach which will be unveiled global be and upcoming work
0:34:15	htk release
0:34:18	is that we can
0:34:21	we can use directly the javascript core api to interact with the page
0:34:26	and what this means is that not only can we walk the dom
0:34:30	but we can make a new javascript objects that are backed by native code say
0:34:35	like you make a new object in the page can actually interact with that object
0:34:39	for instance maybe you want to expose some system functionality
0:34:44	to the page
0:34:46	if you're making a hybrid application for instance and you want it to be able
0:34:50	to like put the screen to sleep
0:34:53	or maybe prevent the screen from sleeping if you want your video player application to
0:34:59	not a
0:35:00	some like at a simple it's
0:35:03	what's playing what video
0:35:05	what you can do is you can use this A P I to expose new
0:35:09	objects into the world of the page and have the page javascript interact with it
0:35:15	interact with the application
0:35:19	and as well is that you can just execute arbitrary javascript and the web process
0:35:27	for this you need to know the jobs to cory pi which isn't actually
0:35:32	so complicated but at some point we really like to be able to
0:35:38	just exposed you objects directly with see that that's a ways off
0:35:42	but
0:35:43	this is the most flexible approach and it's really like it if you really need
0:35:48	the interaction with the page you'll have to do this
0:35:55	our so that was a practical section i hope that it was useful for some
0:36:00	betters to sort of see what's involve important work it to and how about convince
0:36:05	use that it's worth it
0:36:09	and keep in mind that like this is not just what can stick at the
0:36:12	whole web this is beginning to look like this multiple processes
0:36:17	and it it's a
0:36:19	it's beginning to look like this because the web is beginning to look like an
0:36:22	operating system the web platforms getting to look like the application platform
0:36:28	and we already user browsers like this
0:36:30	i mean many of you probably keep
0:36:32	a web browser open all the time with one application running
0:36:36	i mean that's not different in keeping an application running in your window manager i
0:36:40	mean the distinction between web applications and applications is
0:36:44	is almost gone
0:36:46	i keep saying it but it's like a thirty happened
0:36:49	so
0:36:51	so what's gonna happen with get to in the future
0:36:55	given us the architecture diagram gets a little bit more complicated we have more processes
0:37:01	because we did it once in a work so when i keep doing it
0:37:05	and so we run out of
0:37:07	process handles
0:37:09	so
0:37:12	so what we have here is the not only do we have web processes we
0:37:15	have no word process worker process stored process
0:37:20	it seems first it seems like a little bit superfluous to be also is also
0:37:25	something like why so many different processes
0:37:27	but really it makes good sense
0:37:31	in fact
0:37:33	because
0:37:35	when you think about it
0:37:38	we really wanted to send box the web process
0:37:41	we didn't want it to be able to read the disk or
0:37:46	even access the network you know maybe
0:37:51	maybe it's dangerous to allow arbitrary code execution to talk to that work
0:37:59	and one interesting thing is that
0:38:01	the way make it to works now is when the web process crashes all your
0:38:06	times crash
0:38:07	and really it would be nice if it was like from in where when
0:38:11	attack crashed with just that time
0:38:14	so that means we need multiple web processes running
0:38:17	which means that they're all trying to talk to network which should be fine they
0:38:22	could do that separately but once they talk to the now to take all their
0:38:25	data and they try to put into the cash they try to the cookie store
0:38:31	and maybe that cookie store shared among different processes
0:38:35	which means that we start having like contention issues and we have to worry about
0:38:39	multiple writers multiple readers
0:38:42	so instead of handling all that we just split are all the networking all the
0:38:46	cookie storage into it on process and we have all these different processes talk to
0:38:50	this one or process
0:38:53	likewise
0:38:55	there are a pi is in the web platform
0:38:58	what if you actually that write to the disk
0:39:02	and if we sandbox the web process to laurie range of the desk and those
0:39:06	if you guys won't work
0:39:08	so instead of having that
0:39:11	capabilities write to the disk there with this possibly militias java script code we split
0:39:18	out
0:39:19	the disk access use worker process or starts is stored process
0:39:26	and the way that we want to think about like these process communications again is
0:39:30	that we just trust the process on the other side
0:39:33	we will have to cover is if
0:39:35	as if that process has already been compromise is it sending us the most people
0:39:39	message as possible
0:39:44	but that's a lot easier
0:39:47	then if there was no single point of communication between the processes there wasn't just
0:39:52	if we had to make a decision all the time like overseas just we're doing
0:39:56	I P C handle
0:40:00	a similar was talking about snow
0:40:04	we isolate applications from each other as well as really why
0:40:09	our and the
0:40:11	the web process regression all the taps just crash you know that one page
0:40:21	makes a marketing lot easier
0:40:25	the nice thing about this storage process is that this access is really slow so
0:40:31	there's always some walking going on if we if we always do that is increasing
0:40:35	in another process there's no issue with that
0:40:40	it could be a threat but then we couldn't it sandbox
0:40:44	and
0:40:46	that's a feature vector to and that was my talk so is there any questions
0:40:53	i can answer them now
0:41:03	probably

WebKit2 And You

Developer Experience Track

Martin Robinson