Re: Web versions

[Schanzenbach, Martin]

Hi,

I am confused regarding the issues raised here against "porting" a GNU package
to WebAssembly and would very much welcome clarification.
As Jacob pointed out, WA can be considered (mostly) a compilation target from my
experience.
I have used emscripten (LLVM) before to do this IIRC for C programs.
So a Free Software browser offering a WebAssembly API and offering support for 
GNU packages is a problem how?
Saying that webassembly is "even more obfuscated" than javascript does not make 
sense to me
either, as a compiled program is always "obfuscated" to a user.

So how is a Debian package of a webextension which includes a GNU package 
compiled to WebAssembly different
from the same Debian package of the GNU package compiled against the native 
libc?
Isn't webassembly in contrast an opportunity to bring GNU packages as 
webextensions into the browser without
falling into the JS trap??

BR
Martin

> On 9. Mar 2021, at 15:01, Taylan Kammer <taylan.kammer@gmail.com> wrote:
> 
> On 08.03.2021 18:59, Jacob Bachmeyer wrote:
>> Taylan Kammer wrote:
>>> On 06.03.2021 22:30, Jacob Bachmeyer wrote:
>>>   In times like that, I wish I had quick
>>> access to some Unix-like environment with helpful tools like netcat and
>>> nmap on the client's end.
>>> 
>>> If I could just open a browser on the client's PC and visit a website
>>> that boots up a GNU/Linux with useful tools like that, it would be
>>> pretty amazing.
>> 
>> The problem is that to be able to implement tools like that, the browser
>> would need to offer access to the local network at a level that would be
>> a serious security risk.  While nmap and netcat/socat can be great for
>> development and troubleshooting, they are also great for an intruder's
>> recon efforts to prepare further intrusions.  8-|  Do you want ad
>> companies routinely port-scanning your LAN?
> 
> Browsers already offer websites the ability to access your microphone,
> camera, GPS location, and even *screen contents* (!).  Any sane browser
> of course asks the user on a per-website basis whether the user would
> like to allow this.
> 
> From a quick web search I found out that there's already a draft for a
> filesystem API that allows write access and working with directories:
> 
> https://wicg.github.io/file-system-access/
> 
> I'm not really happy at *all* with the state of the WWW, but it mostly
> has to do with the choices website developers make rather than what
> browsers are capable of.
> 
> In principle I see little difference between trusting Debian's package
> database so much that I never have second thoughts while running
> "apt-get update && apt-get upgrade", and trusting a specific website so
> much that I have no second thoughts about them changing the "source
> code" of a browser-based application they host.
> 
> Preferably of course, such an application would be released under the
> AGPL, with a clear indication of what version one is using, and a way
> for the browser to checksum the whole application to rule out "sneaky"
> changes that aren't reflected in the version number.
> 
> With the way the web continues to evolve I wouldn't be surprised if this
> becomes a major way of rolling out arbitrary cross-platform software in
> the future.  If that happens, I would definitely want to see GNU and the
> larger free software community be a part of that future.
> 
> 
> - Taylan
>

signature.asc
Description: Message signed with OpenPGP