I’m so conflicted about web assembly. I’m a web developer and I think it’s going to be amazing eventually but 20% of me thinks it’s going to be a security nightmare and require a decade of fuck ups to reach its potential.
I’m mostly worried about how much less open this will make the web for simple local hacking. I often add small features to webapps I use by injecting code and hooking into their systems (when it’s not an app with open source, where I send a PR instead - and if I can work around issues I do contact the owners with a working fix).
This will be much harder with WebAssembly. Sure, there’ll be decompilers in time - but in the time it takes me to change a small piece of behaviour in such cases, I can add multiple features in the current JS environment, even if the code is obfuscated.
I’m more concerned that the web will get even slower and bloated. We are already seeing the first frameworks that ship a webassembly .NET runtime, Python runtime, JVM, … . I kinda fear that in 10 years when you visit a site you need to download runtime xyz in version abc for the 1000th time. All because some people or companies just can not be bothered to learn any new technology.
I’m so conflicted about web assembly. I’m a web developer and I think it’s going to be amazing eventually but 20% of me thinks it’s going to be a security nightmare and require a decade of fuck ups to reach its potential.
That’s quicker than people, heck I’m going on my 3rd decade and still not at my potential. Or so I like to tell myself.
I’m mostly worried about how much less open this will make the web for simple local hacking. I often add small features to webapps I use by injecting code and hooking into their systems (when it’s not an app with open source, where I send a PR instead - and if I can work around issues I do contact the owners with a working fix).
This will be much harder with WebAssembly. Sure, there’ll be decompilers in time - but in the time it takes me to change a small piece of behaviour in such cases, I can add multiple features in the current JS environment, even if the code is obfuscated.
I’m more concerned that the web will get even slower and bloated. We are already seeing the first frameworks that ship a webassembly .NET runtime, Python runtime, JVM, … . I kinda fear that in 10 years when you visit a site you need to download runtime xyz in version abc for the 1000th time. All because some people or companies just can not be bothered to learn any new technology.
Can web elements be sandboxed in any meaningful way?