😂 sorry

Yes, but offline is also a minor benefit of Zero. We're very focused on UI performance and programming simplicity. Read-only offline is a nice side benefit but it's not the core benefit.

It would be nice for people to not worry about this though so I think we will change to memory default and have client storage be opt-in with an explanation. Thanks!

If user B has access to computer and is malicious, user A is probably toast. I mean user B probably has all their passwords saved in Chrome. They are probably logged into gmail. Etc.

The proper security boundary is the OS account, not browser profile.

I agree there's a difference, but it's minor.

We should change the marketing to really lean into this since it seems to bother people so much. Most zero apps could be memory-only and you could barely notice the difference.

It's a minor optimization to store data client-side at all, and honestly we're considering flipping the default.

What makes Zero fast is the query-based sync *to memory*. Not the persistent client-side storage.

However if this bothers you you can just use memory storage on the client.

Client-side storage is not the killer feature of Zero. We only cache 5-10MB on the client, and Zero is designed to start instantly cold anyway.

Sharing computers is *always* insecure. If you login to your bank on a computer that people you don't trust have access to you already have a very big problem. Zero doesn't introduce anything new.

Projections are coming to ZQL soon and could be used to elegantly implement column permissions. Right now users just workaround by factoring user-private data into a related table and using row permissions. It's ugly but works.

Absurdly Fast Apps with Zero YouTube video by Scott Tolinski

Come for the fast UI, stay for the spontaneous dance party at 0:05:

www.youtube.com/watch?v=aV6a...

This is a great question. Real-world permissions was a core motivation for Zero.

The short answer is Zero security works just like traditional web app security. Reads flow through your server, and your server controls the queries that sync.

See zero.rocicorp.dev/docs/auth#pe...

No data ever reaches the client that user isn't authorized to access.

This is a great question. Real-world permissions was a core motivation for Zero.

The short answer is Zero security works just like traditional web app security. Reads flow through your server, and your server controls the queries that sync.

See zero.rocicorp.dev/docs/auth#pe...

Zero Instant Queries By Default

Concurrent with this release we have also begun offering an SLA to the Pro and Managed levels of our hosted service. See zero.rocicorp.dev#pricing for information.

Zero Instant Queries By Default

Concurrent with this release we have also begun offering an SLA to the Pro and Managed levels of our hosted service. See zero.rocicorp.dev#pricing for information.

When To Use Zero And When Not To – A Quick Guide

This does not mean that Zero is perfect or done. There is still so much to do. What it does mean is that we fully support Zero for appropriate workloads without caveat.

See zero.rocicorp.dev/docs/when-to... for guidance on applications that are a good match for Zero.

Zero 1.0 First Stable Release

Zero to 1.0

After two years of work, 50+ releases, thousands of commits, and hundreds of bugfixes, we are officially declaring Zero stable and ready for production workloads.

zero.rocicorp.dev/docs/release...

We are exceptionally proud of the work in 0.25. Totally reworked DX that feels so nice, and a real query planner – bringing the original "just do queries" vision of Zero to life.

Samples

Sorry for the slow response! Need to check this site more often. SvelteKit is in the queue. We do use BetterAuth for ztunes so check that out: zero.rocicorp.dev/docs/samples...

Play All Over The Ukulele Neck With Just Four Shapes YouTube video by Phil Doleman

Find something you love the way this guy loves chord shapes:

www.youtube.com/watch?v=wa6t...

Come see four different perspectives on sync duke it out live on stage.

Oh sorry, only realized you were the materializedview Chris. You probably know about all of these.

TanStack DB offers IVM for a client-side data thing (there is also a corresponding JS library implementing differential dataflow which can be used alone).

Live Data Layer for Apps & AI Agents | Materialize Materialize is the live data layer that powers real-time experiences for applications and AI agents. Use standard SQL to create always-up-to-date views into any aspect of your business—without complex infrastructure.

I think you need to say more about what you're trying to solve? Materialize.com offers IVM shaped like a Postgres DB, more targeted a yuge data type problems. My product, @zero.rocicorp.dev offers IVM as a component of a complete sync engine.

IVM as in "incremental view maintenance" ? Or something else?

The advantages you brought are very real. It was a special and lucky moment in history. I am very thankful to have been part of it.

This was gnarly, grotty work. But it made a huge difference - if you're old you may remember the stability difference from Windows 3.1 to Window 95. This is the difference between cooperative and pre-emptive multitasking. And it's the same difference that Chrome brought to the web.

Chrome's innovations were almost all subsurface, but they added up to making the web a more reliable place to work.

In order to make WebKit multiprocess and sandboxed was basically a massive refactor – all shared state like networking and cookies had to be pulled out into a supervisor process.

Previous browsers were single-process. Firefox and safari had tabs but those tabs all shared an OS process. This meant:

- slow / hung tab affects all tabs
- crashed tab crashes whole browser
- exploit in one tab has access to all tabs

Multiprocess