Email or username:

Password:

Forgot your password?
Top-level
Simon Willison

@anildash I don't think enough people have realized how incredibly valuable the robust universal sandboxing provided by WASM is going to be

I genuinely don't want to run code written by other people that's NOT in a sandbox at this point: even if I trust them, do I also trust them not to have written any bugs?

WASM to me represents the freedom to run code on my machines again!

27 comments
Anil Dash

@simon and the other extraordinary thing is it enables the consistency and reliability of environments that’s one of the biggest advantages of the native mobile platforms (or even gaming consoles) without the negatives of the App Store model. There’s just so much potential there.

Simon Willison

@anildash absolutely, it really does deliver on Write Once Run Anywhere

🇺🇦 Maksim Lin 💙

@simon @anildash But we already have that with the current Web+JS. What's missing is actually access to all the APIs that only "native" apps via app stores are allowed to use and Apples recalcitrant bevahiour with Safari on iOS is just helping maintain their walled garden.

stephen judkins

@anildash @simon it's one of those things that's not completely original, given that sandboxing and portable bytecode have existed in various guises for me years, so that people are going to bash it as hype-driven or valueless. But it's the combination of features, standardization, and broad adoption that's going to be its selling point

Anil Dash

@stephenjudkins @simon yeah, all of this stuff is the kind of wonderful tech that sort of slowly gestates for a half decade or so, being dismissed as too early, or too familiar, or not “enterprise” enough or whatever. And then suddenly it’s everywhere.

Earthperson Ryan :lvtbq2:‌

@stephenjudkins @anildash @simon I started using WASM for something at work recently and it's freaking wild. I am so ready

Mike Garuccio

@stephenjudkins @anildash @simon this was the refrain about docker too, particularly from the BSD community. But it nailed those three aspects and so adoption skyrocketed whether the haters thought it worthwhile or not. I’m really just becoming aware of wasm, particularly outside the browser, but it certainly feels like it’s got the same energy/momentum.

stephen judkins

@mgaruccio @anildash @simon yes. It was the standard that made it important, not the constituent technologies, which had been in Linux for quite awhile. I'm actually pretty annoyed that docker/OCI was the standard that took off, I think it could have been done a lot differently and better

Mike Garuccio

@stephenjudkins @anildash @simon yea it’s frankly a little weird that underneath all the declarative and immutable tooling that got built on top we have this imperative image build process that gets captured in a tarball with networking and storage defined at runtime.

But, that also made it easy to start using, and flexible for many use-cases. Which really drove the adoption piece of the puzzle (and nature of FOSS meant features followed that adoption)

Nicholas Weaver

@simon @anildash

I must admit I don't quite understand what WASM sandbox does right but JVM did not. It wasn't JUST the Java API was too insanely large, but there were plenty of JVM exploits as well. Is there a guide someplace why WASM hasn't repeated the fate of the JVM?

Simon Willison

@ncweaver @anildash I don't have a great solid answer for that, but the impression I've got is that WASM was helped by twenty years of lessons from the JVM and from browser development in general

Browser developers are really, really good at understanding the challenges involved in executing code from untrusted sources!

Nicholas Weaver

@simon @anildash

I think that may be it. The JavaScript JITs are insane, and that they aren't subject to more OMG breakages, and the browsers these days split the rendering engine per origin into a separate process (with all the process isolation on top), the browser folks have a lot of experience.

Also, I think WASM started much smaller, and the only outside world is through the JavaScript framework rather than direct probably helps too.

Anil Dash

@simon @ncweaver yeah i think the fundamental win is that it started much narrower, and the tooling and stack are more defined, instead of being a sort of under-defined mess. It’s much more opinionated by convention (if not necessarily by implementation) and that makes it a lot more accessible.

Simon Willison

@ncweaver @anildash I find it very reassuring that the browser security engineering teams at Google, Apple, Mozilla and Microsoft all felt WebAssembly was a solid enough spec that they were willing to ship it - and quite a few years ago at this point

Clark W Griswold until 25-Dec

One weakness in Java was JNI because at some point you have to get data in/out of real devices. If my webcam is some janky Costco $6 special, with a buggy, vulnerable terrible driver, does WASM protect me from malicious web pages that want to tickle my vulnerable webcam driver? Or is it just orthogonal? I.e. not WASM’s circus, so not WASM’s monkeys?

@anildash @simon @ncweaver

Nicholas Weaver

@paco @anildash @simon

I think they handle that by basically EVERY bit of I/O has to go through the JavaScript, so it isn't adding to that problem space.

Simon Willison

@paco @anildash @ncweaver WASM can only access your webcam via the existing browser APIs for webcam access, through a JavaScript bridge - so it's no less safe than if you were running regular JavaScript that could access the webcam

Fabrice Desré

@simon @ncweaver @anildash

I've been playing with safe WASM plugins for resource edition in @capyloon and one super-power is that the "host" code can check which functions are imported by plugins. That makes it possible to enforce eg. privacy policies or permission models.

Bayan Rafeh

@ncweaver @simon @anildash WASM is much closer to low level assembly than JVM bytecode, not to mention the outside world APIs are locked by default and secure.

The JVM is a fantastic piece of technology, just not good for cases where you need sandboxing.

aeva

@simon @anildash is it possible to write graphical applications targeting wasm to be ran outside of a browser?

aeva

@simon @anildash ok I looked it up, it's all cloud stuff I guess

Pär Björklund

@aeva @simon @anildash I'm thinking wasm will be a common plug-in format for all sorts of tools and possibly some game engines as well. It's not very exciting tech on its own.

aeva

@Paxxi @simon @anildash jit compiling caveats aside, I'm not sure I see the appeal of embedding wasm vs a full featured embedded language.

Jodie Cunningham

@simon @anildash

It's definitely going to take a minute to be realized, but it affords a wealth of capabilities.

choffee

@simon @anildash which is all well and good until it ask for permission to access your location, camera and wallet to work. So now you are allowing random websites access to your device with no barrier or checks. One advantage of app stores or distributions is that there can be some management of the bad apps. Now your device can run software from anywhere you are relying on the discretion of a user as the only security check.

Konrad Hinsen

@simon @anildash Is there a good high-level discussion somewhere that compares the security models of WASM, JAVA, .NET, and Linux containers (plus perhaps others)? Addressing questions such as granularity (per file/directory/other, IP by IP address/domain/other), roles (user, administrator, developer, ...), complexity (yes/no settings, conditions, Turing-complete configuration language), etc.

Go Up