@sunfish@hachyderm.io
@sunfish@hachyderm.io avatar

sunfish

@sunfish@hachyderm.io

Posts mostly about Wasm, WASI, Wasmtime, Rust, Capability-based security. Fastly. Ex-Mozilla.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

yosh, to random
@yosh@toot.yosh.is avatar

Yay! The in-progress wasi:i2c proposal (WASI spec for embedded devices) just moved to phase 2!

This means it's not just something promising anymore, but it seems ready to be implemented in host systems and begin gathering implementation and user feedback from.

I'm legit very excited about this! — But this seems like it has a real shot at improving the embedded development experience. Virtual platform layering, local platform emulation, standard APIs, etc. etc. I'm into it!

sunfish,
@sunfish@hachyderm.io avatar

@yosh @whitequark @ricochetcode There's a registration link here:

https://github.com/WebAssembly/meetings/tree/main/wasi

The main requirement is to join the WebAssembly Community Group and sign the CLA:

https://www.w3.org/community/webassembly/

sunfish, to random
@sunfish@hachyderm.io avatar

The student approached teacher and asked, "is there such thing as a truly ambient authority?" and the teacher froze.

sunfish, to random
@sunfish@hachyderm.io avatar

We used to serve 12's but people said it was a little too much, so we scaled it down a little. That was a 10 you ate.

sunfish, to random
@sunfish@hachyderm.io avatar

Trying to think of a joke to tell about global namespaces but I don't have a handle on it yet.

sunfish, to random
@sunfish@hachyderm.io avatar

It appears I reached venting-on-social-media levels of tired of the whole post-covid "you just get sick for 3 weeks" like it's normal now.

sunfish, (edited ) to random
@sunfish@hachyderm.io avatar

Social media: you're a bad open source project and you should feel bad if you don't:

  • have amazingly complete and beautiful documentation
  • have a polished Windows experience
  • personally engage with every bug report
  • have a clean interfaces everywhere, unencumbered by backwards compatibility constraints
  • support backwards compatibility with everything forever

Also social media: Oh and remember to keep it sustainable. Love those sustainabubbles.

sunfish,
@sunfish@hachyderm.io avatar

@squillace I mean, a lot of it is well-intentioned. I don't really have any big ideas here.

sunfish, to random
@sunfish@hachyderm.io avatar

I just gave myself permission to say "I don't think I'll ever understand how Windows filesystem paths work" and it felt good.

noah, to random
@noah@mastodon.despise.computer avatar

A question for the WASI folks: what is the value proposition of WASI?

For edge compute, threading, synchronization primitives, and polling (a la select/poll/epoll/etc) would be nice, but I feel like a lot of the other APIs wouldn't be very useful.

For more general server-side stuff, why wouldn't I just run native binaries directly?

Note that I'm operating under the assumption that WASI is for server-side work.

sunfish,
@sunfish@hachyderm.io avatar

@noah For edge computing, it's less about POSIX files&sockets and more about APIs like wasi-http,, wasi-keyvalue, etc.

For cloud computing, motivations include being able to run many Wasm instances in a single host process, architecture independence, lightweight virtualizability, and composition.

sunfish,
@sunfish@hachyderm.io avatar

@noah Yes. There will be tradeoffs for the foreseeable future, but I expect the advantages I mentioned to be worth it for some use cases.

pervognsen, (edited ) to random
@pervognsen@mastodon.social avatar

I was glancing over Cranelift's NaN canonicalization pass: https://github.com/bytecodealliance/wasmtime/blob/main/cranelift/codegen/src/nan_canonicalization.rs

I'd love to get someone's opinion on this but I believe a lot of these instructions don't need to be canonicalized. Differences between NaNs don't seem to be internally observable in the Wasm model of floats until a float is stored back to memory or bitcast to an integer at which point the particular IEEE-754 bit pattern becomes observable. E.g. sNANs are non-trapping and there's no fetestexcept() equivalent.

sunfish,
@sunfish@hachyderm.io avatar

@pervognsen @cfallin @amonakov Yes, it should work, exactly in the way you expect!

squillace, to webassembly
@squillace@hachyderm.io avatar

Congratulations to a whole bunch of people who have laid down a suggested path to use #webassembly components and the #oci artifact spec 1.1: https://tag-runtime.cncf.io/wgs/wasm/deliverables/wasm-oci-artifact/

This gives a lot of people the possibility to begin using a platform with components that they already know and love -- and it gives the ability to target any arch or os with one "artifact". multiarch builds goes away here.

sunfish,
@sunfish@hachyderm.io avatar

@squillace A key achievement of this spec is that a Wasm component in an OCI registry is conceptually still a component, rather than a wrapper that modifies the semantics of a component.

