Bestand wählen
Merken

X11 on the Web

Zitierlink des Filmsegments
Embed Code

Automatisierte Medienanalyse

Beta
Erkannte Entitäten
Sprachtranskript
alright and mining red Nelson and they're talking about free excellent and the web so have the motivation long and show this pages because I find it amusing this as a 10 1099 for a this is the 1st computer I around and on my mind I'm using and look like this this one's got a ton of stuff attached to it but the thing I remember most about it was the turn on the power switch and it's ready to go and uh somehow suffer hasn't felt that way long time that's that's kind of the underlying thing in my head it's motivating but I really hate is I hate configuring computers again in computer and it's like OK now where were all like my dot files on like you packages do I 1 and so is the same thing over again the and I'm paranoid sort of felons I don't know I don't trust the programs are and so on I'm programmers so I want lycopene enabled to help me program so but what I wanted to Velten browser and how to make that possible i it needs to be secure the there needs to be fast and Our something you need some stuff and there's a lot of software that I depend on so you know 1 of them user men want them and that I need get the best problems of the trying some interpreters pipeline and I'm aiming to compilers but in an excellent but because this is just another excellent stuff and we care about and saying you know in for example so I really his native code & in the web browser native code that's not such a good idea and you're thinking of you know things like this where you get the scary warning and you can yes and no is not a fun thing is you say yes and all the you you who knows what you're really haven't know and well and don't have anything and so I fortunately stand up in Google Chrome there's a sad technological Native Client and our allegedly is something that's you have native code that's as secure as JavaScript and it's verifiable safe and potentially at least it's portable and and it's open source as BSD license so many using terminology this talk uh just just out of habit they also Native Client is often referred to as an apple it's moving no sodium joke in there and up formally applied as this is often called chemical and there's this other API pp I've used pepper and set the number of salt pepper clothing and things of that nature uh it's the i layer 4 to Native Client really tell you so from the user's point of view what's if I knew you got some C code you recompile it with the points toolchain and out uh next year and apple executable and the parent out with some amount of dollars scripts and HTML and you can hand that you to user and they can they can run stuff and when this insecure so I met my wanted to send boxers right so that uh Crohn's our process and lots which is the the sort of sand box that is protecting you in general when you you got ordinary cabs and we also have inter static verification sandbox on that you can use context of process and box uh has grown standing between you and your us and then if you didn't have their fur ideally for each have the of rich origin there's a renderer process and render process and you know only talks to chrome and promised going to talk to the last and it's isolated and its restricted what it can do and in a separate origins of several within it even in Apple module on it's even further isolated is off talking you through the inter process back to the browser I and then within that I use them solve our fault isolation techniques but we do control-flow integrity checks to restrict what code can execute and we're stuck the data that can be accessed on some data integrity checks and then there's a I O interface so cool has a has a particular kind address layout but you've got to 256 megabytes of potential space for code and up to 48 bytes of data region and there the summary from each other so things that encode region it's re-execute only things in the data regional our read write and tune the max on the joint major that bad things don't happen ever going to be sure that and so you enable this some all the code on these we're here when they felt the needed know that it's not just any old live these the safe and this only has to be an ambiguous and so you you need to know where it's gonna jump you know where the direct jumbos but more importantly you know our world the indirect jumps go and that's a little harder about because then includes you know the colander function returns if the stack is entrusted than that issues you know the at least say you may not even know where they're going to go ahead of time on some of the key trick that makes this possible and if you imagine this thing 1 instructional normally when you have code and particularly in architectures like x 86 you don't know coming in instruction is going to be you know words going and on doing you could jump in the middle of an instruction in that case on more importantly if you're going to put some constraints so what the code can do what you you really don't have a positive of any any sensible placed upon boundary so that the key to the thing they find us at the get security is of course but no 1 so we make sure that every 32 byte boundary there's a safe point that you can going to the uh you can go into and out so with an indirect jump what happens is that you are mask off the bottom 5 minutes and you know that your safe no matter where you land now the drawback is that you have to cat out a lot of these bundles of not so there's a little bit of wasted that's the reason that we get some performance overhead within 1 and so on and beyond that depending on the architecture of the some of the items that are used to restrict uh what I said before even make sure that you can only execute the executable originally read write and read write region on some elected 632 I have a question to 1st 3rd of the i on it's easier 86 32 I worry of people point uh then even only a segment registers are used to restrict to some of the access but on the other architectures so individual live masking jumps in memory accesses so there's little world overhead but on on toll of the the performance is actually typically in nearly 20 per cent on like 64 thinking in as bad as 30 % depends a little bit of a mix of instructions in the application on Ansys Gozzoli obviously you know you know I
