All Major Browsers Now Support WebAssembly

An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

Original Article

[theweatherelectric]

Better to get content from the source. BleepingComputer appears to just read Mozilla blogs and repackage them as its own. Here's the original Mozilla blog post.

Re:Original Article

RTFA! The 2 articles are very different. Just because they're on the same topic doesn't mean they're the same thing. Get a clue.

Re:Original Article

Oh, ./ editors...

Re:Sick of idiots and bump stocks... apk

nobody wants your hosts file generator

"Opera and Vivaldi also rolled out the feature"

Pathetic wording. They ARE nothing but Chromium!

Re:"Opera and Vivaldi also rolled out the feature"

[darkain]

And Chrome is just Chromium. And Chromium is just Blink. And Blink is just Webkit. And Safari is just Webkit. And Webkit is just KHTML. And Konqueror is just KHTML. And KHTML is just KParts... PATHETIC!

Re:"Opera and Vivaldi also rolled out the feature"

Opera maybe, but Vivaldi is significantly improved over Chromium.

What is pathetic wording is including Edge among the major browsers. Nobody uses Edge for anything except to download a real browser.

Well that's unfortunate.

Already about 1/2 of web pages I can only get to work by using "view source" and clipping out links from the source which for some idiotic reason the site wants to demand javascript to do something that pure HTML could do just fine, such as display an image or move to another URL when you click on the link.

Can't wait until that has yet another layer of obscuration due to WebAssem.

The modern web's idiocy only ever grows larger and larger. Can't wait for WebAssem based obscuring images over the text you're trying to read, or more obscured privacy obliterations or the like. At least firefox will have a way to shut that idiocy off.

Re:Well that's unfortunate.

Just wait for WebAssembly to be the next Flash/malware ad vector.

Personally I hope it fails. The web browser should never have been an "app" ecosystem, because browsers can't keep their shit together.

Re:Well that's unfortunate.

[lucm]

Already about 1/2 of web pages I can only get to work by using "view source" and clipping out links from the source

Whatever possible damage you think javascript can cause you is tiny compared to your current nightmarish internet experience. Maybe it's time to move on.

Re:Well that's unfortunate.

[TheRaven64]

I have a colleague working on formal verification of WebAssembly. Part of this has involved fuzzing various WebAssembly implementations. There are a lot of bugs in all of them, though Edge is by far the worst (reproduceable crashes are hard, because it crashes randomly on most of his test inputs, but at different points).

It's also a pretty horrible design. It's replaced HSAIL as my go-to example for how not to design a good IR.

Re:Well that's unfortunate.

Just because YOU love ads, popups and redirects.

For those of us who don't, "nightmarish internet experience" is exactly what you get with Javascript enabled.

Re:Well that's unfortunate.

[TheRaven64]

If you send a lot of random shit at something, of course it's going to crash.

If your thread model for something that is expected to accept random crap from the Internet is 'it's fine as long as input is well formed', then you are going to have a lot of fun dealing with security vulnerabilities. Contrary to your assertion, well-written code does not crash when you send it a lot of random shit, it gracefully handles errors.

Re:Well that's unfortunate.

[gbjbaanb]

or you could use Ublock origin and ghostery....

Re:Well that's unfortunate.

[DrXym]

Browsers have to deal with random shit and not crash. By definition. Otherwise they are exploitable in some form or another.

Re:Well that's unfortunate.

> If you send a lot of random shit at something, of course it's going to crash.

Oy! Is that what they teach in CS curricula these days?

Back in the day, we tested by throwing random shit at the software until it didn't crash.

Re:Well that's unfortunate.

Exactly! Stop being different, get baa-aa-aack in line.

Re:Well that's unfortunate.

[Lost+Race]

how not to design a good IR.

InfraRed? Irreproducible Results? Infinite Radix? Inscrutable Raven?

Re:Well that's unfortunate.

[houghi]

Move on? You mean out of my moms basement towards the yellow shiny circle?

Re:Well that's unfortunate.

[ShanghaiBill]

I have JS enabled, and I rarely see ads. The ads that slip through Adblock are mostly hardcoded in HTML, so you would see them too. I never see popups, unless they are from sites where I have specifically enabled them, such as my bank.

Instead of disabling JS, maybe you should just spend two minutes configuring your browser.

Re:Well that's unfortunate.

Already about 1/2 of web pages I can only get to work by using "view source" and clipping out links from the source

The solution to this is to block the site and hit your back button.

Life is too damned short to waste time of badly written web pages. If it doesn't run with scripts blocked, and you can live without the content, ignore it.

Javascript is used for bad navigation, locking down content, and ads. There's very few sites I allow to run javascript, the rest I ignore.

Re:Well that's unfortunate.

[jez9999]

At least firefox will have a way to shut that idiocy off.

It does at the moment but as part of their chrome-parity drive they're going to remove that feature to improve the browser.

Re:Well that's unfortunate.

https://en.wikipedia.org/wiki/IR
I'm guessing you mean Intermediate representation, but for all I know you mean Independent-Republican Party of Minnesota.

Re:Well that's unfortunate.

I use a site where half the links randomly fail. By disabling CSS they work! view menu/page style/no style.

Re:Well that's unfortunate.

That doesn't sound like a code standards problem, it sounds like a browser issue. Or maybe some JS messing with the styles.

Chrome & Safari are only browsers that matter

Let's be honest with ourselves here, as of late 2017 the only browsers that matter are Chrome and Safari. Together they have about 85% of the entire market. IE/Edge comes next. Firefox, Opera and Vivaldi barely register.

Chrome, and to a lesser extent Safari, define what the web is. If they don't support a web technology, it effectively does not exist. If they support a technology, it's a standard.

Wasm's success will be fully determined by how well Chrome and Safari support it. It doesn't really matter if Firefox does or doesn't support it. Firefox's 2% or 3% of the market doesn't matter at all.

Does browserd support it?

And is it integrated into linuxd?

Re:Chrome & Safari are only browsers that matt

[theweatherelectric]

Firefox, Opera and Vivaldi barely register.

So change that. Apathy is useless. Use Firefox or Opera or Vivaldi.

Java Applets

20+ years later we can have what Java Applets probably should have been.

Re:Java Applets

[presidenteloco]

Yes. This sounds an awful lot like browser-based java virtual machine circa 1995. Good to see its time has finally come, in that people are now actually ready for the concept.
Back then, arguably, it was mainly Microsoft that killed it by not allowing Sun's technology into Internet Explorer without insisting on mangling it to a non-interoperable version.
Good that there are some saner heads prevailing for try number two.

Re:Java Applets

[Jeremi]

Wasn't it Oracle that finally killed the Java applet? At least, my web browsers happily ran Java applets for a number of years, until Oracle took over Java and suddenly every web browser started refusing to run applets, even when you begged it to.

Re:Java Applets

That's because they changed the safe word.

Re:Java Applets

[dmpot]

This sounds an awful lot like browser-based java virtual machine circa 1995.

It only appears so at first glance. WebAssembly is a logical continuation of asm.js, which based on experience of developing of high-performance JavaScript engines. The goal of WebAssembly is to use existing Javascript engines to archive close to C performance within browsers, i.e. something that asm.js already does to lesser degree. In contrast, Java VM was developed to run independently from web browsers, and though you can run it inside a web browser, it's not integrated nearly as well with the browser.

In many ways, WebAssembly is very different than JavaVM. For instance, WebAssembly does not have a GC, while JavaVM relies on it. WebAssembly allows only structured control flow, while you can have an arbitrary control flow in Java. (The restriction on the control flow makes validator for WebAssemply bytecode rather trivial, which helps both with loading speed and security.)

In short, WebAssembly is a VM developed with web browsers in mind, while JavaVM was developed with different priorities.

Re:Java Applets

[TheRaven64]

WebAssembly is explicitly designed to be separate from a web browser. The working group is actively seeking non-web uses and has not provided DOM integration in the first versions (you must go via JavaScript to touch the DOM). Oh and the restriction on flow control in WebAssembly is brain dead: validating CFI for arbitrary graphs of basic blocks is a solved problem and was a decade ago, but trying to compile a C codebase using goto or some of the more interesting variations on a switch statement into WebAssembly requires O(n^2) algorithms and potentially an O(n^2) increase in bytecode size, which the WebAssembly JIT has to then undo to be able to generate something whose performance doesn't suck.

Re:Java Applets

[skids]

Interesting... I have to say I wasn't overly impressed by the bits of wasm implementation I saw when it was first announced. Sounds like they have gotten further along but also made a few mistakes along the way. Like the JVM not having unsigned ints, little things like that can have really icky consequences when the rubber hits the road.

I wonder if the control flow prohibition is cultural or technical baggage from the "I have an axe so every problem fits in a tree structure" DOM shortcomings.

Re:Java Applets

[TheRaven64]

I suspect that it's largely a requirement to be easy to implement in JavaScript (their incremental deployment model involves providing an inefficient but working JavaScript implementation). JavaScript doesn't allow non-reduceable control flow, so you need to expand it (you can do so, but by copying all of the possible control flow paths into things enabled with flags, which can end up with lots of code duplication).

Re:Java Applets

[dmpot]

The working group is actively seeking non-web uses and has not provided DOM integration in the first versions (you must go via JavaScript to touch the DOM).

Emscripten allows to integrate this javascript directly in your C++ code, so touching DOM from C++ is not a real problem.

validating CFI for arbitrary graphs of basic blocks is a solved problem and was a decade ago,

AFAIK, the Java bytecode verificator does not handle some corner cases, and it is so complicated that it may contain security bugs. So I would not say that the problem is solved in general...

but trying to compile a C codebase using goto or some of the more interesting variations on a switch statement into WebAssembly requires O(n^2) algorithms and potentially an O(n^2) increase in bytecode size, which the WebAssembly JIT has to then undo to be able to generate something whose performance doesn't suck.

