this post was submitted on 17 Sep 2023
50 points (89.1% liked)
Programming
17326 readers
235 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
So much website JavaScript these days is just poor design, tracking, and bloat.
And it will get worse with WASM. At least now we can see the entirity of the code and even patch it if required, and WASM might make that way harder.
I'd argue that having a sandbox that can run binaries with a limited and customizable feature set is actually a good thing for the web. I think there are more technically competent solutions, but the fact that WASM is available on virtually every machine and os, makes it pretty powerful.
If implemented right WASM might speed up our web apps, keep the browser sandbox that is actually quite nice, and run on pretty much any machine. If they open sourced the code, that'd be even better.
Between minified js and WASM, I think I'd take WASM (I can't understand minified js anyway). Between a pure html site and WASM, I think I'd take the pure html site (but I don't think we will be living in that world anytime soon).
The problem with sandboxes is that there isn't a perfect prision. Eventually, ways will be found to break out of it, and there will be bad actors that will take advantage of such.
I completely agree.
However, I still would rather have all the websites I visit pass through my browser's api than be making straight syscalls.
I think it's not perfect security but a good line of defense.
I'll grant that COM, ActiveX, and Adobe/Shockwave Flash turned out to be security nightmares.
But maybe it'll be fine this time.../s
It's technically possible that widespread use of hallucination-prone AI code-assist is the quality control tool that was missing in the several previous attempts...