can just you regular syscall that's in the dangerous and scary unseen reduces calls through the z traveling to get you out of the sandbox over a small region of the and you of loosen restrictions on the bundles for some pre prescribed escape hatches on and that lets you provide a uh an API for for denial of 1 of the that's provided problem is IPTV I it's a sort of web-centric API to very asynchronous everything's asynchronous in which is very well I give you access to graphics including open Julius to the baby as for sound as if the in certain contexts you have network access not every context output for access in some contexts and you can also have some local storage associated with the origin use place to put stuff on so if you got but if you got your knuckle Elidel unit you're doing so something asynchronous messaging back and forth with pepper so I for the for the Nolan Native Client Applications Data defined and described here that the only relocation activities in in Chrome Web Store on and that's mainly not because the concerns about security but because of concerns around portability and the issues that I when somebody is determining go we want say OK here's x 86 and that's it will have just 1 architecture of and Webster were able to say OK well this you know there's a limitation in that if you if we come back later and say you need a spot market we do that on but and I'll talk about portability more in a 2nd but the reporting something of like all those applications are listed before them in the next that you really care about plastics compatibility and that something in the paper the that's happening the and will and it connects and and in in this field and I recommend the large events lots of folks a lifeline don't put your slides 1 this i in all this talk right it will get the 1 slide and hopefully we connected them and so on in order to tap passes compatibility with dual work to put this to build this back up on top of pepper on and so we went ahead and and in a kind of a plan I like way and planning in which a virtual file systems that I sit on top of pepper and what we have some very basic ones like a memory file system but we also be solid stored on storage in HEP there's a fused now on and we emulate some other things like sockets during 1 of the very similar and have some links this this is really often lack of the offline version and I why is it that you will have a cost of 10 of the ones From here to get them back it somebody turned on the phone and that was just too much the 1 welcome to the 1 OK then In that was choking Moosh tha OK tha Paris so I it so in addition to stimulating all sort of like a single process but except but didn't think particularly using a higher higher up the stack on you end up having nothing process is the 2 and tackle usually get 1 processing it for multiple threads of who we end up needing emulator of heads and things like last spline randomly for for we can before and we and things like that and type served in and 1 coming soon sentences and reason was there again and and so we end up with is a java script microkernel of sort where got the process they're actually DOM nodes that are managed by John a script and you know they have pens and they can wait in each other and they pass lovely asynchronous messages and out 1 of the fund the puzzle that we got from from our 1 of our communities as a as a duty to 20 action it's a work extra color implemented of tonal Java script college so gives us terminal and and all of them is 1 1 and make a little segment of portability here which another version of what the newest I'm so imagine all the stuff talking about native code but really most of the code that the the votes care about is C code and so they potential trade you can make in terms of portability is that you can say well what we do all the high-level optimizations ahead of time and then on the right in the browser do I do the last little bit of the compiled and that gives reasonable formally applied on a where we transmit a flattened version of the them in the representation and that gives portability and we use them what we caching talk about much detail here but basically the idea is that if you see in particular Portable Executable before you only need to give you the translation once and as it mean inside the of the translation from portable new architecture-specific is actually done by translated itself uh runs inside of the point of a sandbox as well to don't have trust the compiler on the target so while you're back to him by the world all the year the fund ports so I on this foundation we've enabled actually start the porting a whole bunch of stuff on and we've we've done is trying to keep this knows little this is possible because you're making for something you don't introduce hold on there and also it would accumulate a whole bunch of packages that enable the the point and we've then you know keeping uh he mirroring of the upstream and we have a continuous building test form for a nearly 200 packages ported and you keep it continuous building this instances with this is that the that of course not and so i we reach the point where we put this together in a little many units that that it's me closer to that goal I mention originally that I want you to do in all my things around on and so we have Bashir got a bunch of editors and then manually recently I mean acts on that image of interpreters are GCC and we just recently got all
