I absolutely love Ryan Dahl. Such a visionary and cool dude. First he dragged the world kicking and screaming into multi-threaded servers, and now he's gonna do it again with security. The NPM import system is so cool.
KV is going to be huge. Calling it If the first half was about eating Node’s lunch the second is about eating Cloudflare Worker’s 2nd mover energy is real
KV is interesting, but will people be able to e.g. use a postgres, redis, mongo or whatever backend for it later? Nothing against deno deploy, but i dont want vendor locking on a runtime level. If it is only really useful for deno deploy (in practice, for a large scale app) i dont think i will be using this feature and would prefer it being a 3rd party library rather than a core API
Had a school project last semester where I convinced my group to use Fresh and Deno Deploy (we were meant to test out new technology). We used SurrealDB as our database and it worked brilliantly on Deno Deploy.
This 100%. KV should be treated as an abstraction for built in persistent data storage with sane defaults, rather than a vendor lock-in service which only works with Deno Deploy at scale.
I really don't see the feasibility of the new security model if it is evaluated at runtime... Having a deployed application suddenly break because an edge case caused a dependency to request access to an environment variable sounds like a nightmare. I would imagine a lot of devs would opt to run apps with --allow-all to avoid such unforseen scenarios. A better approach (not sure if this is scalable) would be to analyze dependencies before runtime to determine the set of permissions they might request, and then declare these before the dependency is ever hooked up to the project. You would then be able to know exactly what is required by a dependency when installing it. This also begs the question... why even provide the option to deny a permission request? In which case would a dev want to rely on a dependency only to intentionally sabotage it to fail at runtime? Is the expectation that dependencies should gracefully handle being denied a permission? That might work for packages going forward, but certainly won't hold for existing npm packages.
I don't understand this secure by default thing. Looks like it's not possible to manage permissions at the dependency level. One of your dependencies asked for some permission, cool you grant it, then everyone gets that permission. Isn't it just .. useless at that point?
@@neoesm that means if I want to give only a certain dependency permission, I will have to split it onto another process and use some sort of interprocess communication right?
Yea this security thing feels useless, unless if you are one of the very few devs that work in a very sensitive area. It should only be active if configured this way. Many (or most) people not only don't care at all about this micro security that actually feels weak but also feel annoyed by it. They talk about that so much since Deno beginning but feels like a waste of resource and marketing.
you can specify what is allowed --allow-net=domain1,domain2,domain3 --allow-env=env1,env2 --allow-read=path_to_file1,path_to_file2,path_to_directory1 etc
better docs. That’s all i’m saying. It keeps saying node isn’t this or that but you have to really present some docs where I’m like wow 🤩 I like the idea of deno. I’m not a programming expert at work. Like most people I know. So i need some more hand holding if I would ever adopt deno. Side note qwik came out last year (frontend framework) and even their docs are better than deno’s. Node doesn’t need docs. Just type node with whatever and boom there. No problem. I’m just telling the truth. It’s the same with solidjs. Great framework apparently but instead of giving me these lower level explanations just show me how to start from A to get to B, C etc… The one page example isn’t working for me. Even angular has you build an app though it’s a frontend app to get the usage of it across. This idea of, here’s the base of what you can do and figure the rest stuff is getting old. If it’s so much better show me. All these benchmarks mean nothing if I don’t know how to use it. I’ll just keep using Java 😂. the best default with tons of boilerplate but examples galore 😂 . I’m a horrible programmer by the way 😊Rant over
@@sofianikiforova7790 I’m just getting tired 🥱 of the whole we are better then this or that. Show me. Make a million deno small projects on youtube. Link them in the docs. Not just github links. Give me a basic app, then a medium app and maybe a edge case app for the really advanced, so like that i can say, “you know I had this same issue at work with node and this implementation is much more straight forward” or “We did this in node with typescript at work but this deno implementation is amazing!”. I can’t walk in there with a one page example telling them oh let’s stop what we are doing cause deno is here and from now on that’s what we are using 😂. That would be my last scrum meeting ever hahaha. I am not hating because I like the things I have seen but when you get up there and give me this deeply technical low level talk that means nothing in a meeting at work where half the people won’t understand what the hell Im saying anyway. I’ve already been fired from a job (which sucked) where I couldn’t for the life of me speak in a more metaphorical way and got canned.