WebAssembly requires the compiler to do a bit more work, but it makes the verificator much simpler and faster. If practice shows that WebAssembly does not handle switch statements well enough, WebAssembly can be extended in the future to handle it as a special case. I see no reason to support arbitrary graphs.

Re:Chrome & Safari are only browsers that matt

Firefox's 2% or 3% of the market doesn't matter at all.

Firefox is currently the 3rd most popular, with 13% market share. source.

This is great but.

[Mr0bvious]

It's not much use until the vast majority of users have adopted these compatible browser versions.

Not being intentionally negative, but how long will this take in reality?

Re:This is great but.

A week or two, tops?

(What browser do you think people are using that doesn't receive regular updates?)

Re:This is great but.

[Kjella]

At 65% at the moment, if you look at usage you'll see it's only iPhone 10.3 and Edge that's likely to switch... Opera Mini, UC Browser, Samsung Internet etc. are old phones that occasionally are used for the web and IE11 is also just for compatibility. I think it's to the point where you could have WebAssembly + fallback the same way you should have JavaScript + fallback for NoScript users today. Or if it's dependent on new functionality, just say you need to upgrade. Not every site needs to support 100% of the users.

Re:This is great but.

[Daltorak]

It's not much use until the vast majority of users have adopted these compatible browser versions.

Not being intentionally negative, but how long will this take in reality?

Not long.

caniuse.com says that 67% of browsers currently in use in North America support WebAssembly. The 33% breaks down like this: 10% iOS 9/10, 6% IE, 4% Edge, 3% Samsung browsers, and 10% for every other rickety thing out there.

Give iOS 10 -> 11, Safari 10 -> 11, and Edge 15 -> 16 upgrades another 3 months to roll through (these are all safe and good-quality updates), then WebAssembly availability will be over 80%. That's good enough to take a dependency on. Millions of people keep on using IE, Android Browser and Opera Mini, which aren't getting any updates at all, and nearly 100% of those people have access to another device or browser which does support WebAssembly.

Re:This is great but.

It's not much use until the vast majority of users have adopted these compatible browser versions.

Not that I think it's particularly useful, or even know the nuance of what it really is, but I'll contradict this. If there are 10 million potential users today, and 100 million in a year, and a billion in 5 years, you can't rightfully characterize it as "not much use until". If it is in fact useful at all, it seems apparent there is a plenty much useful potential user-base out there.

Re:This is great but.

[omnichad]

MSIE - and yes, there are a LOT of people using it, even on Windows 10.

Re:This is great but.

how the hell is this "great" in any sense of the word?

the regular user is totally fucked here. we will no longer be able to monitor and audit the content of web pages and the scripts. ad blocking will get more difficult, verifying the safety and security of web pages will get more difficult; while tracking users, exploiting browsers and planting unwanted software will become easier.

Re:This is great but.

[theweatherelectric]

we will no longer be able to monitor and audit the content of web pages and the scripts.

False. Read the FAQ.

Re:This is great but.

That text format is not the source, it's closer to what you get when you disassemble Microsoft Office.

Once the advertisers switch to web assembly, blocking ads will be as hard as getting Microsoft Office to not require activation.

Re:This is great but.

[Joce640k]

MSIE won't have this. Ever.

It's been feature-frozen for years now.

Re:This is great but.

[omnichad]

Exactly my point.

Re:This is great but.

[omnichad]

Have you looked at minified JS lately? It might as well just be bytecode that can be disassembled. It's already no loss in comparison.

Re:This is great but.

[tepples]

What browser do you think people are using that doesn't receive regular updates?

Firefox ESR doesn't have WebAssembly.

People continue using Firefox ESR because it still runs XUL extensions. People continue using XUL extensions because the WebExtensions framework lacks counterparts to APIs on which XUL extensions relied. For example, WebExtensions lacks anything like XUL keysets, which makes it impossible to override keyboard shortcuts. This has been reported as bug 1325692, which was marked "wontfix" for Firefox 57. Gregorio "Lord Kamina" Litenstein, developer of the Keybinder extension, gave up when he realized that WebExtensions lacked a way to override keyboard shortcuts and wouldn't be getting one any time soon.

Re: This is great but.

You do realize they have unminifiers right?

Re: This is great but.

[omnichad]

Yes. Hence my own comment

might as well just be bytecode that can be disassembled

It doesn't turn it back into the original source. It just makes it barely readable/traceable.

They've gone full inner-platform.

https://en.wikipedia.org/wiki/Inner-platform_effect

Now all we need, is a CPU that natively executes WebAssembly, and run a Browser in it, to come full circle.
(Because we already had jslinux. :)

Re:They've gone full inner-platform.

A most excellent idea. I shall henceforth begin implementation of a javascript virtual machine for that native-webasm running CPU....

Re:They've gone full inner-platform.

[omnichad]

jslinux?

The idea is much older. What about native java bytecode CPUs?

Re:They've gone full inner-platform.

It needs to be run on lower level than normal cpu. Just like your minix.

Re:They've gone full inner-platform.

[Doctor+Memory]

The idea is much older. What about the the Pascal MicroEngine, which executed p-code?

Re: They've gone full inner-platform.

[tigersha]

Running on a few ing on your finger, no less

Re: They've gone full inner-platform.

[tigersha]

A ring i meant. Thank you spell checker:(

If you had ever tried Vivaldi ...

You'd know, that its UI philosophy is the opposite of the minimalistard one of all the other Chromium-based ones. Including Chrome.

Have we not learned?

We are doing this because javascript in browsers went so well thus far?

Re:Rust is becoming the language of choice

I agree. I'm a PHB in Java-based enterprise DevOps solutions and all our new applicants are required to have a firm grasp in the Rust(R) programming language.

Rust(R) is an essential element in our strategic vision as an agile and ascendent corporate citizen.

Re: Rust is becoming the language of choice

Fanboy much?

AWAY from Javascript

Well, we are stuck with Javascript for the time being even with WASM because all the browser tooling is for Javascript... but at least the foundation has been laid for using a non-bizarre programming language for the client in the future. Whatever it may be, it HAS to be better than Javascript, the dog turd of the Web.

Re:AWAY from Javascript

[jarkus4]

Stable and universal webassembly would be already enough to do it. You can just write app in whatever language you want and cross compile it. There are already quite big apps on the web that are created this way (ported to js from mobile by cross compiling).

Okay, but ...

[fahrbot-bot]

Is this a good or bad thing for the end-user, meaning *me*, and, if not good, how do I disable it?

Re:Okay, but ...

[modmans2ndcoming]

um....good.....smaller package means less data, faster page loads, better feature support.

Re:Okay, but ...

[Kjella]

If you don't plan to look at WTF it's doing, WebAssembly is great. It's compact, fast and enables developers to use different languages to create client functionality. But like the name implies it's a binary blob not a script and you don't get the source code so it's non-trivial to inspect, edit or copy any functionality to use in any other context.

Re:Okay, but ...

Except each web page is going to turn into a full application which will bring your browser to a crawl. Expect it to be worse than Flash and to have all the things slobbered with annoying, unblockable animations and ads. Each site will use crypto mining in addition to active ads and blocking them will be more difficult. Say bye bye to HTML and accessibility as each site renders itself directly to a sole canvas element.

Re:Okay, but ...

[garethjrowlands]

What you say is true.

But to be fair to wasm:

* 'View source' will display the text version of wasm.
* JavaScript is often minified or obfuscated too.
* Wasm supports sourcemaps, arguably better than JavaScript does.
* Most people get their sourcecode from github rather than 'view source' these days.

Re:Okay, but ...

[modmans2ndcoming]

are you from 1998?

Re: Sick of idiots and bump stocks... apk

Oh hai fake apk.

Does WASM support general execution?

[modmans2ndcoming]

Can I write a program in C++ and just compile to WASM like I do to X86 or ARM or do I need to use certain libraries to ensure it will function properly?

Re:Does WASM support general execution?

[nateman1352]

In general, yes you can. One important thing to keep in mind is that not all libraries are available in wasm. Obviously win32 won't work, and most C++ GUI toolkits have not been posted to render to a HTML 5 canvas yet.

Another big hole IMHO is there is no native support for garbage collected languages yet. The thing that excites me the most about this is once GC is enabled we could potentially see a Python implementation that runs in the browser (without having to recompile CPython to wasm, which would be huge and slow.) You could also do stuff like compile Java/C#/Adobe Flash directly to wasm and completely eliminate the terrible Flash/Silverlight/Java plugins.

Re:Does WASM support general execution?

[Gravis+Zero]

Another big hole IMHO is there is no native support for garbage collected languages yet.

LMAO! relying on GC is foolishness for sure.

Re:Does WASM support general execution?

[nateman1352]

LMAO! relying on GC is foolishness for sure.

Why? Until wasm showed up, the only language that browsers supported was Javascript, which has a GC. Wasm runs in the same browser sandbox as JavaScript, so there is already a GC present. In the web browser, you are relying on a GC whether you like it or not.

Re:Does WASM support general execution?

you are relying on a GC whether you like it or not.

No I'm not.
I bought more memory instead, because all garbage collectors are crap.
It works because you close the pages every now and then, clearing out everything, but that would work without GC too, just allocate without freeing and free it all when the application closes.

Re:Does WASM support general execution?

You say running python like it's this wonderful thing. All I can think of though is that fundamentally this would be python run by javascript. Which makes me think of jython, python run in a java virtual machine, also known as the slowest effing execution environment I've ever had the misfortune of coming across. Why do you assume this is a good idea?

Re:Does WASM support general execution?

It's bitztream the autism-hating, custom EpiPen-hating, Musk-hating, Qualcomm-hating, Firefox tabs-hating, Slashdot editors-hating Slashdot troll!

Re:Does WASM support general execution?

