Will WebAssembly Replace JavaScript?

On Tuesday Firefox 52 became the first browser to support WebAssembly, a new standard "to enable near-native performance for web applications" without a plug-in by pre-compiling code into low-level, machine-ready instructions. Mozilla engineer Lin Clark sees this as an inflection point where the speed of browser-based applications increases dramatically. An anonymous reader quotes David Bryant, the head of platform engineering at Mozilla. This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization... Over time, many existing productivity apps (e.g. email, social networks, word processing) and JavaScript frameworks will likely use WebAssembly to significantly reduce load times while simultaneously improving performance while running... developers can integrate WebAssembly libraries for CPU-intensive calculations (e.g. compression, face detection, physics) into existing web apps that use JavaScript for less intensive work... In some ways, WebAssembly changes what it means to be a web developer, as well as the fundamental abilities of the web.
Mozilla celebrated with a demo video of the high-resolution graphics of Zen Garden, and while right now WebAssembly supports compilation from C and C++ (plus some preliminary support for Rust), "We expect that, as WebAssembly continues to evolve, you'll also be able to use it with programming languages often used for mobile apps, like Java, Swift, and C#."

No

From the web assembly web page:

Is WebAssembly trying to replace JavaScript?

No! WebAssembly is designed to be a complement to, not replacement of, JavaScript. While WebAssembly will, over time, allow many languages to be compiled to the Web, JavaScript has an incredible amount of momentum and will remain the single, privileged (as described above) dynamic language of the Web....

Re:No

[bill_mcgonigle]

Yeah if you're crazy enough create a image editor or a game that runs only in a webbrowser then maybe you would consider this. But no it won't replace Javascript.

I'm always amused that the "Flash haters" at Google/Chrome still insist that you run the YouTube video editor under Flash. Heck, I can barely get a WebM file from YouTube some days.

Anyway, replacing Flash for use cases that aren't video streaming would be a welcome use of WebM. Possibly that's what they're waiting for and the reason they're still pushing Flash on us in 2017.

Re: No

Except chrome now supports it, too.

Re:No

[Xtifr]

It's being developed by Microsoft, Google, Apple, and Mozilla, and has been demoed in beta versions of Chrome and MS-Edge already. Mozilla is merely the first out the door with an official release.

Re: No

[xvan]

Javascript is, sort of, ok for what it was originally created for.

Then all the webapps craziness came up and javascript had to cope up with it.

Then someone thought that it was smart to use javascript as a programming language, probably because all those webdevelopers turned programmers.

Re:No

[JDG1980]

No! WebAssembly is designed to be a complement to, not replacement of, JavaScript. While WebAssembly will, over time, allow many languages to be compiled to the Web, JavaScript has an incredible amount of momentum and will remain the single, privileged (as described above) dynamic language of the Web....

That's disappointing. JavaScript is an absolutely terrible language, and it's insane that it has been the only choice for client-side Web scripting/programming up until now. Hopefully this is just diplomatic BS. Once WebAssembly is updated to support access to the DOM (the current version can't do that), then there is no good reason for anyone to use JavaScript for anything ever again.

Re:No

[tgv]

Imagine the people who write buggy Javascript writing C++. A recipe for disaster.

Re:No

Javascript has gotten a lot better in recent years, but it's still pretty bad.

However, it has lead to a massive explosion in free and open frameworks. You get the source when you use them by nature. It's pretty impressive.

WebAssembly will put a stop to that.

Re:No

[Pieroxy]

JavaScript is not an absolutely terrible language. It's actually a pretty good one with a lot of useful stuff. Sure, there are bad parts, nobody denies that, but every language has bad pieces that put it to shame under scrutiny.

Re:No

JS type system is complete shit. Stop deluding yourself.

Re:No

[leptons]

If you think Javascript is the worst part about web development, and not the browser DOM and API, then you don't know web development. Javascript is the easy part. Cross-browser/cross-platform DOM/CSS/API issues are still going to haunt WebAssembly, and Javascript developers are just going to laugh at people who don't understand that.

Re:No

[leptons]

You must be one of those people who can't comprehend dynamic typing. That's a shame, because there's nothing inherently wrong with dynamic typing except for your lack of understanding of it.

Re:No

[michael_wojcik]

Once WebAssembly is updated to support access to the DOM (the current version can't do that), then there is no good reason for anyone to use JavaScript for anything ever again.

Sure, sure. Why have crap web pages serve crap scripts written in one crap language, when they can serve crap binaries written in any of several crap languages?

"Binaries" in the sense that WebAssembly serves scripts in compiled form. So in addition to letting incompetents demonstrate their failures by attempting to create "web applications" in, say, C++, WebAssembly prevents us from easily viewing those scripts and working around them with, say, Greasemonkey. Or determining that we don't need them, and can safely block them with NoScript. And so forth.

Sure, you can minimize and otherwise obfuscate Javascript. And there's asm.js, which was basically WebAssembly version 0. But certainly on the sites I use, most Javascript is either unobfuscated or just the minimized version of a third-party library that exists in unminimized form, so it's easy to reconstruct what it's doing.

There's rarely a compelling reason for Javascript now. But I see even less of one for WebAssembly, personally. I don't want games and scientific visualization and all sorts of other rubbish running in my browser, thanks anyway. I want to use it to read stuff, and once in a while to rant.

Re:No

[null+etc.]

JavaScript is an absolutely terrible language

Oh my gosh, yes! JavaScript is HORRIBLE. I can't tell you how many times I've seen competent developers fired and replaced with new-fangled JavaScript developers who could code a dynamic website in one day. Websites *aren't meant* to be coded in one day! They should be thoughtfully meditated upon, as some sort of holy semantic grail, fueled by the document-driven knowledge net powered by pure Tim-Berners-Lee thought magic.

And don't even get me started on the lack of typing. Typing! How can you program something with a guaranteed, mathematically-proven execution model without strong types? I mean, the last time NASA tried to use JavaScript to send a rocket to the moon, it ended up flying directly into the sun! Dynamic typing should be outlawed!

And is JavaScript procedural, functional, or object-oriented? We ALL know that object-oriented is absolutely the worst idea to come out of computer science in a long time. EVERYTHING should be purely functional! How can you have mathematically proofs that certify the correctness of your programming, if you have things like event handling built in? It's outrageous!

In fact, JavaScript is SO dangerous that we should outlaw web browsers too! The Internet should really just be a network of connected PDF files!

Re:No

[null+etc.]

I remember this back when Microsoft called it activex.

Then you must remember incorrectly, because WebAssembly is literally nothing like ActiveX.

Re:No

[null+etc.]

Imagine the people who write buggy Javascript writing C++.

I'm pretty sure that a person who writes buggy JavaScript couldn't even write a C++ program that compiles.

Re:No

[epine]

I can't tell you how many times I've seen competent developers fired and replaced with new-fangled JavaScript developers who could code a dynamic website in one day.

Error: type "management problem" assigned to type "programming language".

Re:No

[Heliologue]

The thing inherently wrong with dynamic typing is a lack of compile-time safety, increased overhead at runtime during interpretation, and a history of quirky comparison bugs. What you mean is "dynamic typing is convenient at overcoming ambiguity", which is true, but not enough to persuade those of us in the strongly-typed camp.

First Webassembly malware post!

[slazzy]

Yeah!

The cloud

This new standard will enable amazing video games and high-performance web apps for things like computer-aided design, video and image editing, and scientific visualization...

But I don't *WANT* to do that shit in a web browser. I want it to live on my local computer where companies can't charge me $5, $10, or $250 per month or I lose access to all my critical data.

I'm still astonished that one of my clients is running a Linux mail server and it works perfectly for them. Their total cost over the ~8 years they've been running it has been about $1,000/year, and most of that is paying for us to add new users, create mailing list/groups, and remove fired employees.

Their first year on the Exchange 358 cloud bullshit would have cost them approximately $15k in licensing.

Re:The cloud

It's cute that you're your small town IT guy, but real businesses where people deal every hour with more money than you make a year require professional software, and that's where the quality of advanced offerings from Microsoft shine.

Re:The cloud

You had me up until "Microsoft."

Re:The cloud

[ledow]

Or they could have just used a Google Apps account, got email with it, without needing to pay you to add users or groups, and paid - what? You don't say how many users but it wouldn't be much more.

Or they could have just bought any domain, and got free webmail and an interface panel for hundreds of users fora couple of dollars a year.

Just because your use-case can't imagine the use of such a thing doesn't mean it's not sensible.

