Don't Trust Anything! Real-world Uses For WebAssembly • Katie Bell • YOW! 2023
Vložit
- čas přidán 5. 06. 2024
- This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW
yowcon.com
Katie Bell - Freelance Software Developer and Creator of SplootCode
RESOURCES
/ katie-bell-b578a3aa
katiebell.net
github.com/katharosada
docs.docker.com/desktop/wasm
github.com/katharosada/wasm-s...
ABSTRACT
Let's face it, we all use libraries written by strangers on the internet that we shouldn't entirely trust. It's not just that there could be malicious code but even a library with an accidental vulnerability can wreak havoc.
You've probably heard of WebAssembly, but maybe you think of it as only relevant to browsers and front end development. It was created for browsers, but now WebAssembly is a battle-tested, fast, standardised, language-independent and cross-platform runtime. Most importantly, it was designed from the ground up to securely run untrusted code.
This talk will go through how WebAssembly works with practical examples and explore case studies of real-world companies using WebAssembly to run code securely and efficiently. [...]
TIMECODES
00:00 Intro
00:25 Untrusted code
14:23 WebAssembly
19:17 Sandboxing without using a separate process
24:10 WASI (WebAssembly System Interface)
29:48 Demo
34:03 WASI continued
34:50 Case study: Shopify functions
36:41 Case study: Mozilla Firefox
39:28 Security
41:49 Reminder: Security in depth
42:39 Where are we now?
45:50 When are you running untrusted code?
47:54 Outro
Download slides and read the full abstract here:
yowcon.com/sydney-2023/sessio...
RECOMMENDED BOOKS
Kevin Hoffman • Programming WebAssembly with Rust • amzn.to/48msEBz
Valerio De Sanctis • Building Web APIs with ASP.NET Core • amzn.to/42MWuOq
Brian Sletten • WebAssembly: The Definitive Guide • amzn.to/3OQdHRf
Sendil Kumar Nellaiyapen • Practical WebAssembly • amzn.to/4bK3j7s
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#WebAssembly #Wasm #WASI #WebAssemblySystemInterface #MozzillaFirefox #Shopify #KatieBell #SplootCode #YOWcon
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
czcams.com/users/GotoConf... - Věda a technologie
Great to see this aspect of Capability Sytems getting attention. It enables us to build entirely new types of multi-party interaction safely.
Great talk! It made things a lot clearer.
Really great talk 👍
Interesting and meaningful talk. 👍
great topic, well presented, and fun demo. well done, thank you.
thinking aloud, there are some similarities between languages compiling to wasm and running in browser's wasm runtimes, to how java/.net code is compiled to bytecode and executed in the jvm/clr. browsers are really feeling like an operating system nowadays. they are approaching their level of complexity :)
What's more, is that you can run .net code as wasm.
I'm happy that web developers can finally enjoy incompatible binaries like system developers have for the past 50 years...
Very interesting, thanks.
Awesome, I really am not trusting any of your words, I am following your advice.
Awesome talk!
enjoy the talk
Nothing is safe and effective.
Mozzzzzilla