| HN Mirror

brian_herman 1440 days ago

What we should be comparing it is to activeX and flash will it have the security that those two technologies didn't?

simonw 1440 days ago

Yes, because it's learned from their experience. WASM has been designed with security in mind from the very start, and implemented by experienced browser teams with a very deep understanding of the security risks of doing so.

https://www.youtube.com/watch?v=glL__xjviro

"Usenix Security '20-Everything Old Is New Again: Binary Security of WebAssembly"

"The Security Risk of Lacking Compiler Protection in WebAssembly"

https://arxiv.org/abs/2111.01421

Georgelemental 1440 days ago

WASM uses the browser sandbox, from what I understand it re-uses the same facilities that browsers use for JIT

ridiculous_fish 1440 days ago

WASM's sandboxing as implemented in practice is different from JITs. It works by allocating a 4GB region of virtual memory and treating the base address as NULL. Pointers in WASM are 32 bit so they are unable to point outside the region.

The big win is the runtime doesn't need to check pointers for validity. However there are some downsides relative to native code:

1. Can't address more than 4GB of memory

2. Can't be efficiently implemented on 32 bit systems

3. Can't share memory between WASM modules

4. NULL dereferences don't trap (I think)

I would not be surprised if future CPUs had hardware support for this stuff, e.g. load/stores with a mask to confine the pointers.

int_19h 1440 days ago

The other way it ensures isolation is by separating code and data. All executable code lives in a separate address space that is not accessible from within wasm. Call stack is also a separate area, making it impossible to muck around or even look at the return pointer. Function pointers are opaque - they can live in global or local variables and in table entries (which are also completely separate from memory), but not in memory; when one needs such a pointer as part of the data structure (e.g. vtables), an index into a table is used instead.

jb1991 1440 days ago

Neat. I thought Web pages were limited to 2 GB memory. I guess tines have changed.

Just like Solaris SPARC has been doing like for 10 years.

One of the things that killed Flash was not being supported on iOS while Wasm runs fine (and actually pretty well!) on iOS which is pretty good for reach.

pmontra 1440 days ago

On the other side, not being able to run on iOS didn't kill any server side language (think Java.) And Java client side (Android) is very different from Java server side, down to the sets of developers.

Currently WASM is both a client side and server side runtime. It's not clear where it will be in 5 or 10 years. I don't see a compelling server side story. Why WASM and not C#, Java, Node, Python, Rails (I intentionally don't write Ruby) or whatever any of us is using now with its standard runtime?

dragonwriter 1440 days ago

> Why WASM and not C#, Java, Node, Python, Rails (I intentionally don't write Ruby) or whatever any of us is using now with its standard runtime?

I don't understand why you use a framework instead of a language there, but it seems to be in the same category of mistake as asking “why <compilation target> and not <thing that can be compiled to that target>”. They aren't mutually exclusive alternatives.

no_wizard 1440 days ago

In a phase: code sharing.

Say you are a C# developer and there is a C / C++ / Rust thing you want to use as a dependency.

Well, WASM is your interop layer. Same with Node.js, Deno, Go etc. You can start to share alot more code with a solid interop layer that WASM presents.

Just like CLR has been doing for 20 years.

IBM and Unisys almost since the 1960's, depending on which model we are talking about.

int_19h 1440 days ago

wasm does not have a solid interop layer, especially compared to past attempts such as CLR. What you get at the moment is more or less the C FFI, but more awkward to use because of the sandbox.

Personally I'm not super familiar with its benefits if any on the server and would actually not use it on the server myself and just build binaries directly, probably using Go. But I've seen some references to Wasm on the serverside for something similar to containerization or loading plugins. It does seem less obvious to me than the client side.

What makes you say Wasm is a server side runtime / imply that it's meant to be one?

0x20cowboy 1440 days ago

With go as an example, you know the saying “cgo isn’t go”? Well, you could use C, C++, Rust or anything else that compiles to wasm from any other language.

There have been a few people who say if wasm (WASI on the server) existed already, Docker wouldn’t need to exist. Docker runs a whole OS just to run your binary - imagine the benefits of Docker but just running your binary.

It’s all early days so I am slightly waving my hands, but a lot of this works now. Check out _wasmtime_.

nikki93 1439 days ago

For the client I use a simple go -> c++ compiler I wrote and compile to wasm from that actually, on my side projects. It had zero overhead interfacing to / calls to C/C++ (including generics<->templates) since it's just generating that. Example web game made with that: https://github.com/nikki93/raylib-5k

I think I've seen wasmtime before. If I needed to interface to any C/C++ things on the server I would probably just write in C/C++ (or Gx) yeah.

Groxx 1440 days ago

iOS was the final nail in the coffin, but Flash had been having years of an endless flood of severe security problems. It was having major problems hanging on prior to Apple playing their hand.

Losing Flash's excellent authoring tools is still a hard blow though.

So basically CLR, not to mention the 60 and 70's bytecode environments.

[1] https://en.wikipedia.org/wiki/Watt_steam_engine

adwn 1440 days ago

That's like saying that the Watt steam engine [1] was basically Newcomen's atmospheric engine [2], not to mention the Aeolipile [3] from ancient Greece.

Yeah, if you squint hard enough, everything new is just the reinvention of the wheel [4]. And yet – sometimes small, incremental improvements are what it takes to push a concept (steam powered machines, or bytecode for execution in the browser) from niche applications to being a breakthrough technology. I don't know if WebAssembly will be that incremental improvement, but claiming that it won't because Java tried and failed is a lazy, fallacious argument.

[2] https://en.wikipedia.org/wiki/Newcomen_atmospheric_engine

[3] https://en.wikipedia.org/wiki/Aeolipile

[4] Speaking of reinventing the wheel: Those radial tires, eh, who needs them? They're basically just like cross ply tires. Not to mention the spoked wooden wheels that have been around since forever.

So far looks like it, created from resistance against PNaCL, and now clamming new ideas that are actually quite old.

I think you missed the part about it running in the browser? But yes, some previous technologies are similar to some new technologies, that's not really an insight at this point. Especially not about bytecode interpreters which seems like a standard practice.

worik 1440 days ago

> I think you missed the part about it running in the browser?

The article expressly stated that was not the exciting part, for them.

This is another iteration of the same old byte code blah blah, and each iteration has gotten better, and this is the best yet. Maybe.

.NET did run in the browser from day 1, even if only on IE.

debugnik 1440 days ago

> I think you missed the part about it running in the browser?

.NET Core started as the Silverlight runtime, didn't it?

The extent of Wasm's availability on browsers is quite big right now. Both iOS and Android and all major desktop browsers. That sort of reach is what I meant by the term "the browser" used generically. Different from being an extension to one or a few browsers or something like that.

idontpost 1440 days ago

Silverlight was never a native part of the browser.

coldtea 1440 days ago

Yes, in the sense that everything that shares some history or idea is the same thing.

Like C and O are both chemical elements, so basically interchangeable, or like horse carriages and oil tankers are both methods of transporting things.