To me, $1000/year for a mail server is a piss-take.

Sure, you can do it for nothing and an Internet connection you already have. Doesn't mean that's sensible.

Re:The cloud

But I don't *WANT* to do that shit in a web browser.

What, you mean you don't want to let thousands of unknown parties from unknown places with unknown motivations probably not aligned with yours have control over your browser, in a way that's been a key enabler of probably 3/4 of the web based attack vectors we've seen in recent times?

What are you man? A human being with a brain? Stop thinking please. Just go along with the herd. You'll be happier.

Re:The cloud

[jellomizer]

How would this technology stop that.
We had Time computing where we paid for access to the mainframe.
Then we had SaaS where we hosted the app remotely.
Now we have cloud where the services are more distributed.

Nothing is stopping you from installing your own web server and use these apps on your intranet. But most people don't like paying thousands of dollars for software anymore.

Re:The cloud

[Pinky's+Brain]

Since small businesses make up most of the economy I hope we don't run out of small town IT guys.

The professionals seem comparatively completely fucking useless.

Re:The cloud

[aaarrrgggh]

And what is their lost time in dealing with spam, inability to properly and effectively share calendars, etc.?

Email is one thing where hosting makes sense. We had gmail for our company free for over a decade, and recently went "premium" to add a few features. Smartest business decision we made.

On the other hand, Asterisk locally was arguably our second best IT decision. 10-year cost under $15k, compared to $65k for a comparable hosted solution.

You have to understand when hosted solutions make sense, and when rolling your own in-house is cheaper and more sustainable.

Re:The cloud

[lucm]

Their first year on the Exchange 358 cloud bullshit would have cost them approximately $15k in licensing.

For a service similar to a Linux mail server, that means they have 250 users (Office365 = $5/mailbox). I don't know how fast you can drive to their office but if their Linux mail server crashes or gets stolen, that's 250 people with no email for as long as it takes for you to fix the problem.

On the other end, if the office loses internet connection (which would also make a Linux server useless), those users can still access their Office365 email from their phone or home internet connection.

Email is a commodity and it's a no-brainer to outsource it to a provider that benefits from economy of scale and state-of-the-art data centers staffed 24x7.

Re:The cloud

[lucm]

Or they could have just bought any domain, and got free webmail and an interface panel for hundreds of users fora couple of dollars a year.

Spot on. For $4/month total (including a free domain) with Bluehost you can have unlimited mailboxes, plus a website, blog, ecommerce site, etc. Sure, you don't get the massive data centers that come with Google or Microsoft mail servers, or their flawless antispam, but it's an annual budget of under $50 for your email to be hosted and they've maintained fairly decent uptime for decades.

And even at that rock-bottom price you still get something more reliable than an in-house solution.

Re:The cloud

[AchilleTalon]

Even if I share your comments, the original point about Web Assembly has nothing to do with what the poster complained about. I mean, Web Assembly doesn't introduce that problem, it is already there for decades. So, I welcome Web Assembly for what it is, a mean to increase the performance of applications in the browser. Now, should we or shouldn't we have complex applications in the browser and which ones is another matter.

However, the browser is a convenient way to distribute applications inside an enterprise. In that case, you don't have thousands of unknown parties trying to hack your browser and making it crawling instead of running.

I would probably prefer enterprise applications based on Web Assembly than on Flash or even mostly Javascript.

Re:The cloud

[AchilleTalon]

Spamfiltering solutions exists at an insignificant cost and as open/free software as well.

Re:The cloud

[epyT-R]

Web Assembly doesn't introduce that problem, it is already there for decades.

No, but it does attempt to remove some of the performance barriers that cause people to continue writing local applications, encouraging more development of less-secure-by-design browser 'apps' to replace them.

Re:The cloud

[aaarrrgggh]

Yes, but they are simply not as good as Google. Getting closer, but still not there.

Re:The cloud

[JDG1980]

I want it to live on my local computer where companies can't charge me $5, $10, or $250 per month or I lose access to all my critical data.

But they can already do this even if the app does live on your local computer. See: Adobe Creative Cloud.

Re:The cloud

[rtb61]

It seems the 'professional' plugging M$ cloud are just really, really lazy and greedy. Take the credit and the pay and blame M$ when it all blows up, which it inevitably will. The bigger your company the sillier you are to trust the cloud because it will fail, it absolutely guaranteed will fail and catastrophically so. Never ever forget, they will take short cuts to inflate profits, they will pry into what they store because it is literally worth billions in insider information, the cloud serves you web interests and they more about you web business than they do and they are your competitors and that is really stupid.

Big enough and I would stop trusting ISPs and roll my own, it just makes not sense to trust outsiders in the digital age with anything. Once you are big enough, you grow your IT infrastructure sufficiently to contract out elements to others. The worst thing you can ever do in business is feed your competitors, you should be doing the exact opposite starving them out of existence.

Re: The cloud

[corychristison]

No such thing as unlimited.

You will hit a limit if you're paying $4 a month for a shitty web host to run your businesses critical infrastructure.

I own a web hosting business, but even I know when a professional mail service is necessary, and I run mail servers for many of my clients.

Also, $1000/yr for the parent poster to add/remove a few users is $83.33/month on average. That's a lot for doing a whole lot of nothing.

My clients pay about a $1 a mailbox per month. They have the ability to add and remove their own users, so I rarely get a call. My mail servers are in a cluster across three datacenters. Each mailbox receives around 10GB on average, though its adjustable/negotiable based on the clients needs.

Re:The cloud

That's really odd how you seem to assume that Microsoft is the only choice for professional solutions. I recently put together a high end mail routing system and Microsoft Exchange Server doesn't provide several of the advanced email functions that were required to do that, the official word is that Microsoft do NOT intend to add those functions to Exchange Server EVER. Exchange is designed as an endpoint mail system, not as a mail routing system.

I was pointed in the direction of Postfix along with some other software and that fitted the job really well and I was able to provide a mail system capable of shifting hundreds of thousands of messages per hour.

As it is designed for a specific function, the servers which are running Linux will never need to be rebooted other than for hardware issues, the software can be fully upgraded with an absolute minimum amount of downtime and the entire process of upgrading the whole system takes a matter of minutes when required.

There were no licensing costs involved, the only costs were my time in setting up the system.

If that isn't a professional solution I don't know what is.

Re:The cloud

[michael_wojcik]

a mean[s] to increase the performance of applications in the browser

No doubt this is an issue for many people, but I've been using Javascript for as long as it's existed, and I have never, ever, ever, not even once, wanted it to run faster.

Indeed, I'd be very happy if all the extant implementations were an order of magnitude or so slower; that would greatly reduce the incentive for unnecessary scripting.

Re:Hard to argue against Betteridge here

[luismontbau]

Well, Google Chrome 57 also incorporates WebAssembly, and soon, so will Safari and Edge. If you're interested in the future of the web, I suggest you read all the articles, they are quite interesting. I think it's the only chance the open web has against walled app gardens.

Maybe in the long term

[aglider]

But not in the near future: JavaScript is a very well established technology for web UIs!

Re:Maybe in the long term

[Richard_at_work]

Meh, not so much - its the *default* language for clientside web interaction right now, and thats the *only* reason it has the establishment that it has.

The only thing that would have to happen for Javascripts domination to be threatened is for multiple browsers supporting something better, and thats happening with WebAssembly. Once developers realise they can stick to their language of choice and cross compile to WebAssembly, thats pretty much game over for JS - think of all the reasons touted for using Node.js, just this time think about them being used against JS...

I wouldnt be at all surprised to see a significant shift start to happen in the next 18 months.

Re:Maybe in the long term

[MichaelSmith]

Where I work, the run of the mill web developers basically know js and php. So if they drop js I know what they will use.

Re:Maybe in the long term

[Richard_at_work]

But at least they get to concentrate on one language, rather than splitting their valuable attention and time over multiple languages, all with their own foibles. Far far too many "full stack web devs" claim to know JS but actually know very little, and subsist on broken pockets of experience. Think of how many atrocities have been committed with JQuery plugins by "full stack web devs" who basically chain pre-existing stuff together.

Re:Maybe in the long term

[lysdexia]

God speed the day. If I have to use that horrible half-scheme NaN more time I'm going to undefined.

Re:Maybe in the long term

[aglider]

But webassembly should have tight compatibility among implementations.
As of now, even Javascript needs some extra code to ensure compatibility.
Due to its low-level nature, webassembly would show larger discrepancies and need larger amounts of code for compatility.
No, you didn't convince me, unless the "long term" is within a couple of years.

