DotNetIsolator: an experimental package for running .NET code in an isolated sandbox
Вставка
- Опубліковано 22 кві 2024
- A quick overview and demo of an experimental new .NET package that can create isolated .NET runtime instances for running code in a sandbox.
First Blazor, then Blazor United, now this. Steve is truly a visionary and must be protected at all cost!
First knockoutjs 😀
@@ADOConnection ooh Knockout, even before React was a thing, good times!
@@ADOConnection I used it, it is really we thought out library and simple to use. You could accomplish a lot of things with it.
Steve posts, you pay attention:)
This guy would invent rocket science in the stone age.
I was to small-brained the first time I saw this to understand it's implications but revisiting again the consequences seem incredible. It's effectively an arbitrary scripting runtime for dotnet, solving a longstanding "issue" where you couldn't easily eval arbitrary C# at runtime without that code having access to the full context of the host application. Being able to leverage this for things like game scripting are huge, and as others pointed out here the ability to tie this into a better hot reloading experience would be incredible.
I always love anything Steve shows. Amazing guy.
7:55 - the moment I waited for. Like "that's the way it should be to be classy" - and here it is, the elegant approach.
This is awesome. The first usecase that comes to mind is giving website users the ability to provide their own scripts to transform data, for example to define the shape of an event webhook to suit their own API endpoints.
Yeah, this scenario is something I'd like to implement in my own application as well. It will open up a wide range of customization capabilities to my users. I am looking forward to experimenting with this!
Agreed - if you see Steve's previous demo where he runs SQLite in a WASM instance to pull data from a source and then mash through 100K+ rows of data (because it's effectively cached in the WASM sandbox) it's really mind-bending. I look at this demo and think "so *that's* how he did it..." ua-cam.com/video/RevmsFXVJ5Q/v-deo.html
I have been very interested in sandboxing for C#, and seeing recent dotnet versions not having any options was a bit of a let down. This is very promising and I am definitely gonna play around with it.
If it's going to be a revolution for dotnet, you're going to do it, Steve.
Steve Sanderson: This is not a real product, just a fun little experiment....
.NET Community: ...
Steven, Blazor has changed my life. It makes my day so much better.
Brains blown! I see .NET containers and their ochestrators too. Genius guy Steve!
Nice experiment! Love it.
This is absolutely mind-blowing
I wonder if something like this could improve the usefulness of Hot Reload; Being able to fully recompile a controller or service and then it seamlessly being transferred to a subprocess
Greate video Steve!! It's amazing!
This is one of the most genuis ideas! Steve you are a brain!
This is a gold mine! thank you!
This looks like a lot of fun to experiment with for a plugin system! I do wonder how it works technically so I guess it’s time for some code spelunking :D
Steve Sanderson continues to drop huge.... CASUAL... Industry TRANSFORMATIVE Genius++ Level of God's grace... 🕴️James Bond swag... 😎😍🫠😍😮💨💪. Dude you are a GOD Bro!!💪
We need to go deeper... )))
Awesome, just awesome!
Thank you for your work!
Great stuff Steve
this is very cool, good job!
Steve you are a genius 👍
Awesome, please keep the api this simple!
All this sound just like a container (like the ones used in K8S)... which is awesome!
Great stuff. Thank you very much
This is brilliant!
Wow, this is amazing! 😲
Is the spreadsheet app available as a demo? I was looking for something like this for one of my projects.
Is this analogous to AppDomain but using WASM?
I wonder if this could be used for something like a "blazor wasm micro front-ends"? 😅
Nice Steve. I can almost imagine Blazor Web assembly in a mode where it starts instantly as an isolated WASM process running on the server (so not starting as server side blazor), then is instantly transitioned to the browser once the assemblies are loaded (I assume you could serialize the whole WASM dotnet state for that user). Might not be practical of course given the various web APIs wouldn't be available until after the transition to the browser.
Can't believe Steve demoed EXACTLY this in his recent video 👏
Cool! Thanks for share!
Brilliant!
Nice, thank you!
Amazing!
So great!
its super cool 👏👏👏
Very neat! I'd def like to hear more on the scope and limitations of passing data to and from the isolated runtime. On the api project, u did show how u could isolate the counter variable on a per request level, but its unclear if the counter variable is being serialized into the isolation env (i.e. what happens with bigger objects with various levels of nestings). And also the example on passing the results of directory.GetFiles, what happens if I pass back a FileInfo object and in the main env calls a method on the returned object? I would assume there would be errors since those paths don't exist in the main env. And also, what about network isolation control?
Either way, awesome stuff that adds tons of flexibility and potential security to the platform. Well done! 👏
Maybe you could try the library yourself to ascertain answers to your questions. It is a nugget package and open source.
Is it generating wasm on the fly? Is it possible to do AOT or cache generated WASM?
And is the WASM code JIT-ed or it's using WebAssembly version of Mono as an CIL interpreter ?
witchcraft! :) - fantastic, great demo as usual
Very interesting!
Is it possible to pass down an interface/object to the sandboxed code or have the sandboxed code able to interact with that objects functions on the outside?
I may not be explaining this well, but being able to sandbox a customers code while still allowing it to pull data as part of the sandboxed code in a controlled way could be useful.
Awesome!
Super super cool
Great to hear from Steve as always, he is full of cool ideas. Anyone know which library he used for the spreadsheet component? It's not part of the github project he shared.
A bit offtopic but what was this Spreadsheet component?
Right on the topic. I also want to know! 🤣🤣
It’s this: github.com/myliang/x-spreadsheet
When Steve talks I listen
Great !
I wonder if this would solve the issue of max one runtime that prevents the modernization of VSTO....
That SpreadSheetApp looked pretty cool. Was this project shared or could it be please?
nice
Cool, I wonder how these online C# code tools worked like.
I wonder if this can be used as a basis for a plugin system that allows third party devs to create their own plugin and run isolated from everyone else. Or a way to distribute plugins in a distributed system.
Does anybody know how it works internally? Does it create a separate process for each runtime or are those created runtimes are managed inside the current process? Thanks!
It’s all in process. No external processes are created.
5:15 You mentioned that the runtime can't log to console without the WithInheritedStandardOutput but you just demoed that at 3:55 without this being enabled. Its that already setup as default?
Yes, the default configuration allows that.
Can you use wasm native dependencies with this approach?
Is there a way you could share the SpreadsheetApp?
Will .NET + WA replace Docker?
Unbelievable. Can we reference 3rd party code with a single parent Nuget?
I think do a pre-release.
Smart contract?
Once you run WebAssembly, why limit yourself to running dotnet inside. This is basically a functions as a service host environment. :)
And with very small cold start time to compiled runtime (now I’ve watched the whole video). An amazing work!
.Net Inception
Very cool but viewers should know this is really well traveled territory outside of dotnet, and MS probably will not grow this to be as feature rich as the Linux tooling (seccomp, chroot, etc), rust and crypto use this tech a lot
Brilliant!