[LAMike]

An open sourced Electron/Desktop app for editing videos sourced from Youtube might be successful, but everything runs in the browser and it's more universal. With WASM, things get more interesting because the capabilities will get closer to "native" apps over the next 3-5 years

[neoberg]

Not really. WASM doesn't add any extra capabilities in the browser or Electron environments.

[LAMike]

Figma wouldn't be a 20B buyout without WASM, you're coping hard right now

[neoberg]

What am I coping hard for really? I am all for using WASM where it makes sense. This still doesn't change the reality that all of that is possible with JavaScript. It's also still 100% true that WASM adds 0 extra capabilites.

And Figma could be a 20B buyout without WASM. I don't see any relevancy about valuation and a specific tech choice. Figma's editor is a very good use case for WASM -especially since they have the right people in the team- but there are other ways to achieve the same thing (even just by using JS).

[encryptluks2]

I'm not excited about WASM. It seems like we've come full circle. We already have frameworks to isolate apps, we don't need the browser to do it nor do we want our privacy and security completely obfuscated from the source.

[maven29]

Wouldn't that imply that first-party appstores must remain the only app delivery mechanism?

I don't think the economics of write-once-run-anywhere are going to change anytime soon. so WASM is a welcome shift closer to the metal, I'd say.

[encryptluks2]

No, it would imply that authors that want to create cross-platform apps would learn how to actually create cross-platform apps or create PWAs which are already cross-platform.

[maven29]

PWAs are a real tragedy of the commons with no platform owner willing to extend first-class UX flows due to competing interests as well as adverserial risks from bad-faith actors.

From a security/privacy perspective electron-esque apps are no different from native apps, and divorced from the browser UX, PWAs only inherit the trust they cultivated while running in the browser. They are just webapps with some quality-of-life sprinkled on top, after all.

[encryptluks2]

Electron apps are often pulling in hundreds of unvetted npm packages and then given direct read/write access to the entire file system. I'm okay with browser security overall for PWAs as I don't want websites to be able to break out of the sandbox and I want permission prompts when they want access to perform specific actions, but I can still inspect the code more freely to see what is happening behind the scenes and say no I don't trust this developer to have read/write access.

With WASM, it is like machine code for the browser meant to obscure what is even happening and you are supposed to just trust it and I don't. I don't trust it to not be abused to push more privacy violations and I don't trust most web developers enough to not just pull in a huge framework with no clue what they are doing and to make accessible fast sites using it.

[maven29]

Wouldn't dependency hijacking only be an issue during build/packaging, rather than installation when everything is frozen? All you're going to see as an end-user is a prebuilt binary that doesn't even know what NPM is. Again, this is no different from native apps.

Native apps are objectively worse than WASM in terms of security/privacy risks as they have access to all userspace syscalls. It's not like WASM bytecode can link against system libraries. Everything has to go through the browser/runtime sandbox. The only real risk here is side-channel attacks like Meltdown.

[perryizgr8]

> Wouldn't that imply that first-party appstores must remain the only app delivery mechanism?

No, not at all. It means users can run whatever software they want on their machine.