Track: 21st Century Languages

Location: Broadway Ballroom South, 6th fl.

Day of week: Wednesday

Programming languages are the tool we all use every day, and more people are learning to use every day. Programming languages mature well, with the three most used languages being Java at 24 years old, JavaScript at 23 and Python at 29. But it is not at all an unchanging world. New languages have been very successful, such as Go and Rust, nine and eight years old now, and Swift which is only four years old. Tools we use every day have an inertia, but the rate of innovation is increasing. Languages that commit to different aims of efficiency, usability and safety are appearing and carving out niches. Part of the reason for the rate of change is the tooling behind languages. LLVM has made it easier to build a new language without creating a new compiler backend. Much more recently Web Assembly has carved out a place in the browser for more languages, and now promises interoperability of different languages. 

This track, 21st Century Languages, looks at the changes we are seeing now that are reshaping out tooling, and the challenges that languages face now. We explore how old languages are changing for the better as well as how newer languages are trying to challenge them, and the themes of safety, portability and performance.

Track Host: Justin Cormack

Developer @Docker

Justin Cormack is developer at Docker, working on unikernels.

10:35am - 11:25am

Making 'npm install' Safe

There’s a JavaScript package for everything. But installing a random package is a security nightmare: the installed package can access your data and send it over the network without anyone ever knowing.

But there’s hope! This talk will discuss how to minimize the risks of running third-party JavaScript. We’ll go over POLA, the Principle of Least Authority, and how object capabilities can help us grant specific, limited resources to third-party code. We’ll also cover the current efforts to enforce security boundaries in JavaScript: SES (Secure ECMAScript) and Realms.

Kate Sills, Software Engineer @agoric

11:50am - 12:40pm

Maintaining the Go Crypto Libraries

The Go programming language ships with a full suite of cryptographic libraries written in Go, including a TLS stack.

We will look at how that came to be, and what it enabled. The choice to keep it focused on carefully curated subsets of sprawling protocols like TLS was both a necessity, and its greatest value. We will explore how a focus on developer usability is important in ensuring the security of the ecosystem, and how that requires difficult targeting decisions.

We will talk about the challenges in maintaining it and keeping it secure, safe, useful and modern. In particular, we will see how security, scope and maintainer resources are on a balance, and what tools we can deploy to tip the scale.

Filippo Valsorda, Cryptogopher @Google

1:40pm - 2:30pm

Rust's Journey to Async/await

Rust, like most languages, is fundamentally synchronous. Over the past four years, the team has been working towards a world-class way to handle asynchronous processing. We're now in the final stretch of that work, and in the next few months, Rust will finally gain async/await. In this talk, Steve will give an overview of this history, diving into the technical details of how the design has changed, and speak to the difficulties of adding a major new feature to a programming language.

Steve Klabnik, Rust Core Team

2:55pm - 3:45pm

Rust, WebAssembly, and Javascript Make Three: An FFI Story

WebAssembly is an exciting new compilation target for the web platform and beyond. While many herald its arrival as the death of JavaScript- the story on the ground is quite different. In this talk, we‘ll tour the Rust and WebAssembly toolchain and the fascinating and challenging technical work involved in creating a developer friendly experience designed to grow adoption of WebAssembly- particularly amongst JavaScript developers. Notably, we‘ll take a deep dive into the foundational tool, `wasm-bindgen`, and how (and why!) we‘ve taught Rust compiled WebAssembly to interact seamlessly with JavaScript APIs and toolchains.

Ashley Williams, Core Rust & Rust Wasm WG Team Member

4:10pm - 5:00pm

Multi-Language Infrastructure as Code

We all use programming languages to write expressive, reusable, and powerful application code, with flourishing open source communities, and a bit of fun. One domain that has not yet experienced the same, however, is cloud infrastructure and operations. Most engineers in this domain still use JSON, YAML, DSLs, or bespoke templating solutions, that lack most of what we know and love about general purpose programming languages. Not anymore!

In this talk, we’ll see how a multi-language approach to infrastructure as code, using general purpose programming languages, lets cloud engineers of all backgrounds program AWS, Azure, Google Cloud, and Kubernetes infrastructure, unlocking the same software engineering techniques we commonly use for applications: abstractions and reuse, expressive control structures, package managers, testing, and IDEs, to name a few. The result is a serious boost to productivity, flexibility, and safety -- and a practice we like to call programming the cloud.

Joe Duffy, Founder and CEO @PulumiCorp


Monday, 24 June

Tuesday, 25 June

Wednesday, 26 June