[tepples]

I bought more memory instead

That's fine if your computer's motherboard is capable of using more memory. A lot of laptops still in use are stuck with 2 GB or 4 GB because they have only one or two slots that take modules no larger than 2 GB. RAM in other laptops, tablet computers, and pocket computers can't be upgraded at all.

Re:Does WASM support general execution?

It's Anonymous Coward the stalker. Are you also the one who stalks creimer/cdreimer? APK also stalks those whom he claims to have "defeated", but I can tell you're not him because he has a very different writing style.

Virus

Yay! Another virus attack-vector to worry about!

Re: Virus

You already have Javascript to fuck up your computer.
WASM won't give access to anything that Javascript doesn't already.

Re: Virus

WebAssembly has already made a name for itself on the malware scene where in-browser cryptocurrency miners like Coinhive and CryptoLoot wouldn't have ever been possible without it.

You already have Javascript to fuck up your computer. WASM won't give access to anything that Javascript doesn't already.

Re: Virus

[EmeraldBot]

It wouldn't have been possible for Javascript because Javascript is not fast enough for that to ever make a profit. Relying on protection from malware by being that slow is like using Windows 98 on a 286 because it's too slow and too old to run any modern malware program. Not a very good method of security.

Re: Virus

[TheRaven64]

Why would you do cryptocurrency mining in JavaScript on the CPU, when JavaScript implies WebCL and WebGL and lets you offload to the GPU?

Re: Virus

[Wootery]

WebCL isn't supported in any browser, and neither are WebGL computer-shaders, but from a quick search it looks like some enterprising hackers have managed to leverage WebGL for compute, even including bitcoin mining.

Re:Chrome & Safari are only browsers that matt

[Anubis+IV]

That's the desktop browser share, but the majority of Internet browsing has been on mobile for several years now, so citing desktop numbers without providing any context is rather disingenuous.

When you look at overall browser usage, Firefox falls back to 4th with a 6-7% share (behind either IE or a Chinese mobile browser I had never heard of), depending on whose numbers you use. And regardless of whose numbers you use, Chrome + Safari account for about 2/3 of all browser usage (with Chrome alone accounting for about 1/2).

Re: Chrome & Safari are only browsers that mat

MOD THE PARENT DOWN! You're ignoring the mobile market, which now makes up about 65% of all web users. This market is dominated by Chrome and Safari. Firefox has almost no penetration of the mobile market. When we look at the entire web market, Firefox is around 2% to 3%. That percentage will drop once Firefox 57 is released, which will break a lot of extensions, which will drive Firefox users to alternative browsers. Most will end up using Chrome or Safari, further cementing their dominance. Firefox could be below 1% by the end of 2018.

Re:Sick of idiots and bump stocks... apk

[barbariccow]

This is way too coherent to be the real APK. And missing the barrage of links to questionable pages. Fail.

Re:Chrome & Safari are only browsers that matt

[AvitarX]

Which is a shame, because webasm is what it is because of mozillas asm.js

They really had the right approach and it won.

I say this using firefox at work and often wishing it was chrome (default search and printing suck on FF).

Worst idea ever.

What most people don't realize is webassembly is just a way to obfuscate the web in the same manner people already obfuscate compiler binaries.

Furthermore it will lead to integrated 'all in one' scripts that cannot be easily disentangled, making it harder for end users to filter what scripts on a website they are running.

Additionally it no doubt has engineered defects in it to help national intelligence apparatus' to more easily exploit target browsers, while also providing fingerprint opportunities far more opaque than even current browsers capabilities to deanonymize you.

Think twice before you let webassembly ruin the web for you!

Re:Worst idea ever.

[Coniptor]

Should be modded 5. FULL STOP.

Re:Worst idea ever.

[avandesande]

I guess you are going to miss picking through code that has been run through webpack

Re:Worst idea ever.

[lucm]

What most people don't realize is webassembly is just a way to obfuscate the web in the same manner people already obfuscate compiler binaries.

Furthermore it will lead to integrated 'all in one' scripts that cannot be easily disentangled

webassembly, systemd, this thing has many names.

Re:Worst idea ever.

New stuff being introduced in the tech world becomes suspicious. Alexa, Sex Toys, Tablets, all would track and listen to our very private conversations.
All of us will succumb to Intelligence Agencies. Resistance is futile.

Re:Worst idea ever.

While I agree with you, I see it as a benefit. The more sites moving to web assembly, the larger my blacklist grows so the less time I waste online. You learn so much more from reading a book than a blog. I never thought it would happen, but as I get older I'm using the internet less and less.

Re:Worst idea ever.

What most people don't realize is webassembly is just a way to obfuscate the web in the same manner people already obfuscate compiler binaries.

I dunno, sounds like it does more than just that.

Furthermore it will lead to integrated 'all in one' scripts that cannot be easily disentangled, making it harder for end users to filter what scripts on a website they are running.

Well, I'm sure you didn't mean "website they are running" as in they are administrating the http server. Users can certainly choose not to visit sites that utilize this feature. They may get left out of the mainstream sites, unless someone who cares enough about visiting a mainstream site does the 'harder' chunk of work and shares it with everyone else.

Additionally it no doubt has engineered defects in it to help national intelligence apparatus' to more easily exploit target browsers,

Please. User's should assume it has defects. Doesn't matter in the assessment if they are accidental or engineered. I'm presuming it's open source, so, that is how you proceed about getting all of those defects fixed. Won't happen overnight. But that's just ordinary software development. But sure, assume there are some bugs that are so hard to see that those actors willing to spend a million bucks on an analysis will probably have access to a zero day. Trust the project more when a million dollar bug bounty for such bugs has gone unclaimed for a year.

while also providing fingerprint opportunities far more opaque than even current browsers capabilities to deanonymize you.

If you are in that kind of security sensitive situation, you aren't going to be doing your business on sites that use esoteric or bleeding edge browser features against your advice. Or you'll have some reason to believe platform implementer was sufficiently competent.

Think twice before you let webassembly ruin the web for you!

There's a lot of crap on the internet. Long ago I got skilled at stepping around and over it.

Re:Worst idea ever.

[fahrbot-bot]

What most people don't realize is webassembly is just a way to obfuscate the web in the same manner people already obfuscate compiler binaries.

And further helping protect the intellectual property represented by the source code - which the end user won't be able to access anymore.

Re:Worst idea ever.

[theweatherelectric]

which the end user won't be able to access anymore

No. You can view source on WebAssembly modules. Also see the FAQ.

Re:Worst idea ever.

Webassembly is literally a subset of Javascript. Everything you can do with Webassembly, you can do with Javascript, including obfuscating and combining scripts. The advantage of Webassembly over Javascript is that it's a subset that can be easily "compiled" into efficient native code. Javascript runtimes produce native code already, but some things in Javascript are difficult (read: take a long time) to compile and don't produce efficient code.

Re:Worst idea ever.

As long as debug symbols are included (and even so, it may just be the names and not the actual source that is shown).

Who wants to bet that advertisers will prefer NOT to include debug symbols, so it will take ad blockers much longer time to figure out how to block the newest popup/redirect schemes?

Re:Worst idea ever.

[fahrbot-bot]

which the end user won't be able to access anymore

No. You can view source on WebAssembly modules. Also see the FAQ.

Ya, but that's not the original language source from, say C, etc... just the Web Assembly text.

Re:Worst idea ever.

[JesseMcDonald]

Ya, but that's not the original language source from, say C, etc... just the Web Assembly text.

Disassembled WebAssembly can't be much worse than the minified JavaScript distributed with most web pages, to say nothing of asm.js. Sure, not every script is minified, but most of them are. Whether to publish the original source code is already up to the site's authors; WebAssembly doesn't change that.

Re: Rust is becoming the language of choice

These comments aren't supposed to be taken seriously. Nobody seriously praises Rust.

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

Opera committed seppuku when they changed their rendering engine to Chromium and lost all the features that made Opera worth using.

https://www.reddit.com/r/opera...

If you're going to use a Chromium based browser, why not just use Chrome?

You got your C code in my browser!

[Sir+Holo]

FTSubmission: WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.

[emphasis mine]

Who wants websites running arbitrary C code on their machines? C is a real programming language. Probably the flagship used for most of the software you buy. It is powerful and widely known. So why let any old website that you visit execute code, probably in the background, on their own machine?

I see lots more 'sploits coming down the pipe as wasm is implemented. With real languages at their fingertips, tons of unaware users who will effectively let anyone have access to their electricity and CPU time without even knowing.

This just swings the door wide-open for a flood of Trojan code, actual code, not JS, all over the web running who-knows-what bit-miner, or distributed child-porn torrent node, or who knows what? It's like a giant, anonymous Beowulf cluster capability (where you lose). . . on top of all of those "Punch the Monkey" Ads suddenly freed to fly around over the text you're trying to read... or constantly right under you pointer, like a big Ad-flag hanging there permanently while on the offending site.

Wait, Tabs aren't sand-boxed similarly to browser windows... Are they? I hope so.

Many people think that the browser IS the internet!

There will be chaos.

Re:You got your C code in my browser!

[eagle42]

Who wants websites running arbitrary C code on their machines? C is a real programming language. Probably the flagship used for most of the software you buy. It is powerful and widely known. So why let any old website that you visit execute code, probably in the background, on their own machine?

Even the C is compiled into wasm bytecode, which has its limitations -- basically the same as running JavaScript on your browser right now from what I understood. It's not like you're executing pure machine code like ActiveX or something.

Re:You got your C code in my browser!

Many people think that the browser IS the internet!

There will be chaos.

If they get Windows running in this you might be onto something.

Re: You got your C code in my browser!

I donâ(TM)t get it, maybe someone can explain - if WebAssembly is indeed limited by the same boundaries as JavaScript then why do we need it in the first place ? If it does what JavaScript does, then stick to JavaScript. However, if it does go further than JavaScript, allowing you to do lower level operations in the browser - it opens the doors for abuses. Either way it is bad.