Native code running in the Browser?

[Viol8]

Hello ActiveX, its been a while! And you never had any security issues did you, noooo, perfectly safe. Thats why its still around today... err, oh, wait...

Re:Native code running in the Browser?

[Todd+Knarr]

Hello ActiveX, its been a while! And you never had any security issues did you, noooo, perfectly safe. Thats why its still around today... err, oh, wait...

Yup. We've been this route before. Not to mention compiling native code for multiple versions of multiple operating systems on multiple CPU architectures. Avoiding that's one of the attractions of browser-based applications. Look, a security and development nightmare in the same package!

Re:Native code running in the Browser?

[NoNonAlphaCharsHere]

Yaaaaayyyyyyyyy!!!!!!
I, for one, cannot wait to load webpages with near-native busy-wait code written by some amateur to do really really useful shit, like check every 7 seconds if there's been an update to their homepage (a la Huffington Post).

Re: Native code running in the Browser?

[Zero__Kelvin]

This has nothing to do with Active X, and furthermore your implication that if Microsoft tried and failed at something then nobody else need try is absurd.

Re:Native code running in the Browser?

No, Native Speed. Not native code. It can't do things javascript doesn't do, it does things javascript can do, but much faster.

Re:Native code running in the Browser?

[jellomizer]

From what it seems it isn't real native code. But more direct calls to the browser to bypass a lot of the heavy JavaScript stuff.

Re:Native code running in the Browser?

[Mr0bvious]

Not quite true.

Amongst other things, Web Assembly can do multi thread support (posix style) and actual sockets.

For anyone wanting to port existing apps/libraries to the web, this is a significant step.

Re:Native code running in the Browser?

If you read Huff Post you deserve what you get.

Re:Native code running in the Browser?

[lucm]

Amongst other things, Web Assembly can do multi thread support (posix style) and actual sockets.

So it's just like Flash. First, excitement; next, annoyance with constant updates; then security exploits. And finally it gets replaced with HTML6.

Re:Native code running in the Browser?

[AHuxley]

Could this get a ip from a user expecting onion routing to work via new code?

Re:Native code running in the Browser?

[AHuxley]

So its like peek and poke for basic?

Re:Native code running in the Browser?

That feature was born out of necessity. They discovered that most users of the web site reloaded the page exactly every 7 seconds. The native implementation of such great mechanism improves the performance of the existing solution and enables even less wear for the mouse buttons of millions.

Re:Native code running in the Browser?

[Mr0bvious]

So you just don't like Web Assembly?

It's not like you've got an educated opinion about it, so you just sorta hate it.. coz... ya know. lawn and stuff...

Re:Native code running in the Browser?

[Mr0bvious]

Yeah..... it gives exactly the same level of portability for existing native code apps as what peek and poke gives. You nailed it.

Re:Hard to argue against Betteridge here

[Espectr0]

I take it that you don't know that WebAssembly is made by a joint team of all major browsers?

Miss out on apps not ported to your OS

[tepples]

But I don't *WANT* to do that shit in a web browser. I want it to live on my local computer

What's better: using a JavaScript or WebAssembly app in a web browser, or not being able to use an app at all because it's native but doesn't happen to have been ported to your device's operating system?

Re:Miss out on apps not ported to your OS

[epyT-R]

What's better: using a JavaScript or WebAssembly app in a web browser and having it fuck up your workflow when it magically changes/disappears one day, or having to run a specific OS to run a native, local application that's there forever until you choose to abandon it?

Re:Miss out on apps not ported to your OS

[Is+Don+the+new+Ron]

But I don't *WANT* to do that shit in a web browser. I want it to live on my local computer

What's better: using a JavaScript or WebAssembly app in a web browser, or not being able to use an app at all because it's native but doesn't happen to have been ported to your device's operating system?

This has a huge downside too. A web app lives and dies on the whim of the developer, which can go bankrupt or be DDoS'd out of existence overnight, while a program installed on your desktop can last as long as the hardware can be upgraded or replaced, which in the case of the most common desktop architecture can span well over a generation.

Now I realize that practically all apps and programs are in part locally installed, if not permanently then in some disk cache. But the incentive for a developer to package an app so that it can run only after it phones home is much, much greater. After all, how many people run an web browser offline?

So, yes, this is going to be a game changer. If this takes off, expect future versions of your favorite proprietary office suite or graphics editing program to behave more like YouTube videos than traditional desktop software. Remember that there's practically no difference between downloading and streaming a YouTube or Netfilx video but these companies still put up technical barriers to prevent users from viewing videos offline.

Re:Miss out on apps not ported to your OS

[squiggleslash]

That problem was already solved with Java, .NET, and LVM, albeit to varying degrees. The latter doesn't have much in the way of a cross platform API, and .NET is pretty bad when it comes to cross platform GUIs, but the latter is possible, if not beautiful.

I think WebAssembly could work well if it were seen as a replacement for Javascript, with the latter's increasingly severe memory and speed issues (it's just not scaling well any more, and browsers are creaking under the strain.) Unfortunately, contrary to TFH, that's not what it is - it doesn't currently have access to the DOM, for example.

So, in the end, it's another competitor to Java, and the question I have is why is that necessary? Is that what we want or do we want better web support for one of the existing bytecode platforms? Java, for all its flaws, is a known quantity, we know where the major flaws are (well, most of them) and we've fixed them (well, most of them.) This is starting again from scratch, and apparently isn't even managed code. I don't have high hopes for it.

Re:Miss out on apps not ported to your OS

[iampiti]

It might be a bit convoluted but you could run the web applications locally and just use webassembly as a sort of VM that happens to be runnable on many browsers and OSs. Then you'd have total control about the availability of the application and you could also run it in the OS of your choice

No

[thegarbz]

But a longer answer is: 99.999% of the Javascript out there is not slow but waiting on some server to send back content.

Yeah if you're crazy enough create a image editor or a game that runs only in a webbrowser then maybe you would consider this. But no it won't replace Javascript.

Chrome too

[campuscodi]

Google also officially added support for WebAssembly in Chrome 57, released 3 days ago, btw

Re:Chrome too

[ledow]

Yeah, but that EpicZenGarden demo doesn't work in Chrome.

I get an error after about 2 minutes of downloading hundreds of megs: Uncaught TypeError: Cannot read property 'getParameter' of undefined

Doesn't matter how good your demo is if it doesn't work on other software. The old "web browsers don't support standards the same way" problem strikes again.

Re:Chrome too

[haruchai]

Yeah, but that EpicZenGarden demo doesn't work in Chrome.

And it sorta worked in my portable FF. All 4 CPU cores went to 100% when it was compiling WebAssembly, dropped to 85% while the demo was playing, which crashed after about 30 seconds - but only took out the 1 tab, did not kill the browser.

I wish

Javascript is utter trash that should be cleansed from this world

Re:I wish

[leptons]

^ Says the programming language hipster.

JS "programmers" are too incompetent for that

[gweihir]

WebAssembly will primarily allow real coders to write applications that run in browsers. No JavaScript wannabees need to apply.

Re:JS "programmers" are too incompetent for that

[phantomfive]

It's still going to be a few years. Right now, you can't even access the DOM from Webassembly.

Eventually it will be in there, and eventually they will be adding hooks so garbage collected languages can run in WebAssembly, too. They're taking it slow though, because they don't want to make the world suffer by making it too miserable. CSS and HTML might be getting an overhaul too, but the whole process could go on until 2030. For right now, we still have to write web pages using lousy frameworks.

Re:JS "programmers" are too incompetent for that

[gweihir]

Aehm, why would languages with a GC not run in WebAssembly?

Re:JS "programmers" are too incompetent for that

[phantomfive]

Right now WebAssembly doesn't have primitives that support it. You could hypothetically write your own garbage collector and port it over (so when people load your web page they also have to load a C# runtime or whatever), but I don't think anyone is going to do that since it would become outdated soon.

Re:JS "programmers" are too incompetent for that

[bill_mcgonigle]

It's still going to be a few years. Right now, you can't even access the DOM from Webassembly.

I can code in JS, assembly, C*, html*, and even I wouldn't want to access the DOM from WebAssembly. Put the tight CPU stuff in WA and keep the majority of the high-level code in JS or if some kind of miracle happens and Rust becomes a better web app platform, something like that (unless there's a miracle and perl6 becomes relevant). The extant JIT's should be fine for high-level code, and if the VM team wants to leverage WA more, fine, but that's an implemenation detail I probably don't want to think much about.