The power of js is the avility to create Objects as easy as possible. JSON is the real power os js. For me every languaje that shoose this as a standard for objects is going to be successfull.
Built in security model. ESM. URL imports, Web standards. Native TypeScript support. Robust toolchain including testing, linting. Compile your script to a single binary executable. A vetted std lib. And more :)
Isn't that just how JavaScript works? Even if the runtime is created in Rust, JavaScript I believe is a single-threaded language? But from my very limited understanding of it, I think you can use Deno's implementation of Web Workers to achieve multi-threading.
Easier accessobility for newer developers usually means less accessibility for intermediate developers. I *want* to know what's going on under the hood and I *want* to be able to tune and adjust how the things work.
For me deno is for simple thing, if you really want to adjust thing you should pick a low level language like rust to maximize performance or make binding to deno code
I haven’t listened to any of his other talks but he sounds super nervous, lots of stuttering, lots of checking notes. Almost felt like he was presenting while being held at gunpoint.
I wish game developers would adopt the same attitude rather than over develop how a game looks when the game itself takes a log time to load. It seems to me that the game software isn't using the full capability of the hardware available.
If there ever was an industry that completely dropped the ball on performance I would say that the web development one would be a great candidate. A few steps in the right direction (by adding more complication, not simplifying things, really) is not enough to make up for the immense waste that most people in the web dev industry are causing daily. I like Deno, but to say that this type of thinking is even remotely close in effort to what game devs have been doing for decades to make things run fast is either incredibly naïve/ignorant or disingenuous.
@@raglandasir6885 yes, but deno was basically fixing at lot of the issues with js and making it usable bc ts was supported out the box with stupid transportation
@@1998goodboy I don’t think you know what you are saying. You are just putting words together. A language and a runtime are not the same thing. A runtime does not fix a language.
This removes so much friction!
Thanks for the fantastic work, folks. Working with Deno is just... great!
I absolutely love Ryan Dahl. Such a visionary and cool dude. First he dragged the world kicking and screaming into multi-threaded servers, and now he's gonna do it again with security. The NPM import system is so cool.
I DM'ed him on discord and he responded, what a generous guy
KV is going to be huge. Calling it
If the first half was about eating Node’s lunch the second is about eating Cloudflare Worker’s
2nd mover energy is real
if they making kv db built-in, why not also vector dbs, ain't those also all about read speeds.
or maybe i just don't know what i'm talking about..; )
Excited for the 2.0 launch, I truly believe deno has a great path ahead in the future. Keep up the good work guys!
What about Nodejs, it's became an ocean now with all those packages and project. I don't think it will go away?
The sponsor static images contribute to about 20% of the vertical space. Please cut that out so we can read the console.
Thanks for the great work, Deno team!
KV is interesting, but will people be able to e.g. use a postgres, redis, mongo or whatever backend for it later? Nothing against deno deploy, but i dont want vendor locking on a runtime level. If it is only really useful for deno deploy (in practice, for a large scale app) i dont think i will be using this feature and would prefer it being a 3rd party library rather than a core API
Yes, that is the plan :)
Had a school project last semester where I convinced my group to use Fresh and Deno Deploy (we were meant to test out new technology). We used SurrealDB as our database and it worked brilliantly on Deno Deploy.
This 100%. KV should be treated as an abstraction for built in persistent data storage with sane defaults, rather than a vendor lock-in service which only works with Deno Deploy at scale.
Common Deno W
The legend speaks again.
Deno KV, huuuuge!
I really don't see the feasibility of the new security model if it is evaluated at runtime... Having a deployed application suddenly break because an edge case caused a dependency to request access to an environment variable sounds like a nightmare.
I would imagine a lot of devs would opt to run apps with --allow-all to avoid such unforseen scenarios.
A better approach (not sure if this is scalable) would be to analyze dependencies before runtime to determine the set of permissions they might request, and then declare these before the dependency is ever hooked up to the project. You would then be able to know exactly what is required by a dependency when installing it.
