Web Assembly has reached the browser preview milestone. This

Doesn't this mean that browsers can run arbitrary compiled code on your web browser? Isn't that a huge security risk?

>>59184189
delet this

I can't wait to write super easy exploits and get in people's devices, nice

>ActiveX
sage

>>59184189
>>59184171
kek samefag fail

File: 1425098196118.jpg (45KB, 389x504px) Image search: [Google]

45KB, 389x504px

>>59184189
I'm also concerned about this
Isn't assembly harder for third parties to audit for security?

File: th_browser.jpg (92KB, 640x640px) Image search: [Google]

92KB, 640x640px

>>59184189
It's not actual assembly.
It seems it is actual bytecode, though, which means they will have to run some verifications on it.
Hopefully that doesn't kill loading times in the end...

>>59184189
it is.

Besides this, webassembly only replaces JS with something more aggressive. This means, it is shit anyways.

>>59184519
>Besides this, webassembly only replaces JS with something more aggressive. This means, it is shit anyways.


I don't follow.

>>59184510
Is it possible to run verifications on bytecode to make sure that it doesn't do anything bad or access data in a harmful way?

>>59184171
You can already compile languages like sepples and python to js.

>>59184189
No. It's a bytecode format that compilers can target. Think of it like pre-processed JavaScript. It skips the parsing and optimizing stages and is strongly and statically typed and thus faster.

Don't think it will actually replace JavaScript, though. It won't.
The only thing webassembly can do in the browser is provide functions that run webassembly code.
And those functions can only take numbers and return number. You want to do any kind of side effect, like attaching event listeners, doing XHRs, manipulate the DOM?
You can't. Not from WebAssembly. You still need JS for that and you probably always will.
As far as I know, not even strings are part of WebAssembly. Neither are objects. Web-Assembly functions take numbers and return numbers and they can't influence anything outside.
It's great for muh games and other applications that rely on lots of calculations that need to be done fast, but worthless for the average website.

but why does it exist when JS is the best language

>>59184581
>"""compiling""" languages to JS
Why not just cut out the middleman?

>>59184599
haram

>>59184565
As far as exploiting the VM is concerned, it should be possible, if you design the instruction set the right way. It's apparently far from trivial, though.

That's why I hoped earlier that it would actually store an AST, but the docs seem to imply otherwise.

>>59184474
No harder than minified JavaScript.

>>59184581
And Typescript

>>59184599
Ahahahha, no

>>59184683
You can easily de-minfy minified js.
Hell, even chrome console can do it.

>>59184716
You can easily decompile Java too. What's your point?

File: DELET.png (208KB, 774x315px) Image search: [Google]

208KB, 774x315px

>>59184189
Congratulations, you know how to identify basic security risks!

>>59184189
In the same way that javascript is. Webasm runs in the same sandbox as javascript. No net gain or loss as far as security, just trading one language for another.

File: demo.png (3MB, 1680x1050px) Image search: [Google]

3MB, 1680x1050px

It already has more games than Linux...

http://webassembly.org/demo/

>>59184171
for webdevs exists a special hell...

Java applets were awesome as today there is no better game them runescape

>>59185497
>Java applets were awesome
Also insecure in the way of >>59184638

>>59185497
I still play runescape sometimes.

>>59184581
I believe this is one prime motivation for webassembly.

Having to compile to JS has a lot of shortcomings, most languages only support certain language subsets (like Haskell with Fay, or C++ with emscript) because of JS limitations. Also the generated code is always slower than regular JS.

Webassembly would fix these issues.

I hope it will be possible to control js and wasm permissions separately using uMatrix.

>>59186216
With Firefox, anything is possible!

RIP JS
I
P

J
S

>>59184598
revert 2 leddit with your pondered and appreciable analysis, un-virgin

>>59184171
If it means I can write C++ with an API for DOM manipulation and threading, it sounds great.

JS is such fucking cancer that I'd never consider touching web dev stuff, and no, writing something that gets translated to JS is not in any sense better.

File: 535afab1342ebc946efe6336b16b70b2.jpg (769KB, 957x1323px) Image search: [Google]

769KB, 957x1323px

>>59186683
N-No! I swear I belong here, wait, I'll try again!

Uh... W-Webassembly is a botnet! It will fuck your PC! Windows and Macfags BTFO! WASM is a botnet technology and will allow attackers to discover your CP stash!
Of course the browser vendors didn't even waste a MILLISECOND thinking about security! WASM is just like a Java or Flash applet! Insecure! Full botnet access!

Also I posted an animu grill, that's proof that I belong here!

>>59184598
They're adding DOM manipulation in a later version

>>59187081
Have they confirmed that yet? I just heard a "maybe much later" when I last checked.

The World Wide Web was a mistake.
- Sir Tim Berners-Lee

>>59187055
*kisses cute grill*

>>59187104
http://webassembly.org/docs/gc/

>>59187149
Neat.
But until then... We're left with JavaScript and its horrible build tools that take longer to produce builds than million LOC C++ programs with lots of templating magic.

>>59184510
>Bytecode

So, it's Java by the back door?

>>59187166
React & Webpack are >fun

File: assly.png (312KB, 506x662px) Image search: [Google]

312KB, 506x662px

Does that mean this image is out of date?

>>59187194
Webpack is a mess. A maze of config entries nobody can possibly remember, magic that is never explained (especially in plugins) and go and fuck yourself if your app ever gets an actual backend so you can't use webpack-dev-server anymore.

>>59184171
>>59184189
Great, ad blocking is now made much more difficult!

>>59187209
You'll probably still want a therapist if you write wasm directly in bytecode.