Re:You got your C code in my browser!

I understand your concerns, but this is nothing more than standardizing an existing JS module (asm.js) such that it's built into the browser. In theory there's nothing you can do in wasm that you can't already do in asm.js -- it'll just be much faster.

The real problem will come in when somebody figures out how to exploit bugs in the implementation to escape the sandbox.

dom

Re: You got your C code in my browser!

[theweatherelectric]

That sounds like a frequently asked question.

Re: You got your C code in my browser!

[craighansen]

...and another FAQ left unanswered: How will it be abused?

Re:You got your C code in my browser!

[garethjrowlands]

I agree with you that browsers can already run arbitrary code. And that wasm will be built into the browser. And that any bug would be a problem.

But wasm isn't just a standardisation of asm.js. It's more that asm.js is highly influential prior art. In 2015, Brendan Eich did say that wasm would be 'initially co-expressive with asm.js' but that's only approximately true of what actually shipped. See the start of the wasm FAQ: https://github.com/WebAssembly...

Re: You got your C code in my browser!

[tepples]

WebAssembly will be abused in the same ways that JavaScript has been abused.

Re:You got your C code in my browser!

[Actually,+I+do+RTFA]

I'm pretty sure that already exists, if you search for it.

web assembly

[cas2000]

great news for spyware developers, advertisers, and websites who think they have a right to spy on their visitors.

shit news for actual humans.

Re:web assembly

That's why I felt too. New features on present day means new possible backdoors or a bypass for proxy to unmask your real IP.

Slashdot bait+switch

Click through on the Slashdot Deals 'Sticky Password Premium: Lifetime Subscription!' and it's for some reason 'sold out'.

What kind of shady shit is this, Whipslash? Reported to the California department of Consumer Affairs.

Re: Rust is becoming the language of choice

[lucm]

Nobody seriously praises Rust.

Linus Torvalds would turn over in his grave, if he was dead.

Too bad IE is default on Win10 Enterprise

[Billly+Gates]

It will be many many many years just like with IE 6 before you can use modern standards if IE is still on any corporate desktop.

Re:Too bad IE is default on Win10 Enterprise

[ledow]

Major banks still insist on IE, literally saying they don't support anything else. Not even Firefox ESR etc. (which they did for a while).

Barclays ".NET" functionality... basically all the SME payment functions are IE-only, you can sort-of-coax them into working in old Firefox ESRs.

And even the BACS people, the main way of co-ordinating bank payments in the UK, literally say IE11 only.

They both basically say "You must use our Gemalto smartcard readers, you must use them in IE 11, you must install our ActiveX controls." if you want to make a single payment. Ironically they love to say that it's "for security".

Either there's something very wrong with browser support for smartcard signing in modern browsers, or they're lying through their teeth and deliberately making the most secure systems insecure by insisting on a legacy browser that's going to be impossible to support one day.

Re:Too bad IE is default on Win10 Enterprise

[Billly+Gates]

ActiveX controls are soo last decade. I was not even referring to that as IE 11 is standards compliant. Just not cutting edge as Microsoft has moved on with Edge and was tired of the stale bug ridden legacy code of IE.

My guess is activeX is required because the smartcarders were made in China. China is legacy IE on XP for banking because of 1997 US export encryption laws. They were lifted 17 years ago! But many banks who didn't have encryption used activeX controls as a workarounds for the lack of secure encryption. Since everyone pirates in China they used XP with Windows Update enabled which means IE 6.

IE 6 is finally starting to go away in China, but the millions and millions of lines of code and manufactures are addicted to ActiveX still to this day. Security cameras sold today designed in China also require IE. Chrome is not popular at all and it is a different world. Korea too has a little high IE usage and lower Chrome usage as well.

Slashdot bait+switch

Click through on the Slashdot Deals 'Sticky Password Premium: Lifetime Subscription!' and it's for some reason 'sold out'.
What kind of shady shit is this, Whipslash? Reported to the California department of Consumer Affairs.

I know, I know.

I was "into" Java, back then. I just didn't think anybody here would remember.

Java also didn't go so far that it became just outright silly. I would have no problem with WebAssembly, if it was independent of the browser/web world. Which I'm predicting it will move to. That was kinda the other half of the point of my comment.

I'm wondering though, why they didn't just go with some low-level LLVM intermediary? Or use another good existing bytecode. Hell, using the JVM would have been a fun idea. But then I'm remembering this is the WhatTheFuckWG we're talking about.

Re:I know, I know.

[TheRaven64]

I was "into" Java, back then. I just didn't think anybody here would remember.

Jazelle was quite popular on mobile platforms (under 2MB of RAM). It ran the common Java bytecodes natively (arithmetic, local flow control), but called out to the VM for things like virtual dispatch. It provided a pretty good intermediate, but was largely overshadowed by JITs (if you're doing any optimisation, you're translating from Java bytecode into something else and generating native ARM code from that was usually easier than translating it back into Java bytecode).

. I would have no problem with WebAssembly, if it was independent of the browser/web world. Which I'm predicting it will move to.

It is an explicit goal of the wasm working group to have non-browser uses.

I'm wondering though, why they didn't just go with some low-level LLVM intermediary?

Because they included some people with PNaCl experience who had learned the hard way how bad an idea this is. LLVM IR is a target-specific compiler IR, it is explicitly not intended as a distribution format. Everyone (PNaCl, SPIR, and so on) who tries it eventually learns that it's a bad idea.

Or use another good existing bytecode. Hell, using the JVM would have been a fun idea.

Java bytecode is pretty closely coupled to the Java language and it's surprisingly painful to get it to work with other languages. CLR bytecode is better, but still not a great fit if you want to support languages with pointer arithmetic and no GC (I suppose you could do the asm.js thing and just allocate a huge buffer object and make pointers offsets into it, but that's pretty ugly. Mind you, it's not far off what wasm does).

But then I'm remembering this is the WhatTheFuckWG we're talking about.

Given the experience of the various people involved, it's pretty impressive how bad most of their design choices were. For example, pointers are integers (as an explicit choice in the IR, not as an implementation detail of a back end), so you can never use memory-safe hardware or later add GC, or to support function pointers without look-aside tables. The IR is stack-based (good for interpreters, bad for compilers, and supporting interpreters was an explicit non-goal). No non-reduceible control flow (so the verifier is marginally simpler, but life is harder for front ends and optimisers). Enforced stack discipline (so supporting non-C languages is quite challenging). Oh, and now they're thinking of adding vectors by picking a fixed-size vector, rather than the sane thing of letting front ends describe arbitrary sized vectors that match the exposed parallelism and letting optimisers roll them into loops for narrower targets.

Re:I know, I know.

Hey, thank you for this quite insightful comment! It is much appreciated.

I have to look up Jazelle.

And regarding non-browser uses of wasm... I’ve read the FAQ entry about that, and you're right. The "Web" in the name and who came up with the thing, still makes this feel uneasy with me. We'll see... I'm not one to dismiss something good, even if, or even especially when it came out of something bad.
I've now read about why they didn't use LLVM too. Yes, it makes sense. LLVM would indeed have been a bad choice. As would have JVM.

Regarding the bad design: Wow, that sounds just as insane as I remember the WhatWG being, when I had this 3-hour discussion with their key people on IRC. I know my share of psychology, and they were certified mentally insane.
I wonder... you seem to know your stuff pretty well. Have you ever designed something like that? Perhaps for fun? For your own usage? Because I would like to see that, and try it out. I'd support you. :)

Re:I know, I know.

[TheRaven64]

I wonder... you seem to know your stuff pretty well. Have you ever designed something like that? Perhaps for fun? For your own usage? Because I would like to see that, and try it out. I'd support you. :)

I did, but before I knew most of the useful things that I know now and it made far more terrible mistakes than WebAssembly (which, for all it faults, is something that is probably easier to make fast than JavaScript). I don't think I ever put it online, so I'm probably safe from anyone finding it and pointing and laughing too hard.

My research area is cross-language interoperability, so this is the kind of thing I look at quite a lot. I'm interested in what the core building blocks are for different kinds of language and which ones should be provided as hardware functionality, OS features, or libraries. Most recently, I've been working on a set of architectural extensions for fine-grained memory safety, which lets you have languages like C and Java in the same address space without the C code being able to trample over the invariants that the Java code depends on.

Re:I know, I know.

[Wootery]

Thanks for the analysis here - sounds like another SPIR-like trainwreck.

Is there any winning when it comes to memory-management? As in, an IR that works nicely for both GC'ed an non-GC'ed memory-management?

As you say, it's awkward to shoehorn manual memory-management onto the JVM, and it's also awkward going the other way - LLVM is known for being an amazing platform but hard to use with GC.

The D programming language is just about the only source language I can think of that has decent support for both models, but of course, it's not an IR.

Re:I know, I know.

[TheRaven64]

Is there any winning when it comes to memory-management? As in, an IR that works nicely for both GC'ed an non-GC'ed memory-management?

The requirements for GC are pretty simple: you must be able to identify pointers, updates to pointers must be atomic, and pointers must not be materialised from integers. For efficiency, you might want read or write barriers, but if you have this data in your IR then you can insert these depending on what your GC requires. If you keep those in your IR, so that things like intptr_t are implemented as tagged unions of a pointer and an integer and carry their pointerness around with them, then you can implement it. It's also possible for an IR to support safe and unsafe pointers (I think the CLR can do this, but I've not looked in detail), so the non-GC'd pointers are just offsets into a large heap and the GC'd pointers require some special handling. That's basically the model that WebAssembly has anyway: pointers are actually relative to a region, so different libraries can have private heaps and pointers into them, which isn't really different from having a bunch of TypedArray JavaScript objects and using offsets in them as non-GC'd pointers.

