 So I'm really going to be on TV, right? Like, now you're not going to cut it out. Well, yeah. Well, it's YouTube. That's the real TV. You are going to be on TV if you cast it. Otherwise, it's just... That's good enough. So we're professional viewers. Totally. We've been doing this a while now. Literally since yesterday. We're going to give you the first question you've given everyone. Who are you and why? I'm Satya. I work on V8 at Google on... It's the engine used in Chrome and Node. Which engine? It's a JavaScript engine. Oh, there you go. Who's doing the interviewing here? Chill out. It's the engine. We'll get to you. I'll shut up now. And why? Because I don't know better. That's a legit reason. That's an actual, legit reason. Now you may speak. Oh, okay. Thank you. Yeah, so I also work on V8. I'm a DevRel on the V8 team. So V8 implements JavaScript features as well as WebAssembly functionality. It's all part of the same engine. And it chips in Chrome and Node and other embedders like Electron. Yeah. I like how he skipped his name. Yeah. Oh, yeah. My name is Matias. So this is both of your first IOs. Which is surprising. Yeah. And you both spoke at your first IO. So what were you... Full house? Yeah, yeah. Full house. I was impressed actually. How did you get so many people? What did you talk about? Modern JavaScript features. Right. Turns out a lot of people are using JavaScript. Who knew? Right? When are they going to add stuff to VB script? Are we going to get more features? Yeah, we need feature parity. I like redeeming arrays. That's what I like. Do we ever support it in Chrome? Nope. It was only ever IE. Yeah, and even they've got rid of it. So, okay. Run us through some of these new features then. Okay, so one big new thing. Well, what's my favorite? That's a really difficult question. Yeah, it's going to be really cool, isn't it? No, it depends on what you mean with new. One of the features that has been in the pipeline for a bit longer is modules. And maybe it's not super cool to talk about modules because they were in ES 2015, I guess, if you look at the syntax parts only. Yeah. But only as of today, they're available in all major web browsers, which is pretty exciting. And then there's Node.js, where they're still working out how modules should really work natively by default. What is the state of that? I've stayed away from that whole thing. The community seemed sort of very angry internally, and I kind of checked out with it. Yeah, because of the file extensions, I guess. But it got into browsers pretty much without any... Let's go to it, yeah. So there's an experimental implementation in Node behind the flag, and it only supports modules for files with the MGS extension. Right. I suppose that's where a lot of people get kind of upset a little bit because people are used to the JS extension for the JavaScript. But in a way, I think it makes sense because you need to make the distinction between regular scripts and modules anyway because they're treated a different way. They're interpreted in a different way. Modules have few scripts by default, so they're in strict mode by default, and there's other differences as well. Yeah, it's even stricter than that. And they have import and export. The static variants only work in modules, not in regular scripts. If I create a constant inside a module, does that go on the global scope? Is that one of the differences? That's one of the things I can never remember. It doesn't go in the global scope. It doesn't go in the global scope as a script mode either. In a normal script either. Yeah, I've got some reason to do that. Yeah. Yes, you do, Jake. We recently had a conversation about something similar because you know about constant lat and block-scoped bindings, but the same thing happens for class declarations, for example. They're also lexical, so that means if you have a class in the global scope, it's not actually globally available. It's available within the same script text, but it's not attached to the window object for example. You have to assign it. Yeah. So even though we implemented it in v8, we rewrite the class declaration as a class expression with an assignment in a lat variable. No way. Yes, way. It's all just syntactic sugar, isn't it? Yeah. And then you write that to just being a function where you set the prototype. Probably not, but... Yeah. I've abadled it at the start, right? We bubbled it, yeah. We call it de-sugaring, and it happens in JavaScript engines all the time. All right. Okay, so we've got modules. What else did we get? What else is new? I'm excited about class fields, like private fields now that's... In classes? Yeah, in classes. So that's something that's been missing. Is that in Chrome? Yeah. To be on a flag in Chrome, I have it. Such I actually implemented this, but it's still behind a flag. It's still behind a flag. Disclaimer. But still, that's something people can play with. I remember. Yeah. So normally JavaScript developers use underscore to like denote that it's private by convention, but the language doesn't enforce it. Yeah. Right? So you could access that, but we've seen like people accessing private APIs from React and like Node. So with private fields, you don't have that problem. So instead of using underscore, you can just use the hash sign to create a property or assign to a property. So it's like this dot hash thing? Yep. And you can only access that within... Within a class body. So outside the class body, it throws a typo. And does it still work if, like, say if I'm in a set timeout? I guess you're using arrow functions. I can still access it there. Nope. It needs to be in the... Well, if the set timeout itself is in the class body, then sure. Then it's fine. Okay. So it's... Is there any way to break that rule with like reflect or something? Nope. It's hard private. Wow. Okay. That's great. And it's not just private fields, it's only just class fields itself. It's useful by itself because now you no longer need a constructor necessarily if you just want to initialize some fields. You can now do this outside of the constructor just as part of a classic... So I can just do, like, let X, semi-colon in the class body. Without a let, yeah. The first time I met you is because you were the one at that point still working on implementing dynamic import and that... To me, dynamic import is, like, the one of the biggest changes. So good. Since we were thinking about modules. I remember, like, W3C mailing lists, loads of arguments about how we could do async script loading and sort of all different sort of APIs because there was, like, those big, big free script loading things. There was, like, LabJS require and everyone disagreed on how to do it. So it's just so nice to see, like, the