Re:JS "programmers" are too incompetent for that

[whoever57]

Eventually it will be in there, and eventually they will be adding hooks so garbage collected languages can run in WebAssembly, too. ...

And for how many years will they be fixing obvious vulnerabilities in the code? How long before the language has some semblance of security?

Re:JS "programmers" are too incompetent for that

[phantomfive]

The big thing people are going to start talking about is types in the browser. You'll hear it all over the place, "Use language X because it has types it's better than Javascript." Beyond that, even Crockford is insulting Javascript now, so its usage is probably going to decline.

Re:JS "programmers" are too incompetent for that

[phantomfive]

WebAssembly will likely never be more secure than Javascript is now, because the people who are implementing it are the same ones who implemented Javascript.

Re:JS "programmers" are too incompetent for that

[gweihir]

Ahem, that is not hypothetical at all but the way it is done? Languages with GC come with a GC adapted to their needs. GC is not something an execution platform supplies and it does not need to have "primitives" for it. In fact, I do not think such primitives exits in any assembler dialect, as memory management is a high-level function provided by the kernel and/or runtime library. A GC then sits on top of that. In particular, WebAssembly aims at very close to native performance, so having a GC implemented in it is really not different than in any other assembly language.

Maybe you are thinking of something like a Java VM, but that really is not anything assembler-like. That is a complex runtime environment with libraries, memory management, GC, and so on and with significant losses compared to native performance, except for code that spends most time in natively implemented libraries or when a JIT is used (and hence the target is not a Java VM anymore).

Re:JS "programmers" are too incompetent for that

[phantomfive]

In fact, I do not think such primitives exits in any assembler dialect,

Well get ready, because you're going to see it in WebAssembly.

GC is not something an execution platform supplies and it does not need to have "primitives" for it.

WebAssembly is going to have it whether it needs it or not. That's the plan. In your confusion about the exact definition of assembly language, you seemed to have missed the point. Languages with GC are not likely to be ported to WebAssembly because in a few years, it will be much, much easier to port them.

Re:JS "programmers" are too incompetent for that

SO much this.

The reason JS gets so much hate is not because the language itself, it's the horrific fucking developers that (ab)use it.
Most of them abstract the damn language away under shit like jQuery that adds a metric fuckton of overhead to the language.

It's not even amateur small-time devs either, it's huge ones too.
So-called Enterprise-quality code, full of high-overhead code for very little functionality, said overhead only there to prevent IDIOTS from making mistakes.
Google even do it. Youtube, Gmail, Maps, all slow as fuck now. Try run ANY of those on a machine from even 5 years ago, never mind 10. They are even slow on modern hardware for NO FUNCTIONAL REASON, just lazy developers writing high-overhead code for obfuscation / low-transmission cost reasons. (yet it would be far easier to compress your code and decompress it on client end, then run THAT, insanely faster too)
The HTML5 video system is so slow it is funny, especially since most major browser vendors are pushing for its replacement as primary content source for video over Flash. The piece of shit spec has barely any support for hardware emulation on old or NEW hardware. The levels of inconsistency in HTML5 video is nuts. I've seen old machines handle it fine, yet something from past 2 years choke on it. It is a horrible, horrible spec not even remotely close to being complete.
As much as I hate W3C for their monolithic nonsense of yesterdecade, they were 100% correct when they said HTML5 wouldn't be complete until 2020~. 100% correct indeed. The amount of syntactic sugar in that spec to cater to retards that refuse to learn the language is only going to make things even slower.

It happens in loads of other languages as well.
PHP another common one. The PHP community is horribly stupid as a collective. (including ITS own developers!)
Python is another. Python suffers even more so because it is ridiculously high-overhead NATIVELY, it is horrendously slow. I have no idea why people can stand it. Even for prototyping it is bad. (more so because the syntax is horribly different from most languages)

Idiots are ruining the programming community.
They've made the entire industry horrible to live in.
If you know anyone considering programming, tell them fucking no and get in to computer science instead. Or mechatronics or something else interesting. That one in particular will be a very good one since robotics is a hugely growing industry.
Programming is a dying area. It's saturated with IDIOTS that are too lazy to learn languages, so ask "smarter" people on Stackoverflow or similar sites.
There's literally summer courses in programming that teach people to ASK questions on stackoverflow! (fucking India)

Re:JS "programmers" are too incompetent for that

[gweihir]

That is complete nonsense. A GC needs to be custom-tailored for the language used. A GC primitive is not going to help for any language besides exactly the one it was designed for. Seriously, read up on what a GC is and how it works. It is not some function you can call that works the same everywhere.

Re:JS "programmers" are too incompetent for that

[phantomfive]

Oooh, insults. I can do that too: you're an ignoramus, know nothing about WebAssembly except what I've told you, and most likely your knowledge of GC is almost as bad.

Re: JS "programmers" are too incompetent for that

[denis.goddard]

Parent is the best post I've seen on Slashdot in a long time. Kudos. Word. Also, Perl6 is the language the Web *should* have used

Re:JS "programmers" are too incompetent for that

[gweihir]

Fascinating. I recommend you read up on the "Dunning-Kruger" effect and on what actually constitutes an "insult" instead, the complexity of GC design will fly right over your head. (And no, even that is not an "insult", just a statement of fact derived from your claims...)

Re:JS "programmers" are too incompetent for that

[yuvcifjt]

Interesting post; however, which language do you utilise/advocate?

The fact that ~80% of the top 1 million web sites are utilising jQuery says a lot about why it became massive - i.e. consistency across browsers, and cuts-down on amount of JavaScript for doing basic things; and massively helps in DOM manipulation.
And as far as I'm aware, Google doesn't utilise jQuery or any javascript libs/frameworks for their websites, including Maps, Gmail, and YouTube.

If you had mentioned some of the newer retarded frameworks, such as Angular, React, Vue, etc, then I would have been in complete agreement!

I'm also surprised you took a swing at W3C, of all, who are trying to make the web sane and standard tech across browsers, along with Mozilla.

And by the way, not all front-end devs are idiots, some come from C/Java back-end languages.

Re:JS "programmers" are too incompetent for that

[phantomfive]

You can start reading up on it here. If you had done a little research before typing, you wouldn't have an egg on your face right now.

Re: JS "programmers" are too incompetent for that

[phantomfive]

diaf

Re:JS "programmers" are too incompetent for that

[gweihir]

There is absolutely no egg on my fact, but a ton on yours. This is a special-purpose GC that requires adjustments to language design and may have serious negative impact on performance, memory-use, responsiveness, etc. if a language moves to it. The language then would have to adjust its native run-time system on other platforms as well or support two. That is not going to happen on most cases. This thing will also not even be usable with many languages, because they require opaque pointers to work. Basically, the only good use is if you design a new language exclusively targeted at WebAssembly and its GC primitives and are willing to accept the limitations that causes.

You may as well have been claiming that Boem-Weiser is a generally good choice for a GC. It is not. It is something you use only when you have no choice. This thing is similar, if it ever materializes.

Re:JS "programmers" are too incompetent for that

[gweihir]

I fully agree on JS and PHP and on "coders" in general. Python is quite nice as glue though, with the heavy lifting done natively in C after prototyping it in Python. I have done this several times now with pretty good success. Of course, I would not want to write anything really large in Python or together with other people, as it is decidedly not a language for beginners. Combining the usual moron "coders" with Python is a recipe for disaster.

Re: JS "programmers" are too incompetent for that

[gweihir]

I am not too sure about Perl 6. It seems to suffer from the "Second System Effect" in a lot of places. Time will tell, but at the moment I am staying on Perl 5.

Re:JS "programmers" are too incompetent for that

[gweihir]

And by the way, not all front-end devs are idiots, some come from C/Java back-end languages.

While I agree on that, 10% that know what they are doing (recent experience, me and the dev in a room and we have solved a complicated permission issue in one hour), the rest is between clueless (recent experience on the same thing: they are still asking questions that do not make sense 4 weeks later, despite being given correct and detailed instructions and a way to test) and worse (same recent experience, with two web-developers responsible for an existing application asking me what the "path" part of an URL was...). I really do not know where the mass of incompetent and clueless "developers" comes from and how they get any work done. But I now understand why things I need an hour for takes them 4 weeks and costs $20'000 (internal "funny money" billing).

