Wow: wasmtime

70 views
Skip to first unread message

Edward K. Ream

unread,
Sep 3, 2020, 7:59:08 AM9/3/20
to leo-editor
As part of my "what's next for Leo" project, I decided to check in on what's new with webassembly. Here is my google trail:


non-web Embeddings (because Leo doesn't run on the web): https://webassembly.org/docs/non-web/

WebAssembly High-level goals: https://webassembly.org/roadmap/ From the table I found...



I had heard of neither wasmer nor wasmtime before.

The last link is the jackpot. Please take a look at Lin Clark's video. The video doesn't waste your time. Instead, it pulls you along and invites you to study more deeply. There is a ton of stuff I don't know here. Following all the breadcrumbs might be a good way to become an experienced web developer. I'll be studying her blog posts next.

Edward

Thomas Passin

unread,
Sep 3, 2020, 8:41:03 AM9/3/20
to leo-editor
I am so opposed to webassemblies that I don't want to work on them.  Web assemblies if widespread will encourage the trend towards breaking the web by making URLs meaningless, and will promote more closed silos and data hiding.  I do see that they could be very good in non-web use, but that's not enough for me to want to help it all happen.

Edward K. Ream

unread,
Sep 3, 2020, 11:00:48 AM9/3/20
to leo-editor
On Thu, Sep 3, 2020 at 7:41 AM Thomas Passin <tbp1...@gmail.com> wrote:
I am so opposed to webassemblies that I don't want to work on them.  Web assemblies if widespread will encourage the trend towards breaking the web by making URLs meaningless, and will promote more closed silos and data hiding.

I haven't heard anything about this. Could you provide some links?

Edward

lun...@gmail.com

unread,
Sep 3, 2020, 11:20:12 AM9/3/20
to leo-editor
You're giving technology and standards too much credit. Corporations are going to create closed systems and implement data hiding no matter the tools they have at hand and they're going to continue to do it mercilessly unless socially/culturally disincentivized to do so. Web assemblies will not meaningfully alter their plans or the outcome of those plans. 

Thomas Passin

unread,
Sep 3, 2020, 11:23:05 AM9/3/20
to leo-editor
I forgot to include the potential for malware.  Some links:


Otherwise, I have read about how WA will break the web, but I can't find them again so far.  WA is being presented as a way to get better/faster/etc programming languages into the browser.  But actually it will be more like Flash - it's taken years to flush Flash out of the system, and now we're going to get a more advanced rendition.

I suppose it's inevitable, but I don't have to like it.

Thomas Passin

unread,
Sep 3, 2020, 11:24:38 AM9/3/20
to leo-editor
Yes, that's so, and I understand that web assemblies are basically a Google effort to do that.

Edward K. Ream

unread,
Sep 3, 2020, 11:41:14 AM9/3/20
to leo-editor
On Thu, Sep 3, 2020 at 10:23 AM Thomas Passin <tbp1...@gmail.com> wrote:
Thanks for the links. I'm not qualified to comment on computer security.

Edward

vitalije

unread,
Sep 3, 2020, 12:00:38 PM9/3/20
to leo-editor
I forgot to include the potential for malware.  Some links:
 
According to the research mentioned in your third link that claims half of the web sites using wasm use it maliciously, the malicious usage consist in obfuscating and mining.

According to the first link, from the figure 4 it is clear that malicious site will use users CPU to mine cryptocurrency even if the web browser doesn't support wasm. So it is not only wasm's fault.




By definition wasm code can't do anything that ordinary javascript in the browser can't do. If obfuscation is malicious then I don't know any serious web site today that isn't malicious, because every web page uses minimized and very often obfuscated javascript. So, as far as I am concerned, obfuscation is not malicious per se.

Concerning user tracking, all major social networks use it all the time, regardless of wasm. We are writing on the google forum and google use our posts to dig some data from them. Who knows how many of us on this forum have gmail accounts, github accounts,... all these platforms collect data about us and about the way we use internet. They have done this long before wasm technology. Therefore I don't see any special threat in using and spreading wasm technology.

Comparison with the Flash technology is a bit stretched (IMHO). Flash was used to overcome some deficiencies in browsers, their incompatibilities and yes flash had some potential for writing malicious software. But wasm is much safer and it relies on the browser safety mechanisms, it doesn't have to be enabled or installed by the user. It is an integral part of newer web browsers, no less than the javascript is.

Vitalije

Edward K. Ream

unread,
Sep 3, 2020, 2:59:46 PM9/3/20
to leo-editor
On Thursday, September 3, 2020 at 11:00:38 AM UTC-5, vitalije wrote:

> By definition wasm code can't do anything that ordinary javascript in the browser can't do...

> Concerning user tracking, all major social networks use it all the time, regardless of wasm...

> Comparison with the Flash technology is a bit stretched (IMHO).

Thanks for these comments. As I said earlier, I am not qualified to comment in detail about security issues. However, I find it hard to believe that wasm code is part of some nefarious plot :-)

Edward

Edward K. Ream

unread,
Sep 4, 2020, 6:46:53 AM9/4/20
to leo-editor
On Thursday, September 3, 2020 at 6:59:08 AM UTC-5, Edward K. Ream wrote:
As part of my "what's next for Leo" project, I decided to check in on what's new with webassembly.

Lin Clark's blog contains this announcement about the Bytecode Alliance. This indicates to me that the devs behind webasm aren't wearing black hats. Lin's announcement is an excellent intro to security issues, and an interesting proposal to fix security holes at their source.

Edward

Edward K. Ream

unread,
Sep 4, 2020, 6:52:44 AM9/4/20
to leo-editor
On Friday, September 4, 2020 at 5:46:53 AM UTC-5, Edward K. Ream wrote:


The meat of the proposal is way down on the announcement page. There should be a link to the heading, but there isn't. Just search for "Tomorrow’s solution: WebAssembly “nanoprocesses”".

It seems clear that we need fundamental new security tools. Perhaps wasm nanoprocesses are those tools.

Edward

Edward K. Ream

unread,
Sep 4, 2020, 7:01:35 AM9/4/20
to leo-editor
On Thursday, September 3, 2020 at 6:59:08 AM UTC-5, Edward K. Ream wrote:


Please take a look at Lin Clark's video.[In the link above]

Or you can read this page, which includes the video, but also includes clear descriptions and cartoons for which Lin is well known.

Edward
Reply all
Reply to author
Forward
0 new messages