[pyrolistical]

its all about security. the operating systems weren't designed for security. they were created pre-internet where you compiled all the code you ran on your operating system. its an unfixable architecture due to the nature of the API.

this is why the browser is winning. Javascript doesn't have access to your operating system. we finally have a way to allow arbitrary code run safely.

we then extended this to webassembly. this is how we're going to fix everything. the operating system is going to melt away and webassembly runtimes will rise. the end game is when webassembly runtimes run natively on hardware, and control is finally returned back to the end user.

[cobertos]

Won't it be the opposite, control will fall further from the end user? All code is served from some remote endpoint, which you're unable to load if your device doesn't attest (like Android safety net) or some other arbitrary reason. That plus browsers are already too complex to replicate.

Unless you mean that we'll have webassembly packaged in nice little .exes or .apks or some other app bundle so we can at least download them?

[skybrian]

I don't know what they meant, but in principle, I don't see why WebAssembly apps can't be downloaded, since browsers do it? (Ideally they should be signed, but using a more distributed scheme, like DNS.)

Due to phishing, it seems like most people do need security software, but not necessarily provided by the OS vendor. It could be from a plugin.

The biggest issues are lack of resources and lack of standardization. What organizations have the people to do all these things, besides the OS vendors?

[orange8]

This is a problem that has already been solved. Look into PWA

[encryptluks2]

By control, you mean browsers that consistently enable functionality to take away privacy. The same permissions you're referring to can already be managed using FlatPak, Snaps, etc