Re:JS "programmers" are too incompetent for that

[phantomfive]

So what, you think Java will be ported to WebAssembly soon? Because I'm going to bet it won't be ported until after the GC becomes a WebAssembly standard.

Yes!

I will go against the majority opinion here and assert that, at least in my use case, it will precisely replace javascript as a language to allow remote control over my local computer. I currently block javascript, and will also block WebAssembly by equal measure, so this makes them functionally equivalent. Hence WebAssembly will be a fine replacement for javascript.

Captcha: Turtles!

Re:Yes!

[tepples]

If a particular application is available as a web application without charge or as a native application for pay, would you choose to pay?

Re:Yes!

[jellomizer]

What I will need to know. Will it work on the top three browsers. Chrome, IE/Edge and Firefox.
Chrome is the most popular. IE/Edge is what most business still support internally.
I want to avoid platform particular code. That is whay I said from day one activeX was a stupid idea. If we just have a Firefox only language I don't have any reason to invest my time into learning it. The same goes to many of googles chrome only language

Real-time bidding

[tepples]

But a longer answer is: 99.999% of the Javascript out there is not slow but waiting on some server to send back content.

You'd be surprised at how much time the browser spends running ad exchanges' "real-time bidding" processes, collecting bids from a dozen different ad networks for each ad unit on a page just to eke out a larger fraction of a cent. On the weaker ARM or Atom CPUs of compact laptops, tablets, and smartphones, adtech scripts often cause the web content process to take a whole core for several seconds.

Re:Real-time bidding

[religionofpeas]

So with WebAssembly, they can spend even more CPU power on collecting bids.

Package management?

[MichaelSmith]

If we can get rid of the current source code soup in web apps, that would be a good thing.

Re:Package management?

[MichaelSmith]

No I mean all the libraries like boost which have to be shipped with a webapp just to get angular.js to work. The web approach of copying source code from all over the place is leading to terribly brittle systems,

Re:Package management?

[Pinky's+Brain]

That's more because of cargo cult and copy paste programming.

It always amazes me how bad programmers like me can throw shit at a wall without any real in depth understanding and have it stick.

No problem

[nospam007]

If it finally kills that damn Flash dead, I'm all for it.

Well, could Java replace javascript?

[EtaCarinae]

So what's the principle difference between this and Java byte code?

Re:Well, could Java replace javascript?

[ledow]

This doesn't run as an NSAPI plugin.

Major browsers differ less than native OS APIs

[tepples]

The old "web browsers don't support standards the same way" problem strikes again.

But it's still probably a lot less effort to port a web app from Chrome to Firefox or vice versa than to port, say, a macOS app using Cocoa to Windows.

What replaces Flash?

[tepples]

I agree about removing Flash Player from the mainstream web. Almost everything modern has moved to HTML5 technologies. Classic animations and games, such as those found on Newgrounds, Dagobah, Albino Blacksheep, Homestar Runner, or Weebl's Stuff, can be run in a specialized browser in a virtual machine.

But Flash is more than Flash Player. Without Flash, what timeline-based graphical tool do you use to author an SVG or Canvas animation? Typing the coordinates of each vertex of each keyframe into a text editor is unlikely to cut it for animations of more than trivial complexity. Is Synfig any good yet?

Re:What replaces Flash?

[tepples]

The difference is that old used copies of Flash are presumably affordable to acquire legally, while Adobe Animate is available only by subscription.

Will bytecode replace Java?

[jeti]

Web Assembly is like the bytecode of Java. In the future, JavaScript will compile to it. As will other languages. The only question is whether languages other than JS can be distributed as source code and compiled to WebAssembly inside the browser.

Re:Hard to argue against Betteridge here

[93+Escort+Wagon]

I suggest you read all the articles

I'm going to pretend you didn't say that.

Re:WebAssembly engines as VMs for scripting

[Wootery]

Do something similar with generation of LLVM bytecode, and you can remove the need for actual binaries for most purposes

Not really, no. Not with C.

C has platform-specific behaviour of primitive types, and uses macros for platform-specific conditional-compilation. Not something that translates well to bytecode, and certainly not to LLVM bitcode.

and also tweak OS designs so that many security properties can be enforced at the language level more easily

Not really. If you want something like array bounds-checking for C, or runtime checking for signed integer overflow, GCC can take a pretty good stab at that already. Just use the right flags.

Re:WebAssembly engines as VMs for scripting

[tepples]

a WebAssembly VM will be a common feature on all OSs, and most scripting languages can then simply transpile down to this. Do something similar with generation of LLVM bytecode, and you can remove the need for actual binaries for most purposes, and also tweak OS designs so that many security properties can be enforced at the language level more easily

That's what the experimental Singularity operating system tried to do, except with .NET IL instead of WebAssembly.

But at least WebAssembly will allow use of languages that currently compile to native code, unlike .NET that required changes to popular languages to get them to work. For example, Microsoft's C++/CLI is set of extensions to the C++ programming language to allow creating managed code. But the syntax for arrays, pointers, and references differs between the unmanaged and managed "worlds". This means a program intended to compile in both a standard C++ compiler and the verifiably type-safe subset of C++/CLI ( /clr:safe ) can't use arrays, pointers, or references, which more or less restricts the common subset to programs not much more complex than Hello World. In fact, not even that works as advertised because most of the C++ standard library is missing in the verifiably type-safe subset.

Re:No thanks.

I don't want animation, blinking, buttons that morph, pop-up windows, pop-under windows, or non-scrolling menu bars.

So much so that you apparently stopped using the web altogether around 2001 since you think these are the reasons people use JS. XHR is the backbone of the modern web. Web pages are not static any more.

Looks good to me

[steveha]

I read through the fine articles and even watched a couple of the videos. Overall this looks like a good idea to me.

The basic idea: WebAssembly is an assembly language for a virtual machine, which is very easy to translate into native code. It was designed to be compact so it will download quickly; in particular they chose a stack-based virtual architecture so that an "ADD" instruction implicitly adds the top two numbers on the stack, so "ADD" and similar operations are always single bytecodes. Also, while JavaScript only has a single "number" type which is implicitly float, WebAssembly has multiple built-in native types including 64-bit integer.

It should be no less secure, and no more secure, than JavaScript. However almost all the overhead of an interpreted language is gone: instead of just-in-time compilation, detecting "hot spots" and optimizing, and de-optimizing when assumptions are invalidated, all the browser has to do is translate the virtual machine code into native code and run it.

For the initial release (i.e. right now) WebAssembly does not support garbage collection. This is a sensible decision given what it is and what it does, but they said they will look at giving it some GC abilities in future releases.

I like the original idea that JavaScript would always be human-readable and people could learn by studying the code from the sites they visit. However, this idea is not really active now. It's common practice to run JavaScript code through a "minifier" that packs it to make it as small as possible so it will load quickly, and minified code isn't very friendly to read. There are tools available to somewhat beautify minified JS, but I'm certain that there will be tools to "decompile" WebAssembly and produce something sort-of readable. So while in this one area WebAssembly is not quite as nice as JavaScript, I don't think it's a significant thing, and it's not even remotely enough to make me oppose WebAssembly.

Developers will be able to take existing code in languages like C, C++, etc. and compile them into this portable virtual machine language, and web browsers will be able to load and run them quickly. People will be able to write browser apps that run at near-native-speed and they will run on all the major web browsers and on whatever CPU you have (x86 and ARM for now). I don't really see a downside and I see lots of upside.

Re:Looks good to me

[Augusto]

Innovative!!! It sounds like Java ... (or basically any other bytocode compiled language ...)

Re:Looks good to me

[MichaelSmith]

"ADD" instruction implicitly adds the top two numbers on the stack

Maybe I should look at compiling Forth to WebAssembly.

Re:Looks good to me

[steveha]

the small benefit of JavaScript is that we can disable it and/or prevent certain function calls if you want to (e.g. my browser asks me if alert() is allowed to trigger or intercepts audio() and video() tags etc etc.

All I know about WebAssembly is what I read in TFA but I'll bet you that it will still be possible to block API calls exactly the same way. In fact, if my understanding is correct, WebAssembly doesn't come with any API calls; it will need to ask JavaScript to do things like pop up an alert().

Here, have a link I Googled up for you. Here's you you do an alert() from WebAssembly: you import alert() from JavaScript and call that.

https://gist.github.com/cure53/f4581cee76d2445d8bd91f03d4fa7d3b

So whatever you are doing right now to forbid alert() would continue to work when your browser downloads WebAssembly code.