As you say, it's awkward to shoehorn manual memory-management onto the JVM, and it's also awkward going the other way - LLVM is known for being an amazing platform but hard to use with GC.

There are two conflated issues here. LLVM is bad for GC both because it didn't have any real notion of GC and because most of the optimisers didn't think about GC. The new safepoint stuff lets Azul have a high-performance accurate GC. It basically looks like a function call that identifies all of the variables that are meant to be live, and allows them to be relocated. LLVM IR is now pretty GC-friendly, it's just that some of the optimisation passes are not (in particular, we and Azul both had to do some things to ensure that it didn't try to insert integer-to-pointer casts in unexpected places).

Re:I know, I know.

[Wootery]

you must be able to identify pointers, updates to pointers must be atomic, and pointers must not be materialised from integers

If you want to support pointer-arithmetic and GC in the same context, you could do it by differentiating the GC kind of pointer ('references', if you like) from non-GC pointers, right? Again I think D supports this - you can do malloc/free and implement XOR linked lists, and you can do GC'able objects, in the same process. I think the type system prevents anything too awful from happening, as pointer arithmetic isn't allowed on (GC'ed) references and the two kinds aren't convertible.

pointers are actually relative to a region, so different libraries can have private heaps and pointers into them

Sounds like region-based memory management, in a sense.

Re:I know, I know.

[TheRaven64]

If you want to support pointer-arithmetic and GC in the same context, you could do it by differentiating the GC kind of pointer ('references', if you like) from non-GC pointers, right?

Pointer arithmetic isn't a problem, as long as you can identify that the results are still pointers and you can prevent a pointer from one object becoming another kind. The C implementation that we've built does that - if a pointer goes out of range, it's an out-of-range pointer to the original object, so you can't dereference it until you bring it back in range, but the GC can still find the object that it refers to.

Again I think D supports this - you can do malloc/free and implement XOR linked lists, and you can do GC'able objects, in the same process. I think the type system prevents anything too awful from happening, as pointer arithmetic isn't allowed on (GC'ed) references and the two kinds aren't convertible.

That's fine, as long as you trust the compiler (and any hand-written assembly) to play by the rules. I'm trying to get the million of so lines of a typical optimising compiler out of the TCB for memory safety.

Re:I know, I know.

[Wootery]

Pointer arithmetic isn't a problem, as long as you can identify that the results are still pointers and you can prevent a pointer from one object becoming another kind

Right, as I said.

The C implementation that we've built does that - if a pointer goes out of range, it's an out-of-range pointer to the original object, so you can't dereference it until you bring it back in range, but the GC can still find the object that it refers to.

I don't follow. You mean pointers that point 'intrusively' into members of a struct/elements of an array? I can see that this wouldn't be trivial to deal with - conventional GC'ed languages require the programmer to carry around both the array reference and the index, whereas C has 'intrusive' pointers.

out of the TCB for memory safety

You have me at a disadvantage - 'TCB'?

The pertinent about:config booleans to disable

javascript.options.wasm
javascript.options.asmjs

Complexity

Pefect way to obfuscate spywares and malwares embedded in websites. Make everything complex so as to make pentesters and malware analysts very busy. Making everything complex just makes the web even more difficult to secure. Is JavaScript not enough to mess with each and everyone of us? Yep, throw another monkey wrench on our messy interwebz.

captcha: guarding

Re:Complexity

[hcs_$reboot]

Of course this

console.log("Hello world");

once obfuscated

var _0xa9ff=['log','Hello\x20world'];(function(_0x50318f,_0x347f74){var _0x4aa6cf=function(_0x1a665d){while(--_0x1a665d){_0x50318f['push'](_0x50318f['shift']());}};_0x4aa6cf(++_0x347f74);}(_0xa9ff,0xaa));var _0xfa9f=function(_0x276a74,_0x406450){_0x276a74=_0x276a74-0x0;var _0x534cc5=_0xa9ff[_0x276a74];return _0x534cc5;};console[_0xfa9f('0x0')](_0xfa9f('0x1'));

is much more readable.

Re:Chrome & Safari are only browsers that matt

[boudie2]

slashdot still works in w3m
https://en.wikipedia.org/wiki/...

Tremendous mistake

[Okian+Warrior]

I think Web Assembly is a tremendous mistake.

This will end up being nothing more than an insecure vector for people you don't know to run programs on your computer.

1) It claims to be secure by only executing in a sandbox. Have other attempts at sandboxing had security flaws?
2) Assuming the sandboxing works as advertized, is there a way for the sandboxing to break the sandbox in ways the coders hadn't considered? (Such as periodically using a lot/little CPU time or memory as a way to communicate to a different tab?)
3) Can Web Assembly be used to steal CPU cycles, so your computer can be used for BitCoin mining or anything else while visiting a web page? (And no, that they can do this already doesn't invalidate the argument.)
4) Does Web Assembly add a level of obfuscation to the code, making it harder to see what it's doing?

We once had a period where E-mail attachments were automatically opened and run, where Excel macros activate when a spreadsheet is viewed, and where myriad ActiveX libraries were available for use by anyone.

Anyone remember that era?

We've locked down the ability to install and run programs on our computers, but now we've moved the goalposts. Our browser will now download and run programs for us from any random website, any website that contracts out to an agency to supply advertizing, and and website advertizing contractor who doesn't vet his clients.

"Oh, we're so sorry! That malware delivery got through our vetting process. We've terminated that one client, please feel safe downloading the ads from all of our other clients - they're clean. Pinky swear! :-)"

For the next 10 years expect to see a steady stream of exploits and patches. A mini industry will crop up selling antivirus checkers for web pages, and AdBlock extensions for browsers.

It's deja vu all over again.

Re:Tremendous mistake

[Hal_Porter]

Rowhammer attacks in Javascript were able to cross VMs.

https://media.ccc.de/v/32c3-71...

And obviously if you have byte code the possibilities for obfuscation are really good. E.g. MOVfuscator the 'single instruction compiler'

https://www.youtube.com/watch?...

Re:Tremendous mistake

[ByteSlicer]

I think Web Assembly is a tremendous mistake. This will end up being nothing more than an insecure vector for people you don't know to run programs on your computer.

Not to spoil a good rant, but Web Assembly is just a more compact serialization (binary instead of text) of a subset of EcmaScript/JavaScript.
Everything you can do with it, you could already do with normal scripts, and it was already very common to "minify"/obfuscate these scripts into an unreadable mess.

So, if there are security issues with WAsm, they're also present in plain JS, and were already present a couple of years ago.
The only thing that changes is that your browser now doesn't need to download as much data for scripts, since the binary format acts as a compression.

Re:Tremendous mistake

[nateman1352]

No doubt about it, wasm has all the problems that all other prior attempts at sand-boxing binary blobs of code in the web browser have had. You hit the major ones.

Here's the thing though, the web circa 10 years ago had 3 competing mechanisms to implement sand-boxed binary blobs:

1. Adobe Flash
2. Java
3. Silverlight
Prototypes for Google NaCl were starting to show up around this time too.

All of these had their own sand-box implementation, and they were not sand-boxed themselves, so the surface area for attack was much higher. So HTML 5 tried to do away with that, but then PNaCl and asm.js show us that no matter how hard we try to get rid of binary blobs of code on the web, someone implements it anyway. So, given that there have been persistent attempts by the various large web players for the past 20 years to build binary code blobs in to web pages, and that there is no sign of it slowing down, the most sensible compromise to me is basically what wasm has become... a standardized mechanism for building those binary blobs that can be directly integrated in to the browser.

It does have its problems like you note, but its better that we only have 1 standardized sand-box implementation, and that sand-box implementation is bundled in with a bunch of other high risk code as part of the browser package, which is easy to keep vigilantly updated. Even before wasm, gone were the days of the web browser being a simple document layout renderer. The web browser is basically a visualized operating system... Google has taken this to IHMO a very dangerous extreme, see the Javascript USB API for example. The web browser is basically a run time for USB device drivers at this point. To me wasm seems like the inevitable end result of the path that HTML 5 started us down.

Re:Tremendous mistake

[garethjrowlands]

... Web Assembly is just a more compact serialization (binary instead of text) of a subset of EcmaScript/JavaScript.....

Much of what you say is morally true. But it's not technically true.

It's true that wasm is a binary serialisation of an abstract syntax tree (AST) but that AST is defined _without reference to JavaScript_, see https://github.com/WebAssembly... . In contrast, the asm.js spec is genuinely a subset of JavaScript.

You're right that wasm doesn't introduce new capabilities to the browser as such. In the current 'MVP' version of wasm, the only way to invoke web assembly is via JavaScript, and the only way for wasm code to interact with the browser is via JavaScript.

But it does make certain scenarios, such as running large compiled C programs, much more practical. It is, by design, a far more efficient compilation target than JavaScript or asm.js, see https://github.com/WebAssembly... . For example, we can expect Unity running on wasm to become commonplace, see http://webassembly.org/demo/ .

...if there are security issues with WAsm, they're also present in plain JS,...

You can't be sure of that. The wasm codepaths will reuse much of the existing JavaScript execution engine but there will be new code and that new code could - and probably will - have security vulnerabilities. But probably no more than any other major browser feature.

Re:Tremendous mistake

[Big+Hairy+Ian]

The only thing that changes is that your browser now doesn't need to download as much data for scripts, since the binary format acts as a compression.

It should also execute faster as bytecode is much less processor intensive to interpret than JavaScript and therefore more efficient. So even if someone does use WAsm to mine BitCoin it will still steal less processor cycles per coin of course they will simply generate more coins anyway.

Re:Tremendous mistake

[AmiMoJo]

The Javascript USB API is actually a good idea. It's better than the current situation with binary drivers, especially on Linux where they run in the kernel.

For safe operation of USB you need the low level stack only in the kernel, the part that does the low level I/O and is extremely robust. Then there is a userland USB stack that sits on top of it, handling descriptors and I/O functions for userland drivers/applications.