Among other things, this means that artifacts in OCI registries can continue to participate in component composition.

isntitvacant, to random
@isntitvacant@hachyderm.io avatar

what have I been up to? well, hm, good question, let’s see.

I’ve been pushing along a wasm runtime in rust — with something like half of the core test suite passing now — which has been instructive (pun. intended.)

I’ve also been absolutely tanking this book, “empires of the word”, which examines different lingua franca through the years. It’s very dry but also very interesting?

sunfish,
@sunfish@hachyderm.io avatar

@isntitvacant (I don't quite follow; lots of people are doing cross-language Wasm guest ↔ host regularly, in production, today)

sunfish, to random
@sunfish@hachyderm.io avatar

flying

sunfish, to random
@sunfish@hachyderm.io avatar

Woah cool, github syntax-highling recognizes Wit now ("```wit").

sunfish, to random
@sunfish@hachyderm.io avatar

open, read, write, close

🎶 One of these things is not like the others... 🎶

sunfish,
@sunfish@hachyderm.io avatar

@kodraus I keep trying to think of a joke about confused deputies but all my ideas are so bad I'd be afraid of getting suid.

sunfish, to random
@sunfish@hachyderm.io avatar

A subtlety about capability-based security in Wasm components is that there is no "ambient authority".

There are functions with no arguments that return handles, which at first glance looks like classic ambient authority.

But, all functions are interposable at link time. So users can wasi-virt or wac or other mechanisms to link a component to whatever they want, and attenuate or redirect the function however they want.

So instead, we say those functions use "link-time authority".

sunfish,
@sunfish@hachyderm.io avatar

@oborosaur Perhaps: implicit access to an external resource.

It's subtle, because if you think about something like a Unix process, we often talk about an "ambient authority" to open files in a filesystem namespace, but technically, many Unix-like platforms have added ways to run processes in alternate filesystem namespaces, or attenuate things with ACLs or seccomp, or so, so it isn't truly implicit, meaning it isn't truly ambient.

sunfish,
@sunfish@hachyderm.io avatar

@oborosaur Ultimately, even though the phrase "ambient authority" is well-known in some circles, I think the Principle of Least Authority (PoLA) is the more interesting concept to focus on.

PoLA is all about granularity. Ideally, don't grant monolithic access to anything, and don't grant any access to monolithic things. Build modular systems and grant fine-grained access to the modules that need it.

And handles are a really great tool for doing that. But not the only tool.

sunfish,
@sunfish@hachyderm.io avatar

@Cyborus Yes, that's right.

The Principle of Least Authority is a more informative way to describe systems, and from that perspective we see things like:

  • seccomp is complex to set up for non-trivial tasks, so it isn't used as often as it theoretically could be,

  • Child processes tend to be inconvenient to work with, and processes are pretty heavyweight, so applications tend to use a single process for everything, so authorities are often granted to parts of programs that don't need it.

sunfish, to random
@sunfish@hachyderm.io avatar

tfw you message a friend and they reply with words that sound plausible and confident but don't quite make sense and you wonder

sunfish, to webassembly
@sunfish@hachyderm.io avatar

This talk by @esoterra introduces the idea of "component-native" tooling, using Claw, a language built this way from the start.

It's obviously valuable to port existing language toolchains to Wasm. As we think about Wasm's future, it's also interesting to have component-native toolchains in the mix, because they have greater flexibility to take unconventional approaches, and find new creative ways of solving problems.

https://www.youtube.com/watch?v=jgl414xwU2s&list=PLP3xGl7Eb-4Nmj4CJ5WLQZx5UAYvhH920&index=5

sunfish, to webassembly
@sunfish@hachyderm.io avatar

This talk from Luke Wagner lays out a vision for fully-integrated async in Components.

Async/sync interop without function coloring, made possible by the power of components:

https://www.youtube.com/watch?v=y3x4-nQeXxc&list=PLP3xGl7Eb-4Nmj4CJ5WLQZx5UAYvhH920&index=3

sunfish, to random
@sunfish@hachyderm.io avatar

Totally impromptu office hours now live:

https://meet.jit.si/moderated/adba79399760b76923fe669aac1258f45f3d24efe35bc4043055170dde162e13

Stop by and say hi!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • provamag3
  • thenastyranch
  • magazineikmin
  • InstantRegret
  • GTA5RPClips
  • ethstaker
  • Youngstown
  • everett
  • slotface
  • osvaldo12
  • rosin
  • mdbf
  • kavyap
  • DreamBathrooms
  • megavids
  • ngwrru68w68
  • Durango
  • modclub
  • cubers
  • khanakhh
  • Leos
  • tacticalgear
  • cisconetworking
  • vwfavf
  • tester
  • anitta
  • normalnudes
  • JUstTest
  • All magazines
    •