Don't Trust Anything! Real-world Uses For WebAssembly • Katie Bell • YOW! 2023
Ғылым және технология
This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW
yowcon.com
Katie Bell - Freelance Software Developer and Creator of SplootCode
RESOURCES
/ katie-bell-b578a3aa
katiebell.net
github.com/katharosada
docs.docker.com/desktop/wasm
github.com/katharosada/wasm-s...
ABSTRACT
Let's face it, we all use libraries written by strangers on the internet that we shouldn't entirely trust. It's not just that there could be malicious code but even a library with an accidental vulnerability can wreak havoc.
You've probably heard of WebAssembly, but maybe you think of it as only relevant to browsers and front end development. It was created for browsers, but now WebAssembly is a battle-tested, fast, standardised, language-independent and cross-platform runtime. Most importantly, it was designed from the ground up to securely run untrusted code.
This talk will go through how WebAssembly works with practical examples and explore case studies of real-world companies using WebAssembly to run code securely and efficiently. [...]
TIMECODES
00:00 Intro
00:25 Untrusted code
14:23 WebAssembly
19:17 Sandboxing without using a separate process
24:10 WASI (WebAssembly System Interface)
29:48 Demo
34:03 WASI continued
34:50 Case study: Shopify functions
36:41 Case study: Mozilla Firefox
39:28 Security
41:49 Reminder: Security in depth
42:39 Where are we now?
45:50 When are you running untrusted code?
47:54 Outro
Download slides and read the full abstract here:
yowcon.com/sydney-2023/sessio...
RECOMMENDED BOOKS
Kevin Hoffman • Programming WebAssembly with Rust • amzn.to/48msEBz
Valerio De Sanctis • Building Web APIs with ASP.NET Core • amzn.to/42MWuOq
Brian Sletten • WebAssembly: The Definitive Guide • amzn.to/3OQdHRf
Sendil Kumar Nellaiyapen • Practical WebAssembly • amzn.to/4bK3j7s
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#WebAssembly #Wasm #WASI #WebAssemblySystemInterface #MozzillaFirefox #Shopify #KatieBell #SplootCode #YOWcon
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
kzread.info...
Пікірлер: 17
Really great talk 👍
Great talk! It made things a lot clearer.
Interesting and meaningful talk. 👍
Very interesting, thanks.
Awesome talk!
Great to see this aspect of Capability Sytems getting attention. It enables us to build entirely new types of multi-party interaction safely.
great topic, well presented, and fun demo. well done, thank you. thinking aloud, there are some similarities between languages compiling to wasm and running in browser's wasm runtimes, to how java/.net code is compiled to bytecode and executed in the jvm/clr. browsers are really feeling like an operating system nowadays. they are approaching their level of complexity :)
@RealisableSoftware
4 ай бұрын
What's more, is that you can run .net code as wasm.
@higaski
3 ай бұрын
I'm happy that web developers can finally enjoy incompatible binaries like system developers have for the past 50 years...
enjoy the talk
I have a naive question, can I not code the bot to take opponents output and return the winning option? i.e. what if my code has a switch case which returns 'paper' when opponent returns 'rock', etc. Am I missing something here?
Awesome, I really am not trusting any of your words, I am following your advice.
Nothing is safe and effective.
She was like "Now I'm CASUALLY uploading an untrusted executable binary to run on the server, it won't be more than a minute until it runs" and I'm like "wow that must be complex and impressive sandboxing! She must be doing something fancy to sanitise this before handing it the guns" and then she was like "that's because it fires once per minute"...... OOOMMMPH!
Mozzzzzilla
What a convoluted way to replace javascript in the browser. First we create the WASM meme which can add 2 numbers at it's peak utility. Then we obviously make this WASI meme which is a little bit more (of course, it has to).... do you need to boil the frog to actually replace js, can't you just bloody do it