Wasmer 3.0

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
WebAssembly Os WASM Desktop Wasi

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • wasmer

    🚀 The leading Wasm Runtime supporting WASIX, WASI and Emscripten

    • Java had an extremely advanced and strict sandbox for many years.

    It offered of course also the possibility to blacklist everything by default.

    The problem with such a granular sandbox is that it's too complex for most use cases.

    When you need to whitelist any and every call to the outside world this becomes very tedious.

    That's why Java now removes the sandbox…

    https://inside.java/2021/04/23/security-and-sandboxing-post-...

    Let's see how this works out for WASM.

    I guess: Without resorting to using some language(s) with build-in support for capability security a whitelist based sandbox approach won't ever work without issues.

    First of all you can forget about C/C++. Everything in this languages assumes free access to the system.

    Rust does not have any support for capabilities either (yet, and for the years to come at least).

    The best current WASM sandbox implementation, which is in Wasmer not WasmTime, is not more than a FS block. (And the memory safety guaranties you get in any VM language, of course).

    https://docs.wasmtime.dev/security.html

    I don't find any such feature mentioned in the Wasmer docs. It seems completely without any sandbox! (To stress it once more: All VM languages are memory safe. That's not sandboxing. All the "sandboxed by default" claims are misleading, at least).

    https://github.com/wasmerio/wasmer/issues/221

    That even people here on HN believe in the currently unfulfilled WASM security promises shows only how good the WASM marketing is. This should make you even more skeptical. One should never over promise on security! Java had to learn this the hard way over many years (as their sandbox had have holes in the past, and was also almost impossible to correctly configure).

  • daedalOS

    Desktop environment in the browser

    • I started digging into it, looks promising indeed. I may have to go the service worker route, or perhaps a web worker if possible.

    Nothings exploded so far: https://github.com/DustinBrett/daedalOS/commit/eb958836f1f5e...

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • trealla

    A compact, efficient Prolog interpreter written in plain-old C (Wasm experimental fork). (by guregu)

    • Honestly I can't really say (I just ported it to WASM :-)), but here's more or less the start of the query loop: https://github.com/guregu/trealla/blob/main/src/query.c#L173...

    I believe it's a bytecode but I know that function pointers are involved at least with the built-in predicates (see predicates.c).

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts