This post is an expanded version of a presentation I gave at the recent WebAssembly CG meeting in Munich. WebAssembly has come a long way since its first release in 2017. The 1.0 version of WebAssembly was already a great fit for low-level languages like C and C++, and immediately enabled many new kinds of applications to efficiently target the web.
Let’s take Lemmy UIs as an example. In a world where this “RCE” is removed, all API calls and returned data would have to go through a “server client” first. I hope this won’t take you long to ponder if that’s an improvement or not 😉
The web is indeed shit. But dumber web means more “clouding”, or if it’s not “clouding”, and to borrow from your reductionist fatalism: Dumber web replaces a potential RCE with a definite MITM.
What RCE are you talking about?
wasm and js are by definition remote code execution
“oh but is sandboxed” how many sandbox bypass and sanbox escape CVEs have we had? incountably many
beyond that, that is code using your cpu cycles often inefficiently and for useless purposes or outright malicious purposes such as tracking
Let’s take Lemmy UIs as an example. In a world where this “RCE” is removed, all API calls and returned data would have to go through a “server client” first. I hope this won’t take you long to ponder if that’s an improvement or not 😉
The web is indeed shit. But dumber web means more “clouding”, or if it’s not “clouding”, and to borrow from your reductionist fatalism: Dumber web replaces a potential RCE with a definite MITM.
I’m guessing, they mean JavaScript and WebAssembly in general…
All the RCE vulnerabilities that Apple introduced as “features”