The Javascript USB API adds some extra protection. Firstly, instead of having a bunch of random drivers with near zero quality control, you have just the browser. A browser that is security hardened and well tested. And all the browser does is provide some simple access mechanisms to various USB features like pipes and descriptors. The code that actually talks to the device, the place where most of the vulnerabilities are, is now sandboxed Javascript.

Even better, the browser prints you for permission to access the device. USB was designed around an insecure plug-and-play model, deliberately not requiring any user interaction for devices to start working. With the Javascript USB API, the user has to give explicit permission.

The main issue I have with the Javascript USB API is the same one as I have with all web applications - loss of freedom. I can't run old versions, I can't do much if they make changes I don't like, I probably can't fork it. But security-wise it's actually a good idea, it adds more layers of security.

Re:Tremendous mistake

[Xyrus]

I think Web Assembly is a tremendous mistake.

This will end up being nothing more than an insecure vector for people you don't know to run programs on your computer.

When you find a secure computer, you let us all know okay?

This isn't going to be any more or any less secure than what currently exists. Webassembly seeks to correct the problem of only having one craptastic language for developing on the web by essentially providing a common language runtime/VM that other compilers can translate code to. Will there be bugs? Of course. Is that any different than what we currently have? No.

Re:Tremendous mistake

[omnichad]

execute faster as bytecode

But not by much. Most JavaScript engines now are JIT compilers and introduce a delay only at the beginning before running as fast as bytecode.

Re:Tremendous mistake

wasm has native 64 bit integers. That's an improvement.

Re:Tremendous mistake

[WaffleMonster]

When you find a secure computer, you let us all know okay?

This isn't going to be any more or any less secure than what currently exists.

Increasing attack surface of web browsers by implementing web assembly makes them less secure.

Webassembly seeks to correct the problem of only having one craptastic language for developing on the web by essentially providing a common language runtime/VM that other compilers can translate code to.

Browsers are document viewers not operating systems.

The problem is allowing random goons on the Internet to load and execute software. The solution is not piling on more features to enable more of the same.

Re:Tremendous mistake

Javascript is fundamentally scrappy speed wise... If you want an array of integers, the fastest way to do that is to create a binary blob and substring into it... not to create an "array" (which is actually a map in JS).

Re:Tremendous mistake

[Actually,+I+do+RTFA]

It seems like what you're saying is "There's no reason for this to be in a browser, except that for some reason OSes refuse to allow for sandboxing of applications in as rigorous a way. Which of course, makes me question why we don't just restrict the permissions of drivers and such on the desktop.

Re:Tremendous mistake

[AmiMoJo]

Because this is the shitty world we live in. For what it's worth Windows does support something similar with WinUSB devices, but you still have to write separate code for Windows/Linux/MacOS/Android.

Re:Tremendous mistake

[nateman1352]

I agree that sand boxing of USB driver is a good thing... but libusb already implements this in a cross platform way. Doing it in the web browser is unnecessary. The only reason to put this in the browser is because you are Google and trying to push the ChromeOS thing.

wasm is good

but sadly browser support is lacking: the stuff that works fine in chrome, will crash whole windows box in ms edge...

webasm is binary blobs like flash

[openright]

webasm is great for advertisers, and media companies.
not so much for users...

Re:Chrome & Safari are only browsers that matt

[HiThere]

They aren't the ones that matter to me. I find the Firefox the best current browser with Konqueror as an abysmal second best.

But I don't follow web standards. "What the hell is \"Web Assembly\"?", "Why should I care?", and "How can I disable it?" are the three major questions that pop into my mind. Presumably there'll be some way to disable it. My feeling is that the web has been going downhill ever since they introduced JavaScript. I already run a script blocker on most sites, and if I can't see the site through the script blocker, I'll usually just skip it.

Re: Sick of idiots and bump stocks... apk

Guns can be bump fired with common household items.
Guns and gunpowder can be made at home with common materials.
Americans build things in their garages too.
Who schooled who? I'm still not convinced that is the real APK.

Oh, awesome!!!

[Nexion]

All web browsers support the new FLASH?!?!?!?!11

Fuck yeah, what could possibly go wrong?!?!??!11

Re:Chrome & Safari are only browsers that matt

[darkain]

Because Opera is 1) more stable, 2) has more features. Built in ad-block without any add-ons. Built in VPN without any add-ons. Built in communication tools without any add-ons.

Google shoves blind A/B tests to live end-user clients without any notification or sign-ups whatsoever. I've had this break countless times in a corporate environment and spent days debugging this shit. One time they changed the DNS resolver code on a hand full of "test" users to an implementation that took 60+ seconds to resolve DNS addresses. Luckily, I found a buried post on the Google Help forums which described this broken behavior and which setting to disable in the chrome://flags window. But even that window just lists things as "default", not "FORCED ENABLED FOR A/B TESTING". There is literally no way to tell if you're in a test or not. And more recently, they absolutely broke printer support for a month or two, killing all web based invoicing one of my clients was doing.

Opera? They wait for things to stabilize, then port them over to their browser. Its literally just been night and day in terms of stability switching off of Chrome and moving 100% full time over to Opera.

The real question is how to disable it?

The next question is how to develop for it?

Re:The real question is how to disable it?

[ledow]

How to disable it?

Use your browser's available settings (and/or argue with your browser vendor to put them in).

How to develop for it?

Run emscripten on your existing C codebase.
Or any of a thousand compilers that compile to WebAssembly just the same.

Pretty much it's the "JVM" of today, that can be targeted by almost anything.

How to disable it?

[mrwireless]

I couldn't find any browser plugins that block Web Assembly.

I also couldn't find any way to disable it through settings or about:config in Chrome or Chromium.

Any tips? Is anyone working on this?

Re:How to disable it?

Firefox about:config, set:

javascript.options.wasm = false
javascript.options.asmjs = false

Re: Rust is becoming the language of choice

[Aighearach]

Praise be to Rust, for if it were not then those users might make a better choice, and be underfoot.

Re:Chrome & Safari are only browsers that matt

[Hognoxious]

Chrome is available on a smaller set of platforms. That's my excuse, anyway. But Chromium sucks anyway because it's not 100% compatible.

Re:Chrome & Safari are only browsers that matt

That's the desktop browser share, but the majority of Internet browsing has been on mobile for several years now, so citing desktop numbers without providing any context is rather disingenuous.

When you look at overall browser usage, Firefox falls back to 4th with a 6-7% share (behind either IE or a Chinese mobile browser I had never heard of), depending on whose numbers you use. And regardless of whose numbers you use, Chrome + Safari account for about 2/3 of all browser usage (with Chrome alone accounting for about 1/2).

Just thought I'd point out that I use Firefox on Android. Works pretty well, shares my bookmarks, allows me to easily view the real site instead of the terrible mobile version, use extensions etc.

I bet I know how this will actually be used

To serve ads. It will probably obfuscate adservers better and try harder to force me to see them.

Great. Another crappy standard...

[Brane2]

And they started so well.
Initial idea of their parent project was to replace interpreted stuff with native code where possible and low-level intermediate code where it isn't ( that could be trenslated without much CPU effort).
This means that browser would host basically just a VM machine, where it would run the code, natively in most cases.

What it evolved into was just another mix of java/script...

Who needs that ?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Impersonating me AGAIN, whacko?

Impersonating me AGAIN, whacko? Seriously - you need to grow up & grow a pair of balls vs. being a useless butthurt buffoon!

* Enjoy your downmod others gave you & they realize you're NOT me (I don't post tons of asterisk bulletpoints the way you do - that alone gives it away - I only do one per post! Thus, poor job impersonating me on your part as always...)

APK

P.S.=> QUESTION: Just how badly did you destroy yourself vs. me @ some point that you're reduced to such idiocy? apk

Re:Impersonating me AGAIN, whacko?

[barbariccow]

APK Template on the nose!

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

I used to use Opera up to 12.x. Then they moved over to Chromium and it lost all the features. I moved to Chrome and to be honest Chrome is fine on OS-X and Windows. On Android I use Samsung Internet because it has ad blocking which mobile Chrome lacks.

For desktop OSs I like Chrome and a bunch of extensions including uBlock Origin, Floating For Youtube and so on. It's got a lot more bloated than it was when I switched over, possibly due to all the extensions you need. But it's OK on a machine with an SSD and lots of Ram.

Zip and WAP

[kbg]

Has anyone tested if there are actually any benefits compared to just zipping up the js file and send that? This kind of wire format has actually been done before in WAP with horibble results. The problem with this approach is that you are hard coding the wire format to the data format, so if you add new data definitions you must also change the transfer format.

But what is actually worse is that this adds little benefit or possibly worse to just using a generic compressor like zip instead. So instead of getting the best of both worlds: Compression and independent wire format, you get the worst of everything: New compression format that has not been tested very much and tigthly coupled wire format.

Re:Zip and WAP

[dave420]

Yes, people have tested it, hence web assembly being made.

Quoted registered /.ers disagree... apk

I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell

his hosts program is actually pretty good by xenotransplant

his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg

(APK's) work, I've flat out said it's good by BronsCon

I've tried his hosts file generating software. It works by bmo

APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat

Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad

I like your host file system by Karmashock

(NEED MORE? Ask!)

* It's recommended/hosted by Malwarebytes' hpHosts!

APK

P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk

Re:Quoted registered /.ers disagree... apk

[dave420]

Your competitors' products can ban your spammy posts, and hosts files can't. You're advertising for your competitors with every single post you make here.

Re:Quoted registered /.ers disagree... apk

[hackwrench]

A hosts file generator seems like a trivial thing to write anyways, especially one that just black holes addresses instead of doing more useful mappings.

Re:Chrome & Safari are only browsers that matt

Firefox on Android allows you to use uBlock, HTTPS Everywhere and Privacy Badger.

