Don't Trust Anything! Real-world Uses For WebAssembly • Katie Bell • YOW! 2023

Рет қаралды 20,671

Күн бұрын

This presentation was recorded at YOW! Australia 2023. #GOTOcon #YOW
yowcon.com
Katie Bell - Freelance Software Developer and Creator of SplootCode
RESOURCES
/ katie-bell-b578a3aa
katiebell.net
github.com/katharosada
docs.docker.com/desktop/wasm
github.com/katharosada/wasm-s...
ABSTRACT
Let's face it, we all use libraries written by strangers on the internet that we shouldn't entirely trust. It's not just that there could be malicious code but even a library with an accidental vulnerability can wreak havoc.
You've probably heard of WebAssembly, but maybe you think of it as only relevant to browsers and front end development. It was created for browsers, but now WebAssembly is a battle-tested, fast, standardised, language-independent and cross-platform runtime. Most importantly, it was designed from the ground up to securely run untrusted code.
This talk will go through how WebAssembly works with practical examples and explore case studies of real-world companies using WebAssembly to run code securely and efficiently. [...]
TIMECODES
00:00 Intro
00:25 Untrusted code
14:23 WebAssembly
19:17 Sandboxing without using a separate process
24:10 WASI (WebAssembly System Interface)
29:48 Demo
34:03 WASI continued
34:50 Case study: Shopify functions
36:41 Case study: Mozilla Firefox
39:28 Security
41:49 Reminder: Security in depth
42:39 Where are we now?
45:50 When are you running untrusted code?
47:54 Outro
Download slides and read the full abstract here:
yowcon.com/sydney-2023/sessio...
RECOMMENDED BOOKS
Kevin Hoffman • Programming WebAssembly with Rust • amzn.to/48msEBz
Valerio De Sanctis • Building Web APIs with ASP.NET Core • amzn.to/42MWuOq
Brian Sletten • WebAssembly: The Definitive Guide • amzn.to/3OQdHRf
Sendil Kumar Nellaiyapen • Practical WebAssembly • amzn.to/4bK3j7s
/ gotocon
/ goto-
/ goto_con
/ gotoconferences
#WebAssembly #Wasm #WASI #WebAssemblySystemInterface #MozzillaFirefox #Shopify #KatieBell #SplootCode #YOWcon
Looking for a unique learning experience?
Attend the next GOTO conference near you! Get your ticket at gotopia.tech
Sign up for updates and specials at gotopia.tech/newsletter
SUBSCRIBE TO OUR CHANNEL - new videos posted almost daily.
kzbin.info...

Пікірлер: 16

@janigerud 4 ай бұрын

Really great talk 👍

@capability-snob 3 ай бұрын

Great to see this aspect of Capability Sytems getting attention. It enables us to build entirely new types of multi-party interaction safely.

@MiguelJCintron 3 ай бұрын

Great talk! It made things a lot clearer.

@RahulOne1 4 ай бұрын

Interesting and meaningful talk. 👍

@neilclay5835 4 ай бұрын

Very interesting, thanks.

@Skatox 3 ай бұрын

Awesome talk!

@lifelover69 4 ай бұрын

great topic, well presented, and fun demo. well done, thank you. thinking aloud, there are some similarities between languages compiling to wasm and running in browser's wasm runtimes, to how java/.net code is compiled to bytecode and executed in the jvm/clr. browsers are really feeling like an operating system nowadays. they are approaching their level of complexity :)

@RealisableSoftware 3 ай бұрын

What's more, is that you can run .net code as wasm.

@higaski 3 ай бұрын

I'm happy that web developers can finally enjoy incompatible binaries like system developers have for the past 50 years...

@monadstack 3 ай бұрын

Awesome, I really am not trusting any of your words, I am following your advice.

@kousheralam 4 ай бұрын

enjoy the talk

@joqim 4 күн бұрын

I have a naive question, can I not code the bot to take opponents output and return the winning option? i.e. what if my code has a switch case which returns 'paper' when opponent returns 'rock', etc. Am I missing something here?

@TomAtkinson Күн бұрын

She was like "Now I'm CASUALLY uploading an untrusted executable binary to run on the server, it won't be more than a minute until it runs" and I'm like "wow that must be complex and impressive sandboxing! She must be doing something fancy to sanitise this before handing it the guns" and then she was like "that's because it fires once per minute"...... OOOMMMPH!