reorg JS stuff as Secure Distributed Computing in JavaScript; integrate videos #579
Conversation
|
aha... the |
This comment has been minimized.
This comment has been minimized.
dckc
changed the title
dckc
force-pushed
the
js-guide
branch
6 times, most recently
from
001afe9
to
a8cf682
Compare
dckc
changed the title
|
Here's hoping for time to discuss this with @kennyrowe, @michaelfig , @erights , and @rowgraus trial deployment: todo:
|
dckc
force-pushed
the
js-guide
branch
2 times, most recently
from
3710f0b
to
b3d66a1
Compare
|
some feedback from @erights (MM) and @Chris-Hibbert (CH) in discussion:
We also discussed some stuff that's out of scope of this PR:
Reference / Specification materialMM: thoughts on where to put it? MM: a "Hardened JS API" section seems on target MM: we have api docs and we have jsdoc in sources... reconcile? generate? MM: move API docs to agoric-sdk repo? Interactive examples #582MM: how about examples linked to live fiddles? |
|
At #579 (comment) @michaelfig suggests
I do not believe that it true. If the number exactly represents an integer beyond the safe range, then |
| @@ -106,17 +106,15 @@ module.exports = { | |||
| ] | |||
| }, | |||
| { | |||
| title: 'JavaScript Programming', | |||
| title: 'JavaScript Framework', | |||
There was a problem hiding this comment.
Confusing that the title in the side panel is "JavaScript Framework" but in the main panel it is "Secure Distributed Computing in JavaScript". I understand that the second is too long for the side panel, but that means we need something shorter that both can agree on. Also, this section is (will be) about "Endo", so perhaps we should start using that name now.
There was a problem hiding this comment.
I'm trying out "JavaScript Framework for Secure Distributed Computing" in the main panel.
| text: 'JavaScript Framework', | ||
| ariaLabel: 'JavaScript Framework', |
There was a problem hiding this comment.
See above re title of this section
|
|
||
| <<< @/snippets/test-hardened-js.js#exploit | ||
|
|
||
| Our goal is **defensive correctness**: a program is _defensively correct_ if it remains correct despite arbitrary behavior on the part of its clients. _For further discussion, see [Concurrency Among Strangers](http://erights.org/talks/promises/paper/tgc05.pdf) and other [Agoric papers on Robust Composition](https://papers.agoric.com/papers/#robust-composition)_. |
There was a problem hiding this comment.
I don't understand why, but the tg05 url works manually, but not when I click on it in the rendered text.
There was a problem hiding this comment.
Hm. I can't seem to reproduce the problem.
- add to TOC
- add JS talk video; follow makeCounter to makeMint from talk
- jessie tools how-to
- freeze intrinsics, ocaps/POLA
- examples of std globals
- Navigating the Attack Surface video
- link TimerService
as alternative to setTimeout under limiting globals
- briefly note localStorage alternatives
orthogonal persistence, `@agoric/store`
- unpack counter example: stateless objects and makers;
code animation
- document `bundleSource` with deployment
- use ses wiki link to fill out frozen globals tip
- migrate debugger note
- shim limitations are already documented in ses-guide.md
- never mind Jessie reference
- postpone XS, Intl docs (see Agoric#581)
- refine Introduction diagram
per conventions suggested by MarkM
- fix playlist context of youtube links
- let menger video play embeded as well
- don't mix E with guard example
- `bob` -> Bob per narrator's privilege
- never mind Airbnb in eslint tools section
Also, the line breaking issue goes away with the more concise
method syntax.
- concise incr/decr in animation too
- avoid "closes over" jargon
- fix: strict mode example was bogus
- Take care that non-fungible values are always referred to as _arrays_ of strings/object, not just objects. - and document `set` amounts as `copyArray` Co-authored-by: Michael FIG <michael+github@fig.org> Co-authored-by: Mark S. Miller <erights@users.noreply.github.com>
- define vat as queue + stack + heap,
borrowing from MDN's event loop article;
- subsume vats page
- document vat-per-contract under startInstance
- punt "agoric start starts several vats"
until we reorg the REPL / home / solo / chain services stuff
- enumerate the steps in an eventual send
Use `then` rather than `await` in example code,
which also matches MDN `fetch` example.
- hark to `fetch()` to introduce "asynchronous"
- fix: "`E()` takes a presence as an argument"
it can take a local object too; or a promise
- don't assume reader knows that a method call is
sending a message. Use "message" only for
things in vat queues.
- fix: fwd ref deploy script
- fix: redundancy: "non-local objects in different vats"
- cite How Agoric Solves Reentrancy Hazards (Nov 2020)
- I considered integrating the pubSub example,
but this page is about _using_ eventual send, and
since the platform forces contract writers to do it,
they don't necessarily need to learn the alternatives
and why avoid them.
- JavaScript Programming -> JavaScript Framework
- add video
- roads not taken: Distributed Objects, Distributed Computing,
(hides "JavaScript", which is a big part of our brand)
Secure Distributed Computing (too long)
- eventual send comes before `Far`
- eventual-send: troubleshooting: try E(obj).method()
- far: clarify distributed object semantics
- build on `makeCounter()` example
- use tested snippets for code examples
- illustrate remotable / presence with diagram
- cap arrow tail inside A with ball
- incr method offset
- motivate harden() by way of distributed identity
- move accessor prohibition into Far API section
- document PassStyles, including
- `copyArray` for use in ERTP AmountMath API
- avoid various bits of redundancy
- demote ses (WIP)
- notifiers: clean up some incoming links
Co-authored-by: Michael FIG <michael+github@fig.org>
Co-authored-by: Mark S. Miller <erights@users.noreply.github.com>
- start heading with "JavaScript Framework ..." to match nav
- never mind date qualifier for contract-per-vat
- fix playlist context of youtube links
- don't imply that only the Far end is remotable
docs(far): avoid "identity" in pass-by-copy discussion
The scope of this page should evolve from "Contract Requirements" to "using bundleSource". It should be linked - from deploying.md by way of documenting deployPowers - from E(Zoe).install(bundle)
copy .vuepress/dist to .vuepress/dist-root/documentation/ to reify the root URL structure on disk. This fits conventions for static site hosting such as netlify.
dckc
dismissed
erights’s stale review
MM said I should proceed in his comment
builds on #580
trial deployment:
https://ag-docs-org.netlify.app/documentation/guides/js-programming/
makeMintcore of ERTPlockdown(); just how to use one.todo:
cc @kennyrowe @michaelfig