the working for us as well and so you end up with a number of will show number of a moment
that you can get bashed promptly top of things but that was just you director pepper what about right there's a bunch of cool things that you that you really index for on and it turns out that x our was not that hard to port on it's broken down into a bunch of very nicely factor packages many of the packages of art in the local chain without modification there's a very nice separation between the 2 the transport layers and um and the different pieces in it's very portable code on for the moment we're using sockets for transport this has 1 key drawback which is that is so on a in a coma half which June solving the from units you know with the Web stack and your London do some extra things if you access asked permission and 1 of those things is that uh sockets and with that uh if you're on the open web within the actual web page and then you know what new sockets at some point particularly for X will be interesting to swap out transport I get to kind of look forward to that because the the the layer to do that is very small area easily add another form of transport so we able bring up an X server that using this there is an a lovely poured over X and X server runs out of STL we already had a steel port and then this is this of fellow here and it's a key drive during drive down X server so it's obviously got uh it's kind of old school that various limitations long-term it might be nice to to to get access to jail but and we need somebody around of words well the port was on STL reported that still to go in and went back still 1 because of compatibility and a not needing graphics graphics to full-time on and find you have you know there's no interdependencies between these packages but despite how many of them are there this is this is the dependencies for excise and years we give you some idea of the sundry packages in the X server on but are all very small packages and there's only in all of us something on the order of 12 hundred lines of death and a lot of that it is on stuff that really shouldn't be there it's things where of for example right now of done things like any of my requires an entry point it's not called means so every place was main needed you will work to patch that will hopefully go away in the near future but the net result is where the uh worry we bring up some access so back to by some twist of chance it turned out that reaction that the X version of it the max of before the consul version is tricky enough to want to get all the consul plumbing
in in Max working on that's a
window manager is only to give you an excise eliminated slide through this because when you're demo here it on but as a nation for our 1 of the things that we do is move our are uh transfer sockets which we can do this on on an actual web page on and make things for all things and the 1 1 thing in my sort of long list of stuff as I would like this again we not not there today the X server you think you could point in pattern but not that give itself as well and the bunch of of really are some folks that contributed to this on in in if authority questions now on the whole test 1 theory for yes you can come and go home have come to you that knowing what the OK so the performance and in some that performance is obviously you know of a complicated thing but I would say that's the X servers performances is not all that I would hope for and partially because of uh the uh the interaction of St Helens is the assumption on the redraw the whole screen this waste their time in general low of the most of performance bollox around I and so on in this environment in general 1 of the big issues we run into is that this set API interface animation for has long round-trip time for flower so their budget context like particularly with the compilers and were were were currently very unhappy with the sort of I get thousand header files and touching all on that doesn't agree that the actual core of the execution of the overhead is very small and it is really quite closely and so we had been carried so that ingestion of just to give everyone context now start the question 1st question was what with performance like the 2nd question was that you can contrast that suggest that as investor context 1 is that it's in our fireboxes the technology that expresses a similar kind of a portable representations this some similarities with formally applied and where it's it's expressed as a JavaScript code that has a set of constraints that that much you do a similar kind of a compile on the client side and and be able to do this on a FastPath were we get said also performances similar on the the main differences are that because we have friends on there's a lot of issues with reentrancy that's uh particularly in the city itself what 1 the 1 of the weird things that you see it as a very effective reporters and some neat something that like you know and again