Hacker News new | ask | show | jobs
by shmolyneaux 2411 days ago
Thanks for the reference.

Just so it's clear, the definition of "malware" used here is in-browser crypto mining and obfuscation. Only 1 in 600 of the top 1 million sites use WebAssembly. WebAssembly doesn't actually provide a new vector for malware.
1 comments
mantap 2411 days ago
WebAssembly is still very immature. It unsurprising that it has such a low adoption right now.

I think the real problem with webassembly would be if it becomes too popular and starts to become a JS competitor rather than a complement to JS.

link
pjmlp 2411 days ago
WebAssembly is the revenge of Flash/Java/ActiveX, but this time everything will turn out perfect, as per WebAssembly advocacy.
link
mantap 2411 days ago
Honestly, given the lack of tooling they have now, it is pretty much perfect from a user's perspective. You are only going to use WASM if you absolutely need the performance. It's just too painful otherwise.
link
pjmlp 2411 days ago
Well, better take care which sites you visit.

https://www.infoq.com/news/2019/10/WebAssembly-wasm-maliciou...

link
BubRoss 2409 days ago
Your link basically says that less than 0.01 _percent_ of the top one million websites have webasm cryptocurrency mining. There is no mention of any security flaws. A webasm miner would just eat up a single core while the page is open.

This doesn't seem like much of a red flag to me. If one out of every ten thousand unique sites I visit uses one hypercore while it is opened that isn't going to keep anyone up at night.

On the other hand full video editors, image editors, CAD, 3D content creation programs, silky smooth 3D games, custom video codecs and more have already been made possible due to webasm. Not bad huh?

link
pjmlp 2409 days ago
Not bad at all, for something that has been possible in Java, Flash, ActiveX, PNaCL before.

Thanks to service workers, the miner won't go away when you close the browser, as by default settings (which normal users don't even know they exist) service workers run on their own processes.

link
DonHopkins 2411 days ago
Hey don't forget Shockwave. That was the thing that totally took over the web that everybody hated before Flash.
link