This also begs the question... why even provide the option to deny a permission request? In which case would a dev want to rely on a dependency only to intentionally sabotage it to fail at runtime? Is the expectation that dependencies should gracefully handle being denied a permission? That might work for packages going forward, but certainly won't hold for existing npm packages.
Neat stuff. Thanks Ryan and Dino team on giving this. would there a pointer to know the cost of the KV?
I am now moved from Node into Deno!! Deno is really awesome!! Since Deno is also written in Rust!!
28:14 Did he say tokio instead of Tokyo 😁 Looking forward to the new KV store.
Amazing ❤
I'm the number 7884. And it's working fine, incrementing one by one. I guess a lot a people accessed at the same time
Great work 👏
Amin with the trolly question lmaooo
The root question was due the # at the end of the cwd I guess 😂
Thumbs up and subscribed 👍
Thank you!
I don't understand this secure by default thing. Looks like it's not possible to manage permissions at the dependency level. One of your dependencies asked for some permission, cool you grant it, then everyone gets that permission. Isn't it just .. useless at that point?
It's at the process level so you allow the running process to have these permissions or not
@@neoesm that means if I want to give only a certain dependency permission, I will have to split it onto another process and use some sort of interprocess communication right?
Yea this security thing feels useless, unless if you are one of the very few devs that work in a very sensitive area. It should only be active if configured this way. Many (or most) people not only don't care at all about this micro security that actually feels weak but also feel annoyed by it. They talk about that so much since Deno beginning but feels like a waste of resource and marketing.
you can specify what is allowed
--allow-net=domain1,domain2,domain3
--allow-env=env1,env2
--allow-read=path_to_file1,path_to_file2,path_to_directory1
etc
@@soniablanche5672 bad DX tbh and is not useful for most situations.
A True visionary.
better docs. That’s all i’m saying. It keeps saying node isn’t this or that but you have to really present some docs where I’m like wow 🤩 I like the idea of deno. I’m not a programming expert at work. Like most people I know. So i need some more hand holding if I would ever adopt deno. Side note qwik came out last year (frontend framework) and even their docs are better than deno’s. Node doesn’t need docs. Just type node with whatever and boom there. No problem. I’m just telling the truth. It’s the same with solidjs. Great framework apparently but instead of giving me these lower level explanations just show me how to start from A to get to B, C etc… The one page example isn’t working for me. Even angular has you build an app though it’s a frontend app to get the usage of it across. This idea of, here’s the base of what you can do and figure the rest stuff is getting old. If it’s so much better show me. All these benchmarks mean nothing if I don’t know how to use it. I’ll just keep using Java 😂. the best default with tons of boilerplate but examples galore 😂 . I’m a horrible programmer by the way 😊Rant over
Thank you. The docs are part of the product just as much as the technology.
I agree. At this point the SEO and docs for Deno are pretty weaksauce. Hopefully they release a lot more with the 2.0 launch
@@sofianikiforova7790 I’m just getting tired 🥱 of the whole we are better then this or that. Show me. Make a million deno small projects on youtube. Link them in the docs. Not just github links. Give me a basic app, then a medium app and maybe a edge case app for the really advanced, so like that i can say, “you know I had this same issue at work with node and this implementation is much more straight forward” or “We did this in node with typescript at work but this deno implementation is amazing!”. I can’t walk in there with a one page example telling them oh let’s stop what we are doing cause deno is here and from now on that’s what we are using 😂. That would be my last scrum meeting ever hahaha. I am not hating because I like the things I have seen but when you get up there and give me this deeply technical low level talk that means nothing in a meeting at work where half the people won’t understand what the hell Im saying anyway. I’ve already been fired from a job (which sucked) where I couldn’t for the life of me speak in a more metaphorical way and got canned.
What is wrong with Denos docs? Also, everything in MDN works with Deno too
@@altairbueno5637 i literally wrote a blog size comment explaining why 😂. Read it again and you’ll have the reply your looking for.✌🏾🗣️
Oh time to mess with this unstable feature 👀
Waitlisted :D
I'd have rolled my eyes before answering "what is ELF?"
Cool to see Dahl branching out from children's novels.
Wtf are you on about? Ryan never wrote kids books, that was his father
Markiplier is really doing it all huh
He is markiplying 😅😢😂
Just use go or rust or C++ or Odin or zig. Anything that does not require a heavy runtime, both in ram and cpu usage.
since deno wants to be as compatible as possible with the web, i would welcome indexeddb.