language come along and go, no, it's just like that. That's the import you've done. Off we go. We've got promises now. Problem solved. A wait import. Boom. Done. So I remember when you joined, I got a bit jealous. Well, not when you joined, but later, because as soon as you joined Google, you got invited into the secret Spectre meltdown club. Oh, yes. I didn't even know existed. And then later on it's like, hey, I knew all along. So, like, what was that like then? To just join and be sort of thrown into that world? It was mostly very frustrating because I couldn't talk about this to anyone, like, including my own manager or my manager's manager or anyone in my reporting. You couldn't even talk to your manager about it? No. Like, I mean, I was spending a lot of time working on this and helping out with this, but I couldn't include it in my weekly reports of stuff that I worked on. So I had to somehow look productive without being able to mention all of it. You just make up product names. Yeah, pretty much. Super secret product X. Yeah. I just couldn't mention it. But like, yeah, it's a little unfortunate. V8 got caught in the middle of a storm there because, I mean, we're a compiler, right? We generate code dynamically. Kind of relevant. Things could go wrong there. Yeah. Out in the open now, at least. Out in the open. And we've been working on mitigations, I mean, for months now, even before it was made public. So, yeah, we have this wiki article that documents all these mitigations and how people can enable them. And whether you want to do so really depends on the kind of embedder you are. Yeah. So a lot of people forget it. So just to be clear, for most developers, these things are not relevant. Like, because the embedder is Chrome or Node. Exactly. Or like some, I guess, Electron or these things. Like, as a developer, that's not something to worry about, right? Yeah. The environments have to decide whether they basically run untrusted code, like on the web, where you visit a website and you run random JavaScript, right? It could be from anywhere. It could be code that is included from a third party through that website. You don't know what's going on there. That's not even that rare. I mean, that happens all the time, right? Yeah, that happens all the time. It's not rare at all. But that's completely different from the security model that Node.js has, for example, where the idea is that you're running code that you trust. Like, you run a web server that you wrote, and sure, I mean, you include some NPM modules that you installed, but the idea is that you don't trust these modules. Otherwise, you don't add them as dependencies. So Node, you generally run trusted code on the web. It's, you know, it's the Wild West. It's a free fall. So they're just completely different security models, and we have a flag now that allows you to switch between the two modes of safety business. Because there's some performance penalty if you use it. That's the reason. Yeah, I've seen some graphs about once we, some servers integrate the Spectre and meltdown mitigations pretty quickly, obviously, like servers. And then, yeah. Or down. However you want to look at it. Depends what the axis is, right? Yeah. Performance went down. Times went up. Yeah, pretty much. Yeah, it's a little sad, but like, ultimately, security of users is much more important than any kind of performance metric. I mean, you say that. Yeah. Yeah. Is it really? The answer is, yes it is. Yes. So, like, while we've got the two of you here, there's a proposal in JavaScript that we're very excited about. Oh, right. And one that we're also excited about, but it's been made into a, like, a kind of face-off, what do you say? In the left-hand corner. Yeah. Like double colon. I like pipeline. It's okay. It's okay, wow. Really selling it, too. I see what it solves. It seems very complicated, but I see what it solves. But, I want the ability to, another video about this, I want the ability to, like, import methods that will be called on a class. Like, so the idea, you'll get the tree-shaking thing all happening sort of for free, and it's the bind operator that lets us do that. And TC39 is saying it's one or the other. Why? Can we not do that? That's a dangerous idea. Go for it. Go for it. How many of you could start with, have you, do you know you're aware of both of these proposals, right? Yeah. As an implementer, do you have a preference? Like, is there anything where you think, this is stupid to implement? This is easier? Or do you think, this has more side effects on the other? Like, is there anything that... No, as far as implementation is concerned, I'm okay with both. They're both easy to implement. Okay. So, it really goes to, like... Very diplomatic. It really changes the ergonomics of the language, and it complicates it because we add more, like, syntax. Yeah. So there's, like, a syntax budget that we're, like, constantly aware of, and we don't want to exceed, and add more sigils to the language. Do we need to remove syntax to free up the budget? Do we need plus? Do we really need plus anymore? I'm done with the removal. Yeah, yeah, yeah. Some of my columns, people don't want them anyway. Oh, yeah. Yeah, that's fine. I'll give up semi-colons if I get a bind. Yeah. Okay. You can pretty much re-implement plus by using minus, so that's a big deal. See, minus, minus. There you go. There we go. Do we just need to get rid of one operator to get the bind operator? Is that okay? It's two characters, right? Two characters, so we get rid of semi-colons as well. Yeah, there we go. I'm done. All right. No, but seriously, is there a reason why things like bind aren't really being taken forward as much as like... Well, I guess our bottom line was like bind is a much less intrusive change because it's just, that's just the sugaring. It's just the sugars over the bind part. Yeah, yeah. While pipeline in its different forms that are in the proposal does some magic and also has even the, especially the smart version was like the question mark. Yeah, that's one problem with pipeline. You want positional arguments and you want to say, okay, I want to fill out this argument here as I pipe it through and that's where it becomes hairy. I thought we should take the poop emoji instead of the question mark and we'll make the coat much more enjoyable. That would be okay with that. Okay. All right. It's said from 14 nights and there's like, you know what, the team is annoying so it's a fortnight. Whoa. I think you might be right. Is this one of those words I've always used? You think it's like the night in the fort? You spent 14 nights in the fort? Yeah. Yeah. Sure. That's actually a more fun definition than just 14 nights. I think, yeah, that would be why. Well done.