If you're going to obfuscate calls even further into machine code and allow for code to run directly on a CPU and manipulate memory without the capacity for inspection, you've given up all control.

I've already made my position on that clear. Bytecode is less readable than minified JS but not by that much.

Plus I don't actually pick apart all the minified JS my browser is running and inspect it in advance. And I figure with GMain and such my browser is running a lot of minified JS.

Re:Looks good to me

[steveha]

Maybe I should look at compiling Forth to WebAssembly.

Should be possible. But I looked at some examples and it looks like they went for a LISP-like syntax rather than FORTH-like:

https://rsms.me/wasm-intro

Also somewhere in the fine article or one of the videos, somebody said that the stack-oriented bytecodes would likely be translated into register-based native code for efficiency. But it seems like they should make a simple virtual machine that can directly execute the bytecodes, for debugging or whatever, and a FORTH-based language would be the perfect front end for that. For all the few, proud FORTH fans out there, including you and me.

I also saw one web page which claims that WebAssembly isn't really a virtual machine code, it's an abstract syntax tree of an assembly language. I don't know enough to really evaluate that statement but I suspect it makes little practical difference one way or another.

Re:Looks good to me

[steveha]

allow for code to run directly on a CPU and manipulate memory

I missed this the first time around. WebAssembly is sandboxed exactly like JavaScript is. It is neither more secure nor less secure than JavaScript.

Re:Looks good to me

[guruevi]

If that is the case, that WebAssembly calls the JavaScript engine to execute calls, it can't be much if any faster than well-written "native" JavaScript, it's more akin to some sort of JS library baked in and optimized for the browser and compile from language x (including C) to JS (perhaps asm.js which also was a Mozilla-thing).

In that case it's "meh, another JS library" not a replacement for JavaScript like many want C or Python natively in the browser like JavaScript and we've seen previously what 'languages' with native execution permissions (ActiveX) can bring you.

Re:Looks good to me

[steveha]

If that is the case, that WebAssembly calls the JavaScript engine to execute calls, it can't be much if any faster than well-written "native" JavaScript

If what you want to do is make JS API function calls, like popping up an alert(), then no it won't be any faster than just using JS for the purpose. But WebAssembly runs the Unreal engine quite a lot faster and smoother than JS would. The fine article included a link to the "Zen Garden" demo which runs in a web browser:

https://www.youtube.com/watch?v=TwuIRcpeUWE

WebAssembly will open up new use cases, like smooth 3D games running in the browser. Things like Google Apps will run much more smoothly. We'll see if that turns out to be a big deal or not; I think maybe it will be.

Re:Looks good to me

[Pieroxy]

The thing that is slow with JavaScript is and has always been the DOM. WebAssembly will not fix that. So your program that ran in 2 seconds, 200ms of which were JavaScript and 1.8 seconds the DOM will now run in 1.9 seconds. Meh.

Lack of One Rich American Called Larry Ellison

[tepples]

The first difference I see is that wasm is not encumbered by Oracle's licensing restrictions. In addition, wasm is designed such that traditionally unmanaged languages like C++ can compile to it, whereas the JVM and CLR impose type system constraints that make it hard to define how to compile something like standard C++.

Web Assembly versus the cloud

[raymorris]

I also like to save my work locally. I don't like to do everything via the cloud. Let's be specific about what that means:

The cloud:
The real work of the application is done on some company's servers. Your machine is only the UI.

Web Assembly and asm.js (and C, C#, Swift etc):
The application runs on your local computer. The whole thing is on your computer, not just the UI.

Javascript is rather slow (thousands of times slower than C), so you don't do video editing in Javascript, Javascript sends your data off to some server that does the actual work. C, C#, Swift, and Web Assembly are fast, so they can do video editing locally, without sending anything to any server.

In C, C#, Swift, or Web Assembly you *could* write an application to send the completed output to Dropbox or Google Drive, but there is no need to do that. You can save your work locally if you want to.

The only required difference between the traditional applications you're accustomed to and Web Assembly applications is that Web Assembly applications don't have to be installed. Both do the work locally, and can save the work locally - even on a device with no network connection. Obviously to get the application in the first place, any application, you need either a network correction, a USB stick, or some other way of getting the code to your computer.

Re:Web Assembly versus the cloud

The only required difference between the traditional applications you're accustomed to and Web Assembly applications is that Web Assembly applications don't have to be installed. Both do the work locally, and can save the work locally - even on a device with no network connection. Obviously to get the application in the first place, any application, you need either a network correction, a USB stick, or some other way of getting the code to your computer.

Bullshit. The problem with your idea is that both the browser and the software (Javascript or WebAssembly which is basically a subset of Javascript) are moving targets.

Show me a web browser from 1997 that can render a Javashit-laden page of today.

Show me a Javashit-laden page from 1997 (with a scrolling marquee in the status bar, a BLINK tag, or other such abominations) that renders the same way on a 2017 version of Chrome.

Meanwhile, I have 16-bit DOS binaries from 1987 that run fine in DOSBox on WIn10. (Outside of DOSBox, they started acting wonky in XP when NTVDM ate 100% of a core on XP but only really stopped working and 64-bit CPUs...) And I have 20-year old 32-bit Windows binaries that work fine in 95, 98, NT, 2000, XP, Vista, 7, 8, and 10.

I'm not suggesting that browsers and OSes need to have multidecade backwards compatibility, but web browsers and the "standards" they support tend to break things within months, not years. That's great if you're developing/deploying a SaaS thing and want permanent employment as you play catch-up with web browsers that get released monthly. But it doesn't serve the end user's need. And forgive me for not sounding very agile here, but the end users really are the people for whom we're coding this stuff.

LibreJS

[tepples]

In theory, one could extend LibreJS to support WebAssembly. In practice, I imagine few major for-profit web sites would bother to support LibreJS, particularly because all major web ad networks track users from one site to another using proprietary JavaScript.

Some people want to have to install software

[tepples]

The only required difference between the traditional applications you're accustomed to and Web Assembly applications is that Web Assembly applications don't have to be installed.

I have gathered that many users of Slashdot actually want the barrier of installation because it protects a user from code that he hasn't explicitly chosen to run. Some even want the barrier of compilation because distributing source code to the public discourages underhanded behavior by putting a program's developer on notice that any third party could audit the code.

Both do the work locally, and can save the work locally - even on a device with no network connection.

I thought web applications were subject of a quota of 5 MB of local storage per origin. You aren't going to be able to fit a lot of video into that, unless by "video" you mean a vector or sprite animation analogous to what people used to use Macromedia Flash to build. When was this increased?

The web also has paywalls

[tepples]

Nothing is stopping you from installing your own web server and use these apps on your intranet. But most people don't like paying thousands of dollars for software anymore.

Nor do they like paying thousands of dollars over the course of several years for a subscription that allows access to what FSF calls "service as a software substitute". Just because it's on the web doesn't mean it's available without charge.

Mozilla Internet Health Report: Digital Inclusion

[tepples]

Unless I'm targeting the developing world or writing games I'm not sure I see the use case.

If you follow @Mozilla on Twitter, you'll get an idea of how Mozilla is "targeting the developing world". See, for example, the Digital Inclusion section of its Internet Health Report.

Re:Firefox - jack of all trades, master of none.

[tepples]

Those other things are better suited for local applications. Ya, I know: but, but, but ... no buts.

Good luck rewriting said "local applications" from scratch when the available "local applications" are made for a platform other than the one you use. Even with a cross-platform UI toolkit such as Qt, an application's developer still has to make a conscious business decision to compile, test, and ship for each platform.

Re:Repeat after me

[tepples]

Then for which operating system should a developer make applications, if not the browser?

It will be slow anyway

[Blaskowicz]

Obviously this will allow much faster "apps" but we all know what that means. Tons of "features" i.e. yet more bloat and "innovation" i.e. new version of shit that looks like it's for cell phones and runs 4x slower.
Javascript engines got a lot faster a few years ago and all we got was a ton of garbage and google making their "Maps" excruciatingly slow unless you run brand new hardware. Also, javascript Doom got taken off the internet for copyright infrigement and all the games are on Android Google Play anyway.
Devs, stop masturbating to your i5/i7 laptop and your Samsung S7 and don't forget to also test on sensible specs like 1GHz and unsupported AMD graphics. People aren't interested into upgrading every other year to a computer that can run Crysis just to do the same things we did back in 2005 or so.