This looks very interesting 🧐
The power of js is the avility to create Objects as easy as possible. JSON is the real power os js. For me every languaje that shoose this as a standard for objects is going to be successfull.
I am looking for a good and up-to-date course from Deno. Is anyone able to recommend something reasonable?
What are you looking to learn specifically? e.g. build a web server, a saas app, etc.
@@deno_land something complete about Deno, for a front-end developer ;)
Keep the component library for Fresh alive! It’s great but i would love more resources to draw from.
If deno now has (or will have) built in node modules and support for npm what would be the point starting any new project with node and not deno?
Built in security model. ESM. URL imports, Web standards. Native TypeScript support. Robust toolchain including testing, linting. Compile your script to a single binary executable. A vetted std lib. And more :)
@@deno_land i don't think you understand what's being said
@@vuongnh0607l No, but it works none the less.
@@vuongnh0607l Node has most of those things now. Too bad you can’t copyright ideas.
Why not kv as a module? Its just making deno unnecessarily huge. Use global imports, if you have to..
I think primarily because rarely there are any non let-me-automate-it projects which don't require a kv store for caching.
Awesome! Why was the choice made to use KV instead of IndexedDB to comply with web standards?
Is indexed eventual and distributed?
IndexedDB is hard to work with, maybe thats why
I tried modifying indexedDB yesterday and almost died
Just a question, node js is single threaded and deno which is build in rust which can use multiple threads but still doing single threading, why ?
Isn't that just how JavaScript works? Even if the runtime is created in Rust, JavaScript I believe is a single-threaded language? But from my very limited understanding of it, I think you can use Deno's implementation of Web Workers to achieve multi-threading.
Easier accessobility for newer developers usually means less accessibility for intermediate developers. I *want* to know what's going on under the hood and I *want* to be able to tune and adjust how the things work.
For me deno is for simple thing, if you really want to adjust thing you should pick a low level language like rust to maximize performance or make binding to deno code
maybe I'm missing something but why do you need to embed access restriction logic into interpreter if you can do the same on OS level ?
It is useful for where you don't have access to the underlying OS, like deploying to serverless environment on clouds.
Great talk, but I must say Ryan sound different compared to his other talks. 🤔
I haven’t listened to any of his other talks but he sounds super nervous, lots of stuttering, lots of checking notes. Almost felt like he was presenting while being held at gunpoint.
@@neek01 Exactly my point 😀
My guess is that the talk was planned for a release that didn't make it so he had to quickly come up with something.
So glad to hear him pronounce it as Deno...and not Denno like everyone else you lameTube. Yay!
I wish game developers would adopt the same attitude rather than over develop how a game looks when the game itself takes a log time to load. It seems to me that the game software isn't using the full capability of the hardware available.
If there ever was an industry that completely dropped the ball on performance I would say that the web development one would be a great candidate. A few steps in the right direction (by adding more complication, not simplifying things, really) is not enough to make up for the immense waste that most people in the web dev industry are causing daily. I like Deno, but to say that this type of thinking is even remotely close in effort to what game devs have been doing for decades to make things run fast is either incredibly naïve/ignorant or disingenuous.
@@mccGoNZooo True that.
A proof of stake blockchain that uses deno as it’s execution environment.
He seemed quite uneasy promoting this 🤣
I sensed the "Let me just continue creating stuff with vim" vibe :-)
PHP mum.
Php mum
Lizz is just beautiful!
BTW. Do something so Microsoft will finally add Deno to Azure. Right now I can only use it with Linux docker...
Thought deno would fix typescript, now its just officially bloated. My programming language should not also be my database, two separate concerns.
Tell me you don't understand programming languages without telling me you don't understand programming languages.
@@sbruchmann tell me ur a soydev without telling me ur a soydev
The language is still JavaScript. Deno is the runtime
@@raglandasir6885 yes, but deno was basically fixing at lot of the issues with js and making it usable bc ts was supported out the box with stupid transportation
@@1998goodboy I don’t think you know what you are saying. You are just putting words together. A language and a runtime are not the same thing. A runtime does not fix a language.