My bad. However it was closed source too, and abandoned rather quickly.
> True but WASM hadn't had much of a life so far, so we will see.
It uses the same security model as JS, which is much more mature than VMs not designed for so much exposure to random third party code.
> from what I see I think it's ugly as well
Ugly but not slow. WASM memory can be read and written directly from/to a typed array, instead of converting strings. Since it's fast enough, one can make less ugly APIs wrapping that behaviour.
> Java was designed with a sandbox and a bytecode verifier from very early on.
They probably protected the code itself from escaping the sandbox, but not the environment (all the API in its complex glory). WASM on the other side is exclusively allowed to talk with JS (for now, at least), therefore the only API level bugs are in JS, not in WASM.
> The goal for WASM is to enable browsers to run untrusted code in a trusted environment. Our approach is to be conservative at first, and to add functionality when it can be added securely. The intent is to prevent code from inspecting or changing files on the client file system. Also, the intent is to prevent code from using network connections to circumvent file protections or people's expectations of privacy.
> WASM provides the basic technology for loading and authenticating signed code. This enables browsers to run trusted code in a trusted environment.
Sounds familiar? This is straight from 1998 [1](ha!) with JDK replaced by WASM and applet/classes by code;-) I hear you and I hope this is enough for WASM to succeed. Still I don't see the killer argument why I should believe it will.
"functionality" in this case means APIs. WASM won't have any APIs that JS doesn't already have. So "conservative" means "just a few APIs", not "just communication with code in an already battle-proven VM". And AFAIK there are no plans for "loading and authenticating signed code" in WASM. It's always untrusted unless you run it with a runtime that provides the privileged APIs (such as node.js). Java always had both unprivileged and privileged APIs in the same place.
My bad. However it was closed source too, and abandoned rather quickly.
> True but WASM hadn't had much of a life so far, so we will see.
It uses the same security model as JS, which is much more mature than VMs not designed for so much exposure to random third party code.
> from what I see I think it's ugly as well
Ugly but not slow. WASM memory can be read and written directly from/to a typed array, instead of converting strings. Since it's fast enough, one can make less ugly APIs wrapping that behaviour.
> Java was designed with a sandbox and a bytecode verifier from very early on.
They probably protected the code itself from escaping the sandbox, but not the environment (all the API in its complex glory). WASM on the other side is exclusively allowed to talk with JS (for now, at least), therefore the only API level bugs are in JS, not in WASM.