I wish webassembly was already here. I honestly can't wait for more language choice for targeting the browser DOM.
I believe this will bring a revolution in client side apps on the browser. Ultimately fulfilling the goal Java aimed for, but never succeeded at reaching.
Somehow, I think we'll regret this. Running low-level programs in the browser hasn't gone well in the past.
We got rid of Flash. We got rid of Java applets. Now this. Especially since the use cases are weak. Even WebGL doesn't get used much. Yes, you can do (cool thing) in the browser. But that will be rare.
There were definitely major problems with Flash and Java. WebAssembly has learned from those, though:
* WebAssembly is an open standard, unlike Flash
* WebAssembly has multiple compatible open source implementations, unlike Flash (and Java, back in the day)
* WebAssembly is optimized for very fast startup, unlike Java
* WebAssembly is designed to integrate with JavaScript and the web in a proper way, unlike Flash and Java
* WebAssembly is designed to have the same security model as JavaScript and in fact to reuse existing hardened code as much as possible, minimizing the security risk.
Not that WebAssembly is perfect, nothing is, but it's aimed to fix the huge issues that previous related technologies had.
And the use cases are very important: things like games, photo editing, etc., all can benefit from high-speed execution of code on the web. WebAssembly is a response to developer requests.
The security issues with things like Flash and Java is that they increase the attack surface drastically. Furthermore, they come from different companies from the web browser, and often with their own updating mechanisms.
Even if your browser developers are professional and strict about security and update rollouts, the plugin developers of plugin X might be pretty lax and slow to roll out a fix when there is an exploit dropped. Even if you shame them into getting better, the problem can start over with plugin Y instead, and so on.
It's entirely possible that WebAssembly will also increase the attack surface, but I seriously doubt it will be at the same scope as the third party plugin providers. It will be developed by the same developers who developed the JavaScript engine of the browser.
[+] [-] bluejekyll|9 years ago|reply
I believe this will bring a revolution in client side apps on the browser. Ultimately fulfilling the goal Java aimed for, but never succeeded at reaching.
[+] [-] IshKebab|9 years ago|reply
https://github.com/WebAssembly/design/blob/master/GC.md
[+] [-] tambourine_man|9 years ago|reply
A VM + Canvas is the primary use case, from what I had gathered.
[+] [-] Animats|9 years ago|reply
Has the first WebAssembly exploit come out yet?
[+] [-] azakai|9 years ago|reply
* WebAssembly is an open standard, unlike Flash
* WebAssembly has multiple compatible open source implementations, unlike Flash (and Java, back in the day)
* WebAssembly is optimized for very fast startup, unlike Java
* WebAssembly is designed to integrate with JavaScript and the web in a proper way, unlike Flash and Java
* WebAssembly is designed to have the same security model as JavaScript and in fact to reuse existing hardened code as much as possible, minimizing the security risk.
Not that WebAssembly is perfect, nothing is, but it's aimed to fix the huge issues that previous related technologies had.
And the use cases are very important: things like games, photo editing, etc., all can benefit from high-speed execution of code on the web. WebAssembly is a response to developer requests.
[+] [-] Certhas|9 years ago|reply
Is there any security sense in which this is lower level than javascript (asm.js)?
[+] [-] Drakim|9 years ago|reply
Even if your browser developers are professional and strict about security and update rollouts, the plugin developers of plugin X might be pretty lax and slow to roll out a fix when there is an exploit dropped. Even if you shame them into getting better, the problem can start over with plugin Y instead, and so on.
It's entirely possible that WebAssembly will also increase the attack surface, but I seriously doubt it will be at the same scope as the third party plugin providers. It will be developed by the same developers who developed the JavaScript engine of the browser.
[+] [-] CyberDildonics|9 years ago|reply