I’m so conflicted about web assembly. I’m a web developer and I think it’s going to be amazing eventually but 20% of me thinks it’s going to be a security nightmare and require a decade of fuck ups to reach its potential.
I’m mostly worried about how much less open this will make the web for simple local hacking. I often add small features to webapps I use by injecting code and hooking into their systems (when it’s not an app with open source, where I send a PR instead - and if I can work around issues I do contact the owners with a working fix).
This will be much harder with WebAssembly. Sure, there’ll be decompilers in time - but in the time it takes me to change a small piece of behaviour in such cases, I can add multiple features in the current JS environment, even if the code is obfuscated.
I’m so conflicted about web assembly. I’m a web developer and I think it’s going to be amazing eventually but 20% of me thinks it’s going to be a security nightmare and require a decade of fuck ups to reach its potential.
I’m mostly worried about how much less open this will make the web for simple local hacking. I often add small features to webapps I use by injecting code and hooking into their systems (when it’s not an app with open source, where I send a PR instead - and if I can work around issues I do contact the owners with a working fix).
This will be much harder with WebAssembly. Sure, there’ll be decompilers in time - but in the time it takes me to change a small piece of behaviour in such cases, I can add multiple features in the current JS environment, even if the code is obfuscated.