Unfortunately "works pretty well" is a bit of an overstatement. Page loads freeze, initial page loads on start bypass extensions, extensions fail to load at random. It's alpha quality, at best.

Re:Chrome & Safari are only browsers that matt

Let's be honest with ourselves here, as of late 2017 the only browsers that matter are Chrome and Safari. Together they have about 85% of the entire market. IE/Edge comes next. Firefox, Opera and Vivaldi barely register.

I've heard that before.

Except it was IE4. IE3 users can just upgrade. IE5 users are f**ked. And everyone else can go away.

Then we rewrote everything for IE5.

So it was IE5. IE4 users can just upgrade. IE6 users are f**ked. And everyone else can go away.

By the time we were to rewrite everything to IE6, somebody figured out that if we stuck to standards, we could mostly support everyone, AND avoid this annoying rewriting everything every two years.

Internet Explorer fans learned their lesson. When will Chrome fans be as wise as IE fans?

Re:Chrome & Safari are only browsers that matt

[Bright+Apollo]

I remember when IE was the only one that mattered, so I'll just sit and wait, because this will change in time, again. And I'll still be using Firefox, from Mozilla, from Netscape, from NCSA's browser...

--#

What security issues are introduced with this?

[QuietLagoon]

It seems that every new feature carries along a vulnerability.

Re:Chrome & Safari are only browsers that matt

[squiggleslash]

If you're going to use a Chromium based browser, why not just use Chrome?

The reason I use Firefox instead of Chrome has nothing to do with its rendering engine, I'd still use Firefox even if it did change to Blink. I use Firefox because the UI is much better. From seperate search/URL boxes, to minimum tab sizes and the use of scrolling to handle tab overflows, the UI is just orders of magnitude better than Chrome.

Ironically, Mozilla seems to agree with you. They're changing the UI to look more and more like Chrome's with each release. But not changing the rendering engine. When they finish, I'll go over to Chrome, because Blink is better than Gecko.

Re:Chrome & Safari are only browsers that matt

[squiggleslash]

Chrome on Mobile is a completely different experience to Chrome on Desktop for both users and developers alike. The fact the two share code barely factors into anything.

If you're talking "market share", then you should provide context. Adding all versions of things called Chrome across two or three distinctly different types of technology and comparing it to a desktop browser is useless for the sake of comparison.

Re:Chrome & Safari are only browsers that matt

[theweatherelectric]

But not changing the rendering engine.

That isn't the case. You should read about the changes in 57 and the changes to come

Shitty programmers ...

[Qbertino]

... always mess things up as soon as they get easy.

Web assembly has the advantage of being something non-trivial. I'm glad it's finally here. We will soon get back to where we were with Flash, in a good way.

Technology wise HTML is ancient and can't offer what today's web wants and needs. JS, Web components and now web assembly will do 90% of the trick.

That you can't open links with regular HTML is because some idiot didn't know what he was doing and probably got his hand on some visual web composer or some other shitty gadget to build websites.

Honestly, I'd rather have it that way than the other way around, with no Turing complete tech in the client at all. Idiots will always screw up. Just don't visit those sites and let then know why, that can go a good while in improving the web.

My 2 cents.

Re:Shitty programmers ...

> Technology wise HTML is ancient and can't offer what today's web wants and needs.

HTML5 and CSS3 will offer everything the web user needs. It just won't offer everything advertisers want to shove in our faces.

Re:Shitty programmers ...

[hackwrench]

HTML can handle most of what all these new fangled code representations are pressed into service to do. Facebook breaks saving media to the hard drive more often than not. It's not entirely Facebook's fault, because the browser knows what's what and could provide a useful context menu option to save.

Re:Chrome & Safari are only browsers that matt

Samsung has a browser? Dear god man, don't encourage them. Have you tried Firefox mobile? Pretty sure it has add-on support.

Re: Rust is becoming the language of choice

[tigersha]

No it is not

Re:Chrome & Safari are only browsers that matt

[pr0fessor]

I thought it was chrome over 50% then firefox follow by ie and lastly opera, vivaldi, and safari where all lumped into other
 

Cool! It's so efficient!

[fisted]

I only get around 600% CPU issue (3 HT cores fully busy) for the framerate of around 20 fps in that tanks demo. WAY TO GO!

Re:Cool! It's so efficient!

[fisted]

s/issue/usage/ too

Intermediate representation

[tepples]

In the context of LLVM, JVM, CLR, and WebAssembly, IR means intermediate representation:

An Intermediate representation (IR) is the data structure or code used internally by a compiler or virtual machine to represent source code. An IR is designed to be conducive for further processing, such as optimization and translation.

Re:Intermediate representation

[Lost+Race]

Thank you for clarifying!

Re:Sick of idiots and bump stocks... apk

[hackwrench]

Not open sourcing your generator thing is self-censorship. If you are really so dead set against censorship practice what you preach.

We need a more hostile web

Personally I look forward to better crypto currency mining experience and fully functional fake browsers (and desktop environments) within the genuine article.... And exploits who can resist all of the sweet juicy exploits about to grace CVE databases around the world as a result of this "feature".

It's gods work implementing all of these great "features" within network document browsers.

Re:Chrome & Safari are only browsers that matt

[Mr.+Slippery]

If you're going to use a Chromium based browser, why not just use Chrome?

Why would I use a closed-source browser from a company whose entire business model is to spy on users in order to figure out what sort of mind control ("advertising") is most effective on them? Chromium at least is free software; Chrome is a deal with the devil.

17 years ago...

Let's have fun and time-shift the GP:

Let's be honest with ourselves here, as of late 2000 the only browser that matters is IE. Alone it has about 85% of the entire market. Firefox and others barely register.

IE defines what the web is. If it doesn't support a web technology, it effectively does not exist. If it supports a technology, it's a standard.

[your favorite web tech] success will be fully determined by how well IE supports it. It doesn't really matter if anything else does or doesn't support it. The other 2% or 3% of the market doesn't matter at all.

Drag in real-time whiteboard requires script

[tepples]

HTML5 and CSS3 will offer everything the web user needs.

With only HTML5 and CSS3, how do you build a collaborative real-time whiteboard application? A server-side image map can capture the coordinates of clicks:

<img src="aef0c89fe70a9fae.png" alt="Contents of whiteboard as of 2017-11-14T14:36:00Z" ismap="ismap" />

But ismap cannot capture drags. Would you require the user to draw a curve as a polyline by clicking, waiting for a full page reload, clicking, waiting for a full page reload, clicking, waiting for a full page reload, etc.?

Re:Drag in real-time whiteboard requires script

The obvious answer is that users don't need or want interactive web applications. They've just been sold that bill of goods under the pretense that it works better in the browser.

Re:Drag in real-time whiteboard requires script

[tepples]

What reaches more users: a native application for Mac or a web application for HTML+CSS+JS?

Re:Drag in real-time whiteboard requires script

What helps more users? A crappy web app or a good native app?

Re:Drag in real-time whiteboard requires script

[tepples]

Even if you accept as an axiom that a web application must be more "crappy" than an OS-specific native application, you end up having to weigh one flaw against another. In this case, you'd be weighing some (currently amorphous) definition of "crappy" vs. requiring purchase of a specific brand of computer on which to run the application. In my opinion, the greater number of potential users of a web application compared to a native application is likely to outweigh the magnitude of its "crappiness". In order to convince me otherwise, you'll have to state or cite a clear definition of "crappy".

Re: Drag in real-time whiteboard requires script

With only HTML5 and CSS3, how do you build a collaborative real-time whiteboard application?

Simple: you don't because that's a desktop application, at least for sane people.

Re:Drag in real-time whiteboard requires script

Clearly the same technology used to host a web app can be used outside the one-size-fits-all browser, for which compromises are inevitable.

Case in point: at my current job we use a web-based CMS for asset management. It's supposed to work on all browsers and consequently doesn't work WELL on any. Theoretically it should be more usable than a native app (runs in any browser!) but in practice it's clunky as hell.

Between the design/layout gaffes, unresponsive interaction, frequent errors/restarts and general sluggishness, it has probably cost my employer many thousands of dollars in wasteful inefficiency, but I don't mind because I still get paid and, hey, THEY picked the tool. I just want the damn thing to work right.

Re:Drag in real-time whiteboard requires script

[tepples]

Thank you for being willing to engage with actual numbers. I don't see that often, as a lot of users in Slashdot's comment section seem to run out of steam once things get quantitative.

Between the design/layout gaffes, unresponsive interaction, frequent errors/restarts and general sluggishness, [a web application that we use] has probably cost my employer many thousands of dollars in wasteful inefficiency

Thousands of dollars total, or thousands of dollars per employee? Would it have made up for, say, the price of replacing every employee's desktop PC with an iMac and laptop PC with a comparable MacBook?

Re:Drag in real-time whiteboard requires script

Thousands of dollars total, or thousands of dollars per employee?

Doesn't make much difference for a back-of-the-envelope calculation, since $1000 x 100 people is still "thousands."

However, let's say I waste 5 minutes a day fiddling with this thing, and the same thing happens to 100 users every day. That's 5 min. $0.50 per minute x 100 people x 250 work days a year x 3 years (minimum) which comes to $187,500.

Would it have made up for, say, the price of replacing every employee's desktop PC with an iMac and laptop PC with a comparable MacBook?

In all likelihood, this firm would go with a product that works on the PCs we already have rather than buy new equipment. And I can almost guarantee that if this kind of CMS is available for Mac, there is at least one similar product for Windows.

Re:Drag in real-time whiteboard requires script

[tepples]

this firm would go with a product that works on the PCs we already have rather than buy new equipment. And I can almost guarantee that if this kind of CMS is available for Mac, there is at least one similar product for Windows.