Re:Hard to argue against Betteridge here

"Well, Google Chrome 57 also incorporates WebAssembly, and soon, so will Safari and Edge. If you're interested in the future of the web, I suggest you read all the articles, they are quite interesting. I think it's the only chance the open web has against the best defense against advertisement blocking today."

FTFY.

Re:What about threads?

[Mr0bvious]

Like Posix threads?

Yep.

You don't need a browser to run downloaded code

[ffkom]

It's beyond me why people confuse operating systems with web-browsers. Being able to run code from somewhere on the net and executing it locally (either sandboxed in a virtual machine or directly on the hardware) is something every major operating system has been able to do for many years.

And there have been good reasons why operating systems got safety mechanisms to not overly trust code from somewhere on the net.

Having a browser instead of an operating system do that just means to exchange the expertise and security awareness of operating system programmers with the utter lack of skill and security awareness of pixel-pushing GUI application programmers.

Re:You don't need a browser to run downloaded code

[tepples]

Being able to run code from somewhere on the net and executing it locally (either sandboxed in a virtual machine or directly on the hardware) is something every major operating system has been able to do for many years.

But can you run the same code in all five major end-user operating systems (Windows, macOS, GNU/Linux, iOS, and Android)? Or do you have to beg an application's developer to recompile it for your platform?

Re:You don't need a browser to run downloaded code

[Blaskowicz]

But the operating systems don't always do a great job. For example, linux distros require software to keep being updated and maintained forever so that it stays compatible with what's reasonably current. So, it seems like we'll be stuck forever with Gimp, Inkscape, Blender, Audacity, Libre Office etc., not that there's necessarily anything wrong with these but there's not much else at all. Little new software (e.g., deadbeef music player) compared to a decade ago, besides new versions of toolkits and libraries and the move to 64bit so that stuff is less buggy and eats a lot more RAM.

There are other platforms, which are spyware and are incompatible with each other, like Steam, Microsoft Store and Google Play. Of course Web Assembly will be all too easily exploited for applications that are spyware (e.g. make some application that requires a log in and store data about every single thing the user did), though it technically doesn't have to.

Re:You don't need a browser to run downloaded code

[JDG1980]

It's beyond me why people confuse operating systems with web-browsers.

Because if we can turn the web browser into a real, workable OS (not the half-assed imitation it is now), then we can break the monopoly of Microsoft Windows once and for all.

Re:You don't need a browser to run downloaded code

[vtcodger]

Once you get things more or less right, perhaps you ought to quit "improving" them. If it ain't broke, don't fix it. Microsoft needs a new version of Word and Excel with incompatible file formats and a new constellation of annoying bugs every three or four years for business reasons. But do the users? Not that I can see.

Re:You don't need a browser to run downloaded code

[ffkom]

If you are willing to limit your applications to a common subset of instructions and interfaces, like WebAssembly and every high-level-programming language does, sure.

People could have agreed e.g. on the Commodore 64 to define the virtual machine to run downloaded code in, there already are C64 emulators for all major operating systems - perfect compatibility guaranteed.
Of course, you say: "But that would have limited what WebAssembly can do to what the C64 could do!" - yes, that is true, and any other "WebAssembly" virtual machine will have the same flaw: It will restrict the possibilities by defining a VM, trading in flexibility for compatibility.
Some soon coming day, a company (like MicroSoft) will state "we enhanced WebAssembly's limited capabilities by adding feature X" - and voila! - you'll have incompatible WebAssembly environments again, just like you have incompatible environments for running x86 assembler right now.

Re:You don't need a browser to run downloaded code

[ffkom]

The first thing MicroSoft will do when WebAssembly becomes a success will be introducing additional "features"/interfaces in their Windows browser, making sure that their deciples program WebAssembly software that will run well only under Windows. It has always been like that. Doesn't matter whether the abstraction layer is called "WebAssembly" or "POSIX" or "JavaScript".

The long-term security impact:

[Narcocide]

This will be the worst thing to happen to the internet since Internet Explorer.

Web browser within WebAssembly

[WaffleMonster]

The ability to implement a web browser within WebAssembly is going to change the Internet forever. No more downloading and installing browsers. This is so exciting.

Re:Web browser within WebAssembly

[MichaelSmith]

This was HotJava from 20 years ago.

Re:No thanks.

[epyT-R]

No. They're constantly changing, spying, cpu hogging, oversized, clunky, bloated, unnavigable abominations meant for fisherpriced mobile junk.

Disappointing outcome

[wllang]

I worked on this development for over two years, since before the WebAssembly CG was created, and have been demonstrating some of the best performance from asm.js and wasm style code, and I believe the process and outcome has been somewhat of a failure. There are some positive outcomes, such a set of operators, but this seems just a small step from asm.js (adding some 64-bit operators etc).

At the end of this process it became clear that seeking a single virtual machine or encoding was not a good outcome, because it means that the web community is stuck with the lowest common supported feature set. It seems that the key enhancement that was required was a translation layer from the deployed binary to a VM that might be somewhat specific to particular web browsers, plus a build process. This would have allowed the major web browsers to offer different competing solutions and web developers could still target code to them by having the translation layer rewrite for each. While this can be done in part with the wasm 1.0 version released, I do not believe this is well supported because it needs to work very well with streaming and caching.

Caching can work well with named sources and their versions and the dataflow that produces the translated output and the compiled output. For these products to be safely shared across origins the web browser needs to control the inputs into this build process - a defined and sandboxed build pipeline was needed. Scheduling of the builds could also be far better managed by the web browser using global knowledge that is not practically available to each context.

Optimizing memory accesses is also critical. The key sandbox requirement is to ensure that accesses to the linear memory are contained so safe. To achieve near native performance requires some design attention to this challenge. My impression is that the design of wasm assumed only that memory protection would be used to efficiently catch accesses that are out of bounds. Early on I had been demonstration very good performance using a pointer masking technique, so to mask off the high bits and have the VM derive that the index is within bounds, and even for translated C code this was giving very good performance. For code that uses tagged points and naturally masks off these tags it could mask off the high bits at the same time almost for free. For this to work well requires that the memory be a power of two plus a spill area, and that the masking be baked into the code, and this could be done in a translation layer if the linear memory size were negotiated and an input into the pipeline. The WebAssembly project just would not accommodate this use case, my patches across JS compilers were stalled and some still sit there today with no progress in the past two years.

With pointer masking it helps to move the masking before small offsets are added to indexes, so that the machine index+offset instruction addressing modes can be used, and this helps hoisting the masking and reduces register pressure etc. One complication is that this only works assuming the index is non-negative so the offset does not wrap the index. Some C code would break without extra care. Emscripten refused to merge patches to improve support for this, claiming that it was not a good approach. Guess what, wasm adopted a similar memory access offset restriction, that indexes must be positive! There is a lot more to optimizing this, and I see little progress in the past two years. I can still demonstrate some of the best performance.

Another memory related optimization is to be able to place the base of the asm.js/wasm linear memory at absolute zero in the address space, so that a register is freed from having to point to this base, and so that the machine instruction addressing modes can be better exploited to help the code. I had demonstrate how much this helped well before the WebAssemembly CG was created. Practically many systems already protect access to the low pages, so for code to use this strategy it would need to avoid using th

Lacks Metadata and Signatures

[laughingskeptic]

The module definition http://webassembly.org/docs/mo... omits basic metadata such as author and version information and there is no defined place to sign the binary. I know they want small but I am sick and tired of browsers having to run unattributable code. Their security model looks like it ignores attacks such as an "enhanced" advertisement filtering all browser key strokes from a background thread and sending them home.

Mod parent up?

[Sits]

It's hard to know for sure because the account that posted the parent comment seems to be new and it's unclear who the commenter is in real life but this seems to be a well written complaint about the outcome of WebAssembly. I did a quick search and it doesn't immediately look like a copy/paste of critique from elsewhere so it seems a shame to see this slip below the waves. Sadly, I suspect few will see it because this story has passed the "breaking news" point...

Re:Mod parent up?

[lucasnate1]

I am not sure if I understand his complaint. Do you?

Re:Mod parent up?

[vtcodger]

Good question.

I think he might be saying that the underlying wasm "engine" is capable of doing really good stuff but the product built on top of it is mediocre at best?

Re:Mod parent up?