religion for about 1 extreme but then something you know so we like Signac uh is miserable the port because you've got you got to block somewhere down the balls of that because you're running on the on the main JavaScript thread there is some issues of reentrancy that send on as it has a very good performance in their fellow travellers we definitely excited about uh you know folks doing doing it for the browser and I'm I'm optimistic that they'll have you figure out by the way to introduce friends and that that said that we can apply possibly actually bring a lot of these sports so as to it to as as well on and that actually our our arnaq apports repository dimension we do on this on a continuous build but we do have a switch to try to turn on civilians within ports and is well on it's it's a it's a mixed bag of ringing imported it it's it's pure library and you can kind of kind clearly going out of it you know you can share a lot of the same pollen and in fact our our our pinnacle toolchain we actually share a lot of the same plumbing in November surpasses the shared by both instructors and that thank you on to them right so it's so these looks shockingly like absence of to uninitiated thinking running like proper answer but these are are all built on the Web Stack various glued together with with JavaScript there are things that aren't you could certainly run them on a page by cheating and that is a starting from the much turn on natural everywhere the primary issues that that's number that's understood before a portable that word but in a good thing to get is stuff that can run without knowing
procurement goes to consultations with be some reason and so this is a barracks server
running and then the net environment is a shockingly phase of Ashcroft and so when a new year is so that the X server is just running on under display 42 and I the the full of numeric here and around steering unlike doesn't do
anything because it's just window manager sitting there in 1 and and a far up another 1 and 1 1 issue as mentioned for were just a little side pipes and I were also or also short asynchronous signals to to do something like controls z so right now I'm very up to these it something running and that 1 of the things that we reported the is axes that article tk a while back actually tuple folks the port and I was able to bring up taking a lot of trouble and so run wish interpreter here and this postcard and and now
all as this is just a you know you can then you can point here uh you can you forwarding from another location in and this is obviously
local that you could you know run something so again from liminality come up and do its usual what about so and the long-term mobile courses they have uh and again be something running also known as wanted you can
cannot start going I and then I think in the example for
max Université you know they can any is so next is a fun whole story is that a topic actually enact my colleague is that the 2 the point in I do do will be here this the start a lot all we would hope for a number of reasons for that that he'll go into a fixed excruciating detail that you get the next 1 and so what were some of you know of hoping to move toward is to to bring more more stuff up world we in that it would be easier and easier to to the sports a lot of the a lot of the ports have almost 0 definite particularly the effect of an entry point change from 1 apple mainly mainly the in good shape you have a whole lot more assertive words and for some of the ports on a lot of the DiffServ things that we could upstream lecture should upstream now they're just you know to the general portability and and so I'm I'm excited that we're going to hopefully be able to bring a lot of stuff that's to the browser and you to any questions maybe in that book and then the loop the things that we the the and so I mean this is running as well as as a as a user so you're really there's no there's no special credentials apart so and the cell and I the the I aligned on demand running each you have been certainly a possibility and we know we haven't you would just to develop the core functionality the moment that it is a lot of a lot of possibilities to make it more seamless was the ideally you don't want just to big but let's stuff you know you have here each each thing itself and for some of the acts like and we actually in the short term we played around packaging the X server with them which is kind of you know has pros and cons is 1 of the versions of every Mac that we that also sort you know Emacs spins and and that uh but the added this debt was a possible is I should mention 1 other interesting wrinkle on with free of the X server but it's it's largely 1 process but there's 1 in 1 9 1 is surprisingly hard may go and so we finally just brought up the key keyword compiler really really wants to be its own thing shall run compile the keyboard and the keyword that Apple and man and so it's all single process with the exception that in showing match Jonathan keyword compiler and starting the question the and we do not have a browser running around there is no actually it's not completely true I'm so that you you you only have heard of there's a product called arc on that has a portion of an and a running in as well and they actually have a range of the web 11 so there is a the new portion of what that means for web you know basically render is able to come up and going along with the same in and you can actually get the fall back up for some of the APs there were lined up in a in what is basically the intervals so that that pretty much not