Microsoft joins Bytecode Alliance to advance WebAssembly – aka the thing that lets you run compiled C/C++/Rust code in browsers

Re: Once upon a time...

And that final sentence is all that matters.

It is in the interests of the big data harvesting culprits to push as much as possible to the client so that they can suck in even more data.

Re: Once upon a time...

Agreed.

I would add that it also makes the browser ridiculously complex meaning that new contenders will be few and far between.

It would be a duanting task just implementing HTML 5 from scratch, let alone keeping on playing catchup with all the new daily non-features..

The idea that in the future the only choice will be Google's Chrome engine or (if we are lucky), Mozilla Firefox, makes me shudder a little.

Re: Once upon a time...

WebAssembly runs on the server also, it about a secure environment where you want it.

Re: Once upon a time...

> it results in exclusion of those who don't keep their browser "up to date" with the latest execution capabilities.

Indeed, yesterday there was a submission to HackerNews about some scandal in the Scala community. Every browser I used on my admittedly old iPad to view the medium.com article would show the text for a few seconds before rendering a completely white screen.

As someone who really wants nanoprocess isolation for my dependencies and WebAssembly as an easy way to write a plugin/modding API, I have to throw a little cold water on that.

"WebAssembly doesn’t make unsafe languages safe (yet)"

https://00f.net/2018/11/25/webassembly-doesnt-make-unsafe-languages-safe/

"Everything Old is New Again: Binary Security of WebAssembly"

https://www.usenix.org/system/files/sec20-lehmann.pdf

TL;DR: WASM hasn't yet spec'd the stuff needed to port various standard intra-process protections, including things like making an attempt to dereference 0x0 an access violation to catch various common null pointer bugs, and, setting guard pages so wandering from one allocation to another within the same application has a chance of getting caught.

Thankfully, WebAssembly was intentionally released as a minimum viable product and a work in progress, so it doesn't have to stay that way.

Because unfortunately a video decoder in pure Javascript would be much worse.

Obviously the solution of not having a video decoder in the browser is not an option to "modern" websites apparently. ;)

Not ffmpeg, but we (when I worked at Movi - movi.ai) evaluated porting our video player to the web for browser support. Without access to any decoder hardware through the browser we would basically have needed to write our own software decoder.

While it's not an impossible task, and I had some cool ideas to improve performance and greatly reduce memory requirements ultimately it never happened while I was there.

Not just why

WHY GOD! WHY!

Re: If you liked JavaScript code from anywhere in the world running on your browser...

To be fair, the whole setup of C compiler -> Q3VM bytecode worked very well with Quake III Arena. So why can't it work with a web browser and important things like online banking...

;)

You are probably thinking of C.

C++ has checked memory access (i.e in std::vector<T>::at(idx)). The problem is some C++ developers don't seem to know about it.

But either way, your idea of the issue is potentially misguided. The C++ when compiled to WebAssembly can't access any more than the underlying WebAssembly VM allows it. I.e this would be exactly the same as JavaScript implemented into WebAssembly.

However your overall concern is not misguided. There is zero chance the WebAssembly VM will be implemented bug free!!! (probably because those developers don't know about at(idx) in std::vector haha.

Re: And so the cycle turns ...

I've just invented Cobolnetes, runs Cobol source code via an interpreter in a sandbox. The only security problem is when the cat needs to use the sandbox at the same time, you get resource sharing conflicts. Data can escape via LCOTB accesses (Letting Cat Out The Bag).

Re: And so the cycle turns ...

I feel as though I could have written this comment myself.

Re: And so the cycle turns ...

One big problem with Java Applets is that Java started from more Desktop-y APIs and then locked things down.

WebAssembly is descended from Mozilla's asm.js and Google's Native Client and follows the JavaScript approach of aiming to approach "make evil commands unrepresentable" at the API level, and it does two things to avoid the applet outcome:

1. Like JavaScript (and thus, like asm.js), all its APIs are based on permission tokens passed in by the sandbox host. (eg. The WASI API for writing command-line applications doesn't let you ask to open "/etc/passwd" because WASI only provides a system call to open paths that are children of an FD the sandbox host passed in (basically, a secured wrapper around openat(2)), so, like with JavaScript in the browser, even the non-browser uses of WebAssembly need something that allows you to achieve arbitrary code execution in the sandbox host to break out.)

2. Like the Native Client loader's machine code checker, the WebAssembly loader restricts what machine instructions can be generated, requiring a vulnerability to be found in the loader to craft fully arbitrary input to the sandbox host APIs.

If you want to poke at WASI, the Wasmer runtime includes an NPM-like package system named WAPM and an npx analogue called wax and the default behaviour when running a command is to balance convenience and security by granting access to $PWD and nothing else and to use SSH-like "pin the first signature we see" behaviour if a package is signed.

Re: I can't in any way see why this is a good idea

WebAssembly has a canonical text form that you can losslessly transform back and forth from and the browser vendors have plans to incorporate support for it in the developer tools so you can get an experience comparable to running arbitrary minified JavaScript through a code beautifier.

It's a LISPy S-expression grammar and, in my experience, it's about as easy to read as de-minified JavaScript. Take a look at the examples on the WebAssembly Wikipedia page.

(You have to remember that WebAssembly has to be high-enough level that the final compilation to cached machine code by the browser can produce fast code, regardless of whether it's x86, ARM, MIPS, PPC, etc. that you're targeting.)

Re: The first web assembly library is out!

Sure, sure ... but can it tinker with your filesystems or insert keystrokes via the keyboard driver? Sounds like there's still work to be done before it can claim to be the perfect malware vector.

Re: Oh f❄︎❄︎k, they're reinventing ActiveX!

"This is a bad idea." "Yeah, let's do it differently!" (later) "This is a bad idea." "Yeah, let's do it differently!"

Etc.

Re: The Internet is dead

FrogFind FTW. Not just for retro computers, it strips out all the nonsense.

Re: The Internet is dead

There are others out there then; I feel less alone. Mind you my CGI is written in C++ so that I can reuse my back office codebase so perhaps I am still more alone than I might think.

Re: Essentially webassembly *is* Javascript

Anything that replaces JavaScript is welcome.

Re: Fastly

They named it before they realized how useful it could be outside the browser and then they didn't change the name.

Re: Memory-efficient isolated sandboxes

This isn't exactly traditional isolation though.

It's more like a bytecode-level version of how embedded Lua or JavaScript runtimes keep you from calling privileged APIs.

Uncaught ReferenceError: system is not defined

Each dependency is given a restricted lexicon of APIs to call and the bytecode and loader are designed to use that trick Google Native Client pioneered to prevent calls outside the defined set from being synthesized at runtime.

(ie. The loader refuses anything it can't prove to be a "valid instruction" and the set of valid instructions only contains calls that manipulate memory in provably safe ways and interact with the outside world through handles passed in by the host application.)

For example, WASI (the interface for writing command-line applications) doesn't have APIs for opening arbitrary paths... just secure openat(2) analogues for opening paths that are children of the FDs passed in by the sandbox host.

Re: Haskell Support

While we're at it, please also include Brainfuck.