[wllang]

PNaCl appears to still uses NaCl to sandbox the code, so it would appear that PNaCl could have been a user definable language that translated to NaCl on the client side to run, so perhaps not so interesting from the perspective of a sandbox VM. Whereas wasm can be validated in a single pass decoder and runtime bounds checking emitted as necessary. Some distinctions that help here are that wasm has structured control flow, blocks and loops, and a 'safe' stack, and indirect functions are referenced by an index into a table. I had been trying very hard to get better type derivation into the JS compilers so they could better optimize away bounds checks known to be unnecessary, I don't think PNaCl could do that, but this work was effectively blocked in v8, firefox, and jsc (some patches remain open, some just closed). As it is some wasm VMs emit inline bounds checks and some use memory protection etc, so more flexible than NaCl. My impression is that NaCl (the PNaCl sandbox) is too close to the machine code requiring machine code patterns to be verified, and that a slightly higher level language that allows some re-writing (bound check styles etc) as the code is emitted has more potential. Wasm is designed to be decoded to SSA in a single pass, but fwiw I don't see loops decoding to simple SSA so easily, and I think it would have helped a lot to have encoded the loop stride explicitly and other design work appeared necessary in the area of loops.

Getting back to the idea of a translation layer and build file, if these had been defined then it might have been possible for web developers to target NaCl where available and asm.js otherwise, from the same web developer defined encoding on the client side. The web browser could do the caching and even share the cached results across origins as it could trust the build process. Thus in the end the focus on a common wasm language seems to have missed the key design requirement. Wouldn't it have been great if instead we now had the infrastructure to allow the web browsers to compete for better encodings and VMs and web developers to work on languages and encodings upstream of the translation layer.

Another languag already compiling to WebAssembly

[rodia]

Nim compiles to C and then to wasm via emscripten. My favorite among the newcomers with automatic memory management, mainly because it's simple and offers pretty powerful metaprogramming and can do functional when necessary.

the single, privileged *DYNAMIC* language, that is

[rodia]

Maybe my english isn't good enough, but if "dynamic" means "dynamically typed" here, then the sentence as a whole doesn't mean too much. WebAssembly (wasm) is clearly a target for mostly statically typed, compiled languages. And future plans point to direct access to the page DOM and other Web APIs. If this becomes real, I will happily forget about JavaScript for ever..

Re:No thanks.

[vtcodger]

I agree. Unless/Until we build a parallel internet for banking and serious infrastructure stuff, the proper replacement for Javascript is no scripting at all. The notion that anonymous folks somewhere in the world can ship us arbitrary computer programs to run on our machines without creating a massive security issue is really quite bizarre. But scripting is sandboxed and therefore perfectly safe? Right. And free markets with no regulation will make us all wealthy beyond belief.

There are a handful of sites -- e.g. Google Maps -- where the benefits of scripting clearly outweigh the risks. And I don't have any problem with turning on scripting for those sites. But mostly, script seems to be used by lazy/incompetent/demented web designers (is there a difference?) to implement annoying "features" or even to do stuff that could equally well be done (probably better) with html/css.

Re:Firefox - jack of all trades, master of none.

[vtcodger]

"Seriously, you're not Emacs."

Emacs is a remarkable accomplishment. And it's easy to see how the handful of folks who can memorize the bizarre key bindings and innumerable conventions and navigate the buffers efficiently could love it and find it to be enormously satisfying and productive environment. But it's not something most of us can use, much less use effectively. A road better not taken I think.

Like Java Applets?

[dromgodis]

Honest question: How is this different from the much maligned Java Applet concept?

Inner Platform Effect

[CnlPepper]

I'm just going to leave this here: https://en.wikipedia.org/wiki/...

If you want native speeds, use the OS. This is doing nothing more than complicating development - now rather than just OS differences you have every possible permutation of OS and browser to deal with when bug fixing.

Creative Cloud, MSN Messenger, Copy, Xbox Live

[tepples]

A web app lives and dies on the whim of the developer, which can go bankrupt or be DDoS'd out of existence overnight

So do some kinds of native app if they can no longer connect to the developer's server that provides user license verification, communication with other users, or communication with your other devices running the same app. Examples include applications in Adobe Creative Cloud (once your subscription expires or once Adobe stops offering a particular application), MSN Messenger (which was shut down in favor of Skype), and the "Copy" file sync client (which was discontinued), respectively. Another example is any game for the original Xbox (2001) that uses Xbox Live.

After all, how many people run an web browser offline?

The goal of things like Service Workers is to make this practical. Google has lately been promoting "Progressive Web Apps".

One Rich American Called Larry Ellison caused this

[tepples]

So, in the end, it's another competitor to Java, and the question I have is why is that necessary?

It's necessary because a company with the corporate culture of Oracle Corporation acquired a company with the corporate culture of Sun Microsystems. All four major web browser publishers are expected to contribute independent implementations of the WebAssembly virtual machine to the public. The license for the Java spec, on the other hand, prohibits distribution of incomplete work-in-progress implementations to the public, forcing all reimplementations to be developed in private by a single entity.

In addition, the Java virtual machine has several limits that reportedly keep it from being an efficient target for a C++ compiler.

Re:A subset of FORTRAN, a language 60+ years old.

[vtcodger]

"Looks like someone doesn't understand how computers work."

True, but maybe you can cure your ignorance by taking a class or something.

Re:Firefox - jack of all trades, master of none.

[fahrbot-bot]

"Seriously, you're not Emacs."

Emacs is a remarkable accomplishment. And it's easy to see how the handful of folks who can memorize the bizarre key bindings and innumerable conventions and navigate the buffers efficiently could love it and find it to be enormously satisfying and productive environment. But it's not something most of us can use, much less use effectively. A road better not taken I think.

Agreed and, just noting that, I've used Emacs since the mid 1980s and am a big fan. To be fair, the key bindings aren't really that bizarre and most are pretty logical (and you can re-bind them as you like, but I recommend against it and, for commonality, I only add using unbound sequences), but the learning curve is a bit high.

Disabling WebAssembly in Firefox 52

[michael_wojcik]

Should anyone be crazy enough to want to disable WebAssembly support in FF,[1] use about:config to set javascript.options.wasm to false.

[1] I am, and did. There are so many config options that I can't bear to read through them all, but when my attention is drawn to a new feature like this, typically the first thing I do is find the option to disable it. If it's new, chances are I don't want it.

Can we ditch CSS and HTML too?

[PeterMcAtomineyStrø]

I'm fed up of having to use JQuery and Bootstrap for the most basic of layouts, and spending 10 minutes moving a text 3 pixels to the left. When you have a programming background it's painful to have to use SQL/php/CSS/HTML AND Javascript for what would take 5 minutes native. I predict WebAssembly will be used for EVERYTHING.

Re:Firefox - jack of all trades, master of none.

[Actually,+I+do+RTFA]

So convince people to use Java. Javascript is just even worse trhan that. Or use open source and recompile. There are like 1000 other solutions that don't confuse "software is crossplatform" and "software should auto-run in a browser when you visit a webpage".

Commodity computing 101

[lucm]

15k gets you several nice machines to run in HA/Failover for a roll-your-own linux groupware system with enough left over to pay for a small AWS instance to run a backup VM on in the event of a catastrophic disaster that burns your entire office to the ground.

I'm not seeing the point you were trying to make.

Ok, since you don't get it, please think about these:

- who maintains those servers
- who does the backup and where do you store it
- who monitors those servers
- who maintains the blacklists, spam rules, etc.
- who creates mailboxes and how
- how fast can support react to support tickets, such as password resets or lost emails recovery
- who pays for the power and cooling of those several nice machines, and how much is it
- what about physical security for those machines
- where is the DNS that allows a smooth failover and how do you address webmail failover
- what kind of link do you maintain between your on-site servers and your cloud server, and how much does it cost (I'm assuming vpn)
- what is your DR strategy if you lose your nice servers? because then you've got a spof
- from which budget are you going to take $15k upfront since you'll also have monthly fees for the same service

Besides the fact that the building burning down is an extreme scenario (as opposed to common ones like power failure, hardware failure, theft, internet connection issues, blacklisting of the outbound IP following a malware incident, etc). your approach also only works if the company has:
- someone on-site 24x7 and costs nothing
or
- someone who is available within minutes 24x7 for a ridiculously low fee

See, that's the point with using cloud providers for commodity computing (such as email). Google or Microsoft (and now Amazon) are the ones dealing with all those issues and they're better equipped than some local guy and his 2 servers running in a closet. You can't compete with them, not at this price. Otherwise that's like thinking that running your own power plant is more cost-effective than being connected to the grid.

Move on. There's plenty of areas even in IT infrastructure where the cloud providers can't compete at an acceptable price (ex: anything that requires a lot of memory or cpu), but email is not one of them.