Reid :blobcathappy: on Nostr: there are a few issues with wasm that I've seen detailed by people with more ...

there are a few issues with wasm that I've seen detailed by people with more experience building VMs and sandboxes than I, but the issue here isn't with WASM, but rather with Firefox's implementation of it:

Firefox has two toggles: `javascript.options.wasm` and `javascript.options.wasm_baselinejit`, implying you can disable wasm completely, or disable just the JIT compiler. This, however, is a complete and utter fucking lie. If you disable the JIT, WASM can no longer run and is functionally disabled. This is a REALLY BAD thing for security, as JITs are much easier to exploit than bytecode interpreters, even if they're slower. For JavaScript, you can disable just the JIT and lose some speed for more security (something you absolutely SHOULD do). For wasm, however, you're not given that choice: either enable the JIT, or disable wasm completely which breaks all sites that rely even slightly on it

There are also no ways to enable or disable the JIT independently for extensions and websites or only for specific websites, which is also a major issue when JITs are so bloody exploitable.

As for why JITs are bad for security, tho (for anyone who doesn't already know): machine code can very directly exploit CPU bugs like Meltdown, Specter, or anything similar, particularly cross-channel attacks which allow a process to mess with the other thread that shares the same physical core (this is why people don't like Hyperthreading, btw). A bytecode interpreter isn't completely immune to this, but it makes it a whole lot harder since now there's the VM you need to exploit to do your bidding at the lower level, and most bytecode VM exploits are very limited, usually allowing only a small handful of very limit unintended actions.

And as a sidenote: I also personally don't like wasm since the Google engineers who made it were so fucking overworked that at least one of them got brain damage.