But how likely is it that a single native document revision system would allow mainstream employees with Windows, graphic designer employees with macOS, developer employees with X11/Linux, and employees in the field with iOS and Android devices all to contribute?

Re:Drag in real-time whiteboard requires script

Not very likely these days, since the corporate IT depts have drunk the same web-app Kool-Aid. Never mind whether people actually get their work done faster.

20 years ago, though, it would have been a no-brainer for any vendor to Fortune 500 clients. A Mac version and a Windows version at least, would be obligatory.

Just look at how Git works today. You can use it from the command line, GUI, Web, or integrate it with other tools. Saving yourself some effort by going Web-only is a devil's bargain.

Flash?

[sarku]

So, can someone explain how this is different from Flash? I'm genuinely curoius.

Use LibreJS or LibreJS 7.0 alpha

[tepples]

we will no longer be able to monitor and audit the content of web pages and the scripts

Then use one of the following Firefox extensions developed by the GNU project to block running JavaScript that you can't audit.

• If you are using Firefox 56 or earlier, use LibreJS.
• If you are using Firefox 57 or later, use LibreJS 7.0 alpha.

I imagine that once WebAssembly becomes widespread, LibreJS 7.0 alpha will be updated to cover WebAssembly as well.

And this is why Apple is losing Safari users

[DontBeAMoran]

The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0

Safari 11 which requires the latest version of macOS, unlike Chrome which happily runs on OS X 10.9.5, the last true version of OS X before it all turned into iOS-like crap with a dead-flat user interface, nearly-identical pastel colours everywhere and unreadable fonts unless if you're over 20.

Re:Chrome & Safari are only browsers that matt

[squiggleslash]

Well, OK, not changing the rendering engine to something other people are using. Yeah, I was aware of Quantum.

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

Well I meant "rather than Opera" rather than "rather than Chromium".

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

I've tried the mobile versions of Firefox but never really liked it. Same with the mobile version of Opera and Dolphin Browser. I noticed Samsung's browser just got updated to a version with Ad Block and gave it a try.

I.e. IMO right now on Android

Samsung>Chrome>(Firefox,Opera)

Failed to start WebGL

[tepples]

JavaScript implies WebCL and WebGL

Not if creation of a WebGL context fails due to lack of driver support. This is often the case on a netbook or used ThinkPad with Intel GMA, which is limited to OpenGL 1.4.

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

That was my problem with Opera. Back in the 12.x days it had a better UI than Firefox and Chrome. Once they switched to the Chromium rendering engine they ended up with an even more feature free UI than Chrome plus a bunch of extensions.

The first version of Opera with the Chrome rendering engine didn't even have bookmarks. 12.x had loads of cool features. Even Chrome with a bunch of extensions isn't as good to be honest. But hey, it's a webbrowser and it does the job, albeit using more memory and with a less advanced UI than Opera 12 had five years ago.

Desktop applications are OS-specific

[tepples]

With only HTML5 and CSS3, how do you build a collaborative real-time whiteboard application?

you don't because that's a desktop application

Good luck running a desktop application for Mac on a Windows PC, or on a GNU/Linux PC, or on an iPhone or iPad, or on an Android phone or Android tablet. The advantage of a web application is that it reaches users of more than just one operating system.

Re:Desktop applications are OS-specific

JavaScript turned the Web from a document distribution tool into a dog-and-pony show.

Your interactive whiteboard is in the browser not because it provides a better user experience, but solely because it allows it to run multi-platform. The problem is that the underlying technology utterly SUCKS as an applications platform.

I have yet to see a single web app that looks and behaves better than native.

Re:Desktop applications are OS-specific

[tepples]

What multi-platform applications platform doesn't suck as an applications platform?

Re:Desktop applications are OS-specific

There are lots of multi-platform frameworks that allow good performance (JUCE is one). But VM solutions like Java tend to suffer in comparison.

Please go on defending the multi-platform advantage of web browsers, though. Web apps have literally nothing else to recommend them.

Re: Desktop applications are OS-specific

QT

*ducks*

They don't do as much & use 25++X more... apk

Hosts protect when addons can't (or as well):

Bad sites (past ads)
Botnet C&Cs
DNS down/poisoned
Trackers (dns logs/ads/transparent ISP proxy)
Dns blocks
Spam/phish payload
Slowdown 2 ways: adblocks & hardcodes
Hosts = Ez edit.

AB+ 151mb https://www.google.com/search?q=Adblock+memory+consumption&btnG=Search&hl=en&gbv=1/

UBlock 64MB https://www.google.com/search?q=UBlock+memory+consumption&btnG=Search&hl=en&gbv=1/

Hosts~6mb

Addons = ClarityRay defeatable & crippled http://www.businessinsider.com/google-microsoft-amazon-taboola-pay-adblock-plus-to-stop-blocking-their-ads-2015-2/

NoScript tag parses. Hosts block script prior to it!

No 1 addon does as much.

Stacked addons slowup.

ADDONS = EXPLOITABLE https://news.slashdot.org/comments.pl?sid=11166303&cid=55266729/

APK

P.S.=> APK Hosts File Engine https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

Big talk from you - you've done better?

See subject & answer the question + PROVE it! I do pretty alright per our /. peers + big names saying so as my proof https://news.slashdot.org/comments.pl?sid=11351783&cid=55546175/

* You're welcome to TRY to do better as I suspect you have nothing to show that YOU HAVE DONE that is better!

(All "your kind" does it talk - your ONLY 'skill' that ANYONE has - & to quote Don Henley from his GREAT band "THE EAGLES" from the tune "Victim of Love"? "TALK IS FOR LOSERS & FOOLS...", fool!)

APK

P.S.=> You FAKE NAME for your FAKE LIFE "registered 'lusers'" always make me laugh when you KNOW I can just use this tactic against you (not a SINGLE ONE of "your kind" has ever managed to show a SINGLE THING you've ever done that others like & use as I can)... apk

Re:Chrome & Safari are only browsers that matt

[Actually,+I+do+RTFA]

How is the "right approach" to run compiled code on my machine whenever a random person on the internet asks? At the very least JS, even minimized, is source code that can be opened and read.

Re:Chrome & Safari are only browsers that matt

[AvitarX]

I have no opinion on the rightness of running compiled code in a sandbox. I would think having one place doing it rather than every plugin is safer, but I don't really know.

I was more speaking to it being the right approach to run compiled code.

Re:Chrome & Safari are only browsers that matt

[AvitarX]

May I ask though, isn't it just a subset of JS (I thought that was the point of ask.js)?

If so, is it really any riskier?

Re:Chrome & Safari are only browsers that matt

[kackle]

Heh, I still use the 5-year old browser (v12.14) as my main surfing tool ('using it to post this). Alas, it has trouble with more and more websites as time goes on, forcing me to bail on the website (and somehow I still live!) or temporarily switch to some modern tab-based browser the hipsters use. :)

Re:Chrome & Safari are only browsers that matt

[Hal_Porter]

Problem is what about security? Opera 12.x hasn't been updated in ages. I mean you can make an argument that no one cares about it because has such a low share of the market but I'm wary of relying on that.

Re: "Opera and Vivaldi also rolled out the feature

Browsers all the way down.

Viewing his in lynx

Re:Sick of idiots and bump stocks... apk

shhhh...just ignore him and maybe he'll go away.

Web app to circumvent App Store censorship

[tepples]

Please go on defending the multi-platform advantage of web browsers, though. Web apps have literally nothing else to recommend them.

On platforms with a monopoly app store, such as iOS, Windows 10 S, and game consoles, the platform's owner cens^W curates its own app store. It's generally not quite as interested in cens^W curating web applications. Thus an app whose content that violates Apple's App Store Review Guidelines can be published either as a web application or not at all.

Qt still requires six different executables

[tepples]

Here's why you probably ducked.

Distributing a Qt app to an audience of comparable size to that of a web app requires the developer to make and publish six executable forms of each app: Win32 (Windows 7-10), UWP (Windows 10 and 10 S), macOS, X11/Linux, iOS, and Android. For a 1- or 2-man micro-ISV, reaching all platforms can prove so expensive and time-consuming that the developer is likely to settle for the tradeoff of deliberately limiting his market by not shipping an executable at all for one or more minority platforms. And even then, Chrome OS and game consoles with a web browser are still left out.

Would you consider it reasonable for a developer to offer use of a web app without charge but paywall the Qt app in order to cover the cost of maintaining executable forms of the Qt app for all six major desktop and mobile platforms?

In 2035: JavaScript is dead, long live WebAssembly

The future is coming along as planned.

Thank God!

Ever since Java applets went away, I've been looking for a way to run optimized VM bytecode in my browser.

Took 20 years to get a replacement, but better late than never, right guys?

So,

[BitztreamNotARealNam]

How's life in the hypocrite lane?

Only one great news...

[grumpy-cowboy]

We will be able to dump horrible Javascript language and use any other language that have a WebAssembly compiler (Python, Java, Ruby, Haskell, ...). I said the only great news because WebAssembly is just a new security nigthmare to come...

That was me, as to my impersonator? Well... apk

See subject & a question: Like music? If so, the 'certain something' my impersonator lacks is my themesong (lol) JAMES DEAN by the Eagles https://www.youtube.com/watch?v=7guzEuV7j9c/ since due to hosts files I'm "too fast to live, too young to die" & I say it all "too clean" (I know just WHAT YOU MEAN)

* "You were the LOW-DOWN rebel If there EVER was, even if you had no cause - you were too cool for school, sockhop, sodapop, autoshop & basketball - the only thing that got you off was BREAKIN' ALL THE RULES!" ala my unlimited posting ability to override bogus downmods!

("... & I know my life would look alright, if I could see it on a silver-screen...")

APK

P.S.=> It's how I live w/ myself - I may be the "Rebel w/out a cause" but you FAKE NAME for FAKE LIVES types? You're REBELS WITHOUT A CLUE (lmao)... apk