JavaScript is the "VM" to target for D

Sat Apr 24 10:36:30 PDT 2010

Sat, 24 Apr 2010 11:27:27 -0400, Adam D. Ruppe wrote:

> On Sat, Apr 24, 2010 at 10:48:53AM +0000, retard wrote:
>> What else do we have?
> 
> If I had my way, I'd just be rid of the virtual machine altogether.
> Simply run native programs as a restricted user. (Indeed, I'd run the
> browser itself with that restricted user, then let it create whatever
> processes it wants, possibly stripping the child processes of more
> privileges.) The operating system keeps it from doing anything evil.
> 
> We could define a new header in the HTTP request that lists the kind of
> code you'd accept, from highest priority to lowest. For example, a linux
> box with Wine might say:
> 
> X-Accept-Code: linux64; linux; win32
> 
> Meaning it'd prefer 64 bit linux apps, but if you don't offer that,
> it'll settle for a generic 32 bit linux binary, or a Windows one if that
> fails. The application is responsible for getting its own dependencies
> resolved - if a dll load fails, download it from your site
> automatically.
> 
> A statically built standard library could simplify this for the
> programmer.
> 
> 
> This gives the programmers huge freedom by taking the code execution out
> of the browser's hands. Want to use a different language? Just compile
> it, or bundle an interpreter for it. The accept-code header could list
> various VMs the system has installed too.
> 
> 
> If the browser didn't send the accept-code header, you have two options:
> offer the binary as a download in a link or fallback on javascript. The
> only problem with the former is users without the right security setup
> probably shouldn't get used to approving binary downloads.
> 
> 
> But, fixing the browser's create process powers are the direction I'd
> take instead of adding more and more to their javascript interpreters.
> If they can create the appropriately restricted token (which they should
> be running under themselves anyway!), you're in business.
> 
> Seems like a lot less work than what they've put in the javascript, and
> gives a lot more flexibility.

It gives different kinds of flexibility. The advantage of Javascript is 
easy interfacing with the DOM, the html document and all kinds of powers 
the browser is providing. The hypertext widget is actually pretty good at 
modelling user interfaces even though it's not optimal by modern 
standards.

The web applications have many contradicting goals and as a systems 
programmer you only have a narrow view which is from the pov of the 
traditional local applications. It's true that you can restrict 
privileges on operating system level. However, there is no cross-platform 
way of controlling this system manually on a proper abstraction level. If 
you fail to see the advantages of a middleware layer, you need to think 
more about it.