not in this not in this exact environment that will I apologize I way is through that way fast any more questions the and I think most of you know In yet yes is and so in terms of the family as a way back and if I accessed many if I actually is forcefully started out as a as a Firefox plug-in and at that time we wouldn't have any any I O and layers to its it was really just you could be offered computers and certainly integrating that partially applied with relatively straight forward on the being the uh the big issue with so the whole stack will be supporting pepper on and I'll layer which is a little bit more of a sort of a paper has Crohn's properties of waste products there may be a little more effort involved on certainly it would be something that would be useful in terms of portability we do have a layer of and we had this project called the average test that is as an attempt to provide a a pepper compatibility layer done in java script that works so thousand deaths and and so on 1 issue there's because of that reentrancy issue I before on this or if you have a very single-threaded very carefully structure that you can you can stunt with pepper you can compiler for as many of whom pilot for graph what happened with the same but it has to be very clear and very careful about how it how it locks thank you the but
but the
Programmiergerät
Bit
Vektorpotenzial
Prozess <Physik>
Punkt
Extrempunkt
Browser
Natürliche Zahl
Adressraum
Kartesische Koordinaten
Maschinensprache
Computerunterstütztes Verfahren
Computer
Raum-Zeit
Homepage
Client
Wechselsprung
Code
Volumenvisualisierung
Mixed Reality
Skript <Programm>
Schnittstelle
Interpretierer
Lineares Funktional
Sichtenkonzept
Computersicherheit
Güte der Anpassung
Kontextbezogenes System
Randwert
Wechselsprung
Festspeicher
Client
Ablöseblase
Overhead <Kommunikationstechnik>
Computerunterstützte Übersetzung
Schlüsselverwaltung
Faserbündel
Nebenbedingung
Quader
Zahlenbereich
Code
Konsistenz <Informatik>
Data Mining
Hydrostatik
Benutzerbeteiligung
Software
Vererbungshierarchie
Optimierung
Schreib-Lese-Kopf
Gerichtete Menge
Open Source
Browser
Programmverifikation
Modul
Quick-Sort
Integral
Verdeckungsrechnung
Wort <Informatik>
Computerarchitektur
Abstimmung <Frequenz>
Bit
Prozess <Physik>
Punkt
Momentenproblem
Virtualisierung
Minimierung
Compiler
Browser
Applet
Versionsverwaltung
HIP <Kommunikationsprotokoll>
Kartesische Koordinaten
Maschinensprache
Eins
Einheit <Mathematik>
Regulärer Graph
Code
Maskierung <Informatik>
Translation <Mathematik>
Skript <Programm>
Dateiverwaltung
Analytische Fortsetzung
Funktion <Mathematik>
Softwaretest
Addition
Interpretierer
Computersicherheit
Gebäude <Mathematik>
Systemaufruf
Übergang
Kontextbezogenes System
Ereignishorizont
Rechenschieber
Texteditor
Datenfeld
Verschlingung
Rechter Winkel
Festspeicher
Client
Dualitätstheorie
Benutzerführung
Ordnung <Mathematik>
Faserbündel
Message-Passing
Instantiierung
Gruppenoperation
Automatische Handlungsplanung
Zahlenbereich
ROM <Informatik>
Term
Socket-Schnittstelle
Code
Open Source
Mikrokernel
Bildschirmmaske
Benutzerbeteiligung
Datentyp
Inverser Limes
Skript <Programm>
Socket-Schnittstelle
Thread
Speicher <Informatik>
Mobiles Endgerät
Bildgebendes Verfahren
Schreib-Lese-Kopf
Schaltwerk
Browser
Binder <Informatik>
Quick-Sort
Computerarchitektur
Kantenfärbung
Compiler
Emulator
Verkehrsinformation
Resultante
Subtraktion
Punkt
Momentenproblem
Extrempunkt
Versionsverwaltung
Keller <Informatik>
Web-Seite
Socket-Schnittstelle
Benutzerbeteiligung
Einheit <Mathematik>
Inverser Limes
COM
Gerade
Trennungsaxiom
Browser
Stellenring
Teilbarkeit
Patch <Software>
Verkettung <Informatik>
Flächeninhalt
Client
Server
Wort <Informatik>
Ordnung <Mathematik>
Schlüsselverwaltung
Nebenbedingung
Demo <Programm>
Subtraktion
Browser
Compiler
Hausdorff-Dimension
Fächer <Mathematik>
Selbstrepräsentation
Interaktives Fernsehen
Keller <Informatik>
Zahlenbereich
Web-Seite
Physikalische Theorie
Code
Socket-Schnittstelle
Homepage
Client
Benutzerbeteiligung
Datenmanagement
Bildschirmfenster
Mustersprache
Programmbibliothek
Thread
Schnittstelle
Touchscreen
Autorisierung
Softwaretest
Browser
Mailing-Liste
Ähnlichkeitsgeometrie
Elektronische Publikation
Kontextbezogenes System
Quick-Sort
Rechenschieber
Menge
Client
Server
Speicherabzug
Overhead <Kommunikationstechnik>
Term
Verkehrsinformation
Interpretierer
Datenmanagement
Datensichtgerät
Bildschirmfenster
Browser
Gamecontroller
Server
Programmierumgebung
Phasenumwandlung
Client
Browser
Bit
Prozess <Physik>
Punkt
Momentenproblem
Freeware
Browser
Compiler
Mathematisierung
Familie <Mathematik>
Versionsverwaltung
Zahlenbereich
Zellularer Automat
Computerunterstütztes Verfahren
Term
Kreisbogen
Loop
Spannweite <Stochastik>
Benutzerbeteiligung
Arithmetische Folge
Volumenvisualisierung
Skript <Programm>
Datenstruktur
Mobiles Endgerät
Gammafunktion
Metropolitan area network
Soundverarbeitung
Softwaretest
Lineares Funktional
Schnelltaste
Shape <Informatik>
Graph
Matching <Graphentheorie>
Kategorie <Mathematik>
DiffServ
Browser
Biprodukt
Quick-Sort
Client
Server
Speicherabzug
Projektive Ebene
Programmierumgebung
Schlüsselverwaltung
Browser
Client

Metadaten

Formale Metadaten

Titel X11 on the Web
Untertitel Using Native Client to run X11 applications in the Browser
Alternativer Titel Graphics - Web X11
Serientitel FOSDEM 2015
Autor Nelson, Brad
Lizenz CC-Namensnennung 2.0 Belgien:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen.
DOI 10.5446/34420
Herausgeber FOSDEM VZW
Erscheinungsjahr 2016
Sprache Englisch
Produktionsjahr 2015

Inhaltliche Metadaten

Fachgebiet Informatik

Ähnliche Filme

Loading...
Feedback