Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Yeah, right.

As if Flash (http://adobe-flash.github.io/crossbridge/), PNaCL (https://developer.chrome.com/native-client/reference/pnacl-b...) never existed.



Wasm is company and technology independent and went through the proper process for becoming a standard rather than being forced in by some corp hoping to take over the internet.

It also doesn't have any of the security issues because its limited to things JavaScript can do.


Both alternatives that I mentioned, Flash and PNaCL did have open source implementations available, it is just a matter of following the links I posted.

WASM doesn't offer any security over internal data corruption as buffer access within linear memory aren't validated for data bounds or nullability.

So it is possible, for a WASM module generated from C or C++ code, to provide input data to its functions in such a way that it would compromise its behavior from the outside, even though it doesn't escape the sandbox.

Politics.


> Both alternatives that I mentioned, Flash and PNaCL did have open source implementations available, it is just a matter of following the links I posted.

You know that open source is not the same thing as open standards, right?


> Both alternatives that I mentioned, Flash and PNaCL did have open source implementations available, it is just a matter of following the links I posted.

At least for Flash I remember that the OSS implementations couldn't run many real-world flash programs. Did this change later?


It was good enough to run Unreal.


That's slightly interesting. But it doesn't change the fact that some programs fail to run on the open implementations. And why is that? Presumably it's a secret. This unknown difference in behavior is significant, even if the actual difference is small. It means one can intentionally write a program the only runs on proprietary implementations.


Wasm linear memory is a building block, if you want higher security boundaries, stitch together multiple Wasm envs and communicate via webworkers.

Wasm is nearly identical, but different in the ways that matter. You are being blinded by being ahead of the curve, but the curve has moved now.


I am eagerly waiting for the first set of CVEs related to WASM, and the "you are holding it wrong" comments from WASM advocates.


It would be interesting to force Wasm through an asm.js polyfill for non tier-1 trusted sites. Then one would have higher assurance that malicious Wasm couldn't do anything that js couldn't do.

Wasm will be absolutely pervasive at all levels of the stack.


> .... will be absolutely pervasive at all levels of the stack.

Yeah, I heard that before.


CrossBridge is a cross compiler. Where is the open source flash runtime?


GNU Gnash and Lightspark.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: